FARK.com: (7019109) Former U.S. cyber-security chief and author of "Cyberwar" warns of cyberattacks launched by coming Asian cyberthreat "Every major U.S. company has been hacked by China." Cyber

If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(itworld.com)		Former U.S. cyber-security chief and author of "Cyberwar" warns of cyberattacks launched by coming Asian cyberthreat "Every major U.S. company has been hacked by China." Cyber (itworld.com)		109
		More: Scary, Asians, computer insecurity

• • •

1889 clicks; posted to Geek » on 28 Mar 2012 at 12:35 PM | Favorite | share:

Share this link:

URL:

http://fark.com/go/7019109

Bookmark:

Article Comments close

109 Comments (+0 »)

View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | 3 | » | Last | Show all

dittybopper		2012-03-28 03:17:18 PM

RedVentrue: When are we going to accept that there is no such thing as intellectual property anymore? Nothing is secret,

This is secret:

00757 24995 62455 10036 70849
90829 11649 84279 20456 81857

It could be a secret message converted to numbers using a straddling checkerboard, then enciphered using a one-time pad. Or it could just be random numbers that I generated by rolling some 10 sided dice. There is no way for you to know, one way or the other, which one it is.

Ever.

MoronLessOff		2012-03-28 03:22:42 PM

dittybopper: RedVentrue: When are we going to accept that there is no such thing as intellectual property anymore? Nothing is secret,

This is secret:

00757 24995 62455 10036 70849
90829 11649 84279 20456 81857

It could be a secret message converted to numbers using a straddling checkerboard, then enciphered using a one-time pad. Or it could just be random numbers that I generated by rolling some 10 sided dice. There is no way for you to know, one way or the other, which one it is.

Ever.

It's a commercial.

Felgraf		2012-03-28 03:27:52 PM

Orgasmatron138		2012-03-28 03:30:16 PM

What is the actual definition of "hacking?" Is it actually modifying code or passwords? Or does just plain old fooling someone electronically count?

I'm going to start using the word "grifting." I think that works.

Captain_Ballbeard		2012-03-28 03:51:41 PM

Weaver95: I can say from personal experience that the chinese steal intellectual property on a scale that staggers the imagination. And companies just....accept it. these are the SAME companies that lobby the US Congress for massive intervention against US citizens and demand that the Dept of Homeland Security hunt down and arrest someone for posting last week's episode of Glee on bittorrent.

EVERY company that uses Chinese labor to manufacture a product has had their designs and processes stolen. Every. Single. One. What I don't understand is why companies put up with the theft. They sure as hell don't talk about the problem with their investors.

It's disgusting. I once saw US Marshals serve suits on some Chicom IP thieves at a trade show, ended up with two of the Chinese on the floor with guns in their necks. Half the floor applauded.

Maud Dib		2012-03-28 04:01:05 PM

Our domestic Internets have 100 % less lead than the Chinese Internets.

dittybopper		2012-03-28 04:03:18 PM

Felgraf: dittybopper: RedVentrue: When are we going to accept that there is no such thing as intellectual property anymore? Nothing is secret,

This is secret:

00757 24995 62455 10036 70849
90829 11649 84279 20456 81857

It could be a secret message converted to numbers using a straddling checkerboard, then enciphered using a one-time pad. Or it could just be random numbers that I generated by rolling some 10 sided dice. There is no way for you to know, one way or the other, which one it is.

Ever.

Wait why would you ever need to combine a one time pad with any other kind of cipher? Unless you're committing the cardinal sin of cryptography? (Re-using a cipher?)

You convert the letters into numbers using the straddling checkerboard so that you can use numeric one time pads.

It's not a cardinal error. It's a necessary step if you want to use numeric one time pads. Here is an example:

If we wish to encode the following message:

BE SURE TO DRINK YOUR OVALTINE.

we first have to turn it into numeric equivalents in order to be able to perform the addition and subtractions necessary. Using the straddling checkerboard in my profile, it translates to:

B E SU RE TO D RINK Y OU R OV AL TINE.
108 25398 67 1293417567529 753018634858

We clean it up into 5 figure groups, then add to it using the "one-time pad" in my profile using non-carrying addition:

10825 39867 12934 17567 52975 30186 34858 - Plaintext enciphered by straddling checkerboard
88254 83402 02029 48286 92288 75235 74209 - Random key from the "one-time pad"
-----------------------------------------
98079 12269 14953 55743 44153 05321 08057 - Ciphertext

We have to let our correspondent know which pad we used, though. We could place it at the end, or the beginning, or at some predetermined spot in the middle, but lets just put it on both ends to remove any ambiguity:

05231 98079 12269 14953 55743 44153 05321 08057 05231

Now, all our correspondent has to do is find his copy of the correct pad used at both the beginning and the end of the message, and use subtraction to get the plaintext, borrowing a tens digit out of "thin air" when necessary. When they get the numeric plaintext, they convert that into letters using the straddling checkerboard.

