vulnerability notes

If you can make the program write past the end of the array you can eventually overwrite the return address part of the stack frame and make the program execute whatever code at the address you overwrite with. (e.g. pop a shell)

buffer overflow-- user types something in and its stored in an array and code does not check length of input and buffer then the data typed overflows into return address. because stack is below heap, possible as memory adresses go down to a return address. if overflow in the heap you can still change some bits of memory (e.g pointed to )

Tracking

I found an interesting article to do with tracking information in the form of the probe requests sent by wifi cards during active scanning. These requests broadcast your device’s unique wifi MAC address. Someone can listen for probe requests and record the time and MAC address. They could then track your movements in an area by scattering such devices through the area, when a  device stops getting your probe  requests they know you have left. Devices could be scattered in a shopping center to track what shops you visit and how long you spend there. If someone could link a name to the MAC address they can track your movements.Although simply not leaving wifi or bluetooth on all the time would prevent this kind of tracking.

Centralisation

Centralisation of services such as cloud storage by AWS introduces high impact low frequency event risks. In 2017 many of Amazon’s S3 servers went down and as a result a large proportion of the internet went down, including popular sites such as Quora and Trello.

The cause was a staff member incorrectly entering a command to take a small number of servers offline as part of debugging the billing system. The typo meant a larger set was removed and those inadvertently removed supported two other subsystems. The systems had to do a full restart. The process of restarting and safety checking validity of metadata took longer than amazon expected (3 hours).

Amazon should have not allowed engineers to have the ability to remove servers below a certain threshold capacity. Also, it should have had a faster restart system to quickly respond to outages. Additonally, during the outage the AWS status dashboard showed that all services were fine because the dashboard was dependent on S3 (and so could not be updated). This should not be the case.

As more sites and services use AWS, the risk of single point of failure of the internet rises. AWS has control over roughly 40% of the cloud market.

In April I was overseas when facebook, instagram and whatsapp were down for around 2 hours. All 3 services are owned by Facebook and these 3 services are all the social media I use. With all three services down I could not communicate with friends and family back in Australia as my phone plan was not international. This highlights the single point of failure risk that comes with centralisation of services. Too much control by one body is never a good thing security wise.

sources:

https://www.theverge.com/2017/3/2/14792442/amazon-s3-outage-cause-typo-internet-server

https://www.theverge.com/2018/7/28/17622792/plugin-use-the-internet-without-the-amazon-cloud

Research post week 2 lectures

Vignere cipher:

Good explanation: https://pages.mtu.edu/~shene/NSF-4/Tutorial/VIG/Vig-Base.html

In summary, It uses a 26x26 table with A-Z as row and column headings. The first row has the 26 letters of the alphabet. subsequent rows are shifted to the left by one position (with wrap around).

The cipher also requires a keyword which is repeated so it is equal to the plain text length. E.g. here the keyword is Houghton.

MICHIGAN TECHNOLOGICAL UNIVERSITY HOUGHTON HOUGHTONHOUGH TONHOUGNTO

To encrypt, you pick a letter in the plaintext and go to that column. Then you go to the row of the corresponding letter in the keyword. So if M is the letter in the plaintext and keyword is H you encrypt as T as shown below:

To decrypt (given the plaintext, keyword and cipher text) you simply pick a letter of ciphertext and its corresponding letter in the keyword. Go to the row of the keyword. Find the ciphertext letter on this row. the column it is in is the plaintext.

E.g. To decrypt T which corresponds to H go to row H and find T. T is in column M. so the plaintext is M.

