That was a good start. Colin Robbins and some others had nice write-ups about why it wasn't enough. NSA, etc had nothing to do with it far as I can tell. Essentially, it was a combination of usability, compatibility with commercial clients, and the fact that you run into infrastructure issues the second you operate outside a small, closed group. Plus, you need protection against incoming emails and attachments. So, their solution which is worth FOSS knocking off was (a) a proxy on client that seemlessly does crypto, (b) plugin on email client that makes it easy to use, (c) input validation on risky data types with preferable conversion to safer ones, and (d) a guard to enforce strong controls/checking on all email traffic. For extra assurance, add strong endpoint security, mandatory access controls for app containment, and tools such as Softbound + CETS to make the app itself safer. And definitely don't use Windows.
This makes things difficult for attackers trying to read or forge communications. Among other things. PGP by itself was never sufficient, though, due to issues outside its control. The GPG code can support these efforts, though.
These attacks would be stopped by a combination of strong endpoint security, a guard protecting transfers, and mail guard + secure comms scheme so people know who's talking to who. These are all fielded as early as the 80's for military and some commercial use. Nexor is an example of a company selling the communications part. Argus, Tresys, Sirrix, LynxSecure, Dell Secure Consolidated Client, QubesOS... all examples of separating internal from risky stuff. Physical air gaps, KVM switches, separate networks, and guards (eg XTS-400, Genua's OpenBSD stuff) acting as gatekeepers are the strongest method. The important point is that anything mission critical happens in a way where external attackers can't see it or screw with it. Plus, validation of data flowing into network, diverse types of applications (eg non-standard PDF readers), secure messaging to spot forgery, and automated controls on transfers to detect unusual accounts or amounts.
Companies aren't going to do this, though. They'll keep using the other model: trying to do trusted computation on untrustworthy computers, using the networks the enemies can control, talking with untrustworthy protocols, secured by complex standards, and using centralized Internet ID systems possibly controlled by the enemy. Good luck. I'd do a consultation and help Ubiquiti deploy strong stuff but they'd never see people who can in Internet's noise. Too few left outside defense sector. Probably just got a traditional INFOSEC assessment, fixed a few things, made a checklist, and are hoping for the best. They'll get hit again if they don't fix the fundamental lack of trustworthiness in their infrastructure. True for 99% of companies.
I guess this means I'm sticking with Windows 7 on whatever good hardware supports it. The situation with Windows 8 and 10 is ridiculous. Microsoft knew what their *profitable* users wanted out of the platform. Windows 8 immediately resulted in a list of problems. They had old problems, as author noted, going way back. The best thing to do is keep what works, eliminate problems, add functions to make it easier to use, try some new things as OPTIONS, and continue to roll in profit from satisfied users. The Start Menu issue alone makes it look like Microsoft is intentionally trying to piss its users off. Meanwhile, Mac OS X and certain Linux distro's continue improving while remaining easy to use and (esp for Mac OS X) quite consistent.
Microsoft was known to copy anything better. They need to do that again for sane and consistent UI. Far as different devices, Apple's method worked so copy it: one product for desktops and one with touch-oriented UI for mobile/tablets. You can keep many of the dev tools, libraries, kernel functions, and so on the same to reduce duplication. They already do that for Xbox with even more coming now that it's x86. The problem is so friggin' simple to solve that it's amazing Microsoft hasn't figured it out, esp as it combines their two top qualities: leveraging what you already have to pinch pennies; copying successful stuff the competition does.
Very interesting that you do DO-254. My background was high assurance and I studied a lot of DO-178B stuff in the process. I didn't work in that market but it generated many high-quality components applicable to other areas. What they pulled off in terms of features amenable to assurance/certification also gave me a guess at what the next project with similar complexity would pull off. Also how I discovered SPARK and Astree.
My recent focus is on clean-slate, secure hardware with two aspects being ensuring hardware correctness and preventing subversion. I've come up with a lot of methods applicable to what HW people have taught me of their flows. Safety- and security-critical have considerable overlap in terms of verification from defect reduction to testing to traceability. I'd be very curious to hear of what flow you use for HW (esp ASIC) design in DO-254 space. I appreciate the memo as it's a good start on the subject and will help my own work. Still curious if there is a write-up by anyone on specific flow and what methods worked best on what problems past what's published on HW development in general.
This is cool stuff. Here's some other stuff I found recently for anyone interested in messing with bitstreams, creating an open-source FPGA, or doing hardware more easily. Hardware designers feedback is appreciated.
Open Source Bitstream Generation without R.E. or license violations: http://www.isi.edu/~nsteiner/p...
Archipelago - an open-source FPGA with toolflow support: http://www.eecs.berkeley.edu/P...
Cx, open-source, hardware & synthesis language: http://cx-lang.org/
QFlow Open-source Flow from behavioral synthesis to detail routing: http://opencircuitdesign.com/q...
Have fun people! Especially building on the first two. I'd appreciate experienced people telling me how good the Cx system is for (a) people doing FPGA with high-level synthesis tools and/or (b) beginners using behavioral verilog wanting something better.
I was a neutral party, too, who couldn't make sense of it. Most published evidence supported the claims of the feminists but strangely didn't mention much about the other side. Not objective at all. Least that was some kind of evidence. So, I challenged a bunch of pro-GamerGate people with that evidence and demanded they do more than troll or ask for us to take it on faith. One sent me this vid that shows feminist hypocrisy with evidence from her own game, points out these are entertainment products based on demand (which includes women!), and has other rational points supporting GamerGate's position:
(Really makes the feminists opposing look like BS pushers esp as a commenter here pointed out Brianna also breaks their own rules in games.)
