Week 06: Lecture Reflection

We started by going over some of the content from last week. We recovered Initialisation Vectors (IV) and how WEP uses them to encrypt the packets. When an algorithm deals with a sequence of things (such as merkle damgard), it needs something to start off with, i.e. an IV. One of the basic requirements of an IV is that it must be unique, as in it’s used only once. 

https://en.wikipedia.org/wiki/Initialization_vector

We talked about how mixing data and control was a bad idea, using his post office story as an analogy. If there is an ambuguity between data and control, and if the user has control over the ambuguity, then the user has control over the channel. 

We started covering buffer overflows. The basic idea is that if you write data to a buffer, and the data is larger than the buffer, the data can overwrite whatever is adjacent to that buffer. We also covered stacks, which I kind of remember from comp1521, where when a program is paused to allow another program to run, its data/variables are stored on the stack, and will be accessed when the program is allowed to run again. You can do buffer overflows on the stack. 

https://en.wikipedia.org/wiki/Buffer_overflow

We covered proof of work. An example of this is in cryptocurrency, most notably bitcoin where it takes a lot of work to create a new page/ledger. Making it hard to fake pages means it gives a guarantee that the money is safe. Another example we covered is password stretching, i.e. 3 chances at a password before you get a timeout. 

Moore’s Law, where it was discovered that the number of transistors in technology doubled every year, and computing power doubles at a slightly faster rate - 18 months. 

Disk encryption, especially how microsoft windows doesn’t actually encrypt when you ask it to. Cold boot attack, where you unplug a computer and lower the temperature really quickly, hoping that the data stored on the RAM won’t disappear as fast. In the evening, two groups presented Web & Crypto. 

We covered the difference between symmetric and asymmetric ciphers. We started covering the last of the CIA properties, authentication. There were 3 factors to authentication

Something you know (like a password)

Something you are (like fingerprint or retina)

Something you own (like an sms message to your phone) 

Typologies and archetypes - Letcture 7

Typology: a classification according to general type, especially in archaeology, psychology, or the social sciences.

It’s the idea that things can be classified or catergoised into sections and areas, such a Jamie McCartney’s “the great wall of vagina”. This piece was made to change the view of the female body, i think it does its job as it’s saying that not every lady’s vagina is the same - thus stopping women from feeling inferior towards their peers, giving a sense of relief and belonging in the sense that it’s okay that it’s a little different. As we’re all a little different and that’s okay, but we’re all women regardless of our differences.

Thomas Ruff did something similar but with his students, he took passport like photos of each student and blew the images up. Possibly suggesting theres a sense of uniform. Or it’s a play around with identity, in my opinion the work is a collection of students and how each of their photos makes them an individual but when together they’re united by the fact that they’re students. They can be easily catergorised by that tagline, that’s a common trait they share and thus unifying them.

When it comes to archetypes, Tarantino might have possibly created one for gangsters - as we associate sharply dressed men as gangsters possibly because of Tarantino. As he made this evident in the film Pulp fiction as Samuel Jackson and John Travolta were smartly dressed gangsters ready to kill. These two set the standard for future gangsters and they’re apearences, thus creating an archetype for sharply dressed gangsters.

To summaries typology is the idea of catergosing things, items or even living beings.

Have you got a lighter? No, but I have a charger...

Mobile phones are the social cigarette… and we are addicted. Practically everyone has a mobile phone and if you don't have one you’re obscure and people look at you like you've grown a second head. It’s like someone saying “I don't have Facebook” – you barely hear it. Maybe we as designers should focus on appealing to individuals via the phone. Luckily for us, the app market is booming at the moment. YAY!

Week 04: Lecture Reflection

This weeks lecture, I found it a bit difficult to take down notes, wasn’t sure what to write at times. We covered how patterns in data can be exploited. Most notably with the english language and the substitution cipher. Then we covered a telegraph example, and different ways to attack the telegraph between the central bank and a regional bank. We covered a little bit on hashing, with the birthday example and how it exploits hash collisions. 

