GoFetch - Apple vs. DOJ, ".INTERNAL" TLD
GoFetch - Apple vs. DOJ, ".INTERNAL" TLD
GoFetch - Apple vs. DOJ, ".INTERNAL" TLD
Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
It's time for security now. Steve
0:02
Gibson is here. less to talk
0:04
about. Most importantly that Apple exploit
0:06
that everybody said it was on
0:08
patch of all the end of
0:10
the world see says that so
0:13
fast. Go fetch er topic next
0:15
Security Now. This. Episode is
0:17
brought to you by Z Scalar,
0:19
the leader and cloud security cyber
0:21
attackers are now using a I
0:24
and creative ways to compromise users
0:26
and breach organizations. In a security
0:28
landscape where you must fight a
0:31
I with a I. The best
0:33
day I protection comes from having
0:35
the best data. Z Scalar has
0:37
extended his Zero Trust architecture with
0:40
powerful Ai engines that are trained
0:42
in tuned by five hundred trillion
0:44
daily signals. Learn more about. Zscalar
0:47
Zero Trust plus ai
0:49
to prevent ran somewhere
0:51
and ai attacks. Experience
0:54
your world secured. Visit
0:56
zscalar.com/zero Trust A I.
1:01
Guess you love from people
1:03
you trust? This
1:06
is tweaked. This.
1:12
Is Security now? Steve Gibson
1:14
Episode Nine Hundred Sixty Seven
1:16
Recorded Tuesday, March Twenty Sixth.
1:18
Twenty Twenty Four. Go.
1:20
Fetch. This. Episode
1:22
of Security Now is brought
1:24
to you by Bit Warden
1:26
the password manager offering a
1:28
cost effective solution that can
1:30
dramatically increase your chances of
1:32
staying safe on. Line.
1:35
But Warden has just launched a new
1:37
feature I love this called Inline Auto
1:39
Fill. The. Makes it easier than ever
1:41
to log into web sites. I know is
1:44
when it happened I went oh this is
1:46
great. A dropdown menu will appear when you
1:48
select a user name or password field and
1:50
most sites letting you quickly choose which log
1:53
in you wanna use. Clicking on the log
1:55
in or of fills the username and password
1:57
and you're in. And by the way if
1:59
you're. The site. I. Know I
2:01
use it with Google. I use it with
2:03
a kid hub that supports pass keys Ula.
2:06
you'll like it even better. Click the length
2:08
as as use your pesky bit. Warden can
2:10
store all your past east which is nice
2:12
to bring it with you to every platform
2:14
but wardens on instant larger. If your current
2:17
user you gotta turn this feature on the
2:19
auto So feature. Go to settings and select
2:21
auto, fill the news the drop down box
2:23
and show auto so menu in the form
2:25
fields to pick which option works best for
2:28
you. It's loves a I love about the
2:30
or. A. Are they give
2:32
you a choice? It's open source software
2:34
which means it's free for life for
2:36
individual users and that means many passwords
2:38
is he was many devices you once
2:41
you've even use pass keys and hardware
2:43
and so the case and keys and
2:45
the Qb keys free forever be or
2:47
name by Wired is best For most
2:50
people honored by Fast Company is twenty
2:52
one of the twenty twenty three brands
2:54
that matter and security and it's the
2:56
only password Manager Steve and I use
2:59
them. Wonder Bit Warden is the. Open
3:01
Source Password Manager trusted by millions.
3:03
Get started with that words. Free
3:05
trial of a team. Or.
3:08
Enterprise Plan or get started for
3:10
free across all devices As an
3:12
individual user. Bit. warden.com/twist.
3:16
That's been warden.com/to it.
3:20
Is. Time for security. Now you say
3:22
the time I look forward to. All.
3:25
Week in this case for last three
3:27
weeks. Thank you to make the surgeon
3:29
for Silliman Steve Gibson the man about
3:31
town is here. talks as your as
3:33
he. Might. To did a great job.
3:36
He at help around the the alert and was
3:38
engaging and and good. I'm glad you like him
3:40
because in about a year he's going to be
3:42
in charge of the whole damn thing. I
3:46
notice you do in the Leonard Nimoy
3:48
salute. Does one say it's live long
3:50
and prosper day? Leonard Nimoy, his birthday.
3:52
Would be today March Twenty six. So.
3:55
That my boy he was born and thirty
3:57
one I think l. L. And
4:01
last time we saw abuse look at
4:03
it to via know he him he
4:05
in the old Captain Kirk are still
4:07
is the morning so live I thought
4:10
he'd past he stole that's right I
4:12
remember he did as of yours is
4:14
well I haven't yet and he and
4:16
I have the same birthday oh you
4:18
were organized thirty one however no no
4:21
no no that happened today I did
4:23
I know had happy birthday. While.
4:26
You are, So that means you're You're four
4:28
months older than me. Yes
4:30
I am as well as and a
4:32
couple years right or no a mid
4:35
I'm November Fifty six, your March Fifty
4:37
Five. So yet around one year and
4:39
in a few months? okay yeah. So
4:43
a happy birthday good Do anything special to
4:45
celebrate. Thank you add of wait We initially
4:47
had some plans to go have a fancy
4:49
dinner but you know I but I said
4:51
the to. Laurie. Yesterday I
4:53
said, you know. That is would
4:56
rather have a nice steak at home
4:58
so altitude even. Yep some beautiful stats
5:00
was he said actually does it make
5:02
a great wisely and it's aftermath of
5:04
the was it a super You know
5:06
you'll be. Yeah. But we are
5:08
When I was a kid my mom
5:10
there's a birthday dinner that was the
5:13
same every year my mom would make
5:15
for as I look forward to those
5:17
wonderful yellow. Happy though we have a.
5:20
Mendis. Podcast. Today
5:23
of course it's titled Go
5:25
Fetch which is. The.
5:28
That name that's been given. By.
5:31
The. I. Would call
5:33
it the discovers but as
5:35
sort of the rediscovers because
5:37
they first stumbled onto this
5:39
two years ago. Oh interest
5:41
Oh, brought it up. And.
5:43
In fact, my theory is it's the
5:45
reason that the M Three chip has
5:47
a switch. Which. What? M
5:50
One and M Two dozen members. Because.
5:53
They kind of scared apple but
5:55
then, but they weren't really able
5:57
to make a strong case. Well,
6:00
Why that case been made Now and veg.
6:02
We're gonna start off when we talk about
6:04
this theory and and as to have an
6:06
hour so. About
6:09
how wound up that tech
6:11
press has gotten and l.
6:13
Miss. Wound because boy did they get
6:15
it wrong. But we'll have some fun with
6:18
that. And and again, this is Gabi. One
6:20
of our listeners favorite types of episodes because
6:22
it's gonna be a deep dive. So did
6:24
out your propeller tap beanies and why them
6:27
up? Because we're I'm you. By the time
6:29
were done, Every. One is
6:31
gonna understand exactly what happened.
6:34
Why? It happened to how it happened.
6:36
What it means. And.
6:39
Like you do, kids get up, go to
6:41
a cocktail party and really put your friends
6:43
to sleep. Well I've
6:45
been seeing as we been talking about obviously.
6:48
Orbs, On trade and to they a
6:50
metric weekend Amazon you know? I'm sure Steve
6:52
will cover this and I'm and much more
6:54
accurately. And much more granular is
6:56
so soon industry now today. Such a bad
6:59
idea. Only one I don't coordinate with you.
7:01
I just figured oh, he's going to jump
7:03
into this one so go say I'm also
7:05
gonna jump it briefly. Because.
7:08
I'm not a legal scholar or experts
7:10
to live. A couple of to say
7:12
about the Us Department of Justice's anti
7:14
Trust suit against Apple. There are so
7:17
arguments the they'll make about that. Our
7:19
security related zone says it's hands on
7:21
on us. A little bits about just
7:23
sort of have a little sort of
7:26
an overview of of that. and you
7:28
know, capitalism and monopolies and so forth.
7:30
Us We're going to update on General
7:32
Motors Autumnal. Have you heard about this
7:35
Leo? This astonishing violation of their car
7:37
owners privacy. Oh boy. Oh.
7:39
Boy as unbelievable us. Also we're
7:41
going to look at were answered
7:43
the question. What? Happy news
7:45
is Super Sushi Samurai's solas really up
7:48
to their a day I don't I
7:50
was at his okay whether Apple were
7:52
also good or will look at whether
7:54
Apple has a band that it's plans
7:56
you are talking about. This is the
7:58
and Mack break actually. For his
8:00
home kit, compatible routers and of
8:02
what appears to be shaping up
8:04
to take their place. Will.
8:07
Are private networks? Oh this
8:09
is cool. Gonna be receiving
8:11
their own domain names. I
8:13
can has been busy and
8:15
if so what is it
8:17
or the Un has spoken
8:19
out about a I've does
8:21
anyone care and what do
8:23
I think the prospects are
8:25
of us controlling a I
8:27
what's significant European country just
8:30
blocked telegram Also what did
8:32
the just finished twenty twenty
8:34
four posts to own competition
8:36
teachers. Once again, Might.
8:39
The U S be hanging back.
8:42
Against. China as they are
8:44
against us. I've long been bemoaning
8:46
the fact that we never hear
8:48
anything about the other Direction. Well,
8:51
we've heard something and after a
8:53
bit of interesting spin, right, update
8:55
news that a bit of feedback
8:58
from our listeners. As I said,
9:00
we're gonna spend the rest of
9:02
our time looking into last week's
9:05
quite explosive headlines about the apparently
9:07
horrific and six civil toxic flaws
9:09
in Apple's M series. A similar.
9:12
To on. Just how bad
9:14
is it? Okay
9:16
good as I've been saying don't worry but
9:18
will buy that was or where the real
9:20
expert has to say in a just a
9:22
little bit. I look forward to that are
9:25
course we do have a fantastic picture of
9:27
the we as courtesy of our marvelous listeners.
9:29
A great life fact I think something everybody
9:31
why want to adopt a threat. But
9:34
first let me tell you as a
9:37
you definitely want to adopt which is
9:39
our favorite little honey pot. Thinks.
9:41
It's canary Now The canary is
9:43
designed by as I'm a very
9:46
smart fellows who for years talk
9:48
governments and companies, how to avoid
9:50
break ins actually be taught him
9:52
how to break into computers. Some
9:54
cases they've learned a lot and
9:57
they know the one of the
9:59
biggest. Read. To. You
10:01
and your network and me in mind that
10:03
work until all of us is not. You
10:05
know the perimeter defense keeping the bad guys
10:08
out as we know that they eventually they
10:10
get in. or maybe you've got a malicious
10:12
insider the biggest or it is not knowing
10:14
that there there and we hear about breaches
10:16
all the time or companies say year they've
10:19
been in their six months a year. In.
10:21
Some cases a couple years and we
10:23
didn't know what. And. Boy
10:25
what bad guys can do if they
10:28
have untrammeled. Access to everything
10:30
inside your network. Amazing. X will
10:32
trade information. that's why they ran
10:34
somewhere now. Extorts you are you
10:36
know before they encrypt you, helps
10:38
them do their encryption job of
10:40
finding at all places you back
10:42
stuff up but see if you
10:44
have a things to canary or
10:47
two or three in your network
10:49
that some banks begun. Prices have
10:51
hundreds. You got the best defense
10:53
against malicious insiders and hackers have
10:55
gotten because the minute they see
10:57
that canary they're going Think. It's
10:59
something. Valuable. Not vulnerable,
11:01
valuable and I I yes sir for
11:03
this and we have not been patched
11:05
lately or a network attached. storage devices,
11:07
skaters device, all kinds of thing can
11:10
be anything. a linux box so you
11:12
can light it up like Christmas tree.
11:14
Every service turned on our judiciously just
11:16
turn on a couple knowing that the
11:18
bag as going to say oh i
11:20
can get into this one but the
11:22
minute they touch it. The.
11:24
Minute they try to log in or x
11:26
access said server or open. as far as
11:28
you can also create files he spread over
11:31
your network, you're going to get know sick
11:33
is. Just a notifications that
11:35
matter. Very. Few false
11:37
positives. We've had things canaries running and our
11:39
network for some time never have had a
11:41
false positive. the one time that went off.
11:44
In. Something like five or six years and
11:46
one time went up. There really was something
11:48
scanning all the ports on a network. Turns
11:50
out was inside the network. Who's a. Of
11:53
road device that we are reviewing.
11:56
Sound right away before could do any
11:58
damage. thank you Think. Canary. If
12:02
someone's asking your lures accessing your lore
12:04
files as trip wires is around. Then
12:07
by the way, they can be Pts.
12:09
They can be Excel file or they
12:11
look like Pts Excel files. And soon
12:13
as a bad guy goes on the
12:15
openness, I'm examine this. Let's see what
12:17
this is. You're going to get that
12:19
notification says they try to log into
12:21
your fake Internet Ssh or internal Ssh
12:24
server. They're going immediately. Get. A
12:26
notification to you choose a profile for you
12:28
things canary device by the way you can
12:30
change it. It's fun to play with. it
12:32
is there are hundreds to choose from. It
12:34
even emanates so accurately. Get down as a
12:36
Mac address you know my son knowledge he
12:38
fakes and algae mass honey pots actually as
12:41
as analogy mac address. On. The
12:43
Dsm as up today's Dsm seven. It
12:46
looks real as authentic looking. It's really
12:48
incredible. Yeah, yeah, yeahs. sappy things. canaries.
12:50
choose the device you want. takes a
12:53
second. You. Register with the hosted
12:55
console for monitoring and as occasions and you
12:57
done new a. Bad.
12:59
Guy in your system, militias, insiders. any
13:01
adversary will immediately let themselves know because
13:03
that's what does look for. It had
13:05
stuff you spread around. The
13:08
thinks it's canary is
13:10
genius. Visit Canary.to/twit. As.
13:13
I said the number yeah have
13:15
may vary the start with size.
13:17
Good starting point seventy five hundred
13:19
dollars a year. The very affordable
13:21
you get five of them. your
13:23
own hosted console yet upgrades, support
13:25
maintenance. Still where you don't have
13:27
to use their console by the
13:29
way of for notifications, email text,
13:31
web hooks, slats. ah there's in
13:33
a P I A. The Sky's
13:35
the limit. You get notifications anyway
13:37
you prefer. Okay, Assist
13:40
lot yeah. Supports Islam. If
13:42
you use the code twit in the how did
13:44
you hear about as bucks by the way, ten
13:46
percent off. Forever. And
13:49
if you're all nervous, he should be
13:51
reassured. You can return your things canaries
13:53
for a full refund any time in
13:55
the first sixty days is a two
13:57
month full money back guarantee. But I
13:59
have to tell. We've
14:01
They've been advertising on his show for years
14:03
and all that time nobody has ever asked
14:05
for their money back. It's once you get
14:07
install and you see how easy it is
14:09
and and any see the need for it.
14:12
Everybody. Says this is the best thing ever. Said.
14:15
If you go to Canary.tools/love you can
14:17
see all the love people have four
14:19
and the Canary Canary that tools less
14:22
tweets to sign up he gets your
14:24
offer code tweet in the how do
14:26
your best bucks for ten percent off
14:28
you gotta have this thing Canary! Dot.