The use of numeric pads instead of alphabetic ones allows one to generate key material using a completely random mechanical device in a fairly rapid manner (ie., rolling handfuls of 10-sided dice to generate key groups rapidly).

Autarky		2012-03-28 04:05:15 PM

we should just bring them to heel by force (military or $$$)

/buddy worked for the smart parts of the army in s Korea, we have enough firepower in s Korea alone to set phaser to obliterate

dittybopper		2012-03-28 04:07:54 PM

Oh, I forgot the best part: You can do everything completely manually, without using a computer, and assuming you don't re-use the pads and destroy them immediately after use, no one can every "break" that message. Not even if they do this:

imgs.xkcd.com

dj_spanmaster		2012-03-28 04:11:17 PM

dittybopper: ... stuff ...

Dude, you've got way too much time on your hands.

dittybopper		2012-03-28 04:15:06 PM

dj_spanmaster: dittybopper: ... stuff ...

Dude, you've got way too much time on your hands.

Hey, I'm an ex-SIGINT weenie. This kind of stuff interests me.

BTW, as far as I can tell after extensive googling, I'm the first person to come up with the idea of generating manual one-time pads using 10-sided dice.

Plus, think of it as a public service: If we ever get to the point where you need to know how to do this kind of stuff, you won't be able to learn it without coming under unwelcome scrutiny. So I teach you now.

dittybopper		2012-03-28 04:18:36 PM

dj_spanmaster: dittybopper: ... stuff ...

Dude, you've got way too much time on your hands.

Oh, and it didn't take all that long to do: Probably took me all of 10 minutes to type that all up. If I were just enciphering without doing the explaining and getting the formatting right, probably would have been less than 5 minutes to encipher.

MoronLessOff		2012-03-28 04:24:15 PM

dittybopper: dj_spanmaster: dittybopper: ... stuff ...

Dude, you've got way too much time on your hands.

Hey, I'm ~~an ex-SIGINT weenie~~ a nerd.

NTTAWWT

dittybopper		2012-03-28 04:30:24 PM

MoronLessOff: dittybopper: dj_spanmaster: dittybopper: ... stuff ...

Dude, you've got way too much time on your hands.

Hey, I'm an ex-SIGINT weenie a nerd.

NTTAWWT

Yeah, that too. In my defense, though, it is nerds that advance society. Without nerds, we wouldn't be communicating right now.

dj_spanmaster		2012-03-28 04:32:31 PM

dittybopper: dj_spanmaster: dittybopper: ... stuff ...

Dude, you've got way too much time on your hands.

Oh, and it didn't take all that long to do: Probably took me all of 10 minutes to type that all up. If I were just enciphering without doing the explaining and getting the formatting right, probably would have been less than 5 minutes to encipher.

I bet you just loved Cryptonomicon. I can wrap my head around the basics, but without dedicating much time to it, that's it.

yelmrog		2012-03-28 04:42:08 PM

PanicMan: Sybarite: [images.wikia.com image 370x572]

Muscles upon muscles? Check
Poor understanding of human anatomy? Check
No feet? Check.

The Liefield checklist?

I'm not seeing any pouches though.

RedVentrue		2012-03-28 04:46:21 PM

dittybopper: Felgraf: dittybopper: RedVentrue: When are we going to accept that there is no such thing as intellectual property anymore? Nothing is secret,

This is secret:

00757 24995 62455 10036 70849
90829 11649 84279 20456 81857

It could be a secret message converted to numbers using a straddling checkerboard, then enciphered using a one-time pad. Or it could just be random numbers that I generated by rolling some 10 sided dice. There is no way for you to know, one way or the other, which one it is.

Ever.

Wait why would you ever need to combine a one time pad with any other kind of cipher? Unless you're committing the cardinal sin of cryptography? (Re-using a cipher?)

You convert the letters into numbers using the straddling checkerboard so that you can use numeric one time pads.

