Terrorists serving the Islamic State are also reminded to wash their hands and cover their mouths when yawning and sneezing. The warning reportedly included a full page info-graphic teaching ISIS members how to avoid spreading the pandemic.
Tag: security
Go Bag
30 seconds flat means you need to pack what’s needed and keep it where you can easily reach it and hit the road. Having the right stuff in the bag is key—a “go-bag” makes it easy because you’ve planned ahead of time and don’t have to think.
Drone self defence
They have hit on a low-power, lightweight self-defence system suitable for small drones. Instead of employing light or radio waves to detect incoming threats, it harnesses sound waves and the Doppler effect.
ICS hacking
p0wnto0wn comes to industrial control systems
Pwn2Own’s new focus on industrial control systems also brings public scrutiny to software that has long lacked it. Most of the companies here typically don’t make that code available to security researchers, and only agreed to provide it at the S4 conference’s request. (2 major industrial control system software makers, GE and Siemens, were notably absent.) Nor do these companies offer their own “bug bounty” rewards, meaning security researchers have neither the access nor incentive to find flaws.
Alert spam
of course, the point of these dumb alerts is security theater, not to actually accomplish anything. meanwhile, the correct course of action remains to disable this spam in your phone settings.
Space quantum internet
to communicate securely, 2 ground stations must be able to see the same satellite at the same time so that both can receive entangled photons from it
Soleimani’s Death
General Soleimani was the commander of the Quds Force, an external unit of the Islamic Revolutionary Guard Corps, whose primary activities were outside Iran’s borders. He was particularly adept at creating militias manned by recruits from across the Middle East and South Asia. The model was Hezbollah in Lebanon, where in the early 1980s Iran organized the local Shiite community and created a lethal terrorist organization that would commit acts of violence on its behalf. This policy had 2 major advantages. First, it gave Iran a unique ability to assert its influence over disorderly politics in Iraq, Lebanon, and Syria while maintaining a kind of plausible deniability. Second, it allowed Iran to wage through proxies a campaign of violence responsible for the deaths of 100s of US troops during the civil war in Iraq. Iran’s position in all those countries was already precarious. The regime could ill afford the vast imperial project that it undertook since the US invasion of Iraq. It is struggling to meet its domestic budgetary needs and has been reducing its subsidies to its militias. The assassination of Soleimani is unlikely to reverse any of those trends.
Trustable Hardware?
I’ve concluded that open hardware is precisely as trustworthy as closed hardware. Which is to say, I have no inherent reason to trust either at all. While open hardware has the opportunity to empower users to innovate and embody a more correct and transparent design intent than closed hardware, at the end of the day any hardware of sufficient complexity is not practical to verify, whether open or closed. Even if we published the complete mask set for a modern billion-transistor CPU, this “source code” is meaningless without a practical method to verify an equivalence between the mask set and the chip in your possession down to a near-atomic level without simultaneously destroying the CPU.
So where does this leave us? Do we throw up our hands in despair? Is there any solution to the hardware verification problem?
I’ve pondered this problem for many years, and distilled my thoughts into 3 core principles:
- Complexity is the enemy of verification
- Verify entire systems, not just components
- Empower end-users to verify and seal their hardware
2023-03-11: The next step, inspecting the hardware itself
The Infra-Red, In Situ (IRIS) inspection method is capable of seeing through a chip already attached to a circuit board, and non-destructively imaging the construction of a chip’s logic. Each pixel corresponds to 1.67 micron. While these images cannot precisely resolve individual logic gates, the overall brightness of a region will bear a correlation to the type and density of logic gate used. With a reasonable amount of design-level hardening, we may be able to up the logic footprint for a hardware trojan into something large enough to be detected with IRIS. Fortunately, there is an existing body of research on hardening chips against trojans, using a variety of techniques including logic locking, built in self test (BIST) scans, path delay fingerprinting, and self-authentication methods
Squashing ISIS
ISIS is now harder to track online—but that's good news
technologies like the Dark Web are often thought of as fitting to the group’s security demands, they are largely useless to its outreach goals. ISIS needs to be where more users already are; otherwise, it’s just talking to itself alone in an empty room. For the first time since ISIS embraced social media in the early 2010s, there seem to be strong signs of the government-tech sector collaboration myself and others have been calling for. ISIS is not gone and will not be for a long time, but a critical pillar of its life force has been cracked. It’s something to not only embrace, but also demand continue.
The Darkhotel APT
this crew’s most unusual characteristic is that for several years the Darkhotel APT has maintained a capability to use hotel networks to follow and hit selected targets as they travel around the world. These travelers are often top executives from a variety of industries doing business and outsourcing in the APAC region.
Gregor J. Rothfuss 