14:31
Tools. Sake
14:34
of so much for supporting Steve's
14:36
vital work here. And. Security
14:38
Now. So a
14:40
picture of the week time. So.
14:43
For. All. My
14:45
Life. Leo. I'm. I
14:47
have found coat hanger wire.
14:50
To be really convenient. So
14:52
useful. Or is and know
14:55
used to get the that the coat hangers
14:57
the from the I back from the dry
14:59
cleaners with your shirts on them and ever
15:01
they'd laugh at have a a little bit
15:04
of a paper wrapping on and but you
15:06
can take that off but that that gauge
15:08
of coat hanger is perfect me you can
15:10
get banned in all kinds of use only
15:13
rain at picking up birth to hook up
15:15
or ring that somebody lost her exactly as
15:17
suggests actually you know it's at it's just
15:19
super has have out here we have. Applications
15:23
that I would not recommend by I
15:25
think this is eyeing my sex Don't
15:27
you think everybody should do this? Or
15:34
is so philo words are going
15:36
to value. So so somebody has
15:38
has has a a U s
15:41
be charging cable air which is
15:43
way too long and maybe they
15:45
needed to be lawn but this
15:47
is like a neat nick person
15:50
and I think we're seeing sort
15:52
of a seem here because they've
15:54
they've they've. Coiled up this
15:56
way too long I may dislike.
16:00
Fifteen feet of of us be charging cable
16:02
but you know you don't want of line
16:04
around on the floor right to they coil
16:07
that all up now. Okay now what he
16:09
didn't do you got those coil of us
16:11
be charging cables did he didn't hang it
16:13
somewhere. So. And it
16:15
does a really you can't really hang on the
16:17
charger because it'll fall off these to be more
16:20
secure than that. So this. Clever.
16:22
O C D person. Ah,
16:25
Dot hate. Ill
16:27
I've always found coat hanger
16:29
wire to be really handy.
16:32
For. Making stuff, So.
16:34
As a happy to have a pair of buyers
16:36
around so. Basically fashioned
16:39
this beautiful. I mean by
16:41
all measures this is a
16:43
beautiful husky. Spend some time
16:46
with his though pliers or
16:48
bending and curving is gorgeous.
16:51
Yeah is his grades and
16:53
boy does it worse as
16:55
a hook to hang around.
16:57
The wrong was of the
17:00
Apple five what charges goes
17:02
right around those beauty Verizon
17:04
of was lies the bravo
17:06
What I've I've never I
17:09
don't recall ever actually touching
17:11
that the the leaves of
17:13
my own litter to. A
17:16
to that this wire it it
17:18
must be. Bit. They are
17:20
that is coated with some sort
17:22
of a little an insulating. Is
17:26
it varnish is of zones or
17:28
isn't? Otherwise this would have already
17:30
exploded. Smashed
17:33
his own is susan Swedes here I
17:35
think the he is not switch sit
17:37
on yet Oh boy of I began
17:39
with that point of view I use.
17:41
As use put your shoes odd and use
17:43
a couple of hours to. I would have
17:45
turned this blog i another point. Because.
17:48
He looks like he really is, you
17:50
know, Oh Cd and careful he has
17:52
now this plugs upside down. Right?
17:58
Already got the yeah, did not. Highly
18:00
little fail. Not smiling. littered like
18:02
a little Hammerheads? Yeah, yeah, what's
18:04
going on That good? So anyway,
18:07
so just so people are, Begin.
18:09
The we haven't completely lost her
18:11
mind this. the the point is
18:13
that this hot has two legs
18:16
that go up. By. Up
18:18
behind. This. Us be
18:20
charger and then bed around.
18:22
You know, in use you
18:24
have to hang over the
18:26
two prongs of the A
18:28
C plug. Yeah there you
18:30
wire on wire on. Why?
18:33
is like they made it
18:35
for this. Oh it's
18:37
beautiful. I did it is. It is a
18:39
beautiful. Construction. But.
18:42
No. The menu for they would
18:45
have been would a heat up will
18:47
start to glow always and on our
18:49
this may have any meat Is this
18:52
the good news is all homes ever
18:54
made even when they had you know
18:56
screw them in fuses in the fuse
18:59
box in the basement. Where.
19:01
They had some cut out such
19:03
said if if if any circuits
19:05
suddenly do too much power rather
19:07
that is exploding in your face
19:09
down in the basement, something would
19:12
go home and and then you'd
19:14
now of course. What's.
19:16
What's you don't want is to run out
19:18
of uses. His
19:20
tenure as it know right there
19:22
was a little did was like
19:24
oh shoot we're not enough I
19:26
don't know why this views blue
19:28
but is it isn't so I
19:30
don't I see to be all
19:32
our fresh out of fuses hear
19:34
that was stick a parody and
19:36
novel access episodes of any of the
19:39
socket and screw the blown out
19:41
circle your the resort or blown
19:43
out through the on views on
19:45
top. Anyway, Yes
19:47
folks do not do this at home. The
19:50
only thing I did think leo is that
19:52
this there must be some some varnish. On.
19:55
This, but. He value
19:57
over time as it's use rights
19:59
Good. It moved back and
20:01
forth on riding on the
20:03
top of these the prongs.
20:06
opposes plug. At. It's
20:08
just gonna explode at some. Have her
20:10
put metal around the prongs of your
20:12
plugs. I learned that in an upgrade
20:14
when a nail on that knows he
20:16
has his we're we do have are
20:18
the queue the pits are cute. Up
20:20
for next week. Another goodies oh nice.
20:23
Variation is not the same. We don't
20:25
want to get repetitious here but will
20:27
I were going to have just as
20:29
much by with it. Somebody.
20:31
Yeah. Somebody. Told me
20:33
that that is the commercially preferred way
20:35
of installing a plug socket is upside
20:37
down like that. And. Then
20:39
somebody else in the discord says, that's how you
20:42
know it's a switch circuit. I've.
20:44
Never seen that before. But.
20:48
Just a movement reason. I'm saying that to preclude
20:50
all the email that you and I never. Have
20:54
some. Fun license. Liked her sins
20:56
say absolutely that you were hundred
20:58
correctly rescue her not overflowing my
21:00
inbox. I also hope that I
21:02
am not the subject of the
21:04
picture of the week next week.
21:07
Because. I installed
21:09
yes Yesterday we have a
21:11
a little lighting problem and
21:13
I and my brother and
21:15
last like electric work, electrical
21:18
work, I were installing a new
21:20
under counter lab and you see that switch
21:22
right there. and that said just rights of
21:24
on Reddit Joe there as he was installing
21:26
the wires he accidently backed into it and
21:28
switched it on and got a little bit
21:30
of a shock. Oh now yes
21:32
I see you're still worried. The avocado shirt
21:35
from Sunday I am wearing this was the
21:37
right after I got home Sunday they said
21:39
and in here and I am also wearing
21:41
his surprise of see. The. Most
21:43
useful device for at home handyman anywhere.
21:46
As you have you have a head
21:48
mounted lamp, a headlamp. Please
21:54
do not make that the picture the reason So
21:56
he comes as begging of you. Okay. Sometimes
22:00
when laurie oh you know when to look
22:02
at zoo well I've got no these are
22:05
the back of the the magnify oh that
22:07
we're gonna who and what do you were
22:09
that for Steve besides looking like an alien.
22:13
What? I'm what. I'm building. Things like this:
22:16
Oh guess you gotta get very close.
22:18
That's right are you soldering with those
22:20
on his? Those are little those a
22:22
little surface mount the podium and little
22:25
itty bitty so yeah yeah ah there's
22:27
that Apis along with said he was
22:29
a way to take that awful a
22:31
much to believe it or not we
22:34
have lose against us I saw last
22:36
Thursday march twenty first was it was
22:38
a by all measures a rough day
22:41
for Apple not only as I mentioned
22:43
to detect press explode with truly hair
22:45
on fire. Headlines about critical
22:47
and six Sibyl Unpalatable deeply
22:50
rooted cryptographic flaws rendering Apple's
22:52
recent M Series are based
22:54
Scylla taught in capable of
22:57
performing secure a cryptographic, operational
22:59
more capable. Can be done
23:01
which is the topic will be spending the rest
23:04
of the days podcast with yeah to some detail
23:06
if was we get this thing started. Ah. Because
23:14
actually super interesting. But before that
23:16
Also, last Thursday's the Us Department
23:18
of Justice was joined by fifteen
23:21
other states and the District of
23:23
Columbia, which which is it was
23:25
a state but isn't in a
23:28
lawsuit alleging that Apple has been
23:30
will slowly and deliberately violating Section
23:32
Two of the Sherman Anti Trust
23:35
Act. Now of the
23:37
city share five senses from the
23:39
D O J. His comments which
23:41
were delivered last Thursday they read
23:44
as our complaint alleges Apple has
23:46
maintained monopoly power in the smartphone
23:48
market, not simply by staying ahead
23:50
of the competition on the merits,
23:52
but by violating Federal anti Trust
23:54
law. Period. Consumers
23:57
should not have to pay higher.
24:00
Prices because companies break the law.
24:03
Okay, We allege that
24:05
Apple has employed a strategy
24:07
that relies on exclusionary any
24:09
competitive conduct that hurts both
24:12
consumers and developers. For consumers,
24:14
that is meant fewer choices,
24:16
higher prices, and seized lower
24:18
quality smartphones. Apps
24:21
and accessories and less innovation
24:23
from Apple and it's competitors.
24:27
For. Developers that as vent being
24:29
forced to play by rules
24:31
that insulate apples from competition.
24:34
Okay, Now. This
24:37
is not clearly a podcast about anti
24:39
trust law. We all know I'm not
24:41
an attorney, nor am I trained in
24:43
the law, so I had no specific
24:45
legal opinion to render here. However, I've
24:48
been a successful small business founder,
24:50
owner, operator throughout my entire life.
24:52
It's and I'm certainly a big
24:54
fan and believer in the free
24:56
enterprise system and in the principles
24:58
of capitalism. But
25:00
I also appreciate that
25:03
this system of competition
25:05
is inherently unstable. It
25:08
has a natural tendency for
25:10
the big to get bigger.
25:13
Through acquisition and the application of
25:15
economies of scale and leverage. That
25:18
same system that creates an
25:20
environment which promotes fair competition
25:23
can be abused once sufficient
25:25
power has been acquired. Those.
25:28
Of us have a certain
25:30
age have watched apple being
25:32
born. Them. Fall.
25:35
Only. To rise again from the ashes.
25:37
My. Own first commercial success was
25:39
the design, development, production and sales
25:42
of our high speed high resolution
25:44
like pen for the Apple To
25:46
which allowed it's users to interact
25:49
directly with the Apple Twos scream.
25:52
To my mind, there's no question
25:54
that as a society, we are
25:56
all richer for the influence that
25:58
Apple's aggressive person. Of perfection
26:00
has had on the world. Things.
26:03
As simple as product, packaging will
26:06
never be the same. But.
26:09
For some time we've been hearing
26:11
complaints about Apple's having taken this
26:13
to far. it's understandable for competitors
26:15
to complain and to ask the
26:18
government to step in a do
26:20
something. At some points
26:22
that becomes the government's very necessary
26:24
rules just as we saw previously
26:27
when the same thing happened with
26:29
Microsoft and some would argue ought
26:32
to happen again with Microsoft. For
26:34
many years, the Us government has
26:36
done nothing. While Apple has continued
26:39
to grow and continued to aggressively
26:41
use it's market power to increase
26:43
it's shareholders wealth, The question is.
26:46
When. Does use of market
26:49
power become abuse of market
26:51
power? The. Next few
26:53
years will be spent in
26:55
endless depositions at expert testimony,
26:57
working to decide exactly what
27:00
sort of cage apple needs
27:02
to be constrained within. One.
27:05
Thing we know is that
27:07
many of the arguments Apple
27:09
will be making on it's
27:11
own behalf will involve security.
27:13
The security inherent in it's
27:15
close messaging system, the inherent
27:17
security of it's close app
27:19
store. In all things
27:21
we've touched on many times
27:23
in this podcast, Apple will
27:25
allege that by keeping his
27:27
systems closed, it is protecting
27:30
it's users from unseen nefarious
27:32
forces. But. For example,
27:34
the presence of signal and
27:36
what's app in the app
27:38
store and on Apple devices
27:41
which creates freely and or
27:43
operable super secure A cross
27:45
platform messaging suggests that Apple's
27:47
own messaging technology could work
27:49
similarly if they wish to.
27:51
To. During. The news
27:53
coverage of this said Thursday I've
27:55
encountered snippets of evidence which suggests
27:58
that the government has obtained. Proof
28:00
of Apple's true motives
28:02
were: Apples technology has
28:04
been designed to support
28:06
Apples interests rather than
28:08
those of it's users.
28:11
In. Any event and. Maybe
28:13
those are aligned? That's really the
28:15
question, right? Or apples in present
28:17
as users interests Perfectly aligned. Nothing.
28:21
Is going to happen. On. This front
28:23
for a long time. Years will
28:25
pass and this podcast will be
28:27
well into four digits by the
28:29
time anything is resolved with a
28:32
D O J is anti trust
28:34
lawsuit The way things have been
28:36
going. It. Seems to me
28:38
much more likely that the laws
28:41
being written and it acted within
28:43
the European Union today will be
28:45
forcing apples hand long before the
28:48
D O J finishes making his
28:50
case. All that may eventually be
28:53
required will be for the for
28:55
the Us to force Apple to
28:57
do the same saying that they're
29:00
already doing in the In A
29:02
over in Europe here as well.
29:06
As for whether Apple design
29:08
so like on cannot perform
29:11
secured cryptographic operations. Is
29:13
something this podcast can speak to authoritatively
29:16
and will be doing so once we
29:18
caught up with the more interesting news
29:20
and feed the. I
29:23
always said back in the day. The.
29:26
Vegan was during. It's funny how you was.
29:28
Began this with the good old days of
29:30
Apple because back in the day when the
29:32
deliver justice was swing microsoft. I. Always
29:34
said if if Apple were as big and
29:37
powerful as Microsoft did be just as bad,
29:39
but they aren't. Like the animals
29:41
were business and money. Seven. And
29:44
now that they are even a little bit bigger
29:46
than Microsoft. Yeah. They're just as.
29:49
A. Scout even had him as it
29:51
is is exactly what happens as
29:54
is not anybody is a bad
29:56
person. it's it all mean that
29:58
they they argue that there is
30:00
the that the executives are you
30:02
that is their job to maximize
30:04
shareholder wealth. that's capitalism. Yes,
30:07
Exactly exactly. And so it. So it's
30:09
us. It's a fundamental property that there
30:12
needs that they're need to be constraints.
