Security & Hacking: Xavier de Carné's "How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries"

Good paper https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/ by Xavier de Carné (Twitter @xavier2dc or https://twitter.com/xavier2dc).

If your unfamiliar with the concerns about TrueCrypt, Xavier's "Challenges and implications" section concisely outlines those concerns.

Including the IsTrueCryptAuditedYet? project http://istruecryptauditedyet.com/ which I have blogged http://cliffsesportcorner.blogspot.com/2013/10/psa-truecrypt-audit-project.html

To see all my post on TrueCrypt, or to bookmark to easily check for new posts, click on the Truecrypt label.

Labels can be found at bottom left of every blog post and in Label cloud at left side of Blog.

Additional links from Xavier de Carné's paper:

• Analysis: Is there a backdoor in Truecrypt? Is Truecrypt a CIA honeypot? http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/
• Security Analysis of TrueCrypt 7.0a with an Attack on the Keyfile Algorithm (PDF) https://www.privacy-cd.org/downloads/truecrypt_7.0a-analysis-en.pdf

Nerd News: Minecraft 1.7 update Friday Oct 25, 2013

Tweet from Jeb (Jens Bergensten) on Minecraft Update, https://twitter.com/jeb_/status/393400494405980160

"In case you were wondering, Minecraft 1.7 (1.7.1), "The Update that Changed the World", will be released tomorrow, at around 15:00 CEST"

Looking forward to the fishing update, you can catch "junk" (including enchanted items), plus additional types of fish.

Cella streaming SC2

Stream:  http://www.twitch.tv/slayerscella

I always like watching Cella play, today he is providing some commentary and advice on playing SC2 in English, more between games than during.

PSA TrueCrypt Audit project

What an interesting day!

Started with comments about Bruce Schneier's article at Wired http://www.wired.com/opinion/2013/10/149481/ where he mentions some concerns about TrueCrypt:

No, I don’t have any inside knowledge about TrueCrypt, and there’s a lot about it that makes me suspicious. But for Windows full-disk encryption it’s that, Microsoft’s BitLocker, or Symantec’s PGPDisk — and I am more worried about large U.S. corporations being pressured by the NSA than I am about TrueCrypt.

Eventually Matthew Green made the following tweet:

.@kennwhite and I are working on a 'Kickstarter' for a proper review of Truecrypt. The terms are a work in progress. http://www.fundfill.com/fund/4-spzFJdDQk211KJDAUfcOw==# …

Fundfill link from Tweet above http://www.fundfill.com/fund/4-spzFJdDQk211KJDAUfcOw==#

Draft at http://istruecryptauditedyet.com/

You can follow Kenn White & Matthew Green on Twitter:

• Kenn White @kennwhite link https://twitter.com/kennwhite
• Matthew Green @matthew_d_green link https://twitter.com/matthew_d_green

I am still very much a noob when it comes to Crypto, but Matthew Green is one of the people I follow to learn.

If your not into Crypto you probably haven't heard of him, this Ars article would be one place to start http://arstechnica.com/security/2013/09/crypto-prof-asked-to-remove-nsa-related-blog-post/

I am sorry to say I don't know much about Kenn White currently, I'd welcome comments or links that correct my ignorance.

Minecraft PSA AutCraft Server (Invitation Only)

Youtube link to embedded VOD http://youtu.be/MF2CEDiIIcU

Info about AutCraft:

AutCraft is dedicated to providing a safe, fun and learning environment for children on the autism spectrum and their families. Access is by invitation only. Visit http://www.autcraft.com for more info.

Thanks to:
TerasHD: http://www.youtube.com/ImTerasHD
AutismFather: http://www.youtube.com/StuartD2

Nerd News: Anandtechs's "They're (Almost) All Dirty: The State of Cheating in Android Benchmarks"

Really great article at Anandtech http://www.anandtech.com/show/7384/state-of-cheating-in-android-benchmarks about the "cheating" going on in Android benchmarks.

Covers the details of this mess, and as Anand has said repeatedly this has happened before, he has seen it before.

But the key aspect, IMVHO, was not directly stated in the article, though it is in the comments by Geekfool & Anand's response source:

geekfool - Wednesday, October 02, 2013 - link

It seems like these cheats are an admission that that frequency scale-up under load happens too slowly, and that users will never get the speed they paid for because the battery / thermal dissipation can't support it. I would like a follow up that checks if the governor differences are noticeable to users as lag, dropped frames, etc.
The article touched on this slightly when mentioning the difference between the Nexus 4 and its LG branded equivalent. It seems especially likely to be noticeable with the A7 / A15 split on the Exynos

Anand Lal Shimpi - Wednesday, October 02, 2013 - link

Bingo! I had a whole section about the embarrassment that is software DVFS before culling it to keep the whole thing manageable.

I think that comment and response covers the meat of the issue, also explains why iOS with lower spec hardware tends to equal or exceed performance of stock skinned Android devices with twice the cores. 

For more on this issue comparing Moto X (dual core Android) to Samsung S4 (Quad Core Android) see http://www.anandtech.com/show/7235/moto-x-review/7

Anand & Brian cover this article and more in podcast that just came out few minutes before I started writing this blog post.

Podcast:  http://www.anandtech.com/show/7393/the-anandtech-podcast-episode-26

Tor blogs on Silk Road Takedown

https://blog.torproject.org/blog/tor-and-silk-road-takedown

TL:DR They don't know much, but are watching news.

There are several useful links at the end of their blog post I suggest reading and bookmarking.

PC Perspective Podcast is live

Well as alive as they ever get.

Stream:  http://www.pcper.com/live/

PC Perspective is very good source for Hardware reviews and information.

Their website is http://www.pcper.com/ or you can just Google pcper.

Steve Gibson's Secure Login (SQRL) Concept

Documentation https://www.grc.com/sqrl/sqrl.htm

Security Now Episode 424:  Steve Gibson introduces the idea (Video & Audio Podcast, or streaming) http://twit.tv/show/security-now/424

This looks very very interesting, I am looking forward to seeing how this works out.

SQRL is pronounced "Squirrel" ^_^

I lack the expertise to vet this idea, but it sounds very good to me, would solve a lot of problems for average users, while providing very strong security that would be difficult to compromise.

Looking forward to the development of SQRL, and hats off to Steve for making it public domain!!

From Practical Considerations section of first page of documentation:
"Did I invent anything? I don't care. Even if some aspects of this system are novel, and might be subject to intellectual property protection, this is too important and much bigger than me. It should be made free for the world to use without encumbrance. With this publication of every detail, I hereby release and disclaim any and all proprietary rights to any new ideas developed and presented herein. This work is thereby added to the public domain."

Google Chrome Solution: How do I delete the apps bookmark in my bookmark bar

Solutions:

• http://superuser.com/questions/650313/how-do-i-delete-the-apps-bookmark-in-my-bookmark-bar
• http://productforums.google.com/forum/#!topic/chrome/xjgsrr7i7t0

If your annoyed by Google adding the App Bookmark to the Chrome Bookmark bar your not the only one.

You can see that by the 1k+ posts here http://productforums.google.com/forum/#!topic/chrome/KSa1CJ9aoEc%5B1-25-false%5D

Since it seems pretty clear no one really want it there, I am guessing Google is doing this to generate more revenue with Chrome, either directly or with metrics or both.