It's not a cardinal error. It's a necessary step if you want to use numeric one time pads. Here is an example:

If we wish to encode the following message:

BE SURE TO DRINK YOUR OVALTINE.

we first have to turn it into numeric equivalents in order to be able to perform the addition and subtractions necessary. Using the straddling checkerboard in my profile, it translates to:

B E SU RE TO D RINK Y OU R OV AL TINE.
108 25398 67 1293417567529 753018634858

We clean it up into 5 figure groups, then add to it using the "one-time pad" in my profile using non-carrying addition:

10825 39867 12934 17567 52975 30186 34858 - Plaintext enciphered by straddling checkerboard
88254 83402 02029 48286 92288 75235 74209 - Random key from the "one-time pad"
-----------------------------------------
98079 12269 14953 55743 44153 05321 08057 - Ciphertext

We have to let our correspondent know which pad we used, though. We could place it at the end, or the beginning, or at some predetermined spot in the middle, but lets just put it on both ends to remove any ambiguity:

05231 98079 12269 14953 55743 44153 05321 08057 05231

Now, all our correspondent has to do is find his copy of the correct pad used at ...

You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

dittybopper		2012-03-28 04:51:46 PM

dj_spanmaster: dittybopper: dj_spanmaster: dittybopper: ... stuff ...

Dude, you've got way too much time on your hands.

Oh, and it didn't take all that long to do: Probably took me all of 10 minutes to type that all up. If I were just enciphering without doing the explaining and getting the formatting right, probably would have been less than 5 minutes to encipher.

I bet you just loved Cryptonomicon. I can wrap my head around the basics, but without dedicating much time to it, that's it.

The Craptonomicon? It sucked.

dittybopper		2012-03-28 04:52:48 PM

RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

whither_apophis		2012-03-28 05:00:19 PM

Sure but try to sell a "Myng" dynasty plate and they get all bent out of shape.

dittybopper		2012-03-28 05:01:07 PM

dittybopper: RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

Just to expand upon this: As long as the pad is truly random, and isn't re-used, and isn't somehow compromised, there is no way to solve a message encrypted by it analytically. This is both theoretically true, and practically true.

It is literally unbreakable. If you try to brute force it, you will get the correct message eventually. But you'll also get every single possible message of the same length, and you'll have no way to distinguish which one is the correct one, so trying that is a fools errand.

Benni K Rok		2012-03-28 05:10:02 PM

I think if I ever ran a business with sensitive information on it, I wouldn't allow direct access to my IP and the internet.

You have to go into a secure area, temporarily surrender your cellphone, and you can't go in alone. If it doesn't contain the important parts of the IP, then you can use an outside terminal, with limited access to the internet(Limited to blocking things that could get individuals in trouble, like porn, Fark would be okay though).

Anyone remember the drone with the keylogger program the DOD can't get rid of? Chinese parts.

Hell, there are Chinese parts already on a planes that are just being built for the US Military(F-35, P-8) and haven't been received by the initial training squadrons yet, much less the ones capable of missions.

Benni K Rok		2012-03-28 05:11:16 PM

dittybopper: dittybopper: RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

Just to expand upon this: As long as the pad is truly random, and isn't re-used, and isn't somehow compromised, there is no way to solve a message encrypted by it analytically. This is both theoretically true, and practically true.

It is literally unbreakable. If you try to brute force it, you will get the correct message eventually. But you'll also get every single possible message of the same length, and you'll have no way to distinguish which one is the correct one, so trying that is a fools errand.

Not if you have the man that sent it and a five dollar lead pipe.

rocky_howard		2012-03-28 05:15:31 PM

dittybopper: dittybopper: RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

Just to expand upon this: As long as the pad is truly random, and isn't re-used, and isn't somehow compromised, there is no way to solve a message encrypted by it analytically. This is both theoretically true, and practically true.

It is literally unbreakable. If you try to brute force it, you will get the correct message eventually. But you'll also get every single possible message of the same length, and you'll have no way to distinguish which one is the correct one, so trying that is a fools errand.

Eventually meaning thousands of years within that context.

BitwiseShift		2012-03-28 05:19:06 PM

dittybopper		2012-03-28 05:29:33 PM

Benni K Rok: Not if you have the man that sent it and a five dollar lead pipe.

That method is of limited utility, because he could tell you whatever he wants, and there would be *ZERO* way to prove him wrong. He might just be telling you what you want to hear, just to get you to stop beating him. Or he might give you several different versions, none of which is the real one. Just no way for you to know.