30:14
And of course in the Us we
30:16
have the Earth is boys a painful
30:19
death them. but it is. Interesting Allies:
30:21
The guy who were they saying that
30:23
his body was that the spin up
30:26
or another podcast and already been. I'll
30:28
keep track of this. So L O
30:30
lives are locked in a. I'm
30:33
not gonna bother with and no we're not
30:35
going to do it. you know know that
30:37
said it'll do on a meal on and
30:39
will mention a once in awhile Namibia right
30:41
it will. it'll varietal. This thing will go
30:44
for years of know it as if you
30:46
know exactly that happened with with Microsoft. So.
30:49
Ah, Last week. We. Shared
30:51
the A Difficult to be
30:53
truly difficult to believe. But
30:56
true story that General
30:58
Motors. Had. Actually been
31:01
sharing. And by sharing I'm
31:03
pretty sure the proper term
31:05
would be selling the detailed
31:08
driving record data. Of.
31:11
It's Cars Owners. Down.
31:14
To how rapidly the owners
31:16
car accelerated, how hard it
31:18
breaks, and it's average speed
31:21
from point A to point
31:23
B Lille. They literally have
31:25
instrumentation in there that is
31:27
monitoring. Everything. The
31:30
car does. And. On.
31:33
A on and these cars are
31:35
on all interconnect connected Now they
31:37
it was all being beamed back
31:39
back to Gm who it turns
31:41
out was selling it to Lexis
31:43
Nexis. Eight Eight
31:46
Joe Major Data Broker. And
31:49
way so. What? Happened was
31:51
the As and and this was as
31:53
I have. A.
31:56
New York Times or Wash it Opposing was
31:58
a New York Times. Peace last
32:00
week. the just blew the lid off
32:03
to some guy. I think he was
32:05
in Canada or maybe we just up
32:07
north Us. He saw his insurance go
32:09
up twenty one. Percent.
32:12
In one year, although he had never
32:14
been an accident. And.
32:17
At or at an end and
32:19
didn't have tickets. And
32:21
so what? He asked his insurance company
32:24
why they sort of hemmed and hawed.
32:26
It's ah, it's he. He'd also tried
32:28
don't get to obtain alternate insurance and
32:30
all the quotes that he got back
32:32
from from from competing companies were the
32:34
same. Finally, One. Of them
32:36
said well. You. Should check
32:38
your Lexis Nexis report. Because.
32:42
It's. A little worried about your drone so
32:44
now they're sick. Written like the credit report
32:46
is now a car driving report. But
32:49
yeah you know what? In some ways I
32:51
am not surprised. Insurance companies have for years
32:53
has offered good driver discussed in the past
32:55
used to have an app and stuff. I'm
32:58
not surprised to hear this and optionally installs
33:00
ally for like look low mileage drivers were
33:02
it would monitor if they I'm from resorts
33:04
about it on is out there but this
33:07
is good for you and me because insurers
33:09
instead of this guy who really is not
33:11
a safe driver pain is same as you
33:13
and me who drive like liberal men. Because.
33:16
We are ah we should
33:18
get reduced. Bright. And
33:21
they he should pay more. It's fair
33:23
I think. and. Should. It
33:25
be done without consent. Well.
33:28
In a way I bet you he
33:30
did consents. I bet you there's somewhere
33:33
a document that he something funny book
33:35
bag dar that said data's being collected
33:37
reduce other Mozilla report last year
33:39
we talked about it's about our cars
33:42
or privacy nightmare. That. Will
33:44
We're all wondering recently a how
33:46
your sexual habits we're being recorded
33:48
by other hard was like let's
33:51
say space it was is is
33:53
monitoring is suspended describing him as
33:55
you well know that comes. Okay
33:57
so the good news is this.
34:00
Reduced an outcry which
34:02
caused Gm to immediately.
34:05
Terminate. This. Conduct and
34:07
no doubt threats of lawsuits
34:10
were involved to us they
34:12
they they they said Gm
34:14
is is is immediately stopping
34:16
the sharing of this data
34:18
with his with these brokers.
34:20
Of the reports that after
34:22
public outcry General Motors has
34:24
decided to stop sharing driving
34:27
data from it's connected cars
34:29
with data brokers. Last week's
34:31
news broke that that customers
34:33
enrolled in Gmc on Star
34:35
Smart Driver apps. Have.
34:37
Had their data shared with Lexis,
34:39
Nexis, and various. Those data brokers
34:42
in turn shared the information with
34:44
insurance companies, resulting in some drivers
34:46
fighting a much harder or more
34:48
expensive exactly as you said, leo
34:50
to obtain insurance. To make matters
34:53
much worse, Customers allege. They.
34:55
Never signed up for on star Smart
34:57
driver and the first place claiming the
34:59
choice was made for them by sales
35:01
people during the car buying process year
35:03
and you know what becomes of the
35:05
car and you know it's good. It's
35:07
all for your safety that's why we
35:10
put him so that if you get
35:12
a regular for as the on start
35:14
button assess as right as were that
35:16
people will with people will come after
35:18
that were not big brother watching over
35:20
you know hours. Okay, so.
35:23
Let's us! Ah, I saw this bit
35:26
of happy crypto currency news that just
35:28
made me smile. It seems
35:30
that last week. The block
35:32
chain game. I. Didn't know you
35:34
had a be there was a block chain day. but
35:37
yes. So. What has made
35:39
a d about a block chain
35:41
at is called Super Sushi Samurai.
35:44
Super Sushi Samurai have
35:46
four point six million
35:48
dollars. Worth. Of it's
35:51
tokens stolen. However,
35:53
It's just. Reported that they have
35:56
all been recovered. So. What
35:58
Happened? They. Explained. That
36:00
the heck was actually the
36:02
work of a security researcher
36:04
who exploited a bug in
36:06
their code to move the
36:08
funds out of harm's way
36:10
to prevent future sister that
36:12
was on Op's That's Right
36:14
Is Was movement. a loosely
36:16
samurai described the incident as
36:18
a white hat rescue and
36:20
as ended up hiring to
36:23
the White Hat to be
36:25
a technical advisor. So.
36:27
That's what I call a G
36:29
rated a happy ending. Okay,
36:32
but I believe it. Why
36:34
not as Sun and also
36:36
you you you guys touched
36:39
on this lot on Mac.
36:41
Brits are Apple insider. Has.
36:43
Some interesting coverage about Apple's
36:46
apparently failed initiative to move
36:48
their home kit technology up
36:50
into home routers. Of
36:53
I was a fan of this
36:55
since it promised to provide router
36:58
in forced into a device. Traffic
37:01
isolation and the only place that
37:03
to really be accomplished is at
37:05
the router. Our. Listeners know
37:07
that I've been advocating for
37:09
the creation of isolated networks
37:11
so that I O T
37:13
devices will be kept separate
37:15
from the households Pcs. But.
37:18
What Apple proposed five years
37:20
ago back and twenty nineteen would
37:22
have additionally isolated each I
37:24
O T device. Like
37:26
with. That level of granularity from
37:29
all the others. So.
37:31
Here's what Apple Insider explained. They
37:34
said Apple's Home Kids Secure routers
37:36
were announced and twenty nineteen but
37:38
more. never really taken up by
37:40
manufacturers and now some vendors are
37:42
claiming app lose, no longer pursuing
37:44
the technology and will get to
37:46
wire in a minute. Home Kit
37:48
secure routers a row were introduced
37:50
by Craig. For. Us. And
37:54
a Reagan salary. The I know is they
37:57
ice. The problem is the I'm a big
37:59
Star Trek. And I wanted a for
38:01
ring deal with. The
38:06
over there. Glasses
38:08
stop and say as it
38:10
is not for into commodities
38:13
such as a matter of
38:15
just as wow so perfect
38:17
century he at Worldwide Developers
38:19
Conference twenty nineteen and in
38:22
the same breath as at
38:24
at had the same time
38:26
they introduce home kits, secure
38:28
video. The manner that
38:30
is hoped it's gear video took time to
38:33
reach the market but it was used and
38:35
manufacturers adopted. It's even if others would not.
38:38
Okay, Now. During. This year's
38:40
just happened. see as Twenty Twenty
38:43
Four. Two. Router
38:45
vendors separately told Apple Insider that
38:47
Apple is no longer accepting new
38:49
routers into it's program. If that
38:52
claim is correct and it probably
38:54
is, it's It came from the
38:56
same rejected manufacturers Given the lack
38:58
of home kits secure routers on
39:01
the market lot is in five
39:03
years, not much happens. It appears
39:05
that Apple's has abandoned the ideas
39:07
even though Apple still has active
39:10
support pages on the matter of
39:12
so ever. Apple Insider noted. That
39:14
is also has support pages on airport
39:16
routers to and who's are. As they
39:18
put, it's a dead as a doornail
39:21
is really are dead Yeah. A
39:24
Final: I was so excited that Apple
39:26
would offer the security standards that we
39:28
could you know have some confidence in
39:30
the security and and frankly that room
39:32
where update ability of our routers. It's
39:34
a little disappointing. To. Me. Anyway,
39:36
it's not going to happen as
39:39
odd as it did they, they
39:41
backed out. Apple Lives are them?
39:43
In a long story short of
39:45
pulled the route. The various routers
39:48
that Apple listed. There is one
39:50
Lynxes, Vela up a X, Forty,
39:52
two hundred and an amplify. Aly
39:54
and Router are apparently the only
39:57
two that that are currently listed
39:59
by Apple as being support. Did
40:01
the the Ah hero has a
40:04
notice saying that it's Ero Pro.
40:06
Six Eat and Six Plus do
40:08
not support Apple home kits and
40:10
they have no plans to offer
40:13
Apple home kit router functionality anyway.
40:15
So it you know not everything
40:17
that gets announced happens and. Asking.
40:20
Router manufacturers to modify
40:23
their firmware to incorporate
40:25
the required home kit
40:27
functionality. And. It appears
40:29
that it may have taken some significant.
40:32
Customization. It was just
40:34
never gonna get off the ground. And.
40:38
This is probably for the better. Since.
40:41
It appears that we have
40:43
already and oh thank God
40:46
blessedly quickly moved beyond disparate,
40:48
proprietary closed I O T
40:50
ecosystems which it all is.
40:52
Where it looks like we're
40:54
headed with Amazon, Alexa, an
40:57
Apples Home Kit, and Google
40:59
Home and Samsung Smart Things
41:01
all creating their own. Let's
41:03
do our own thing. All
41:06
the buzz appears and now
41:08
be surrounding the interoperability technology
41:10
known. As matter. This
41:13
was formerly known as Chip
41:15
which stood for Connected Home over
41:17
Ip. now been rebranded as
41:19
Matter and every appears to be
41:21
seeing the light. Nobody wants
41:23
to be left out. all those
41:26
guys I just mentioned Al
41:28
Amazon with Alexis, Apple with their
41:30
Home kit, Google with Home
41:32
and Samsung. Smart Things are all
41:35
supply have announced and are
41:37
supporting Matter. It's now at version
41:39
one point to open Open
41:41
Source License. Free Anyone can create
41:43
matter compatible devices if they follow
41:46
the spec they will in or
41:48
rate and more than five hundred
41:50
and fifty companies have a doubts
41:53
their commitment to Matter So. It
41:55
all this is done right. I mean
41:57
that at all of the biggies. Gonna
42:00
be supporting matter. They really have no choice at
42:02
all at this point. I just I wanted to
42:04
make sure I brought it up because I wouldn't.
42:07
Purchase. Something. You. Know
42:09
that that random Ac plug that I
42:11
got for her shockingly arrows dollars or
42:14
something. It's amazing. How could this be
42:16
a killer? That and exercise such? It's
42:18
a plastic in the fall and the
42:20
day the other problems would cost four
42:23
dollars does with our back on your
42:25
driving habits. However, so that I'd it's
42:27
fall ask a little eyeball and at
42:29
the second I was around the room.
42:32
kind of freaky but soon after have
42:34
though I mean a thing about Apple's
42:36
a home kits router standard was it
42:38
had security. Requirements built him
42:41
and I, but Met does matter. Have something
42:43
like that's what they were, that you're right.
42:45
That's what they were going to produce. As
42:47
a Matter is about interconnectivity, rights, rights, and
42:50
whoop. Which is not to say it couldn't
42:52
be made more secure. But the ah, that's
42:54
not their focus, right? Elio.
42:57
we're having so much fun I
42:59
think we should take a break
43:01
so that I can a recap
43:03
and eight I've is I don't
43:05
need more caffeine but what that's
43:07
funny was breaks that was in
43:09
your mind is as how it
43:11
works. successor are so they brought
43:14
you buy Pan Optic her pan
43:16
optical. Cisco's Cloud Application Security Solutions
43:18
provides and and life cycle protection
43:20
for cloud native application environments. It
43:22
empowers organizations to safeguard their A
43:24
P Eyes service functions containers. And
43:27
communities environments and Optic ensures
43:29
comprehensive cloud security compliance and
43:32
monitoring and scale, offering deep
43:34
visibility, contextual risk assessments, and
43:37
actionable remediation insights for all
43:39
your cloud Ss Powered by
43:42
grass based technologies, Pen Optic,
43:44
as attack pass engines, prioritizes
43:46
in, offers dynamic remediation for
43:49
vulnerable attack vectors. A big
43:51
security teams quickly identify and
43:54
remediate potential risks across cloud.
43:56
Infrastructures: A unified cloud native
43:59
security plan Warm minimizes gaps
44:01
are multiple solutions providing centralized
44:03
management's and reducing non critical
44:06
vulnerabilities from fragmented systems. Pan
44:08
Optic that utilizes advanced attack
44:11
pass analysis, root cause analysis,
44:13
and dynamic remediation techniques to
44:15
reveal potential risks from an
44:18
attackers' viewpoints. This approach identifies
44:20
new and known risks, emphasizing
44:22
critical attack paths and their
44:25
potential impact. His. Insides Unique
44:27
and difficult to glean from other
44:29
sources of security telemetry such as
44:32
network firewalls. To get more information
44:34
on Pen Optic as website: Pen
44:36
Optic A.app. More. Details on
44:38
pen optic as website and
44:41
Optic A.ap. Rees
44:43
a pen of the go
44:45
for their support over security.
44:47
Now back to seize. Thank
44:51
you my friend. Okay, In
44:53
a cool bit of news, I
44:55
can, the Internet Corporation for Assigned
44:58
Names and Numbers is gonna make
45:00
an assignment. Ah, it's in the
45:03
process of designating and reserving. Get
45:05
this: a top level domain. Specifically.
45:09
For use on private internal
45:11
networks. And. Other words
45:13
are ten.and are one nine to.one
45:15
six eight dot networks and is
45:17
a seventeen dot sixteen thing in
45:20
their to will be obtaining an
45:22
official T L D. Of.
45:24
Their own. So. Local
45:26
host may soon be less lonely.
45:29
Here's the executive summary which
45:31
explains the lays out the
45:33
rationale behind I Can plans
45:35
they wrote in this document.
