notable death - Sultan of Oman, reigning since the 70's

https://pm.gc.ca/en/news/statements/2020/01/11/statement-prime-minister-death-sultan-qaboos-oman

https://www.theguardian.com/world/2020/jan/11/sultan-of-oman-dies-state-media-announces

Oman’s Sultan Qaboos bin Said, the Arab world’s longest-serving ruler and with a reputation for quiet diplomacy, has died at the age of 79.

His cousin, Haitham bin Tariq al-Said, will be sworn in as the new sultan, ending decades of speculation over who would succeed the popular ruler.

Boris Johnson said he was “deeply saddened” by Qaboos’s death, describing him as “an exceptionally wise and respected leader who will be missed enormously”.

Sultan Qaboos bin Said of Oman: 1940-2020

Read more

He said: “He will be remembered for his devotion to the development of Oman into a stable and prosperous nation, and as the father of the nation who sought to improve the lives of the Omani people. I had the pleasure of meeting His Majesty Sultan Qaboos and was struck by his commitment to peace and understanding between nations and between faiths. He leaves a profound legacy, not only in Oman but across the region too.

“The UK is a proud friend and enduring partner of Oman, and our thoughts and prayers are with the Omani people.”

The foreign secretary, Dominic Raab, was among others paying tribute, describing the sultan’s 40-year rule as “widely respected” and saying that he had worked hard to “promote peace and stability in Oman and the wider region”.

A former British protectorate in the Arabian Peninsula, Oman had been ruled by Qaboos since a bloodless coup against his father in 1970, enacted with the help of Britain. He travelled abroad for treatment for what was believed to be colon cancer at least twice since 2014 and had just returned to Muscat from hospital in Belgium.

Qaboos had no children and, following protocol, had not publicly appointed a successor. A 1996 statute says the ruling family must choose a successor or the name would come from a sealed envelope left by the sultan and to be opened if the royal family could not decide. The family hurriedly convened a council over Friday night to discuss the matter, reports said, and decided to go with Qaboos’s “wise guidance”.

The Omani constitution says the sultan should be a member of the royal family as well as “Muslim, mature, rational and the legitimate son of Omani Muslim parents”.

There were believed to be more than 80 eligible candidates for the throne.

Haitham bin Tariq al-Said

FacebookTwitterPinterest Haitham bin Tariq al-Said in 2009: he is being sworn in as the new sultan of Oman following the death of his cousin Sultan Qaboos bin Said.

Photograph: Tariq Alali/Reuters

The Oxford-educated Haitham bin Tariq al-Said, 65, has been the heritage and culture minister since the mid-1990s and previously held several positions in the ministry of foreign affairs. He was appointed in 2013 to chair Oman’s development committee and is well-versed in the politics of the royal court.

His appointment comes as something of a surprise to Omanis, who had widely assumed that the name of the 65-year-old deputy prime minister, Asad bin Tariq al-Said, was in the sultan’s envelope. Asad was Qaboos’s “special representative”, fulfilling engagements abroad and making several public appearances on behalf of the sultan.

“The family went down the least controversial path, favouring unity instead of a drawn-out discussion that could have been marked by interference from Saudi Arabia and the United Arab Emirates,” said Cinzia Bianco, a research fellow at the European Council on Foreign Relations.

1/2

“[Haitham’s] biggest challenges will be to get buy-in from local economic elites on reforms and the cooperation and trust of ordinary Omanis, because financial sacrifices will be needed.”

In a televised speech, Haitham promised to uphold Muscat’s policy of friendly relations with all nations. “We will continue to assist in resolving disputes peacefully,” he said. The new sultan inherits strained state finances and high unemployment in the indebted oil producer, as well as the task of balancing the geopolitical interests of his Middle Eastern neighbours.

A three-day period of official mourning in public and private sectors has been declared, state media said. “With great sorrow and deep sadness … the royal court mourns His Majesty Sultan Qaboos bin Said, who passed away on Friday,” said a statement from the palace.