It may not even be intentional: Do you exactly remember the contents of, say, an e-mail you sent 6 months ago? Me neither.

dittybopper		2012-03-28 05:35:10 PM

rocky_howard: dittybopper: dittybopper: RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

Just to expand upon this: As long as the pad is truly random, and isn't re-used, and isn't somehow compromised, there is no way to solve a message encrypted by it analytically. This is both theoretically true, and practically true.

It is literally unbreakable. If you try to brute force it, you will get the correct message eventually. But you'll also get every single possible message of the same length, and you'll have no way to distinguish which one is the correct one, so trying that is a fools errand.

Eventually meaning thousands of years within that context.

No. Pretty quickly, actually.

Fubini		2012-03-28 05:55:50 PM

Benni K Rok: Anyone remember the drone with the keylogger program the DOD can't get rid of? Chinese parts.

If it's the same keylogger I'm thinking of, that was actually due to an infected facebook game, most likely transmitted to the secure computers through an insecure flashdrive/CD or something. The reason it kept coming back is probably that it was infected at a rootkit-type level or the infected media was still being used.

The best security software in the world can't fix stupid.

RedVentrue		2012-03-28 06:00:41 PM

tlchwi02		2012-03-28 06:14:41 PM

RedVentrue: If you know the language that the message was written in, you can break the code using linguistic patterns.

niet comrade!

missiv		2012-03-28 06:17:14 PM

gund		2012-03-28 06:18:14 PM

dittybopper: Oh, I forgot the best part: You can do everything completely manually, without using a computer, and assuming you don't re-use the pads and destroy them immediately after use, no one can every "break" that message. Not even if they do this:

[imgs.xkcd.com image 448x274]

Eh? If you destroy them and nobody has them, nobody can decrypt them, then it's pretty much useless. There's no point encrypting something without at some point having the ability to decrypt it. So yes, any code can be broken by beating the guy with the decryption key (e.g. one time pad used in this case).

One time pads are theoretically unbreakable without the key. That doesn't mean other encryption methods are breakable with current technology and knowledge, in practical time constraints.

If you are such an expert, you should obviously understand why one time pads are very rare and other methods are much more common.

The reason why you may be the first to propose the "10 sided dice" method of generating keys, is because any truly random method of generating a sequence of symbols as a key works. So proposing a manual method like rolling a die is really not novel or helpful. Anybody who has thought about how to manually generate random numbers have thought about using dice already. They just didn't bother to write it on the web. Hell there's a website that produces random numbers daily from dice, and they built a machine that rolls hundreds or thousands of dice every day and automatically read the numbers and posts it online. I don't remember the website but some geek will know it.

gund		2012-03-28 06:20:42 PM

PonceAlyosha		2012-03-28 06:23:06 PM

gund: RedVentrue: dittybopper: RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

If you know the language that the message was written in, you can break the code using linguistic patterns.

No.

What if we run it backwards through the machine but reverse the polarity, like putting too much air into a balloon?

tlchwi02		2012-03-28 06:25:37 PM

PonceAlyosha: What if we run it backwards through the machine but reverse the polarity, like putting too much air into a balloon?

can we work a tachyon beam into that idea?

BumpInTheNight		2012-03-28 06:31:01 PM

I don't see it.

MusicMakeMyHeadPound		2012-03-28 06:32:16 PM

Fun fact: "cyber" means "rudder".

Tee hee hee.

Lord Dimwit		2012-03-28 06:39:07 PM

PonceAlyosha: gund: RedVentrue: dittybopper: RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

If you know the language that the message was written in, you can break the code using linguistic patterns.

No.

What if we run it backwards through the machine but reverse the polarity, like putting too much air into a balloon?

And then something bad happens!

MusicMakeMyHeadPound		2012-03-28 06:40:05 PM

Orgasmatron138: What is the actual definition of "hacking?" Is it actually modifying code or passwords? Or does just plain old fooling someone electronically count?

I'm going to start using the word "grifting." I think that works.

"Hacking" predates electronics (so does cybernetics, for that matter).

This is actually a pretty good article on the term.

http://paulgraham.com/gba.html

/i hacked my Masterlock combination lock once when I forgot its combo.
//it was fun
///saved me from having to buy a new lock

RedVentrue		2012-03-28 07:02:14 PM

WayToBlue		2012-03-28 07:08:31 PM

RedVentrue

gund: RedVentrue: dittybopper: RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

If you know the language that the message was written in, you can break the code using linguistic patterns.

No.

How?

How what? Your suggestion isn't correct, that's it. Even if you think you know exactly what the message is you can't confirm your guess assuming the key was generated correctly and not re-used. This isn't a substitution cipher, your linguistic patterns don't matter here.