45:38
The Ss A see that's
45:40
the Security and Stability Advisory
45:42
committee because he stops what
45:44
you want in your internet
45:46
is some security and stability
45:49
advising. They recommend the reservation
45:51
of a Dns label that
45:53
does not and cannot correspond
45:55
to any current or future
45:57
delegation from the. root zone
46:00
of the global DNS which is the
46:02
very we're
46:05
going to get our own dot something
46:07
TLD they said this
46:09
label can then serve as
46:11
the top level domain name
46:13
of a privately resolvable namespace
46:15
that will not collide with
46:17
the resolution of names delegated
46:19
from the root zone that
46:21
is you know the the public DNS root zone
46:24
in order for this to
46:26
work properly this reserved private
46:28
use TLD must never be
46:31
delegated in the global DNS
46:33
root currently many
46:35
enterprises and device vendors make ad
46:37
hoc use of TLDs that are
46:40
not present in the root zone
46:42
when they intend the name for
46:44
private use only this
46:46
usage is uncoordinated and can
46:48
cause harm to internet users
46:51
oh my the DNS has
46:54
no explicit provision for internally
46:56
scoped names and current
46:58
advice is for the vendors or service
47:00
providers to use a subdomain of a
47:03
public domain name for internal
47:06
or private use using
47:08
subdomains of registered public domain
47:11
names is still the best
47:13
practice to name internal resources
47:15
the SSAC concurs with this
47:17
best practice and encourages enterprises
47:19
device vendors and others who
47:22
require internally scoped names to
47:24
use subdomains of registered
47:27
public domain names wherever possible
47:29
however this is not always
47:31
feasible and there are legitimate
47:33
use cases for private use
47:35
TLD and I'll just note that
47:37
you know for example an individual
47:40
could register a domain with
47:42
hover who I don't know if they should
47:44
if they're still a sponsor of the twit
47:46
network they are still my domain name provider
47:49
I've moved everything away from network solutions I
47:51
agree it came clear I don't think they
47:53
respond anymore but we still love them yep
47:56
they're the right guy yeah anyway so you
47:58
know Johnny Applesey You
48:00
could get that. Of course you can't get dot
48:02
Johnny Apple Seed so that wouldn't work.
48:05
But you could get a
48:09
dot com or some inexpensive
48:11
subdomain of some established top
48:13
level domain and just use
48:15
that for your own purpose
48:17
because you have that subdomain,
48:19
nobody else is going to
48:21
be able to use it
48:23
publicly. So you're safe. So
48:25
that's what these guys are
48:27
saying. So they
48:29
continue the need for private use
48:31
identifiers is not unique for
48:33
domain names. And
48:36
a useful analogy can be drawn
48:38
between the uses of private IP
48:40
address space and those of a
48:43
private use TLD. Network operators use
48:45
private IP address space to number
48:47
resources not intended to be externally
48:50
accessible and private use TLDs
48:52
are used by network operators in a similar
48:54
fashion. This document proposes
48:56
reserving a string in
48:59
a manner similar to the current use
49:01
of private IP address space. A
49:03
similar rationale can be used to reserve more
49:05
strings in case the need
49:08
arises. Okay, so they go
49:10
on and on. Anyway, finally, after all
49:12
the bureaucratic boilerplate has settled down, ICANN
49:15
wrote, the internet
49:17
assigned numbers authority
49:19
IANA has made
49:21
a provisional determination that
49:24
dot internal should
49:26
be reserved for private use and
49:29
internal network applications. Prior
49:32
to review and approval of this reservation
49:34
by the ICANN board, we're seeking feedback
49:36
on whether the selection complies with their
49:39
specified procedure from SAC 113, more
49:42
bureaucracy, and
49:45
other observations that this string would
49:47
be and to verify
49:51
that it would be an appropriate selection for
49:53
this purpose. So it's all
49:55
but certain that dot
49:58
internal will be reserved and
50:01
will never be used for any
50:03
public purpose and therefore it
50:05
would be safe for anyone to start using
50:08
it for any internal purpose. Yeah, I think
50:10
I have. Very cool. Dot internal. And
50:12
I saw some commentary saying, well it
50:15
only took 30 years. That's
50:19
true. That is true. Okay, so last Thursday as I said
50:21
earlier was a very busy day. Not
50:28
only did the DOJ announce their
50:30
pursuit of Apple and Apple's M-series
50:33
silicon was discovered to be useless
50:35
for crypto, but the
50:37
United Nations General Assembly adopted
50:40
a resolution on artificial intelligence.
50:43
Not that anyone cares or that anyone
50:45
could do anything about AI in any
50:47
event. But for the record, UN officials
50:50
formally called on tech
50:53
companies to develop safe
50:55
and reliable AI
50:57
systems that comply with international
50:59
human rights. And I
51:02
love this. They said quote, systems
51:04
that don't comply should
51:06
be taken offline. So
51:09
you know if you have a mean AI,
51:11
just unplug it folks. Officials
51:14
said the same rights that apply
51:16
offline should also be
51:18
protected online, including against AI
51:20
systems. I've
51:22
never said much about AI here.
51:25
Just as I'm not trained as
51:27
an attorney, I do not have
51:29
any expertise in AI systems. What
51:31
I do have however is stunned
51:33
amazement. As
51:35
they would say over in the UK, I
51:38
am gobsmacked by what
51:40
I've seen. It is impressive, isn't it? Oh
51:43
my god. You know I haven't ever asked you, and we talk about
51:45
it all the time on the other shows, but what do you think
51:47
the future holds? Well here I
51:49
come. So
51:53
what I may lack in expertise
51:55
appears to have been made up
51:58
for by my intuition. Which
52:01
has been screaming at me
52:03
ever since I spent some time
52:06
chatting with chatgpt4. My
52:09
take on the whole AI mess
52:11
and controversy can be summed up
52:13
in just four words. And
52:15
they are, good luck restraining
52:18
anything. Yeah, that's my attitude.
52:21
Exactly. Yes. I
52:23
doubt that any part of
52:25
this is restrainable. At
52:28
some point in the recent past, we
52:31
crossed over a tipping point. And
52:34
we're seeing something that no one
52:36
would have believed possible even five
52:38
years ago. Everyone
52:40
knows there's no going back. Only
52:44
people who have not been paying attention imagine
52:46
that there's any hope of controlling
52:49
what happens going forward. I
52:52
don't know and I can't predict what
52:54
the future holds, but whatever is going
52:56
to happen is going to happen.
52:59
And I'm pretty sure that it's bigger than
53:01
us. We're
53:03
not a sufficiently organized
53:06
species to be able
53:08
to control or contain them. Look
53:12
how well we've done with the nuclear proliferation.
53:16
And that's still incredibly hard to
53:19
purify enough plutonium to
53:21
make a bomb. It's
53:23
trivially easy. And
53:26
the process is well, well known to make
53:28
an LLM. It's
53:31
out. It
53:33
would be like government saying, whoops, stop
53:36
exporting crypto. Like, what? Exactly.
53:39
Yes. So,
53:42
Leo, you and I are on the same page. And
53:46
if we don't do it, we
53:48
know North Korea is not sitting around doing
53:50
nothing. They apparently have quite smart people. It
53:53
annoys me that they're so good
53:55
at hacking. But boy, they are
53:57
serious hackers. And so, you know.
54:00
It's gonna happen. It
54:02
is. I would argue
54:04
it already has. And
54:07
we just haven't dawned on
54:09
us yet. Yeah. Right? Like
54:12
there's some inertia of recognition. But, yeah.
54:15
For one, I'm excited. I
54:17
mean, this is sci-fi. We're gonna live in,
54:19
I think I might even live to see
54:21
it, a very weird and
54:23
different future. It's coming. Yeah.
54:26
It's gonna be fun. Buckle
54:28
up. Buckle up. That's
54:31
exactly right. That's exactly
54:33
right. Okay, so
54:35
a few more points to get to. In
54:38
a somewhat disturbing turn, Spain
54:41
has joined the likes of
54:44
China, Thailand, Pakistan, Iran,
54:46
and Cuba to be
54:48
blocking all use of and
54:50
access to telegram across its
54:53
territory. This came
54:55
after Spain's four largest media
54:57
companies successfully complained to the
55:00
High Court in Spain that
55:02
telegram was being used to
55:05
propagate their copyrighted content without
55:07
permission. A judge
55:09
with Spain's High Court had asked
55:11
telegram to provide certain information relating
55:14
to the case, which apparently telegram
55:16
just blew off and ignored. They
55:19
chose not to respond to the judge's request. So
55:22
he ordered all telecommunications carriers
55:24
to block all access to
55:26
telegram throughout the country. That
55:28
began yesterday. So
55:32
it's a problem. I'd be very interested to see how
55:35
this holds up because I heard that
55:37
about a third of Spain uses
55:39
telegram. Yes, it
55:41
has already created a huge ... Yes,
55:43
there's a huge consumer backlash against this
55:46
as one would expect. Yes, I remember
55:48
Brazil tried to do this and they
55:50
ended up having to back down. I think it was for WhatsApp, but
55:53
they ended up having to back down because we can't
55:55
communicate. What are you doing? Well,
55:58
have you seen the movie Brazil? The only I'm
56:01
gonna rise animal problem that
56:03
was Pads Right Tests Wonderful!
56:05
My last week Vancouver held
56:07
It's Twenty Twenty Four Ponder
56:09
Own hacking competition. One.
56:11
Security researcher by the
56:14
name of Manfred Paul
56:16
distinguished himself. By. Successfully
56:18
exploiting get this. All.
56:21
Four of the major web
56:23
browser platforms. He
56:26
found exploits in Chrome,
56:28
Edge, Firefox, and Safari.
56:31
He became this year's master
56:33
of bone and to com
56:36
two hundred and two thousand,
56:38
five hundred dollars in prize
56:40
money overall. And here's really
56:42
the lesson. That. Competing
56:44
security researchers. Turned
56:47
hackers, Successfully. Demonstrated
56:50
Twenty nine. Previously.
56:53
Unknown: Zero days. During.
56:56
The contest and took home
56:58
a total of one point
57:00
One million dollars in prize
57:02
money. That money chemical companies
57:05
that their polling pretty much
57:07
right. Yes, Yes, Twenty Nine.
57:09
Okay, Twenty nine Previously unknown
57:11
Zero Days. Words. Found
57:14
in demonstrated. To
57:16
me this serves to demonstrates why
57:19
I continued to believe that the
57:21
best working model. That's
57:23
been presented for security and
57:25
okay, yes, I'm the one
57:28
who presented it is ferocity.
57:30
Piss poor ah, City or
57:32
Raphael. We. Don't want it
57:34
to be. But. Security is
57:37
porous. How else can
57:39
we explain that? One lone
57:41
research: Soccer is able to
57:43
take down all four of
57:45
the industry's fully patched browsers
57:48
whenever someone offers him some
57:50
cash to do so. and
57:53
that overall twenty nine
57:55
new previously unknown zero
57:58
days were revealed when
58:00
others were similarly offered some
58:03
cash prize incentive. You
58:06
push hard and you get in. That's
58:09
the definition of porous, and
58:12
that's the security we have. I
58:15
should also take a moment to give a shout out
58:18
to Mozilla's Firefox team, who
58:21
had patched and updated Firefox in
58:23
fewer than 24 hours
58:26
following the vulnerability disclosure.
58:29
Frederick Braun posted on
58:31
Mastodon, quote, last night,
58:34
about 21 hours ago, Manfred
58:36
Paul demonstrated a security exploit targeting
58:38
Firefox 124 at Pwn to Own.
58:43
In response, we have just published
58:46
Firefox 124.0.1 and Firefox ESR 115.9.1
58:48
containing the
58:56
security fix. He
58:59
said, please update your foxes. Kudos
59:02
to all the countless people
59:04
postponing their sleep and
59:06
working toward resolving this so quickly.
59:09
Really impressive teamwork again. Also
59:13
kudos to Manfred for pwning
59:15
Firefox again. So
59:18
this is the way security is supposed to work
59:20
at the best of times. White
59:23
hat hackers are given some reason to look
59:26
and compensated for their discoveries,
59:28
which makes the products safer
59:30
for everyone. And then
59:32
the publishers of those products promptly respond
59:34
to provide all of that product's users
59:36
the benefits of that discovery. Yay.
59:42
And in this welcome bit of news,
59:45
perhaps we and
59:47
others are giving
59:49
as good as we get. I've
59:52
often noted that all we
59:54
ever hear about Attacks
59:57
are. Our
1:00:00
infrastructure are Chinese state
1:00:03
sponsored attacks. That. Are
1:00:05
successfully getting in ill and
1:00:07
I'd note that naturally we
1:00:09
never hear about are similar
1:00:12
successes against China now like
1:00:14
the and essays gonna brag
1:00:16
so. I've wanted
1:00:18
to believe that we feel while
1:00:20
we would not be destructive if
1:00:23
we were to get in bed
1:00:25
that we'd only seats to have
1:00:27
a presence is side chinese networks
1:00:29
so that they understand that we're
1:00:32
just not sitting here defenseless. Over
1:00:34
on this side of the Pacific. Well.
1:00:36
It turns out that last
1:00:39
week try to state security
1:00:41
agency themselves. Urged their
1:00:43
local companies, To. Improve
1:00:46
their cyber security defenses.
1:00:49
The Ministry of State
1:00:51
Security said that foreign
1:00:54
spy agencies have infiltrated
1:00:57
hundreds of local businesses
1:00:59
and government units. So.
1:01:03
That does sound like we may
1:01:05
be at parity in is weird
1:01:07
cyber Cold War that where am
1:01:10
I hate it? But. It
1:01:12
all birds what we've got. Our
1:01:15
oh and just a
1:01:17
reminder er there has
1:01:19
been a a an
1:01:21
observed significant increase in
1:01:23
tax season related fishing.
1:01:26
So I just wanted to
1:01:28
remind everyone that as happens
1:01:30
at every time this year
1:01:33
Ah yes, Phishing Scams A
1:01:35
suddenly jumped with all kinds
1:01:37
of like or you just
1:01:39
we received your electronically submitted
1:01:41
return but it had a
1:01:44
problem. Please, please click here.
1:01:46
For. That's not from the I Rs. So
1:01:49
you know everybody put up
1:01:51
your skepticism shields and and
1:01:53
resist clicking. i
1:01:57
have to quick notes of news on does it
1:01:59
ever It's also quite interesting on the Spinrite front.
1:02:02
One of the things that quickly became apparent
1:02:04
as our listeners were wishing to obtain and
1:02:06
use 6.1 was that
1:02:09
the world had changed in another
1:02:11
way since Spinrite 6's release back
1:02:13
in 2004. Back
1:02:16
then, Linux was still
1:02:18
largely a curiosity, with
1:02:20
a relatively small fan base and
1:02:23
no real adoption. Not
1:02:25
so today, at least not among
1:02:27
our listeners. Back
1:02:29
in 2004, it was acceptable to
1:02:31
require a Spinrite user, I mean
1:02:34
just assumed that a Spinrite user
1:02:36
would have Windows, which
1:02:38
they would use to set up the
1:02:40
boot media since Windows
1:02:42
and Mac was pretty much all there was
1:02:45
and Spinrite was never really targeted at the
1:02:47
Mac market. Today, we've
1:02:49
encountered many would-be users who
1:02:51
do not have ready access
1:02:53
to a Windows machine and
1:02:56
they've been having a problem. I
1:03:00
needed to create a non-Windows
1:03:02
setup facility that I have
1:03:04
long envisioned but never needed
1:03:06
until now, today it
1:03:08
exists. Over
1:03:11
at GRC's prerelease.htm
1:03:13
page is,
1:03:16
as before, the downloadable
1:03:18
Windows DOS hybrid executable
1:03:21
and now also a
1:03:23
downloadable zip file. The
1:03:26
zip file, which is smaller than 400K,
1:03:29
contains the image of
1:03:32
the front of a 4GB FAT32 DOS
1:03:36
partition. Any
1:03:39
Spinrite owner without access to Windows, because
1:03:41
using Windows is still easier, may choose
1:03:45
to instead download this
1:03:47
zip file and it's
1:03:50
personalized. I've added
1:03:52
on the fly partition
1:03:54
creation and Spinrite
1:03:56
has added to the file system.