Neighbouring Gulf states also declared three days of mourning.

Qaboos’s funeral procession passed along Muscat’s main road amid tight security as Omanis thronged the palm tree-lined route, some reaching out their hands and others taking pictures.

The casket, draped in the Omani flag, was carried into Sultan Qaboos Grand Mosque where hundreds joined prayers inside. Haitham stood facing the casket, with a traditional curved dagger, or khanjar, strapped to his waist. Qaboos was later buried in a family cemetery.

The state news agency ONA said Qaboos died after “a wise and triumphant march rich with generosity that embraced Oman and extended to the Arab, Muslim and entire world and achieved a balanced policy that the whole world respected”.

While he brooked no dissent, fighting off Dhofar rebels with Britain’s help, Qaboos ruled with a lighter hand than many Gulf leaders and transformed the country from a backwater with just six miles of paved roads where slavery was legal into a wealthy modernised state.

Having played a crucial role in Iran’s nuclear deal with world powers while preserving its membership in the Saudi-led Gulf Cooperation Council and facilitating mediation efforts in Yemen’s civil war, Oman’s policy of “friend to all and enemy to none” meant Muscat emerged as a discreet mediator.

Haitham’s appointment at the expense of younger candidates with military backgrounds, however, appears to signify a desire for continuity rather than disruption in both domestic and foreign policy.

Analysts worry about royal family discord and a resurgence of tribal rivalries and political instability in the region, at a time when young hawks have assumed power in neighbouring Saudi Arabia and the UAE.

With Reuters and AFP

>>7785126

>>7785130

Right at the entrance to the Persian Gulf

Should shake things up a lot with Yemen / Saudi and Iran / Iraq

The guy was a 'key' player in the Hussein Iran Deal

https://www.aljazeera.com/news/2020/01/region-world-reacts-death-oman-sultan-qaboos-200111132106626.html

'Loss for region': World reacts to death of Oman's Sultan Qaboos

Leaders from across the world pay their respects to Oman's longest-serving leader who ruled for nearly 50 years.

4 hours ago

Under Qaboos's leadership, Oman mediated talks between the warring sides in the continuing Yemen war [Christopher Pike/Reuters]

Under Qaboos's leadership, Oman mediated talks between the warring sides in the continuing Yemen war [Christopher Pike/Reuters]

MORE ON MIDDLE EAST

What legacy does Sultan Qaboos leave for Oman?

today

Iran says it 'unintentionally' shot down plane: Latest updates

today

Iran's retaliation is not over

today

Iraq PM tells Kurdish leaders he does not seek hostility with US

today

Oman's Sultan Qaboos bin Said Al Said, one of the Middle East's longest-serving rulers who maintained the country's neutrality in a volatile region, died on Friday.

The 79-year-old leader's cousin Haitham bin Tariq Al Said was named as his successor in a smooth transition of power in the Gulf state.

Oman has declared a three-day period of mourning and the country's flag will be flown at half-mast for 40 days.

More:

Oman's Sultan Qaboos, a negotiator in a volatile region

Haitham bin Tariq sworn in as Oman's new sultan

Oman's Sultan Qaboos dies aged 79: State media

With his death, the region lost a seasoned leader seen as the father of modern Oman, who balanced ties between two neighbours locked in a regional struggle, Saudi Arabia to the west and Iran to the north, as well as the United States.

Oman's Sultan Qaboos dies: State media

Oman played a crucial role in the negotiations that led to the 2015 Iran nuclear deal, which has been unravelling following President Donald Trump's 2018 decision to withdraw from it and reimpose crippling economic sanctions on Tehran.

Under Qaboos's leadership, the Sultanate also mediated talks between the warring sides in the continuing war in Yemen.

Here are some of the reactions from leaders from around the world at the announcement of Qaboos's passing:

The United Kingdom

British Prime Minister Boris Johnson said he was "deeply saddened" by the death of Qaboos. "He was an exceptionally wise and respected leader who will be missed enormously," he said.