In the evening lecture, it was mostly presentations. The social engineering group presented, it was really really interesting. Life cycle of social engineering, different ways to go about social engineering. A case study on an example with a small airplane base? And how to exploit people by using pyschology. After that it was the guest speaker from the reporter Matt O’Sullivan. He mostly talked about FOI requests. 

Lastly a little bit more on hashing. Some properties of cryptographic hash functions, desired resistance against attacks. Followed by some examples of uses, most notably MACs. I was tired so I left, but I was kinda interested in the movie The Sting, mostly for Robert Redford. I quite liked some of his other films (sneakers, spy game)

Week 03: Lecture Reflection

The main theme of the morning lecture this week is risk. I think that the key idea to take away that Richard wanted everyone to understand is that risk is invisible, and that taking the risk and getting away with it, is just as bad as if something bad did happen. He also talked about how humans are bad at estimating and thinking about low probability high impact events. We either obsess over it and pour billions of dollars in, or we’ll do nothing about it. 

He talked about centralising services, how we tend to clump together e.g. gmail. It’s good because these services work really well, but it turns into a single point of failure, and if something goes wrong, it can be catastrophic. 

The evening lecture moved away from risk and focused more on cryptography. Mostly about public key cryptography. We covered merkle puzzles which are really cool. Person A makes 100 notes, each note contains a number (1 - 100) and a key. Each note is encrypted with a simple cypher, maybe substitution. Person B picks a random note, easily decrypts it, encrypts his own message using the key taken from the note. Person B then tells person A, I’m using note number 33, heres my encrypted message. Person A can very easily find note 33 and find the corresponding key, but an attacker will take a lot longer to find the right note. It increases the “speed up”. 

Richard quickly rushed through RSA, but I got it eventually, through the tutorial. Also this week I actually watched the 2016 lecture recordings as well. He covered Diffie Hellman key exchange, which I don’t think was covered in this weeks lecture. Oh and I get bits of security better now.

Week 08: Lecture Reflection

In the morning lecture, we started off by covering errors, and the question was, when something goes wrong, what is the root cause? We covered root cause analysis, where we try to work out what was the original reason something went wrong, because if we can work that out, we can prevent future errors from occurring. We went through a cyber disaster example:

We could blame user error (shift the blame)

We could blame the culture 

After that we went through how humans focus on what grabs our attention instead of what’s important. We talked about magicians and how the whole trick relies on the magician controlling the audiences attention, drawing them away from where the real trick is happening. 

We covered frequency gambling, where we match the current situation with previous situations, and we pick the most common solution we’ve used in the past. We covered a few smaller topics like confirmation bias and satisficing (good enough, not perfect). Admittedly at this point in time my attention was drawn elsewhere and I stopped taking notes on the morning lecture. Hopefully I’ll be able to read through the compiled week 08 notes for what I missed out on.

In the evening lecture, Richard Buckland read us a story! About the 3 mile island nuclear reactor incident. “If you design a system without security in mind, expect normal security breaches” - Richard. He said we have to stop focusing on scapegoats and systems that can’t fail, and design systems so that the impact is limited when things go wrong. 

We covered the steps in asset management 

Work out your most important assets, and just defend them

Assume you will be breached and set it up so that it won’t be a total disaster (compartmentalize?)

Week 07: Lecture Reflection

We started off the morning lecture by going over some of the mid sem questions. I’m pretty sure I chose integrity for the question where they ask if you were the commander of an army and only the president knows the 10 digit nuclear launch code, what would you be worried about? I get that it’s Type 1 / Type 2 error in retrospect, at the time I was just thinking like what if the message was tampered with or something. The other question we covered, Q10 had no right solution! Full marks for everyone! 

We covered Proof of liveness quickly - proof that there is somebody behind the message. Followed by going over Diffie Hellman again. I remember we went through this in an earlier lecture. Diffie Hellman is to set up a shared key. 