1:03:59
It's ventriloed. Uncatered and I've got on the
1:04:01
fly zipping. I've been busy It
1:04:04
contains about an eight point
1:04:07
the zip file Which is only which
1:04:09
is outside less than 400k contains an
1:04:11
eight point three megabyte file Which
1:04:13
is named SR 6 1 dot
1:04:16
IMG any Linux
1:04:19
User can you know DD
1:04:21
copy that file? On
1:04:24
to any USB thumb drive to
1:04:27
create an up to four gigabyte
1:04:30
Fat 32 partition that will immediately
1:04:32
boot and run spin, right? The
1:04:36
tricky bit that I worked out last week
1:04:39
is that when this drive is booted for
1:04:41
the first time if the
1:04:43
media Under which this
1:04:46
image file was copied
1:04:48
is smaller than the partition Described
1:04:51
by the image which is a four
1:04:53
gig partition for example You know spin
1:04:55
rights owner copies the image to an
1:04:58
old but trusted 256
1:05:00
megabyte thumb drive a little
1:05:04
built-in utility named downsize
1:05:07
kicks in examines the
1:05:09
size of the partitions underlying physical
1:05:11
drive and dynamically
1:05:13
on the fly Downsizes
1:05:16
the partition to fit onto
1:05:18
its host drive It's
1:05:20
all transparent and automatic and
1:05:23
since the same technology was also going to be
1:05:25
needed for spin, right? Seven it made sense to
1:05:27
get it done. So it's there now second
1:05:30
point a
1:05:34
New wrinkle to surface last week is
1:05:36
bad RAM Over
1:05:39
in GRC's web forums a spin, right?
1:05:42
6 1 user reported data verification
1:05:44
errors being produced by spin, right
1:05:46
when running on his cute little
1:05:49
Zima board Spin,
1:05:51
right always identified and logged
1:05:53
the location of the apparent
1:05:55
problem But from one run
1:05:57
to the next there was no correlation in
1:06:00
where the problems appeared to be occurring. And
1:06:03
when he ran the same drive under Spinrite
1:06:05
on a different PC, it
1:06:08
passed Spinrite's most thorough level 5
1:06:10
testing without a single complaint. And
1:06:13
he was able to go back and
1:06:16
forth to easily recreate the trouble multiple
1:06:18
times on one system but never on
1:06:20
the other. The inhabitants
1:06:22
of the forums jumped on this
1:06:24
and suggested a bad or
1:06:27
undersized power supply for his Zima
1:06:29
board, flaky cabling and anything else
1:06:31
they could think of. All great
1:06:34
suggestions. Finally, I asked
1:06:36
this user to try running the
1:06:38
venerable Memtest86 on his brand new
1:06:42
Zima board. And guess what?
1:06:45
Yep, memory errors. There
1:06:47
should never be any. But the
1:06:49
first time he ran Memtest86 it found 6. And
1:06:54
the second time it found 101. Seeing
1:06:58
that, we ran Memtest86 on all
1:07:00
of our Zima boards, that is all
1:07:03
of the developers, and they
1:07:05
all passed with zero errors as
1:07:07
they always should. So
1:07:09
this user had a Zima
1:07:12
board with a marginal DRAM
1:07:14
memory subsystem. There was
1:07:16
no correlation in the locations of
1:07:18
the errors that Spinrite was reporting
1:07:20
from one memory that
1:07:24
his Memtest was reporting from one
1:07:26
pass to the next. But
1:07:29
there were always two specific bits
1:07:32
out of the 32 that Memtest86 always identified
1:07:37
as being the culprits. They were soft. And
1:07:40
Spinrite was getting tripped up by
1:07:42
this machine's bad RAM when it
1:07:45
was performing data verification that's available
1:07:47
from Spinrite's levels 4 and
1:07:49
5. The
1:07:51
problem was not the drive. It
1:07:53
was the machine hosting Spinrite and
1:07:55
the drive. So
1:07:58
by this point, our long-time listener who've
1:08:00
grown to know me listening
1:08:02
to this podcast know what I'm gonna say
1:08:04
next. Yep, Spinrite
1:08:06
61 now tests the memory
1:08:09
of any machine it's running
1:08:11
off. Clever. Who needs mem
1:08:14
tests? I've got Spinrite. That's
1:08:16
right, it works great. It's like immediately
1:08:19
found the errors this guy was having.
1:08:22
What's interesting is that Spinrite 1.0 back in 1988 also built in
1:08:24
a memory test. Back then it made
1:08:31
sense to verify the RAM memory
1:08:33
that would be used to temporarily
1:08:35
hold a tracked data
1:08:38
while Spinrite was pattern testing the
1:08:40
physical surface and giving it a fresh
1:08:42
new low level new low level format.
1:08:46
But I don't know when it happened.
1:08:48
Somewhere along the way I removed that
1:08:51
feature from Spinrite. We never heard of
1:08:53
it ever being useful. So my initially
1:08:55
over cautious approach seemed
1:08:57
to have been proven unnecessary
1:09:00
until last week. So
1:09:02
late last week I implemented a very
1:09:04
nice little DRAM memory
1:09:07
tester right into Spinrite and then
1:09:09
had the guy with the bad Zima board give it
1:09:11
a try. It successfully determined that
1:09:14
his machine's memory was not reliable
1:09:16
and Spinrite will then refuse to
1:09:18
run on any such
1:09:20
machine after making that determination.
1:09:23
It's just not safe to run it. And
1:09:25
of course no such machine should be
1:09:28
trusted for actually doing anything else. It's
1:09:31
like a send it back to the manufacturer
1:09:33
or if you can change the RAM or
1:09:35
diagnose it. So anyway this new
1:09:38
built-in RAM testing feature which is not
1:09:40
yet present. Don't go download an updated
1:09:42
copy of Spinrite. It's not there yet. Not
1:09:45
yet present in any spinrite that's available
1:09:47
for download. But it'll appear along
1:09:49
with a few other minor improvements that I've
1:09:52
made shortly. So I'm sure I'll be announcing
1:09:54
it next week. And
1:09:57
I just have two little pieces of feedback
1:09:59
from our listeners. because we have lots to
1:10:01
still talk about here. I got a
1:10:03
note from someone who's Hansel is jazz
1:10:05
man. He said, Hi Steve, great show
1:10:07
as always. I work
1:10:09
in a cell phone free environment.
1:10:12
Not only no service but we're not
1:10:14
allowed to bring them. We
1:10:17
have internet computers but we're not
1:10:19
trusted to install anything on them.
1:10:21
The problem is I like to have two-factor authentication
1:10:27
to protect my email and
1:10:29
other stuff. My understanding is
1:10:31
if I were to use
1:10:33
pass keys I need my
1:10:35
phone. I use Bitwarden
1:10:37
with two-factor authentication. My question,
1:10:41
are there any good solutions for a
1:10:43
for a cell free environment? Kind
1:10:45
regards, Bjorn. Okay
1:10:48
so and then we've been talking about this for
1:10:50
the last couple weeks. Whether to have you know
1:10:53
two-factor and now optionally
1:10:55
pass keys managed
1:10:59
by your password
1:11:01
manager or to keep it separate.
1:11:04
In a phone free environment
1:11:07
I agree that relying upon
1:11:09
Bitwarden for all authentication services
1:11:12
is likely the best bet.
1:11:16
I think it's probably your only bet right?
1:11:18
You know we would usually prefer to have
1:11:20
pass keys or our authenticator on
1:11:23
a separate device like a phone but
1:11:25
where that's not possible merging
1:11:28
those functions into a single
1:11:30
password manager like Bitwarden makes
1:11:32
sense. And I should just note that
1:11:35
Yuba keys are also pass
1:11:37
keys capable and they're able to store
1:11:40
up to 25 pass
1:11:42
keys in a Yuba
1:11:44
key. So a Yuba key
1:11:46
is another possibility if that's
1:11:48
somewhat limited pass keys capacity
1:11:50
doesn't pose a problem. And
1:11:54
finally William Ruckman he said, hi
1:11:56
Steve, are pass keys quantum
1:11:58
safe? I thought public key
1:12:00
crypto was vulnerable. And
1:12:02
we've also been speaking just
1:12:04
recently about how the big
1:12:06
difference between username and
1:12:08
password and passkeys is
1:12:12
the essentially symmetric
1:12:15
crypto secret keeping whereas passkeys uses
1:12:17
public key crypto which is why
1:12:20
William's asking. So
1:12:23
it's a terrific question because as we
1:12:25
know it's the public
1:12:27
key crypto that passkeys offers
1:12:30
which is why it's so valuable.
1:12:33
The good news is the FIDO2
1:12:36
specification which
1:12:38
underlies web authn which
1:12:41
underlies passkeys already
1:12:44
provides for plug-in future
1:12:47
proof crypto. So
1:12:50
passkeys and web
1:12:52
authn slash FIDO2 will
1:12:54
all be able to move to quantum
1:12:57
safe algorithms whenever that's
1:12:59
appropriate and as soon as we've settled
1:13:01
on them and they've been standardized. So
1:13:03
yes that's good news and it would
1:13:05
be backward safe. It
1:13:07
would be backward to all the passkeys you already are
1:13:09
using and all that. Right?
1:13:13
No. You'd have to regenerate it all. Yes
1:13:16
if you change the crypto you would
1:13:18
have to regenerate the passkeys
1:13:21
because you're holding private keys
1:13:23
with a specific algorithm and there
1:13:25
is actually no way for the
1:13:27
website even to help you. I
1:13:29
mean it might say you might
1:13:31
go through a use your
1:13:33
old passkey now use your new
1:13:35
passkey and if you did that
1:13:37
you know sequentially then it would
1:13:40
get actually squirrel had a similar
1:13:42
facility. So it
1:13:45
would use the first authentication to
1:13:47
assert your identity and thus
1:13:50
honor the second authentication which would be
1:13:52
from the newfangled crypto and now it
1:13:55
would have the public key under the
1:13:57
new algorithm. You
1:14:00
don't have to worry about it yet. There's only about four sites that
1:14:02
use it. I know.
1:14:04
I saw in
1:14:06
doing some research just yesterday, I saw
1:14:09
someone who had something to sell. They
1:14:12
were trying to sell some equivalent
1:14:15
of a Yubikey, I think, and it said, since
1:14:18
the majority of the Internet's websites
1:14:20
are now using pass keys, I
1:14:22
thought, are you on it in a time machine?
1:14:24
What are you talking about? Oh, you're talking 2030. Oh, yeah. Maybe.
1:14:28
Yeah. Maybe. Yeah. The
1:14:32
majority, as long as you only log
1:14:34
into for PayPal. Yeah, right. There's literally
1:14:36
just a handful of sites that use
1:14:38
it. I know. It's too
1:14:40
bad because it's so easy when it works. I
1:14:43
heard you talked a lot about that last week
1:14:45
with Micah, and I agree
1:14:47
with you. I think it's going to be a big
1:14:49
improvement someday. Someday
1:14:53
our prints will come. Okay.
1:14:55
After our final announcement,
1:14:58
Leo, oh boy, we're going to have some fun. Oh, boy. Get
1:15:02
the beanies lubed. I
1:15:05
don't know who can say that. She didn't
1:15:07
say that out loud, anyway. Unlube
1:15:10
the beanies for a moment because we are
1:15:12
going to talk about our sponsor for the
1:15:14
section, Collide. I
1:15:16
love Collide. K-O-L-I-D-E. I
1:15:20
know you've heard us talk a lot about Collide. I've
1:15:22
sung its praises. Did you
1:15:24
know they were just acquired by one password?
1:15:26
Now, I'm sure some people go, oh, no.
1:15:28
No, that's good news. Both
1:15:31
companies are leading industry security
1:15:35
experts creating solutions that put users
1:15:37
first. I mean, it's a
1:15:39
great partnership. And you should be happy
1:15:42
to know Collide is going to continue doing
1:15:45
exactly what it's been doing for the last
1:15:47
year or so. Collide Device
1:15:49
Trust has helped companies using Okta
1:15:52
ensure that only known and
1:15:55
secure, very important devices,
1:15:57
can access their data. what
1:16:00
they're going to still do just as part of 1Password.
1:16:02
That means more resources. It's great news. If
1:16:06
you've got Okta and you've been meaning to check out
1:16:08
Collide, this is a perfect time to
1:16:11
do it. Collide comes with a library of
1:16:13
pre-built device posture checks or you can write
1:16:15
your own custom checks for
1:16:18
just about anything you can think of, which means
1:16:20
you can say to your users, hey,
1:16:22
you got to fix that, you got to fix that. Before
1:16:24
we let you in the network, you got to patch your
1:16:26
stuff or get the latest web browser
1:16:29
or update your operating system. Plus,
1:16:32
I love it because you can use
1:16:34
Collide on pretty much anything without MDM.
1:16:37
So that means now your Linux
1:16:39
fleet is included, your contractor devices,
1:16:41
and of course, every BYOD phone
1:16:44
and laptop in your company. Now
1:16:46
that Collide's part of 1Password, it's just
1:16:48
going to get better. Check
1:16:51
it out at kolide.com
1:16:53
security. Now, collide.com security.
1:16:57
Now, you can watch a demo there and learn more about it.
1:16:59
It's a really smart idea.
1:17:02
Collide, k-o-l-i-d-e.com/
1:17:05
security. Now, we thank them so much for supporting
1:17:08
Steve and the show. And
1:17:11
now, let's talk about Fetch.
1:17:13
Go Fetch. So, Go Fetch.
1:17:15
Last Thursday, the world
1:17:18
learned that Apple had some problems
1:17:20
with their cryptography. Unfortunately,
1:17:23
it would be impossible
1:17:25
to determine from most of
1:17:27
the tech press's coverage of this whether
1:17:29
this was an apocalyptic event or
1:17:32
just another bump in the road. Ars
1:17:34
Technica was apparently unable to
1:17:36
resist becoming clickbait central with
1:17:39
their headline, Unpatchable
1:17:42
Vulnerability in
1:17:44
Apple Chip Leaks Secret
1:17:46
Encryption Keys. Wow.
1:17:49
That would be bad if it was true.