"I had the pleasure of meeting His Majesty Sultan Qaboos and was struck by his commitment to peace and understanding between nations and between faiths."

Johnson noted that Qaboos left behind "a profound legacy, not only in Oman but across the region too".

Iran

Iran's top diplomat said the death of Sultan Qaboos was a "loss for the region" and expressed hopes that relations between the two nations will grow under his successor.

"We offer our dear neighbour Oman our condolences … [and] we congratulate it for its selection of His Majesty Haitham bin Tariq as sultan, hoping our relations grow as they have before and that the future draws inspiration from the past," Foreign Affairs Minister Mohammad Javad Zarif tweeted in Arabic.

>>7785126

>>7785176

https://www.aljazeera.com/news/middleeast/2014/11/us-iran-meet-bid-reach-nuclear-deal-2014119223847825201.html

US and Iran meet in bid to reach nuclear deal

US secretary of State meets his Iranian counterpart in Oman as Obama says there is a big gap in reaching a deal.

9 Nov 2014

US and Iran meet in bid to reach nuclear deal

Kerry (R) and Zarif (L) had two meetings lasting more than five hours in Muscat [EPA]

The United States and Iran held high-level talks in Oman as the deadline for a nuclear deal loomed closer, but President Barack Obama warned there might be no agreement.

US Secretary of State John Kerry met Iran's Foreign Minister Mohammad Javad Zarif in the Gulf sultanate on Sunday, seeking to resolve key disputes that have left the West's negotiations with the Islamic republic close to deadlock.

The two countries are now facing pressure at home over the talks with Obama reiterating in a CBS News interview screened on Sunday that the two sides were still wide apart.

"Are we going to be able to close this final gap so that [Iran] can re-enter the international community, sanctions can be slowly reduced and we have verifiable, lock-tight assurances that they can't develop a nuclear weapon?" Obama asked.

"There's still a big gap. We may not be able to get there," he said.

Kerry and Zarif had two meetings lasting more than five hours in Muscat with former EU foreign policy chief Catherine Ashton, the lead negotiator in the talks, also present.

No statements were made when the meeting broke off for the day but the talks will resume on Monday, officials said.

The meeting in Muscat follows the revelation that Obama reportedly wrote to Iran's supreme leader Ayatollah Ali Khamenei to push for a deal, arguing that Tehran and the West have shared regional interests.

This apparent reference to the fight against Islamic State and Levant (ISIL) in Syria and Iraq was played down by Kerry, however, with the US diplomat saying in Beijing on Saturday, "there is no linkage whatsoever" with the nuclear talks.

After Kerry and Zarif meet again on Monday, the political directors of the P5+1 powers - Britain, China, France, Russia and the United States plus Germany - will hold talks the following day, also in Muscat.

The main negotiations then move back to Vienna on November 18 for a final push towards the deadline.

An interim accord expires on November 24 but Iran and world powers have for months been unable to hammer out what a comprehensive, long-term accord would look like.

At issue is the number of uranium-enriching centrifuges Iran should be allowed to keep spinning in exchange for sanctions relief and rigorous inspections at its nuclear sites.

The duration of a final settlement between Iran and the P5+1 group also remains contested.

The West is unconvinced by Tehran's denials that it has never sought a nuclear weapon and wants curbs that would put an atomic bomb forever beyond reach.

Iran, however, insists its nuclear programme is for peaceful, civilian energy production only and wants to vastly enhance its uranium enrichment capabilities for this purpose. The country has vowed to do nothing that would roll back its nuclear activities.

>>7785253

https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/

SECURITY RESEARCHERS BELIEVE they have finally solved the mystery around how a sophisticated backdoor embedded in Juniper firewalls works. Juniper Networks, a tech giant that produces networking equipment used by an array of corporate and government systems, announced on Thursday that it had discovered two unauthorized backdoors in its firewalls, including one that allows the attackers to decrypt protected traffic passing through Juniper's devices.