That's kind of the beauty of OTPs.

Fubini		2012-03-28 07:15:29 PM

RedVentrue: dittybopper: RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

If you know the language that the message was written in, you can break the code using linguistic patterns.

Only if the resulting ciphertext retains the linguistic pattern. This works for things like simple substitution ciphers, but anything more complicated tends to destroy those patterns.

The enigma machine (which is ancient by today's standards) got around this by changing the character substitution after every character, so to decipher the linguistic patterns you'd have to decipher the cipher patterns anyway, so the linguistics were moot.

MusicMakeMyHeadPound		2012-03-28 07:31:39 PM

RedVentrue: gund: RedVentrue: dittybopper: RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

If you know the language that the message was written in, you can break the code using linguistic patterns.

No.

How?

Sorry, I assumed you were being silly earlier. But yeah, cryptography moved beyond linguistics about 70 years ago.

If you're interested, this is a pretty good read. Worth buying or hunting through your local library for:

http://www.amazon.com/gp/aw/d/1857028899

HarlequinGuy		2012-03-28 07:40:44 PM

Cyber fear-mongering. This gets media coverage, clueless CEO's buy it and demand action, and who do you suppose might get the call??

kim jong-un		2012-03-28 07:45:55 PM

gopher321: You expect China to respect International law re. copyrights or patents? If western companies sued in international court, I highly doubt that would deter them at all. I do my best not to buy any Chinese made products but sadly nowadays for somethings it's impossible NOT to. Just thank god they're not producing our food.

In many cases they are. I bought some pine nuts from trader joes. Turns out they came from china and were from a relative of the real plant that produces pine nuts.

For a month, anything I ate with fat or oil would release something and.made.the food taste like a chemical/metal. I was scared to death it was permanent. I always check the sources of any 'transportable' food now.

rwfan		2012-03-28 07:59:44 PM

Bondith: Hell, even Canadian-born Chinese have warned me to be careful about "those people", ie, Chinese-born Chinese.

/it's not racist if it's true

I had a native born chinese grad student tell me the same thing. Well not the "those people" part.

It's not racist if it's not racist. He wasn't talking about Asians in general, just native born Chinese.

Lunaville		2012-03-28 08:01:44 PM

Autarky: we should just bring them to heel by force (military or $$$)

/buddy worked for the smart parts of the army in s Korea, we have enough firepower in s Korea alone to set phaser to obliterate

Or we could stop giving tax breaks to companies who off-shore jobs and, as a society, stop begging the Chinese on our knees to please, pretty please, please take our jobs.

RedVentrue		2012-03-28 08:13:00 PM

MusicMakeMyHeadPound: RedVentrue: gund: RedVentrue: dittybopper: RedVentrue: You've proven my point. If someone can make a code, someone else can break it.
No security is secure, and the only secret is the one that stays in your own head.

You can't break a message enciphered by a one-time pad once the pad used to encipher it is destroyed. Period.

If you know the language that the message was written in, you can break the code using linguistic patterns.

No.

How?

Sorry, I assumed you were being silly earlier. But yeah, cryptography moved beyond linguistics about 70 years ago.

If you're interested, this is a pretty good read. Worth buying or hunting through your local library for:

http://www.amazon.com/gp/aw/d/1857028899

Thanks I'll look at it. I was thinking of Mayan archeology. They cracked a language of symbols without even knowing the structure of the language, by looking at patterns.

mikefinch		2012-03-28 08:14:47 PM

WayToBlue: How what? Your suggestion isn't correct, that's it. Even if you think you know exactly what the message is you can't confirm your guess assuming the key was generated correctly and not re-used. This isn't a substitution cipher, your linguistic patterns don't matter here.

That's kind of the beauty of OTPs.

Heres my suggestion:

You have a short message that i know the subject of -- I ask you -- the captured code writer what it says -- if you dont tell me i break your toes. If you do tell me i can test it and if i get gibberish i break more toes.

Brute force hacking works best when you use the brute force on both the code AND the code maker at the same time.

You only need to brute test the combinations your initial brute test spat out in a haze of anguish and blood or fear.

gund: If you are such an expert, you should obviously understand why one time pads are very rare and other methods are much more common.

I thought they were pretty common. Thats what numbers stations are right? Just an easy way to pass off one time codes over airwaves to intelligence staff working undercover.

Infact they found that thats actually what one of those sites down in cuba was actually doing.