Kasiski test and how to compute index of coincidence:

Enigma

DECODING:

-If an operator knows the start position, order of the 3 rotors and plug positions they can type the ciphertext into the machine and decode. T

Alongside the 3 rotating disks , is the reflector disk which does not rotate. wires enter and leave on the same side but in different positions. The electric signal of a letter passes through the rotors, enters reflector then exits and travels back through the 3 rotors but in a different router. The reflector multiples number of configurations but also means to decrypt a message, the receiver only needs to have another Enigma machine in the same starting position and then by typing the encrypted message the original will appear. The reflector also introduced a flaw as no letter would ever be itself encoded and common messages, so total number of possible settings decreased exponentially.To decrypt, you needed to know of a word (or a group of words) that the Germans would use in each of their Enigma-encrypted messages.

KEEPING THE INITIAL CONDITIONS SECRET:

-German operators were given a daily settings booklet with initial conditions for each day and lsited the order of the 3 rotors in the machine, initial position and plugboard cable positions. The daily settings were only used to encode a message key which they begun each message with and which varied between operators. The sender chooses a random rotor arrangement for the message key and encodes it with the key of the day and transmits it (encrypted with the new key). The reciever with his machine arranged according to the key of the day recieves the message and knows the first 3 letters are the message key. he readjusts the position of the rotors and decrypts rest of message. BUT the operators typed the message key twice in a row which meant the 1st and 4th letters, 2nd and 5th, 3rd and 6th of the intercepted message were encryptions of the same letter!

Other operator introduced flaws:

-those who made the daily settings notebooks did not allow any rotor to repeat its position from the previous day and no letter of the plugboard was ever replaced by its neighbouring letters. These reduced the total numebr of possible configurations to be analysed.

-Sometimes the message key was not totally random. Human operators sometimes chose obvious keys or repeated the same key like their initals.

OTP

Password is as long as the message and is random. Makes it uncrackable

Usually give person the key then send the messages at a later time

Side channel examples: Tempest attack: Researchers have developed a device that can wirelessly listen to the radio waves leaked by a nearby laptop processor's power use , to derive the user's secret decryption keys, enabling an attacker to decrypt their communications. https://www.schneier.com/blog/archives/2015/06/tempest_attack.html

Number stations:

Coded numbers broadcasts on low-medium wave frequencies that can be heard all over the world. Hence they must be encrypted. One time pads are used which are usually a sheet of paper with random numbers in groups of five or more digits. Usually plaintext is converted into numbers and are added to numbers from the notepad using a simple mathematical operation known as “false addition.” The recipient uses the same page from his own one-time pad and extracts the plain text message by applying “false subtraction” to the encrypted message. Of course the message can be decoded by a third party if they can access the one time pad (double agents, arresting the recipient while they receive the signal). Intelligence organizations still use these number stations! https://warontherocks.com/2018/05/explaining-the-mystery-of-numbers-stations/

Type 1 & 2  errors in the real world

Type 1 errors are also called false positives-Something is measured or percieved as true when it is actually false.E.g. a test indicates a women is pregnant when she is not.

Type 2 errors are false negatives -something is measured/percieved false when in reality it is true. E.g. a test indicates a women is not pregnant when she actually is.

In the lecture, Richard talked about how minimising one of these errors usually maximises the other. E.g. minimising false positive passport facial recognition maximises false negative recognition which is embarrasing and awkward for those people who have valid passports but are not able to enter through the e-gate.

Example in the news:

TODO

Week 2 tute

Based on the pre-reading for this tutorial I found the case study question  unrelated. The pre reading was about Houdini trying to expose Margery the medium. The question was about making a protocol so that Houdini’s wife could communicate with dead Houdini through a medium and be sure it was him she was talking to and the medium is not a fraud.

My group came up with an idea of Houdini and his wife agreeing on a a question and an answer.The answer would be encrypted each time a medium session occured using a vignere cipher they both had agreed on. This is so that one medium can not tell another what their keyword(answer to the question) is, allowing the next medium to trick Houdini’s wife. The answer/keyword would be shifted each time and thus is different for each medium Houdini’s wife tries. However there is a flaw that eventually the shift pattern will repeat. So there is a limit to how many times Houdini’s wife can use a medium.