So Allison and Bob both agree on a base and a modulus and they both pick their own secret. They each calculate base^(their own secret) mod modulus and they send that to each other. Then they get the other persons message and do secret = (other persons message)^(their own secret) mod modulus. In the end they both get the same shared secret. The diffie hellman exchange relies on the discrete log problem, where it is really hard to reverse the calculation base^(their own secret) ,mod modulus. 

https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

We covered some definitions 

(From the lecture slides)

Vulnerability - a potential weakness in something

Exploit - attack a vulnerability

Software bug - vulnerability in software

Stack and the Heap

Stack - First In First Out 

When functions are called, their temporary information is stored on the stack 

Heap - when space is known at compile time - store on heap

Malloc -> put data on heap 

We covered types of software bugs 

Memory corruption - attacker changes the memory, attack can control what the program does

Format String Attack 

C uses printf, 1st argument is format string telling it what to do with the remaining arguments, but if it’s not a control variable, it just prints it out 

printf(”Richard %s”) works fine, since there is no next argument in the function call, printf will just look lower into the stack and print it out 

Doing printf(”%x%x%x%x”); will just dump out the stack (cool!) 

Printf(%n) can write to the stack -> wow

Integer Overflow

Integers have fixed amount of space

If you know there’s a counter in memory, type in a big enough password so the counter wraps around

Let’s it pass some test or trick it in some way 

We also covered shell code

Old hackers would try to make a remote shell pop up w/ privileges 

We covered the national vulnerabiltity database, if you found a new vulnerability, it was numbered and added to the list. Plus we went through some cool bug exercises, we were shown c code and we had to find the flaw. After that we started covering assets, security is there to protect your assets, but sometimes we protect the wrong assets. We need to first brainstorm, what is it we are trying to protect? Ask a lot of people, from different backgrounds on what they think need protecting, and do this every month or so. 

In the evening lecture, the bug bounty group presented. Then we started talking about authentication on the internet, how do we know we are trying to access the correct website? We looked at PKI

PKI

Public Key Infrastructure

A “passport” that links your public key with a domain name

Certified by “trusted” companies

Web browser will authenticate the certificate to make sure you’re accessing the right website 

Week 05: Lecture Reflection

“Don’t roll your own” - leave it to the experts. Meaning don’t try to make your own cryptographic function, hehe watch me 

We spent some time covering Wired Equivalent Privacy (WEP), a security protocol designed to make wifi as secure as wired lan. Unfortunately it was a heavily flawed protocol, with so so many exploits and vulnerabilities. Unsurprisngly, people continued to use it anyways despite knowing it was compromised, kind of like MD5. We covered exclusive ORS (XOR) and how it’s used in WEP to encrypt the packets. The biggest flaw in WEP I think was that an attacker could retransmit a packet back to the access point. And the access point would do all the work, stripping the outer layers and it would then transmit it straight to whatever address the attacker placed in the packet. 

We covered how old phones used tones to access phone calls/international calls. Captain crunch cereal once had a promo where they gave away free whistles, which made the same tone as 2600 hz, same tone used by AT&T for calls. Moral of the story was don’t mix access and control/data. Also covered a bit more about hashing, how a broken hash was when an undesirable property from the protcol was exploited, and allowed a faster break than brute force. Little breaks would lead to bigger breaks, like the rumblings of a volcano. 

We had a guest speaker - Dr Lisa Parker who talked mostly about bias, and how drug companies would host free lunches for doctors, and it would influence the doctors decision on which drug to prescribe. 

“A $20 lunch impacts doctors choice of drug recommendation”. 

Also companies sometimes fund research, but they give an outline of an agenda. And that if something which is bad for the company is discovered, the company can just throw away the research instead of publishing it. 

Insider attacks -> drug companies will target certain people to bias/ corrupt/ influence them, Hard to change 

It’s hard to change how people think

Hidden curriculum - higher ups are a role model of how to act, if the higher ups do the right thing, more will follow?

OPSEC & Passwords Presentation - Just listened didn’t take down any notes 

For the passwords presentation, I found the live demo’s really interesting

Especially when they analysed the text file full of hashed passwords, not surprisingly, “password” was the most common password, followed by 123456 and linkedin third 

That third password made me think back to my highschool days, I had one of those red lenovo laptops given to every student, guess what my password was for it? “lenovo” :) :) 

We covered merkle damgard constructions, how you break down a message into blocks and feed them into a hash function. So you’d start off with an initialisation vector + the first block, pushs it into a hash function which spits out a hash. And you’d combine that hash with your second message block, back into the function etc. He also covered length extension attacks, where once you know the length of the message you can add your own messages at the end. 

