Date: Thu, 6 Oct 2016 02:12:25 +0000 (UTC) From: Jules Gilbert <repeatable_compression@yahoo.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Fw: isn't this the worst possible report?? -- i went back and put a copy on a memstick; see attachment Message-ID: <1326548497.53590.1475719945105@mail.yahoo.com> In-Reply-To: <307150697.750173.1475719669536@mail.yahoo.com> References: <1410500115.6001690.1475677275963.ref@mail.yahoo.com> <1410500115.6001690.1475677275963@mail.yahoo.com> <a204e3ce-dfb2-8f1e-852a-a43da59b056b@freebsd.org> <307150697.750173.1475719669536@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
See attachment,=C2=A0 Simple program, in C.=C2=A0 Without access to=C2=A0 a=
file, it "partially characterizes" it.=C2=A0 (My term for weakly predictin=
g it.)=C2=A0 Why is this useful?, read on.
But please help me.=C2=A0 These attacks are limiting my work efforts.
=20
----- Forwarded Message -----
From: Jules Gilbert <repeatable_compression@yahoo.com>
To: Julian Elischer <julian@freebsd.org>=20
Sent: Thursday, October 6, 2016 2:07 AM
Subject: Re: isn't this the worst possible report?? -- i went back and put=
a copy on a memstick; see attachment
=20
First, the machine wasn't new, it's more than five years old.=C2=A0 Sorry, =
I thought my post was obvious, that the OS environment was brand-new.=C2=A0=
Sorry to confuse you.
Second, I've been getting hit everyday, everytime I put up a non-CDROM base=
d OS.=C2=A0=C2=A0=C2=A0=C2=A0 No matter the day, no matter the time, (which=
makes me think it's not one person.)
And why am I in this situation?
Well, not that I know the reason,=C2=A0 but I actually do have repeatable c=
ompression, except lot's of folks don't believe me.
Some in the FreeBSD community have my give-away demo.=C2=A0 What I describe=
is available, it's in C and not difficult for any programmer to follow. =
=C2=A0 (And, except for the usual fopen/fgetc/similar, the program contains=
no API references.) =C2=A0 I'm running off a CD, so I don't have it on the=
disk (how do I mount the underlying disk?=C2=A0 I'm running Lubuntu, it's =
the disk I had on hand.)=C2=A0 My point, if you ask I'll send you a copy.
About my demo;=C2=A0 it serves two purposes.
SCENARIO #1:=C2=A0=C2=A0 You are on machine 1, you want a file from machine=
2.=C2=A0=C2=A0=C2=A0 This is without wires, wireless, media transfer, it's=
all done by guessing, nothing else.=C2=A0 Lot's of people think it's right=
50% of the time, not so.=C2=A0 It's right (this version,) 75% of the time.
You have the system PRNG (a random-number generator that is restartable;=C2=
=A0 Both the SEND and RCVE machines must use the same key-seed.=C2=A0 How a=
bout 1.0?
It guesses 'p', where:
int p =3D r >=3D d;
(The function that does this is called "rdRELATION" in the code, it returns=
a one or zero.)=C2=A0=20
Without knowing or having any access to 'd'.=C2=A0 The demo version is righ=
t with a probability of 0.75 (that's 75%.)=C2=A0 The commercial version is =
correct with a probability of 1.
Now if you know 'p', then you can do a lot to infer 'd'.=C2=A0 You can iter=
ate, XOR'ing 'r' through a sequence of values.=C2=A0 Let me not detail the =
works but instead just say that deriving 'd' is easy.
Again, to those people who work on FreeBSD, ask and I'll send you a copy.=
=C2=A0=C2=A0 (I just spent a few minutes putting a copy on a memstick and a=
ttaching it.)
Okay, now it get's deep...
SCENARIO #2:=C2=A0=C2=A0=C2=A0 Basically, the same problem, except now the =
file containing the 'd' vector of values doesn't exist.=C2=A0=C2=A0 That fi=
le won't exist for a week, which is when you'll sit down and write the mess=
age to yourself.
When you're done laughing...
Except we (we geeks,) already do something very similar to this.=C2=A0=C2=
=A0=C2=A0 I'm not kidding.
From: Julian Elischer <julian@freebsd.org>
To: freebsd-security@freebsd.org=20
Sent: Wednesday, October 5, 2016 7:14 PM
Subject: Re: isn't this the worst possible report??
=20
On 5/10/2016 7:21 AM, Jules Gilbert via freebsd-security wrote:
> Well maybe worse, that the deal with AT&T for the BSD franchise has falle=
n apart...
> Okay, so I have a FreeBSD 10.1 CD-ROM,=C2=A0 believed to be a true copy a=
nd authentic copy.
> And I loaded it on a computer.=C2=A0 I did this entirely offline.=C2=A0 I=
also supplied passwords.
>
> Then I went online to get packages.
> Nothing unusual happened UNTIL the machine seized and when I rebooted I d=
iscovered it would hang and reboot.=C2=A0 A loop.
> I had done nothing to cause this.=C2=A0 I had not opened an X session nor=
done anything other than load packages such as maxima, cproto.=C2=A0 Nothi=
ng involved in the area of security.
>
> I had thought this was pretty much impossible...=C2=A0 Remember, this mac=
hine was brand new, I'd loaded FBSD-10.1 on it no more than an hour prior a=
nd had not messed with any of the internals.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or=
g"
>
>
depending on where it rebooted, it really sounds like an infant=20
mortality problem..=C2=A0 (failure in computer or drive).
(brand new machines have a much higher chance of failure than middle=20
aged machines, as all the components burn in.)
why is this in 'security'?
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
=20
=20
From owner-freebsd-security@freebsd.org Thu Oct 6 05:45:01 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id E096BBD3CD0
for <freebsd-security@mailman.ysv.freebsd.org>;
Thu, 6 Oct 2016 05:45:01 +0000 (UTC)
(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 401E9F55
for <freebsd-security@freebsd.org>; Thu, 6 Oct 2016 05:45:00 +0000 (UTC)
(envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id u965infO096855;
Thu, 6 Oct 2016 16:44:49 +1100 (EST)
(envelope-from smithi@nimnet.asn.au)
Date: Thu, 6 Oct 2016 16:44:49 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Jules Gilbert <repeatable_compression@yahoo.com>
cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject: Re: Fw: isn't this the worst possible report?? -- i went back and
put a copy on a memstick; see attachment
In-Reply-To: <1326548497.53590.1475719945105@mail.yahoo.com>
Message-ID: <20161006163807.Q6806@sola.nimnet.asn.au>
References: <1410500115.6001690.1475677275963.ref@mail.yahoo.com>
<1410500115.6001690.1475677275963@mail.yahoo.com>
<a204e3ce-dfb2-8f1e-852a-a43da59b056b@freebsd.org>
<307150697.750173.1475719669536@mail.yahoo.com>
<1326548497.53590.1475719945105@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
<freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>,
<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>;
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>,
<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 05:45:02 -0000
On Thu, 6 Oct 2016 02:12:25 +0000, Jules Gilbert via freebsd-security wrote:
> But please help me. These attacks are limiting my work efforts.
A lot of people make the mistake of using cheap aluminium foil.
You have to use real tin.
HTH, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1326548497.53590.1475719945105>