The tutor explained a better solution based on public-private key encryption:

Harry has a public key and a private key only he knows. If one applies the   public key to the private key encrypted text, it reveals the plain text and vice versa. So anyone with the public key can decrypt Harry’s message (encrypted with his private key). Because we only care about authentication not secrecy of the message, Harry would tell his wife the public key before he dies. Then when Harry’s wife applies the public key to the message given via the medium and it gives valid plain text she knows it is Harry (not a fraud medium) she is really talking to.

The tutor also explained bits of security which makes comparing large numbers easier. An example is: there are 48 bits of security and 2^48 combinations for a passsword with upper/lower  letters and 10 numbes. Every extra bit of security actually doubles the combinations.From attacker POV avg case scenario = combinations/2= 2^47. Apparently it takes around 10mins to hack such a password!

week 2 lectures

Main takeaways from this week’s lecutre:

-The “smartie” view of security is focusing on defending the user interface and leaving the “insides” of the software without adequate security measures because you assume no one will break through the outer layer. This view is outdated.

-The metaphor of medieval castles with many concentric walls leading to the core  was used to illustrate the need to design a system so if one security measure fails the whole system is not compromised (i.e. prevent single point of failure).

-security by design instead of fixing/patching as problems arise

-The lecture also explored physical security such as cameras that can record you entering a passcode or keyloggers. Sometimes there is no software way to disable something e.g. You cannot be sure someone is remotely listening to you through the device microphone without cutting the physical wires.

- Side channels—everything in virtual world leaves a trace in physical world.

-Also briefly mentioned ciphers. OTP was particularly interesting. The password is as long as the message and is random. This makes it secure as shift patterns will not be repeated.

halifax thoughts (from week 1 lecture)

Key Issues leading to the disaster:

-Mount Blanc did not raise a red warning flag that ships carrying ammunition usually did

-Imo left without the harbourmaster’s permission

-Imo did not give way and follow correct procedure

Prevention:

-Prevent boats carrying such large amounts of ammunition in the harbor as the harbor is close to the city and this is a clear risk to the city

- Despite regulations, Imo’s captain ignored them and the harbour master. It seems there is little way to control humans when they ignore the rules and recommendations put in place --- irrational or risk taking behaviour remains the reason for many security incidents.

week 1 lecture and tutorial

Week 1's lecture was engaging: Linking cyber security principles to real world home security.

In this weeks tutorial we tried a substitution cipher game. I learnt about using letter frequencies, looking for three or two letter words such as to, of, the,and and also thinking about the positions of letters (e.g. the letter ‘s’ usually is found at the end of words or after an ‘). We discussed the 2010 oil spill and how it was due to mismanagement, failures of fail safes and redundancies and incorrect evaluation of negative pressure tests. We also recommended there be judicial enforcement of training of personnel and of regular auditing of equipment. I learnt that more complexity creates more security holes. It seems not just one thing caused the spill but a combination of issues. This shows how complex security issues are.

Something Awesome proposal

On openlearning caff gave the suggestion of a weekly cartoon or comic on a security topic for a something awesome project. I am thinking of creating a weekly infographic on a different security topic to get interest and educate pople on security threats and measures they can take to make them more secure. The infographic will contain text and supporting drawings.

Each week I will research a topic. I will scan the drawings/infographics and upload onto my blog. I will also analyse real-world case studies related to the topic and post my analysis on my blog.

I’m hoping to learn a lot by transforming my research into a summarized version for a audience without any computer/security knowledge and improve my analysis skills by analyzing real world security events. I’m choosing topics that I have little/no knowledge. Topics could include phishing,GPS tracking, drones, passwords, viruses, social engineering, IOT devices, encryption.

Criteria for HD:

-2 engaging/professional-looking info-graphics per week

-Additional case studies related to the info-graphic posted on my blog most weeks

Criteria for D:

-1 engaging info-graphic per week.

- Most weeks additional case studies related to the info graphic posted on my blog

Criteria for C:

- 1 engaging info graphic per week.