The researchers' findings suggest that the NSA may be responsible for that backdoor, at least indirectly. Even if the NSA did not plant the backdoor in the company's source code, the spy agency may in fact be indirectly responsible for it by having created weaknesses the attackers exploited.

Evidence uncovered by Ralf-Philipp Weinmann, founder and CEO of Comsecuris, a security consultancy in Germany, suggests that the Juniper culprits repurposed an encryption backdoor previously believed to have been engineered by the NSA, and tweaked it to use for their own spying purposes. Weinmann reported his findings in an extensive post published late Monday.

Security experts say the attack on Juniper firewalls underscores precisely why they have been saying for a long time that government backdoors in systems are a bad idea—because they can be hijacked and repurposed by other parties.

They did this by exploiting weaknesses the NSA allegedly placed in a government-approved encryption algorithm known as Dual_EC, a pseudo-random number generator that Juniper uses to encrypt traffic passing through the VPN in its NetScreen firewalls. But in addition to these inherent weaknesses, the attackers also relied on a mistake Juniper apparently made in configuring the VPN encryption scheme in its NetScreen devices, according to Weinmann and other cryptographers who examined the issue. This made it possible for the culprits to pull off their attack.

Weinmann says the Juniper backdoor is a textbook example of how someone can exploit the existing weaknesses in the Dual_EC algorithm, noting that the method they used matches exactly a method the security community warned about back in 2007.

The new information about how the backdoor works also suggests that a patch Juniper sent to customers last week doesn't entirely fix the backdoor problem, since the major configuration error Juniper made still exists.

"One [more] line of code could fix this," Weinmann says. He's not sure why Juniper didn't add this fix to the patch it sent to customers last week.

>>7785283

>>7785253

New Discovery Around Juniper Backdoor Raises More Questions About the Company

GETTY IMAGES

WHEN TECH GIANT Juniper Networks made the startling announcement last month that it had uncovered two mysterious backdoors embedded in software running on some of its firewalls, certain people in the security community praised the company for being honest about its discovery. Rather than silently removing the backdoors in a routine software patch sent to customers, Juniper said it was distributing the patch to eliminate "unauthorized code" that someone had placed in the source code of its software. This malicious code was particularly concerning because one of the backdoors, which had gone undetected in the software since 2012, could be exploited for the purposes of decrypting protected data passing through the VPN, or virtual private network, in Juniper NetScreen firewalls.

But since that revelation, Juniper—whose customers include AT&T, Verizon, NATO and the US government—has refused to answer any questions about the backdoor, leaving everyone in the dark about a number of things. Most importantly, Juniper hasn't explained why it included an encryption algorithm in its NetScreen software that made the unauthorized party's backdoor possible. The algorithm in question is a pseudo-random number generator known as Dual_EC, which the security community had long warned was insecure and could be exploited for use as a backdoor. Whoever created the backdoor in Juniper's software did exactly this, hijacking the insecure Dual_EC algorithm to make their secret portal work.

Now new information uncovered by a researcher in Chicago makes Juniper's decision to use this algorithm even more questionable.

Juniper added the insecure algorithm to its software long after the more secure one was already in it, raising questions about why the company would have knowingly undermined an already secure system.

Juniper insisted publicly in 2013 that its use of Dual_EC was fine because its software didn't rely on the insecure algorithm alone—instead it also used a second, more secure pseudo-random number generator known as ANSI X9.31 that essentially cancelled out any problems with the first one. That latter part turned out not to be true, however, and the very fact that Dual_EC was in the software allowed the intruders to exploit it for their backdoor. Juniper has never provided a timeline of when it inserted the two algorithms into its software, but many assumed that it had either implemented them at the same time so that its software never relied solely on the insecure Dual_EC, or it had added the ANSI algorithm to the software after already using Dual_EC for a while and learning that Dual_EC was not secure.

But Stephen Checkoway, who teaches computer science at the University of Illinois at Chicago, has found that Juniper actually added the insecure algorithm to its software long after the more secure ANSI algorithm was already in it, raising questions about why the company would have knowingly undermined an already secure system.