We covered digital signatures, MAC’s and HMAC’s. 

First preimage attack - given a hash find the original message 

Second preimage attack - given a hash and a message, find another message that gives the same hash 

Collision attack - given a hash find two messages that give that hash 

Password stretching

Rainbow tables - precomputed passwords stored for brute forcing

Salting 

Rave culture - lecture 2

Rave culture was more than about partying, getting layed and getting high -it was a movement formed by a community of people who seeked a change. An ulternative to the political choices that were around at the time, music and moshs brought people of all ethnic backgrounds together.

The political stand off was against neo liberalism, personally i’ve never really understood poltics - i would have appreciated more of a break down in regards to its policies and the impact it could bring.

Rave culture had many sub genres, from fashion to politics - there was so much to cover with little time. But i am glad it was covered, i never knew it had such an impact on peoples lives.

overall: it was a bit too complicated, Rave culture seems too large of a topic to summaries into 1 lecture.

The image reproduced - lecture 1

“To collect photographs is to collect the world”, this lecture was interesting as it forces us to think deeply about a habit, we all subconsciously do as a society.  

I never truly thought about the impact photos had on people, and how we are precieved by others - photos are just images but they hold a lot of significance. eg: photos are evidence of our achievements, journeys and of things we simply like. Its crazy to see how they hold so much power over us.

The analysis of the selfie was intriguing, the whole idea of it feeding psychological/emotional needs was thoughtproking. That and it does lead many including myself to, ponder on ones own selfies and begin an existential crisis.

Overall: the lecture was interesting and relatable to us as students, sure it was trippy to think about the psychological needs the selfie comforts, and the way women beings shaped to be observed. But overall, it was interesting and gets the mind thinking, what else is there to something that seems so common. aka - i enjoyed the lecture.

I come from cyberspace - lecture 4

Cyber space: the notional environment in which communication over computer networks occurs. Cyberspace is a word that was first coined by William Gibson, first being mentioned in his book ‘Necromancer’ - depicting cyberspace to be in-between utopia and dystopia. Maybe this is suggesting that humans have mixed emotions towards cyberspace, out of caution we are looking at potential futures and their extremes - its fear of the unknown through caution. As we acknowledge the good and the bad of cyberspace, but can we truly trust something that can be extremely good and become extremely bad in a short span of time? 

Many works of entertainment have been depicting the future, feeding the scifi genre and its fans - films such as Back to the future, The Matrix, Tron and Blade runner have been highly influential. Tron and The matrix share similar themes that, cyberspace is a place that is both physical and non physical. As both films have protagonists entering or being in worlds that aren’t physical but, require physical equipment to maintain this non-physical reality. This same concept corresponds with real life, as the internet is both physical and digital. Ruslan Tnikeev created the ‘the internet map’ an image that represents the internet and what is commonly searched and things associated with it. Pretty interesting how someone is trying to map out something non physical. 

Besides non physical and physicality, the internet was a place filled with many opportunities - besides chemical intoxication. Many people felt like they were being liberated from society, as the cyberspace feels like a very free environment. John Perry Barlow, created the declaration of the independence of cyberspace - trying to stop politics from entering the free world known as cyberspace. 

This connects well with an app were you can remove text from posts - it gets rid of all the noise of cyberspace, allowing you some piece of mind. Cyberspace is all about communication but, you don’t always need words to communicate a message - sometimes its nice to see something and just think about it. Since the internet can be overwhelming with the vast amount of information, its just simply too much to register. 

But overall the lecture gave a lot of food for thought on the notion of cyberspace as a whole. This was an interesting approach towards cyberspace, and the impact it has on people and society as a whole. 

The city of ruins - Lecture 5

Urban decay is the process whereby a previously functioning city, or part of a city, falls into disrepair and decrepitude.