1:17:51
Fortunately, it's not the least bit true. It's
1:17:54
not unpatchable, and it's not a vulnerability
1:17:57
in an Apple chip. Kim
1:17:59
Zetters. Zero Day goes with Apple
1:18:02
chip flaw, let's hackers
1:18:04
steal encryption keys. This
1:18:07
chip flaw in air quotes theme
1:18:09
seems to become pretty popular even
1:18:11
though nowhere did any of the
1:18:13
actual researchers ever say anything about
1:18:15
any chip flaw. Even
1:18:18
Apple Insiders headline read, Apple
1:18:20
Silicon Vulnerability Leaks Encryption
1:18:23
Keys and Can't Be
1:18:25
Patched Easily. What?
1:18:28
Apple was told 107 days before the disclosure back on December
1:18:30
5th of last year. Apple
1:18:36
is certainly quite aware of the issue and
1:18:39
I'm sure they're taking it seriously. And
1:18:42
for their newer M3 chips all that's needed
1:18:44
is for a single bit to be flipped.
1:18:47
Tom's hardware went with new
1:18:50
chip flaw hits Apple Silicon
1:18:52
and steals cryptographic keys from
1:18:54
system cache. No
1:18:56
fetch vulnerability attacks Apple M1,
1:18:59
M2, M3 processors
1:19:02
can't be fixed in hardware.
1:19:05
Oh dear. Except for a
1:19:07
few details. It's not
1:19:09
new, it's not a flaw, nothing
1:19:11
ever hit Apple Silicon and
1:19:13
as for it not being fixable
1:19:15
in Apple M1, M2 or M3
1:19:18
processors, if you have an M3
1:19:20
chip just flip the bit
1:19:22
on them during crypto operations and
1:19:24
the unfixable problem is solved. And
1:19:26
finally, as we'll see by the
1:19:28
end of this topic today, there
1:19:30
are equally simple workarounds for the
1:19:32
earlier M series processors. Okay,
1:19:35
so I could
1:19:37
keep going because the material in
1:19:39
this instance was endless. Not a
1:19:42
single one of the headlines of
1:19:44
the supposedly tech press stories that
1:19:46
covered this characterized this even close
1:19:48
to accurately. It's not
1:19:50
a flaw, nothing is flawed, everything
1:19:53
is working just as it's supposed to. It's
1:19:56
not a vulnerability in Apple Silicon.
1:19:58
Apple Silicon is just fine. and
1:20:00
nothing needs to change and is
1:20:02
certainly not unfixable or unpatched. Cyber
1:20:05
news headline was M series
1:20:07
max can leak secrets due
1:20:09
to inherent vulnerability. The
1:20:11
only thing that's inherently vulnerable here
1:20:13
is the credibility of the tech
1:20:15
presses coverage of this. Holy cow. It
1:20:17
really has been quite over the
1:20:19
top. After sitting
1:20:21
back and thinking about it, the
1:20:24
only explanation I can come up with is
1:20:26
that because what's
1:20:28
actually going on with
1:20:31
this wonderfully and subtly
1:20:33
complex problem, no
1:20:37
one writing for the press really
1:20:39
understood what the researchers have very
1:20:41
carefully and reasonably explained. So
1:20:44
they just went with variations
1:20:47
on ours, technica's, you know,
1:20:49
initial unpatched vulnerability in Apple's
1:20:51
chip nonsense. For
1:20:54
the assumption that ours must have actually understood
1:20:56
what was going on. So everyone just copied.
1:20:58
I just assumed Dan Gooden knows if he
1:21:00
doesn't know it. That's right. You know, Dan's
1:21:03
on the ball typically. And
1:21:05
we do know in fairness to Dan, he
1:21:08
doesn't provide the headlines. Back
1:21:10
when I was writing the Tech Talk column for
1:21:13
InfoWorld, I was often really
1:21:16
annoyed by what my columns
1:21:18
were headlined because that's not
1:21:20
what I said in the text. But
1:21:23
you know, some copy editor, I guess that's
1:21:25
what they're called, you know, gave it the
1:21:27
headline that would get people to turn to
1:21:29
the page. So okay, not
1:21:32
Dan's fault. Okay. The
1:21:34
TLDR of this whole fiasco
1:21:37
is that a handful of researchers
1:21:40
built upon an earlier two-year-old
1:21:44
discovery which three of
1:21:46
them had been participants in back
1:21:48
then that was dismissed at
1:21:50
the time by Apple
1:21:54
as being of only academic interest.
1:21:58
It's yet another form of side-channel
1:22:00
attack on otherwise
1:22:03
very carefully designed to be
1:22:06
side-channel attack-free constant
1:22:09
time cryptographic algorithms.
1:22:13
The attack surrounds an arm- based
1:22:16
performance optimization feature known
1:22:18
as DMP. I was
1:22:21
thinking boy if the acronym had been EMP
1:22:23
that would have really blown the tech press
1:22:25
right off the top. Anyway, not
1:22:27
EMP DMP and
1:22:31
a variation of the same type of
1:22:34
optimization is also present in the
1:22:36
newest Intel chips, the Razer or
1:22:38
something or other. Anyway I'll get
1:22:41
to that. Okay and so
1:22:44
true to Bruce Schneier's observation
1:22:46
that attacks never get worse,
1:22:48
they only ever get better,
1:22:52
about a year and a half
1:22:54
after that initial discovery two years
1:22:56
ago which never amounted to much,
1:22:59
it turned out that the
1:23:01
presence of this DMP which
1:23:03
I will be explaining in
1:23:05
detail optimization feature actually
1:23:07
did and does
1:23:10
create an exploitable vulnerability
1:23:13
that can be very cleverly
1:23:15
leveraged to reveal a systems
1:23:18
otherwise well-protected
1:23:20
cryptographic secrets. After
1:23:23
verifying that this was true, the
1:23:26
researchers did the responsible thing
1:23:28
by informing Apple and
1:23:30
we have to assume Apple
1:23:33
decided what they wanted to do next. Okay
1:23:37
unfortunately that true story doesn't make
1:23:39
for nearly as exciting a headline
1:23:43
so none of the hyperventilating press explained
1:23:45
it this way. One
1:23:47
important thing that sets this
1:23:49
apart from the similar and
1:23:51
related specter and meltdown vulnerabilities
1:23:53
from yesteryear is
1:23:55
that this new exploitation of
1:23:58
the DMP optimizer is
1:24:00
not purely theoretical. All
1:24:03
we had back in those early
1:24:05
days of speculative execution vulnerabilities was
1:24:08
a profound fear over
1:24:10
what could be done, over what this meant.
1:24:13
It was clear that Intel had never
1:24:16
intended for their chip's internal operation to
1:24:18
be probed in that fashion, and
1:24:21
not much imagination was required to
1:24:23
envision how this might be abused.
1:24:26
But we lacked any concrete,
1:24:29
real-world proof of concept.
1:24:33
Not so today. And
1:24:35
not even post-quantum crypto
1:24:37
is safe from this
1:24:39
attack, since we're not
1:24:41
attacking the strength of the crypto, but
1:24:44
rather the underlying keys are
1:24:47
being revealed. The
1:24:49
GoFetch proof of concept app
1:24:52
running on an Apple Mac
1:24:55
connects to the targeted app
1:24:58
also on the same machine which
1:25:00
contains the secrets. It
1:25:03
feeds the app a series
1:25:05
of inputs that the
1:25:07
app signs or decrypts or does
1:25:09
something using its secret keys.
1:25:14
The app is already inducing it
1:25:16
to perform cryptographic operations that require
1:25:18
it to use the secrets
1:25:21
it's intending to keep. As
1:25:24
it's doing this, the app
1:25:26
monitors aspects of the processor's
1:25:28
caches, and it
1:25:31
shares the processor's
1:25:33
caches which it shares
1:25:35
with the targeted app, in
1:25:38
order to obtain hints about
1:25:40
the app's secret key. Okay,
1:25:45
so how bad is it? As I
1:25:47
mentioned, the attack works against both
1:25:50
pre- and post-quantum encryption. The
1:25:52
demo GoFetch app requires less
1:25:55
than an hour to
1:25:57
extract a 2048-bit RSAT
1:26:01
and a little over two hours to extract
1:26:03
a 2048-bit Diffie-Hellman key. The
1:26:08
attack takes 54 minutes to
1:26:11
extract the material required to
1:26:13
later assemble a Kiber
1:26:15
512-bit key and
1:26:18
about 10 hours for a Dilithium
1:26:20
II key, though sometimes
1:26:22
also required afterwards for offline processing
1:26:24
of the raw data that is
1:26:27
collected. In other words, it
1:26:29
is an attack that is practical
1:26:31
to employ in the real world.
1:26:35
Okay, so what exactly is DMP? What
1:26:39
did the researchers discover and how did
1:26:41
they arrange to make their max give
1:26:44
up the closely held secrets being
1:26:46
hidden inside? The
1:26:48
research paper is titled Go
1:26:50
Fetch! Breaking
1:26:52
constant time cryptographic
1:26:55
implementations using data
1:26:57
memory dependent prefetchers. Okay,
1:27:00
now that sounds more complex than it is. We
1:27:03
have breaking constant time
1:27:05
cryptographic implementations. We
1:27:08
already know that a classic
1:27:10
side channel vulnerability, which is
1:27:12
often present in poorly written
1:27:14
crypto implementations, is for
1:27:16
an algorithm to in any
1:27:18
way change its behavior depending
1:27:21
upon the secret key it is
1:27:24
using. If that
1:27:26
happens, the key dependent behavior
1:27:28
change can be used to
1:27:30
infer some properties of the
1:27:32
key. So the
1:27:34
first portion of the title tells
1:27:36
us that this attack is effective
1:27:38
against properly written constant
1:27:41
time cryptographic implementations that
1:27:43
do not change their behavior
1:27:46
in any way. That
1:27:49
is not where things got screwed up. The
1:27:51
second part of the paper's title is
1:27:54
using data memory dependent
1:27:57
prefetchers. And that's
1:27:59
what's new here. If
1:28:02
you guessed that the
1:28:04
Performance Optimization Technique known
1:28:06
as DMP stands for
1:28:08
Data Memory Dependent Prefetchers,
1:28:10
you'd be correct. Three
1:28:12
of the seven co-authors of today's
1:28:15
paper co-authored the earlier
1:28:17
groundbreaking research two years
1:28:19
ago which described
1:28:22
their reverse engineered
1:28:24
discovery of
1:28:26
this DMP facility residing
1:28:29
inside Apple's M-series
1:28:31
arm-derived chips. Back
1:28:34
then, they raised and
1:28:36
waved a flag around, noting
1:28:39
that what this thing was
1:28:41
doing seemed worrisome,
1:28:44
but they stopped short of coming up
1:28:46
with any way to actually extract
1:28:48
information, and the information
1:28:50
that they had was made public.
1:28:53
Now, we don't know for
1:28:55
sure that sophisticated intelligence agencies
1:28:57
somewhere might not have picked
1:28:59
up on this and
1:29:01
turned it into a working exploit, as
1:29:04
has now happened, but
1:29:06
we do know for sure that Apple
1:29:08
apparently didn't give this much thought or
1:29:10
concern two years ago since
1:29:13
every one of their
1:29:15
Mac M-series chips was
1:29:17
vulnerable to exploitation several
1:29:19
years later. Okay, I'm
1:29:21
going to share today's research
1:29:23
abstract today's, the updated current
1:29:26
research abstract and introduction since
1:29:28
it's packed with information and
1:29:30
some valuable perspective, and then
1:29:32
I'll break it down. So
1:29:35
they wrote, micro-architectural side
1:29:37
channel attacks have shaken
1:29:40
the foundations of modern
1:29:42
processor design. The
1:29:44
cornerstone defense against these
1:29:47
attacks has been to
1:29:49
ensure that security critical
1:29:51
programs do not use
1:29:53
secret dependent data addresses.
1:29:56
Put simply, do Not
1:29:58
pass secrets as addresses. For
1:30:00
example, data memory instructions.
1:30:03
Yet. The discovery of data
1:30:06
memory depended prefectures, These.
1:30:08
D M P's which
1:30:10
turned program data into
1:30:12
addresses directly from within
1:30:14
the memory system. Calls.
1:30:17
Into question. Whether. This
1:30:19
approach will continue to remain secure.
1:30:22
This. Paper. Shows. That.
1:30:25
These security threat from
1:30:27
D M P's is
1:30:29
significantly worse than was
1:30:32
previously thought. And. Demonstrates
1:30:34
the first end to
1:30:36
end attacks. On. Security
1:30:38
Chronicle software using the Apple
1:30:41
M Series, D M P's.
1:30:43
Under. Girding are attacks is
1:30:45
a new understanding of how
1:30:47
D M P's behave, which
1:30:50
shows among other things that
1:30:52
the Apple D M P
1:30:54
will activate on behalf of
1:30:56
any victim program, an attempt
1:30:58
to leith any cash data
1:31:00
that resembles a pointer. From.
1:31:02
This understanding we design a
1:31:05
new type of chosen to
1:31:07
attack that uses a D
1:31:09
M P to perform an
1:31:11
end to end to end
1:31:14
key extraction on popular constant
1:31:16
time implementations of classical and
1:31:18
post quantum cryptography. And.
1:31:20
By way of introduction, they
1:31:23
said for over a decade
1:31:25
modern processors have faced a
1:31:27
myriad of micro architectural side
1:31:29
channel attacks for example through
1:31:31
caches T, B's, it or
1:31:33
translation look aside, buffers, branch
1:31:35
predictors on Sept interconnects, memory
1:31:37
management units, speculative execution voltage,
1:31:40
frequency scaling, and more. It
1:31:42
all as we know, even
1:31:44
like the sound of the
1:31:46
power supply changing can can
1:31:48
leak information. They
1:31:50
said the most prominent class
1:31:52
of these attacks occurs when
1:31:55
the programs memory access pattern
1:31:57
becomes dependent on secret data.
1:31:59
For. Of. Simple. Cash. And
1:32:02
Peel beside channel attacks arise
1:32:04
when the programs data memory
1:32:06
access pattern become secret dependent.
1:32:09
Other attacks, for example, those
1:32:11
monitoring on chip interconnects can
1:32:14
be viewed similarly with respect
1:32:16
to the programs and structured
1:32:18
memory access pattern. This has
1:32:20
led to the development of
1:32:22
a wide range of defense's
1:32:24
including the ubiquitous constant time
1:32:27
programming model, information flow, base
1:32:29
tracking, and more. All.
1:32:31
Of which seek to prevent
1:32:33
secret data for being used
1:32:35
as an address to memory
1:32:37
control flow instructions. Recently.
1:32:40
However, Augury.
1:32:42
That's what they called their first
1:32:44
research two years ago. a huge
1:32:46
g you are wise ah at
1:32:48
it roof and related to an
1:32:50
auger being used. Demonstrated
1:32:53
that Apple M Series
1:32:55
Cp use undermine his
1:32:57
programming model by introducing
1:32:59
a data memory dependent
1:33:02
prefecture. That. Will attempt
1:33:04
to presets addresses found in
1:33:06
the contents of program memory.
1:33:08
Thus, in theory Apples D
1:33:10
M P leaks memory contents
1:33:12
V A cast side channels.