Checkoway worked with a number of other researchers to examine 48 versions of the NetScreen firmware. He looked for the presence of Dual_EC in all of them and found that until version 6.2.0, Juniper had been using only the ANSI X9.31 algorithm. The company only added Dual_EC with the 6.2.0 version.

It's unclear exactly when Juniper first released 6.2.0. The company's website gives a "file date" for the first release of the firmware as October 27, 2008. But the release notes for the firmware have a March 2009 date. Either way, both dates were long after the security community had become aware of the security problems with Dual_EC, which were revealed at a cryptography conference in August 2007 and which many believe the NSA introduced into the algorithm for its own backdoor—vulnerabilities that Juniper's unknown attackers then hijacked and exploited to create their own backdoor. (For background information on the problems in Dual_EC, see this story from 2013. To understand how the attackers exploited the vulnerabilities in Dual_EC to make the backdoor in Juniper's software work, see our comprehensive story about it from December.)

1/2 or 3

>>7785295

2/3

What's more, Checkoway discovered that the company made an additional change to its software when it added Dual_EC, a change that made it even easier for the person who later installed the backdoor to decrypt Juniper's VPN traffic. This change involved altering the size or length of the so-called nonce (the random number string generated by the algorithm that the encryption scheme uses to help encrypt data). Juniper changed the size of the nonce from 20 bytes—the size it had been using for the ANSI algorithm—to 32 bytes.

The change in nonce size is significant, Checkoway says, because in order to attack an encryption scheme that uses Dual_EC, an attacker needs to see enough raw output from the generator to crack it. The increase to 32 bytes of output reduced the amount of calculation and time an attacker would need to undermine the encryption scheme and decrypt data. That new nonce, 32 bytes, is the precise size the security community had specified in 2007 would be the ideal minimal output an attacker would need to undermine Dual_EC.

"The more output you see [from the generator], the better [it is to crack the encryption]," Checkoway says. "Anything you see over 30 bytes is very helpful. Anything you see less than 30 bytes makes the attack exponentially harder. So seeing 20 bytes makes the attack basically infeasible. Seeing 28 bytes makes it doable, but it takes an amount of time, maybe hours. Seeing 32 bytes makes it take fractions of a second."

Juniper could have chosen a nonce size anywhere between 8 bytes and 256 bytes, and Checkoway notes that previous research has shown that the most common value used by developers is 20 bytes. The use of 32 bytes, therefore, is curious. "Twenty bytes, as far as I know, is just fine [for security]. And 32 bytes would be just fine as well—if that random number generator didn't have a backdoor," he says.

The security community and the public are still baffled about Juniper's choices.

Juniper's decision to increase the nonce to 32 bytes is also perplexing because Dual_EC, by nature, produces just 30 bytes of output at a time, according to Checkoway. To obtain enough output for the 32-byte nonce Juniper wanted for its encryption scheme, it had the Dual_EC generate output twice to produce 60 bytes. Checkoway says it then used only 2 bytes from that second generation and discarded the rest.

Checkoway says that given the known security problems with Dual_EC, it made no sense for Juniper to add it to the NetScreen software, particularly since it was already using the more secure ANSI X9.31 algorithm. It also made no sense because Dual_EC has another problem—it's known to be much slower than other algorithms. And because the NetScreen VPN software keeps the Dual_EC generator busy by calling on it repeatedly to produce random output, he says this likely would have caused a performance degradation for customers. The security issues aside, "this is not a particularly fantastic number generator even on its own terms," he says.

All of the changes Juniper made to its software in 2008 created an ideal environment for a backdoor, Checkoway says.

"The key point here is that if any one of the four listed changes in [firmware version] 6.2.0r1 had not happened, then the VPN traffic could not be passively decrypted…," says Checkoway. "If this backdoor was not intentional, then, in my opinion, it's an amazing coincidence."