It is becoming a growing trend for people to take photos of decaying buildings, this is evident through the popular hashtag #urbex on instagram - suggesting that there is a certai appeal to abandoned buildings and ruins. We find it daring to sneak into places we aren’t allowed to enter, that feeling of adventure and adrenaline motivates people to do these things. Also another popular trending hashtag is #ruinporn, i guess ruins really are a popular trending thing, but why are they popular? why are people drawn to them?

Historical context and kitsch ruins:

Maybe ruins are popular because of tutorism, as many people enjoy seeing them from a historical point of you.

The fondness for ruins increased in the 17th century and 18th century.

Folly - using ruins as a form of decoration, meaning you’re purposely making/creating a building to look like a building for aesthetic purposes. The reason they used the word ‘folly’ was because it comes from the word ‘foolishness’ or, lack of good sense. But a folly can also be seen as a building providing reminders of the failings of the past.

The jealous wall - Belvedere house 1740:

It was a short marriage but the wife basically married her husbands brother , the wall was built to block the ex husbands view of their home. If ruins keep exs away then i’ll gladly participate in #ruinporn.

It’s strange how we find it normal for fish tanks to have model ruin civilisations in them - is this a reference to the lost city of Atlantis or do fish secretly want to be destroyers of worlds? But still isn’t it strange how ruins still appeal to us? They’re a reminder of the past and the future, thats pretty bizarre. eg: Planet of the apes (1968) ruins represent disaster and the end of the world.

The ruinous effect of urban planning: 

New grand urban plans relied on ruins, as they were a reason to demonlish and reconstruct new buildings. Then those new buildings became ruins themselves, they’re a reminder of the old past dreams, a utopian dream of a new world. A reminder that they’re dream died and became the thing that they sought to destory is interesting.

Demolishing is popular:

The long river by Nadav Kander is like a ‘reverse ruin’, it’s half constructed ruins that, so it’s the a ruin in the sense that it’s falling apart but it’s also something thats just been constructed. Interesting, maybe the reverse ruin will trend on instagram?

The treachery of images: the historical context of surrealism and its lasting legacy - Lecture 3:

Surrealism is a very bizzare thing, especially when you start getting into details about the complexities and, many fetishes of its famous representatives.  Surreal means bizzare or dream like, the sur pretext meaning ‘over, above or in addition’.

The talk about automatism was very interesting, that people’s involuntary actions or thoughts can say a lot about ourselves. What made it more interesting were the flaws that can be disputed about the theory, in regards to Freuds ‘free association’. Where patients are told to say words that come from the top of there heads - then you look at the words that have an association with eachother. The flaws would be, if a patient tried too hard to be random - then what they’re saying isn’t involuntary at all, but rather voluntary. But, the artwork is interesting, as Andre Masson let his hand go wild he created many bizzare pieces of artwork. But how can you mindlessly draw, drawing comes with a thought or and idea in mind... so how does automatic drawing work?

Surrealism wanted to push boundaries and explore things that society brands as a taboo - so they decided to dismember and eroticism the body. This part of surrealism was inspired by Freud’s views on psychological sex... oedipus complex. But these things do say a lot about people, such as Dali’s piece on ‘the great masturbator’ - representing his sexual fears, attractions and anxieties. eg: fetishing feces.

The uncanny was intriging, as i never thought about surrealism being familiar yet disgusting at the same time - kind of sums up how you can feel about the artwork. As they distort things we are familiar with, and then disturb us with the unusualness of a familiar thing being reinvented.

Overall: this was a very interesting lecture, i’m looking forward to the next set of psychological themed lectures. As they make us thing more deeply and carefully, about our comfort zones in art and what they say about us as people.

"Those who cannot remember the past are condemned to repeat it." – George Santayana

It’s a thought provoking statement isn’t it? Although, history doesn’t actually repeat itself, as no two events are the same. That is why it is worth studying history. From studying history, we can discover trends in the past and we can reveal and expose common motives and behaviors amongst masses of people. You see, once you understand the archetypes of societies, you become more perspicacious and consequentially can anticipate future events. You won’t be able to completely predict the future, although, these archetypes can allow us to be more prepared for future events. 

Another reason why history can “repeat” itself is purely become people are not wise enough to learn from their mistakes and adjust their behavior accordingly. People are too oblivious to the past.