1:33:15
Even. If that memory is never passed
1:33:17
as an address to a memory control
1:33:19
flow instruction okay, I as a guy
1:33:22
again, I will explain exactly what all
1:33:24
that means. I got a couple paragraphs
1:33:26
left they said. despite. The.
1:33:28
Apple D M P's novel
1:33:30
leakage care capabilities it's restrictive
1:33:32
behavior has prevented it from
1:33:35
big used in attacks, in
1:33:37
particular. Augury. Reported.
1:33:40
That. The D M P
1:33:42
only activates in the presence
1:33:44
of a rather idiosyncratic program
1:33:47
memory access pattern. Where.
1:33:49
The program streams through an
1:33:51
array of pointers and architecturally,
1:33:53
d references these pointers. This
1:33:55
access pattern is not typically
1:33:58
found in Security Credit. The
1:34:00
software such as Side Channel
1:34:02
hardened constant time code. Hence,
1:34:05
Making that code impervious to
1:34:07
leak, it's through the Dmp
1:34:09
with the Dm. Peaceful security
1:34:11
implications are clear in this
1:34:14
paper. We address the following
1:34:16
two questions. Do.
1:34:18
D M P's create a
1:34:21
critical security threat to high
1:34:23
value software. And. Can
1:34:26
attacks use D M
1:34:28
P's to bypass side
1:34:30
channel counter measures such
1:34:32
as constant time programming.
1:34:35
This. Paper. Answers. The
1:34:38
above questions in the
1:34:40
affirmative. Showing how
1:34:42
Apple's D M P implementation
1:34:45
poses severe risks to the
1:34:47
constant time coding paradigm, in
1:34:49
particular, we demonstrate end to
1:34:52
end t extraction attacks against
1:34:54
for state of the art
1:34:57
cryptographic implementations all deploying constant
1:34:59
time programming. A To be
1:35:01
clear, when they say end
1:35:04
to end attacks, they mean.
1:35:07
They. Run something and they get
1:35:09
the key. Being all the
1:35:11
work is done, nothing left
1:35:13
for the reader to tude
1:35:15
to finish. the all this
1:35:17
thing works. Ok
1:35:20
as we've had the occasion to
1:35:22
discuss to the years on this
1:35:24
podcast, the performance of Dram. The.
1:35:27
Dynamic Ram Memory the forms
1:35:29
the bulk of our systems
1:35:31
memory has lagged far behind
1:35:34
the memory bandwidth demands of
1:35:36
our processors. Through the years,
1:35:38
we've been able to significantly
1:35:40
increase the density of dram,
1:35:42
but not as performance And
1:35:45
as we know, even the
1:35:47
increasing density has met with
1:35:49
challenges in the form of
1:35:51
susceptibility to adjacent row interference,
1:35:54
which led to the various
1:35:56
dram hammering attacks. But.
1:35:58
All the performance side. The
1:36:00
saving grace has been the
1:36:03
processor memory access patterns. Are.
1:36:05
Not linear. And
1:36:08
The Dawn Of Repetitive. They.
1:36:10
Are typically sigh li
1:36:12
repetitive. The. Programs
1:36:15
almost always loop.
1:36:17
Meetings. That they are executing
1:36:20
the same code. Get. An
1:36:22
Again over and over and
1:36:24
that in turn means that
1:36:27
is a much smaller, but
1:36:29
much faster cache of memory
1:36:31
is inserted between the main
1:36:34
dram and the processor. The
1:36:36
processors repetition of the same
1:36:38
instructions and often the data
1:36:41
for those instructions can be
1:36:43
facility much more quickly from
1:36:45
the local cache then. From.
1:36:48
May memory. During.
1:36:50
Our discussions of speculative execution, we
1:36:52
saw that another way to speed
1:36:55
up our processors was to allow
1:36:57
the processor to run well ahead
1:37:00
of where execution was and if
1:37:02
the code encountered a fork in
1:37:04
the road. In In
1:37:07
in the codes flow it would
1:37:09
fetch a head down both paths
1:37:11
of the fork so that once
1:37:13
the past to be taken became
1:37:16
known. Which. Ever way
1:37:18
that went, the system would
1:37:20
already have read the coated
1:37:22
instructions for that path and
1:37:24
have them ready to execute.
1:37:26
In practice, this is accomplished
1:37:28
by breaking our processors into
1:37:31
several specialized pieces, one being
1:37:33
the presets engine. Whose.
1:37:35
Job it is to keep
1:37:37
the the execution engines said
1:37:39
with data from main. Many.
1:37:43
instructions do not make any
1:37:45
main memory accesses they might
1:37:47
be working only within the
1:37:50
processors internal registers or within
1:37:52
what's already present in the
1:37:54
processors local cache so this
1:37:57
gives the priest fetching engine
1:37:59
time to anticipate where
1:38:01
the processor might go next,
1:38:04
and to guess at what it might need.
1:38:07
In a modern system, there's never
1:38:09
any reason to allow main memory
1:38:11
to sit idly by, not
1:38:13
even for a single cycle. A
1:38:16
good prefetching system will always
1:38:19
be working to anticipate its
1:38:21
processor's needs and to have
1:38:23
already loaded the contents of
1:38:26
slower DRAM into the high-speed
1:38:28
cache when the processor gets
1:38:30
to needing it. Okay,
1:38:33
now let's add one additional layer
1:38:35
of complexity. One
1:38:37
of the features of all
1:38:39
modern processor architectures is
1:38:42
the concept of a pointer. A
1:38:45
location in memory, or the
1:38:47
contents of a register, could
1:38:50
contain an object's value
1:38:52
itself, or instead,
1:38:54
it could contain the
1:38:57
memory address of the object.
1:39:00
In that second case, we would say
1:39:02
that the value in the memory or
1:39:04
register contains, instead
1:39:07
of the value of the object itself, a
1:39:09
pointer to the object. As
1:39:12
a coder, I cannot imagine
1:39:14
my life without pointers. They
1:39:16
are absolutely everywhere in code
1:39:19
because they are so useful.
1:39:22
We need one bit of new vocabulary
1:39:25
to talk about pointers. Since
1:39:27
a pointer is used to
1:39:29
point to or refer
1:39:32
to something else, the
1:39:34
pointer contains a reference to
1:39:37
the object. So
1:39:39
we call the act of following a
1:39:41
pointer to the object, dereferencing
1:39:45
the pointer. We'll see the
1:39:47
researchers using that jargon in a minute. But
1:39:51
first, let's think about that
1:39:53
cache-filling prefetch engine.
1:39:56
Its entire reason for existence is
1:39:59
to anticipate the future needs
1:40:02
of its processor so
1:40:04
that whatever the processor wants
1:40:06
will already be waiting for it
1:40:09
and instantly available from its cache.
1:40:12
The processor will think that
1:40:14
its pre-fetch engine is magic.
1:40:18
So one evening,
1:40:21
probably about seven years ago, some
1:40:24
Apple engineers are sitting around a
1:40:27
white board with a bunch of
1:40:29
half-eaten pizzas, their
1:40:31
brainstorming ways to further
1:40:33
speed up Apple's proprietary
1:40:35
silicon. Given the
1:40:37
time frame, this would first
1:40:40
be able to appear in
1:40:42
their A14 Bionic processor. So
1:40:46
one of them says, you know,
1:40:49
we're already doing a great job of
1:40:51
fetching the data that the processor is
1:40:53
going to ask for. But
1:40:55
when we fetch data that contains
1:40:58
what looks like pointers, we're
1:41:01
not fetching the data that those pointers
1:41:03
are pointing to. If
1:41:06
the data really are pointers, then
1:41:09
there's a good chance that once the
1:41:11
processor gets its hands on them, it's
1:41:13
going to be asking for that data next.
1:41:17
We could anticipate that and
1:41:20
have it ready too, just
1:41:23
in case it might be
1:41:25
useful. I mean,
1:41:27
what's the whole point of being a pre-fetching
1:41:29
engine? I mean, right? That's the whole point.
1:41:32
That's what we're here for. Now
1:41:35
at this point, the pizza is
1:41:37
forgotten and several in
1:41:39
the group lean forward. They're
1:41:41
thinking about the kinds of
1:41:43
cars they're going to be able to get with the
1:41:45
raises. This idea will earn them. Then
1:41:48
they realize they need to make it work first. Although
1:41:52
they're immediately hooked by the
1:41:54
idea because they know there's
1:41:56
something there. One of
1:41:59
them plays devil's advocate. saying but
1:42:01
the cache is context
1:42:04
free. What he means
1:42:06
by that is that the prefetch
1:42:08
engine sees everything
1:42:10
as data. It's all the same
1:42:12
to it. The prefetcher doesn't
1:42:14
know what the data means. It
1:42:17
has no meaning in DRAM.
1:42:20
It's all just mixed bytes
1:42:22
of instructions and data. The
1:42:24
Hodgepodge. It's not until
1:42:26
that data is fetched from the
1:42:28
cache and is actually consumed by
1:42:31
the processor that the data acquires
1:42:33
context and meaning. The
1:42:36
answer to the but the
1:42:38
cache is context free guy
1:42:40
is yeah and so what.
1:42:43
If some data that's being added to
1:42:45
the cache looks like a
1:42:48
pointer and if it's
1:42:50
pointing into valid DRAM
1:42:52
memory what's the
1:42:54
harm in treating it as
1:42:56
a pointer and going out and
1:42:58
also grabbing the thing that it
1:43:00
might be pointing to. If
1:43:03
we have time and we're right
1:43:06
it's a win for the processor. The
1:43:09
processor won't believe it's luck. In
1:43:11
already having the thing it was
1:43:13
just about to ask for already
1:43:15
magically waiting there in its
1:43:17
local cache. So
1:43:19
finally after their last dry
1:43:22
erase marker stops working from
1:43:24
the hastily scribbled diagrams on
1:43:26
their whiteboards they're
1:43:28
satisfied that they're really
1:43:30
onto a useful next
1:43:32
generation optimization. So
1:43:35
one of them asks okay this
1:43:37
is good but it needs a name. What
1:43:40
are we going to call it? One
1:43:42
of them says well how about data
1:43:45
memory dependent prefetching or
1:43:47
DMP for short. So
1:43:51
here we've just
1:43:53
seen a perfect example Of
1:43:56
where and how these next
1:43:58
generation features are invented. Did.
1:44:00
Over. Pizza and dry erase markers.
1:44:03
And it's also easy to see
1:44:06
that the security implications of this
1:44:08
don't even make it onto the
1:44:10
radar. All. They're doing,
1:44:12
after all, is anticipating
1:44:14
a possible future use
1:44:17
of what might be
1:44:19
a pointer. And
1:44:21
pre fetching the thing as pointing
1:44:23
to in case they're right. And
1:44:26
it is a pointer that in case
1:44:28
the processor might eventually ask for it.
1:44:31
Is disconnected from whatever the
1:44:33
processor is doing right? It's
1:44:36
a data memory dependent prefecture.
1:44:39
With. This amounts to is us
1:44:41
some what smarter. Prefecture.
1:44:45
It cannot be certain whether it's fetching
1:44:47
a pointer, but in case it might
1:44:49
be. It'll just jump ahead.
1:44:52
Even further to also presets
1:44:54
the thing that what might
1:44:56
be a pointer may be
1:44:58
pointing to. Okay,
1:45:01
So now let's hear from the
1:45:04
geniuses who likely also consume their
1:45:06
share of pizza while they scratch
1:45:08
the it's that apparently been lingering
1:45:10
with at least three of them
1:45:13
for a couple of years ever
1:45:15
since That. First. Bit of
1:45:17
work. When. They discovered that
1:45:20
Apple had dropped this
1:45:22
memory did this data
1:45:24
memory dependent prefecture into
1:45:26
their silicone. Here's how
1:45:28
they explain what they came up with. They.
1:45:30
Said. We. Start by
1:45:33
reexamining. The. Findings in
1:45:36
Audrey. Here. We
1:45:38
find that Auguries analysis
1:45:40
of the D M
1:45:42
P activation model was
1:45:44
overly restrictive and missed
1:45:46
several D M P
1:45:49
activation scenarios. Through new
1:45:51
reverse engineering, we find
1:45:53
that the D M
1:45:55
P activates on behalf
1:45:57
of potentially any program.
1:46:00
An attempt to d reference. He.
1:46:03
Data. Brought. Into cash
1:46:05
that resembles a pointer. This
1:46:09
behavior places a significant amount
1:46:11
of program data at risk
1:46:14
and eliminates the restrictions reported
1:46:16
by prior work. Finally,
1:46:19
going beyond Apple, we
1:46:21
confirmed the existence of
1:46:23
a similar D M
1:46:25
P on entails latest
1:46:28
Third T generation wrap
1:46:30
door lake architecture with
1:46:32
more restrictive activation criteria.
1:46:34
Next, we show how
1:46:36
to exploit the D
1:46:38
M P to break
1:46:40
security critical software. We
1:46:42
demonstrate the widespread presence
1:46:44
of code vulnerable to
1:46:46
D M P aided.
1:46:49
Attacks in state of
1:46:51
the yard constant time
1:46:53
Cryptographic software spanning classical
1:46:55
to post quantum key
1:46:57
exchange and signing algorithms.
1:47:00
Are tape and then finally. This last bit
1:47:02
is the key to everything. I'll read it
1:47:05
first that I'll take it apart they said.
1:47:07
Are T and site is
1:47:10
that while the D M
1:47:12
P only D references pointers
1:47:15
on, attacker can craft program
1:47:17
imports so that when those
1:47:19
imports mix. With. Cryptographic
1:47:22
Secrets: The resulting intermediate
1:47:24
stage can be engineered
1:47:27
to look like a
1:47:30
pointer. If. And
1:47:32
only is the secret
1:47:35
satisfies an attacker chosen
1:47:37
predicate. For. Example they
1:47:39
said: imagine that a
1:47:41
program has secrets s.
1:47:44
Takes. Acts as input and
1:47:46
computes and then stores y
1:47:49
equals s x or with
1:47:51
x to it's program memory.
1:47:55
the attacker can craft
1:47:57
different x's and infer
1:47:59
part partial or even
1:48:01
complete information about S
1:48:04
by observing whether the
1:48:06
DMP is able to dereference
1:48:09
Y. We
1:48:12
first use this observation to
1:48:14
break the guarantees of a
1:48:17
standard constant-time swap primitive recommended
1:48:19
for use in cryptographic implementations.
1:48:22
We then show how to
1:48:24
break complete cryptographic implementations designed
1:48:26
to be secure against
1:48:28
chosen input attacks. OK.
1:48:33
So they realized that Apple's
1:48:35
DMP technology is far
1:48:37
more aggressive than they
1:48:39
initially appreciated. It
1:48:41
is busily examining all
1:48:44
of the data that's being put
1:48:46
into the cache for all
1:48:48
of the processes running in the system.
1:48:51
It's looking for anything that looks
1:48:54
pointer-like and when
1:48:56
found it's going to go out
1:48:58
and prefetch that because it
1:49:01
may be pointing to something that the processor
1:49:03
is going to ask for in the future.
