20210903

Fri Sep 3 06:00:02 EDT 2021 ======================================== Slept from ten to four, then laid awake with my eyes shut until six-thirty. Partly cloudy until late afternoon then becoming mostly cloudy. Highs in the mid 70s. East winds up to 5 mph shifting to the southeast around 5 mph in the late morning and afternoon. Thirty-five-minute walk in the morning. Mostly sunny and almost cold. Work ---------------------------------------- - help Robin with phone photos Done. - ask Levi about availability alerts for Sarah at GB Done. Randy took a half-day this afternoon. Took a nap during lunch. Home ---------------------------------------- https://www.detroitjazzfest.org/ Studied a little for Red Hat certs. https://threadreaderapp.com/thread/1433470109742518273.html > One of the products that the US Intel agencies allegedly convinced to use the backdoor was Juniper, whose NetScreen line of firewalls are widely deployed globally and in the US government. We didn’t know about this because the company hid it in their certification documents. 6/ > Even if we’d known about this, I’m sure “serious” folks would have vociferously argued that it’s no big deal because only the NSA could possibly exploit this vulnerability (it used a special secret only they could know), so (from a very US-centric PoV) why be a big downer? 7/ > But the field is called computer security; not computer optimism. We think about worst case outcomes because if we don’t do that, our opponents absolutely will. 8/ > In fact, they already had. What nobody had considered was that *even if the backdoor required a special secret key* only the NSA knows, a system with such a backdoor could be easily “rekeyed.” 9/ > In practice this would simply mean hacking into a major firewall manufacturer’s poorly-secured source code repository, changing 32 bytes of data, and then waiting for the windfall when a huge number of VPN connections suddenly became easy to decrypt. And that’s what happened. 10/ > The company was Juniper, the hack was in 2012. It is alleged (in this new reporting) to have been a Chinese group called APT 5. Untold numbers of corporate firewalls received the new backdoor, making both US and overseas systems vulnerable. 11/ > The new, rekeyed backdoor remained in the NetScreen code for over *three years*, which is a shockingly long time. Eventually it was revealed around Christmas 2015. 12/ > Fortunately we learned a lot from this. Everyone involved was fired and no longer works in the field of consumer-facing cryptography. > I’m kidding! Nobody was fired, it was hushed up, and everyone involved got a big promotion or lateral transfer to lucrative jobs in industry. 13/ > The outcome of the Juniper hack remains hushed-up today. We don’t know who the target is. (My pet theory based on timelines is that it was OPM, but I’m just throwing darts.) Presumably the FBI has an idea, and it’s bad enough that they’re keeping it quiet. > The lesson to current events is simple: bad things happen. Don’t put backdoors in your system no matter how cryptographically clever they look, and how smart you think you are. They are vulnerabilities waiting for exploitation, and if the NSA wasn’t ready for it, you aren’t. 15/ > The second lesson is that “serious” people are always inclined away from worst-case predictions. In bridge building and politics you can listen to those people. But computer security is adversarial: the conscious goal of attackers is to bring about worst-case outcomes. 16/ Started reading Tolkein's Beowulf. It doesn't sing at all, and is less fun than Headley's. Tolkien makes some things clearer, however, like the foreshadowing the resumption of Onela's hostilities: > Then in the strongholds long was Beow of the Scyldings, > beloved king of men, renowned among peoples—elsewhere > had the prince his father departed from his home—until > thereafter he begat Healfdene the high, who held the lordship > while he lived, and aged and fierce in war, over the fair > Scyldings. To him were childred four bourn in the world, in > order named: captains of the hosts, Heorogar, and Hrothgar, > and Halga the good; and [a daughter] I have heard that was > Onela's queen, dear consort of the warrior Scylfing. > […] Hrothgar > […] he would command men to fashion a hall and a > mansion, a mightier house for their mead-drinking than the > childred of men had ever known […] > […] The hall towered > high with hornéd gables wide, awaiting the warring > billows of destroying fire: the time was not far off that between > father an daughter's spouse murderous hate in memory of a > deadly feud should awake again. Headley gives: > Finally, Beow rolled into righteous rule, > daddying for decades after is own daddy died. > At last, though it was his turn for erasure: > his son, the Halfdane, ran roughshod, smothering > his father's story with his own. He rose in the realm > and became a famous warlord, fighting ferociously > dawn to dusk, fathering his own horde of four, > heirs marching into the world in this order: Heorogar, Hrothgar, Halga, and I heard he hand-clasped his daughter > (her name's a blur) to Onela. Tender, she rendered that battle-Swede > Happy in fucking, where before he'd only been happy in fighting. > […] So it rose: a greater hall than any other! > Hrothgar filled it, blood-brother by blood-brother, > and named it Heorot. [..] > […] The hall loomed, golden towers antler-tipped; > it was asking for burning, but that hand't happened yet. > You know how it is: every castle wants invading, and every family > has enemies born withing it. Old grudges recrudesce. And the commentary and notes in Tolkien are quite helpful. Not a difference in translations, but I also noticed the symmetry between Skyld's funeral boat, at the start of the poem: > […] There were many > precious things and treasure brought from regions far away; > […] Moreover, high above his head they set a golden > standard and gave him to the odean, let the sea bear him. […] …and the cave tomb/dragon's hoard at the end: > […] a host of hoarded jewels, gold glistening > that lay upon the ground, marvellous things upon the wall, > […] There too he saw > a banner hanging all wrought of gold, high above the hoard, Servings: grains 3/6, fruit 1/4, vegetables 1/4, dairy 1/2, meat 1/3, nuts 0.5/0.5 Brunch: banana, burrito with egg and vegetables Lunch: cheese curls Afternoon snack: green tea Dinner: -35

< ^ txt