So why did Juniper use Dual_EC and change the nonce to 32 bytes instead of the 30 the algorithm normally produced in a single output? These are enduring questions that Juniper has avoided answering since it first revealed the presence of the backdoor. The company refused to even entertain inquiries from WIRED for this story. "We have nothing further to share at this time but I will follow up with you when we do," spokeswoman Danielle Hamel wrote in an email, without even asking what the questions were.

Some people in the security community have suggested that one possible reason Juniper may have added Dual_EC to its software was to get its firewalls certified for government use. In 2006, the National Institute of Standards and Technology approved Dual_EC for use in encrypting government data under FIPS (the Federal Information Processing Standards), a standard that technology vendors must meet if they want to sell their products to government agencies and government contractors. In fact, Juniper's NetScreen software did get FIPS certified, but according to a list on NIST's web site, version 6.2.0 of its ScreenOS firmware was certified for its use of the ANSI X9.31 algorithm, not for Dual_EC. There's no mention of Dual_EC on the list at all, in relation to ScreenOS, the name of the firmware running on Juniper's NetScreen firewalls.

>>7785307

3/3

All of this leaves the security community and the public still baffled about Juniper's choices.

In 2013, following the release of NSA documents by Edward Snowden, questions about the security of Dual_EC were reignited, six years after they had first been raised at that cryptography conference in 2007. In response to the renewed concerns about Dual_EC, Juniper posted a little-noticed message to its web site in September 2013 revealing for the first time that the software on its NetScreen firewalls uses Dual_EC. But Juniper wrote that it had designed its encryption scheme to use Dual_EC in a secure way so that the algorithm's vulnerabilities didn't matter. It did this by replacing a so-called constant—or static number—that is used with the generator and is part of what made it insecure. And it also designed its encryption scheme so that it didn't rely solely on output from Dual_EC but instead relied on output from the ANSI X9.31 generator. Essentially, it would take output generated by the Dual_EC and run it through the ANSI generator and use only the final output from the more secure ANSI generator, theoretically canceling out the vulnerabilities that were inherent in the Dual_EC output.

But a researcher discovered last month that Juniper made a grave error in how it implemented this. Willem Pinckaers, an independent security researcher in California, found a bug in Juniper's software that actually caused it to ignore the ANSI algorithm altogether and only use that initial raw output from Dual_EC. Researchers have called it a "catastrophic failure" for Juniper and big win for the attackers who inserted the backdoor in Juniper's software. It was this failure on Juniper's part that allowed the attackers' backdoor to work.

Ironically, at the time that Juniper was making those assertions in 2013 about the security of its software, the attackers' backdoor had already been in it, undetected, for a year.

Today, a month after Juniper revealed the existence of the backdoor, it has still not fixed the catastrophic bug that made it possible. The company issued a patch last month that supposedly solved the security problem with Dual_EC by eliminating the unauthorized code the attackers had placed in the software to create their Dual_EC backdoor. But Juniper did not remove Dual_EC altogether, which is what Checkoway and other security experts say it should have done. Nor did it correct the implementation bug that causes its encryption scheme to ignore the ANSI generator and rely soley on output from Dual_EC.

As long as Dual_EC remains in Juniper's software, the system that corporate and government customers are using to secure their VPN data is not secure. If an attacker can get access to Juniper's source code again and introduce malicious code for another Dual_EC backdoor, the situation will be back to where it began.

Update 1.8.16 8:30 pm PST: Juniper announced late Friday night that it plans to remove both the problematic Dual_EC algorithm as well as the ANSI algorithm from its NetScreen code. "We will replace Dual_EC and ANSI X9.31 in ScreenOS 6.3 with the same random number generation technology currently employed across our broad portfolio of Junos OS products," the company wrote in a note posted to its web site. "We intend to make these changes in a subsequent ScreenOS software release, which will be made available in the first half of 2016."

#CYBERSECURITY#ENCRYPTION

>>7785387 - Juniper Networks - Elliot Management - Paul Singer - Washington Free Beacon - WFB funded Steele Dossier via Fusion GPS

notable

nice connections Anon