Another link I received was from the "Factual Feminist:"
(She actually backed her claims with evidence that contradicts the claims of the feminists opposing gamergate. She also showed that their own studies cooked the books a bit.)
On top of it, out of millions of gamers, they've only got a relatively tiny number of people making threats. That means vast majority of gamers are *not* making threats. Yet, they talk like rape and death threats over right to abuse females is the only thing going on here. If anything, what I see here is a group of people (i.e. Brianna & co) calling out a whole segment of society (including women!) as evil, claiming to eliminate their market, making provably false statements, and being hated as a result. Who wouldn't have seen that response coming.... Ignoring the claims I see here like faking stuff, the basic analysis of anti-GamerGate's own claims and games *they* make show these women are deceitful, hypocritical pricks who deserve whatever *verbal* hate they get. It's called Internet Justice. Best to just not do the crime and especially against what's allegedly your own customers/demographic.
You have points on the 0-days being on the lower end compared to pervasive backdoors. Far as worst compromise, it's actually NSA compromising insane numbers of hosts using automated QUANTUM hits and drones via WiFi attacks. Much worse than manual stuff FBI does. That they continue to subvert things with little challenge is in their favor, as well. Far as crypto, NSA promoted strong algorithms while hiding all the ways their implementation could be busted (eg side channels). AES was actually more prone to these than some others. They also had the methods and tech to design nearly bulletproof stuff (eg Type 1, EAL6-7, TEMPEST). That they deliberately kept us in the dark and made those difficult to impossible to get weakened our security posture greatly across the board. They could've subsidized a few guards, VPN's, and endpoints to give us a chance but had other, devious ideas.
Anyway, your critique might be right on us *mostly* winning on the crypto side. Yet, they won in most other respects in being on top. I guess I need to change the claim to match that. Maybe the NSA's War on Security, starting when they killed the high assurance market (below). Crypto War would be battles within the greater framework. Main war still going on obviously. Recently being challenged by private parties and especially DARPA-funded research (eg crash-safe.org, CHERI). Gotta love DARPA: enemy's R&D organization will probably give us our best chances of defeating them.
"Bullshit. One of the most interesting things to come out of the Snowden revelations was the discovery that the NSA doesn't have any secret ways into properly done crypto -- Schneier even noted as much in his interview with Snowden."
I think you missed the whole point: NSA has been secretly beating many crypto you cite for years with a myriad of bypasses. They piled up attacks on applications, OS's, firmwares, and so on. They have it to the point that it's automated with QUANTUM. Linux's fragmentation gave non-mainstream distro's certain protection. I did that directly in previous work in what I called Security via Diversity. Academia has re-discovered that concept and regularly publishes it under banner "moving target." Yet, most people could've been smashed by NSA this entire time without realizing it.
So, after NSA *lost*, they waited for an opportunity. 9/11 provided it. Then, they started tapping the Tier 1 providers, intercepting whole datacenters worth of stuff, covert partnerships with U.S./foreign companies, coercive relationships with FBI support, infiltration of foreign companies/sites, weakening of crypto standards, insertion of 0-day's, deliberately leaving in 0-days, and buying up even more 0-days + attack kits for automated use. The combination of Snowden leaks and Equation Group report show they have utterly been dominating their opponents... without them even knowing... for over a decade.
In short, they went to war on everything (see BULLRUN) in secret, they won enough to create a "golden age of surveillance," and post-Snowden we're launching a new set of battle with new criteria to stop them. That's a... third... fight. Strange how security experts can say a quasi-military organization attacked, hacked, and subverted almost everything in wide use without saying they lost a war to them. They did loose. Many of us told them exactly what they were hitting pre-Snowden given it had to be anything in a system that ran code or could be reached by code (obvious eh?). We were told various things: too paranoid; that's impractical; nobody is reporting those hacks so they aren't happening; FBI & NSA are saying in public they can't do that. And on and on. They talked like they were safe on their FOSS & "secured" Windows boxes while they were getting stomped for years on end.
So, if anyone's calling bullshit, it's me on mainstream INFOSEC industry and security "experts" who didn't see this shit coming despite me outlining it nicely for years. My framework still exists (below) showing all the rigor it takes at every layer to stand a chance at beating them. Secure code or good crypto apps aren't enough. My framework is taken right out of the government's requirements for the ultra-secure systems (Type 1, EAL6/7) they use at most sensitive sites but won't let us have. Want to eliminate risk in your software and stick it to NSA? The opportunity is right there below waiting for your effort.
I keep saying we should call it the Third Crypto Wars because NSA + GHCQ already won the Second. They did that in a secret war on all systems and cryptography with aid from post-9/11 legislation. The Snowden leaks attest to what they accomplished. Most crypto out there doesn't deliver on its claims because they backdoored, weakened, or bypassed (endpoints) it. Now, from a position of dominance, NSA and FBI are launching a Third War on Crypto which is a mixture of public (see article) and secret (try to see TPP). This is an attempt to automatically achieve what they currently work hard for. We're not going to stand a chance of winning this third round if we don't acknowledge they already won the second. And did it without hardly anyone noticing pre-Snowden. That's how bad our current position is and why we need to fight that much harder for strong security across the whole stack.
Note: I've only seen a few strong constructions ever posted on Slashdot or most other IT news sites. *Those* kinds of things don't get popular. NSA etc love that. It's why the majority doesn't stand a chance whether using proprietary or FOSS. Rare exceptions to that.
DEC diagnostics would run on a dead whale. -- Mel Ferentz