1:49:06
Their next step was to realize
1:49:08
that since this pointer-like
1:49:11
behavior is
1:49:13
highly prone to producing
1:49:15
false positive hits which
1:49:18
would prefetch miscellaneous bogus
1:49:20
data and since it operates
1:49:22
indiscriminately on any and all
1:49:25
data in the system they
1:49:28
can deliberately trick Apple's
1:49:30
DMP system to misfire.
1:49:34
When it does it will prefetch data
1:49:36
that wasn't really being pointed to
1:49:38
and they can
1:49:40
use standard well understood cache
1:49:43
probing to determine whether
1:49:45
or not the DMP did
1:49:47
in fact misfire and prefetch.
1:49:51
Since the cause of that mixes
1:49:53
secrets with what they provide it
1:49:56
reveals information about the
1:49:58
secret. They
1:50:02
induce the isolated process containing
1:50:05
the secrets to perform a
1:50:07
large number of cryptographic operations
1:50:10
on their deliberately crafted
1:50:12
data while using the
1:50:15
now well-understood behavior of
1:50:17
the DMP to create
1:50:19
an inadvertent side channel
1:50:22
that leaks the secret key
1:50:24
even though the cryptographic code
1:50:26
itself is being super careful
1:50:29
not to behave differently in any
1:50:31
way based upon the value of
1:50:33
the secret key. In other words, it's
1:50:36
being betrayed by this
1:50:38
advanced operation of
1:50:41
the prefetching cache. The
1:50:47
code's care doesn't matter because
1:50:49
the cryptographic code, as I
1:50:53
said, is being betrayed. What
1:50:55
I've just explained is a
1:50:57
version of what these
1:50:59
very clever researchers revealed to
1:51:02
Apple back 107 days ago
1:51:04
from last Thursday in early
1:51:07
December last year. So
1:51:10
what does Apple do about this? This
1:51:13
does seem like the sort of thing Apple ought to
1:51:15
be able to turn off. One
1:51:17
of the things we've learned is that
1:51:19
these initial nifty-seeming
1:51:22
slick performance optimization things like
1:51:24
Spectre and Meltdown and all
1:51:26
the others always
1:51:28
seem to come back to bite us
1:51:31
sooner or later. So the
1:51:34
lesson we absolutely as an industry have
1:51:36
to take away, and surprisingly
1:51:40
we haven't yet, is that anything
1:51:42
like this should have
1:51:44
an off switch. And
1:51:47
what do you know? It may
1:51:49
have been, and likely was, in
1:51:52
reaction to these researchers'
1:51:55
initial augury DMP
1:51:57
paper back in 2022. Apple
1:52:01
added that off switch to their
1:52:04
M3 chip. Apple
1:52:07
announced it on October
1:52:09
30th last year, the day
1:52:11
before Halloween, and that M3 can
1:52:13
have DMP turned off. I've
1:52:19
heard, but I haven't confirmed,
1:52:21
that Apple's own crypto code
1:52:24
is flipping DMP off during
1:52:27
any and all of their
1:52:29
own cryptographic operations. So
1:52:32
it may only be non-Apple
1:52:34
crypto code running on Macs
1:52:36
that are endangered on M3
1:52:38
based machines. The
1:52:41
researchers cite their compromise
1:52:43
of the Diffie-Hellman key
1:52:46
exchange in OpenSSL, you
1:52:48
know, not an Apple library, and
1:52:50
the RSA key operations in
1:52:53
the Go language library. So
1:52:55
again, not Apples. So
1:52:58
what about the non-M3 chips,
1:53:00
the Apple A14 Bionic,
1:53:02
the M1 and the M2? Well,
1:53:05
it turns out that these so-called
1:53:07
SOC, you know, systems on a
1:53:09
chip, all have
1:53:11
multiple cores, and the
1:53:14
cores are not all the same type. Only
1:53:17
half of the cores are vulnerable,
1:53:19
because only half of them incorporate
1:53:22
the DMP. Apple's M
1:53:24
series have two types of cores, the
1:53:27
bigger Firestorm cores, also known as
1:53:29
the Performance cores, and the smaller
1:53:31
Ice storm cores, also known as
1:53:33
the Efficiency cores. On the
1:53:35
M1 and M2 chips, only
1:53:37
the Firestorm Performance cores offer
1:53:40
the problematic DMP prefetching system.
1:53:42
So all Apple needs to
1:53:44
do is to move their crypto
1:53:47
over to the smaller Efficiency cores.
1:53:50
Crypto operations will run more slowly
1:53:52
there, but they will be completely
1:53:54
secure from this trouble. So,
1:53:57
is Apple gonna do any of these things? they
1:54:00
already, the press thinks that nothing
1:54:02
has been done yet. I find
1:54:04
that curious given that the concerns
1:54:06
are real and that solutions
1:54:09
are available. But so far,
1:54:11
all the press has reported, now again,
1:54:13
Apple knew about this in early December, all
1:54:16
the press has reported that Apple has
1:54:18
been curiously mute on the subject.
1:54:21
Apple just says no comment. This
1:54:24
is doubly confounding given
1:54:26
that Thursday's research disclosure came
1:54:29
as no surprise to them
1:54:33
and also that the firestorm
1:54:38
of truly over-the-top
1:54:40
apoplectic and apocalyptic headlines
1:54:42
that have ensued as
1:54:44
a result really
1:54:47
does need a response. I imagine that
1:54:49
something will be forthcoming from Apple soon.
1:54:52
Until then, for what it's worth,
1:54:54
the attack, if it were to
1:54:57
happen, would be local and
1:54:59
would be targeted and would
1:55:01
require someone arranging to install
1:55:04
malware onto the victim's
1:55:07
machine. It's not the end
1:55:09
of the world and as I'm always saying
1:55:11
around here, anyone can make a mistake, but
1:55:14
Apple's customers would seem to need
1:55:16
and deserve more than silence from
1:55:18
Apple. So if we
1:55:20
ought to hear something, but at least
1:55:22
now we understand exactly what's going on.
1:55:25
And by the way, if somebody can install that on
1:55:27
your system, they can also just put a keystroke logger
1:55:30
on there. There's all sorts of ways they can get
1:55:32
full access. In fact, that's
1:55:35
probably a lot easier to do it some
1:55:37
other way than a side
1:55:39
channel attack. Does it take a lot of monitoring
1:55:42
and trial and error to have this side
1:55:44
channel? No, it doesn't. It takes an hour
1:55:46
and you get the key. And
1:55:49
so you actually do get a secret that
1:55:51
was trying to be protected. So I could
1:55:53
see a nation state saying, oh good, all
1:55:55
right, we'll do is we'll get this on
1:55:57
there through some other malware.
1:56:00
exploit, we'll run it and then we'll
1:56:02
erase all traces. Guy will
1:56:04
never know he was hacked but we've got the key and
1:56:06
we've got the key forever until
1:56:09
he changes it. Right. Yeah.
1:56:11
And the point I made was that when
1:56:14
this became public two years ago,
1:56:18
these guys apparently stopped their research. We
1:56:20
don't know the NSA did. The
1:56:23
NSA might have gone, hey, that's interesting.
1:56:25
Let's take a look at that. Oh,
1:56:27
come on. The NSA could, NSA has
1:56:29
probably been working on this same thing
1:56:31
forever, right? I mean, they
1:56:34
know about these side channel attacks. They
1:56:36
know about speculative execution. They know what
1:56:38
Spectre and Meltdown produced on the x86
1:56:41
platforms. I'm sure they were looking for
1:56:43
it too. Just whose
1:56:45
professors are better, I guess. Yeah,
1:56:48
hopefully we have good profs. I think we
1:56:50
have good profs in the NSA. Good
1:56:53
will hunting notwithstanding. Mr. Steve Gibson,
1:56:55
ladies and gentlemen. Happy birthday, Steve.
1:56:58
Thank you very much. Very nice. You're
1:57:00
getting there one more year and it's going to be a
1:57:02
big one. We're going to have a big party for
1:57:04
you next year. I know. I just
1:57:06
hope there's no loss of function. I want to
1:57:09
keep going at the current rate.
1:57:12
It's fine. Getting old is not so
1:57:14
bad as long as the body understands it needs
1:57:16
to continue doing everything properly.
1:57:19
And then, you know. Well, and objectively,
1:57:21
the sad thing is, I mean, I feel great.
1:57:23
I don't think I've lost any of my energy
1:57:26
or anything. And objectively,
1:57:28
you look at 80-year-olds and
1:57:31
they're, you know. How
1:57:35
much you can do is slow that down. My mom's 92 every
1:57:37
night at one. And
1:57:41
I, you know, she's still going strong. I'd be
1:57:43
happy if I were in her shape in 20
1:57:45
years. She's in
1:57:47
great shape. Or 13 years. I don't think you'd
1:57:49
be writing spin-right 10. Let's
1:57:52
hope you're doing some fishing. I know. I
1:57:54
might keep the brain sharp. I know. That's
1:57:56
what I'm working on. You know, I'm trying to keep the brain sharp.
1:58:00
going on here so
1:58:04
having a lot of fun with the coding I
1:58:06
feel like if I can do this I still
1:58:09
have something upstairs I love to code
1:58:11
coding so much there's I am so
1:58:13
happy yeah really so much
1:58:15
fun in fact
1:58:17
I had kind of a breakthrough this morning that's why I'm cool
1:58:19
yeah day 19 on Advent of Code it's a lot of fun Steve
1:58:27
Gibson lives at
1:58:29
grc.com the Gibson
1:58:31
Research corporation.com that is
1:58:33
where you'll find of course spin right
1:58:35
the world's finest hard drive actually all
1:58:37
mass storage maintenance and recovery utility 6.1
1:58:40
is out kids go on and get yourself
1:58:42
a copy and if
1:58:45
you already have a copy that will
1:58:47
browse around there's all sorts of other
1:58:49
wonderful stuff including this show you'll find
1:58:51
it actually a couple
1:58:53
of unique versions of this show
1:58:56
at grc.com 16 kilobit
1:58:58
audio which is the smallest
1:59:00
audio version of the show he also
1:59:02
has a 64 kilobit audio which sounds
1:59:04
a lot better he also has transcripts
1:59:06
handcrafted by Elaine Ferris so you can
1:59:08
read along as you listen or search
1:59:10
or do what feed them to your
1:59:13
AI and have make an AI Steve whatever it
1:59:15
is that you need to do you can do
1:59:17
it with those grc.com we
1:59:19
are at twit.tv and of course
1:59:21
security now shows to it that
1:59:23
TV slash SN we have
1:59:25
64 kilobit audio as well but our unique
1:59:27
format is video you can watch Steve smile
1:59:29
and face you
1:59:31
can watch us do the show every Tuesday
1:59:33
right after Mac break weekly usually works
1:59:36
out to around 1 30 p.m. Pacific
1:59:38
for 30 Eastern 2030
1:59:40
UTC and we stream
1:59:42
that live on YouTube youtube.com slash
1:59:47
twit so tune in
1:59:49
when the show begins tune out when the show's
1:59:51
over but though you know if
1:59:53
you you know if you subscribe and you hit the bell
1:59:55
then you get a notification whenever that's about
1:59:57
and try not to tune out before the show's over
2:00:00
Well, there I thought in the Discord
2:00:02
I noticed a couple of people saying, okay,
2:00:05
I understand what you're talking about. I think I'll leave
2:00:07
now. I always just try to let
2:00:09
it drift over my head and hope that it will seep
2:00:11
in at some point. That's exactly, I've
2:00:13
often suggested exactly that strategy. Don't worry about
2:00:15
the details, you'll just get the feel for
2:00:17
it. I've learned a few
2:00:20
things, you know, from listening to this show over the last,
2:00:22
what is it, 15, 16 years? Something
2:00:25
like that. Honey, we're in year 21. Or
2:00:29
was it 19? No, 20, yeah, because we, Twit
2:00:31
itself, it's 19th birthday's next month,
2:00:33
it's in a couple of weeks. That's
2:00:35
it. Okay. So you're
2:00:37
a little younger than that, just a tad. So you are
2:00:39
in your 20th year, you will be in your 20th year
2:00:41
soon. Which is kind
2:00:44
of mind boggling. I didn't
2:00:46
even think podcasting will last 20 months. Yeah.
2:00:51
Have a great birthday. I hope you
2:00:53
get some cake. You
2:00:55
know, I bet you Lori right now, she's got the apron on.
2:00:58
She's whipping up the batter. She's going, you know, she's
2:01:00
going to make you a nice cake, a little
2:01:03
coconut cream icing on top. She's
2:01:07
going to be cooking a nice medium rare
2:01:09
steak. That's all you care about. A little
2:01:11
cab, a little Santa Cruz mountain cab. That's
2:01:14
a great idea. Thank you,
2:01:16
Steve. Have a great week. And all
2:01:18
of you, thank you, especially to our club Twit
2:01:20
members who make this show possible. If you're not
2:01:22
a member, seven bucks a month, twit.tv slash club
2:01:25
Twit. Take care, Steve. Bye,
2:01:28
buddy. See you next week. Oh, or
2:01:30
is it still going to be March or is it April? No, it'll
2:01:32
be April. See you in April. Cool.
2:01:35
Live long and prosper, Mr. Gibson. Bye. Bye.
2:01:40
She's here ready now.
2:01:48
As humans were naturally driven by the search for
2:01:50
better. But when it comes to hiring, the best
2:01:53
way to search for a candidate isn't to search
2:01:55
at all. Search match with
2:01:57
indeed when I was looking to hire
2:01:59
some one it was so slow
2:02:01
and overwhelming. I wish I had
2:02:03
used Indeed. If you need to
2:02:06
hire, you need Indeed. Indeed
2:02:08
is your matching and hiring platform with over 350
2:02:10
million global monthly visitors according
2:02:13
to Indeed data and a matching engine
2:02:15
that helps you find quality candidates fast.
2:02:17
Ditch the busy work. Use
2:02:20
Indeed for scheduling, screening and messaging so
2:02:22
you can connect with candidates faster. And
2:02:24
Indeed doesn't just help you hire faster.
2:02:28
93% of employers agree Indeed delivers
2:02:30
the highest quality matches compared to other
2:02:32
job sites, according to a recent Indeed
2:02:34
survey. And listeners of this show will
2:02:36
get a $75 sponsored
2:02:38
job credit to get
2:02:40
your jobs more visibility
2:02:42
at indeed.com/podcast. That's indeed.com/podcast.
2:02:45
Terms and conditions apply.
From The Podcast
Security Now (Audio)
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.Join Podchaser to...
- Rate podcasts and episodes
- Follow podcasts and creators
- Create podcast and episode lists
- & much more
Episode Tags
Claim and edit this page to your liking.
Unlock more with Podchaser Pro
- Audience Insights
- Contact Information
- Demographics
- Charts
- Sponsor History
- and More!
- Account
- Register
- Log In
- Find Friends
- Resources
- Help Center
- Blog
- API
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More
- © 2024 Podchaser, Inc.
- Privacy Policy
- Terms of Service
- Contact Us