COMP6441 BLOG @junscoolsecurityblog - Tumblr Blog

W8 - Authentication

OAuth is the property which allows accounts to be linked without providing a password (often when one is already logged in with a device), i.e. linking your Facebook account to Spotify to let your friends watch what you listen to. This also provide Spotify with some of the other information linked to your Facebook account such as your email and birthday.

Barbara could be subject to a phishing attack where the attacker impersonates a colleague and asks her to use a seemingly harmless software (designed to look like it was published by Google) which does not use OAuth, instead requesting her login details. If she if foolish enough to fall for this, we now have access to all of her accounts which she has used OAuth with. >:)

W8 - Spot the Fake

Many fake Facebook accounts have tried to add me (possibly to steal information about me or attempt to scam?). These are easily detectable when you view the timestamps on the creation of many of the posts on the account, the number of mutual friends, if they are a loser trying to catfish as an attractive young female specimen.

Fake ID exists to help minors get into clubs and bars by mimicking the material and structure of existing forms of identification. This is difficult to detect at these venues as they often just scan the structure and material of the card, compare the image, and look at the date of birth.

W8 - Google Yourself

I used Google Takeout to hopefully find what information of mine that Google has been tracking. It was underwhelming when I saw that I couldn’t find any of my location information when I viewed the files, but it was probably because of...

I also used Facebook’s settings and was surprised especially by the data showing when I logged in and the corresponding details. I also found it interesting that it stored a primary location for me even though location history is off.

W8 - Ghost

This week our case study asked us to role play as a major who needs to find out the report of a possibly hostile alien planet from his cadet, however the catch is that the cadet can only be heard by an alien. A diagram showing who can speak (and be heard) by who can be seen below:

My groups solution was to first separate the alien in an isolated room. The cadet would then be placed in a room with a lengthy one time pad on the walls (assuming he can’t flip pages), which was designed by the major (protecting confidentiality). The cadet would relay the codes to the alien (in iterations as he likely can’t remember an entire message), while ensuring the alien has no access to the one time pad. When the major receives and decodes the message, there would be 2 outcomes:

If the alien is cooperative, he would receive the message without fault.

If the alien is non-cooperative, he would receive no message or if the alien tried to alter the code, obvious errors would be seen from the decoded gibberish, and he could be deemed as hostile.

W8 - Lecture Recap

Richard used the analogy of a flashlight to show how we focus only on specific portions of security, often missing huge sections. He also demonstrated this with an assignment which he gave out to a previous grade. Students’ programs were often secure for the most part, but Richard created software to looks explicitly for cases where they would fail, and use the result to help his grading. This shows how most hackers would often look at the common points, but determined, skilled hackers will look at even the most obscure places for any exploits they can find. We also need to watch ‘The China Syndrome’ as it’s going to be assessed in the finals... 2 hours... $4... :(

W7 - Social Engineering Questions

I managed to get the following answers to the questions from my friend:

What is the strangest food you have ever eaten? [3 points]

What was the first name of the first person you dated? [5 points]

How many minutes does it take you to get to work? [3 points]

What is the last name of your favorite athlete? [4 points] (they love NBA)

What was the name of the company where you had your first job? [5 points]

For a whopping total of... 20 points!

W7 - Phishing for Trump

Dear

I decided to look at twitter’s email format before writing my email to create a more convincing phish.

Hello Donald Trump, Your account, realDonaldTrump has been suspended for violating the Twitter Rules.

Specifically, for:

Violating our rules against hateful hateful conduct.You may not promote violence against, threaten, or harass other people on the basis of race, ethnicity, national origin, sexual orientation, gender, gender identity, religious affiliation, age, disability, or serious disease.

Note that if you attempt to evade a permanent suspension by creating new accounts, we will suspend your new accounts. If you wish to appeal this suspension, please contact out support team[insert hyperlink].

W7 - Email Phishing

The task is to simulate an email phish to take the Facebook login details and get a payment of $1200 to be made into my account.

My first step was to gather information about the website and the people behind it. Below is a compilation of their profiles:

David Quest Married to: Sarah Jenkins Email: [email protected] Interests: Microbrewing Pets: Angela and Jessie (black pugs)

Sarah Jenkins Married to: David Quest Email: [email protected] Instagram: https://www.instagram.com/sarah.jenkins0583/ Favourite Puppy: Jasper (rescue beagle) Son: James born on 2/12/14

SCANDALOUS??? Has another husband, Mark?!?!?!

Equipped, I can now tackle the task. I first decided to email David. I entered something random and his response indicated that I could probably get the money from him.

I then made a poor effort to impersonate his mother, which in reality would be more difficult as he would likely know his mother’s email and banking details.

Now I need to get the login from Sarah (I’m presuming). My assumption from the previous task is that I need to just input keywords into the message so I tested this with my next email.

and finally:

W7 - AES

Definitions Confusion - each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two. Diffusion - if we change a single bit of the plaintext, then (statistically) half of the bits in the ciphertext should change, and similarly, if we change one bit of the ciphertext, then approximately one half of the plaintext bits should change. Avalanche Effect - if an input is changed slightly (for example, flipping a single bit), the output changes significantly (e.g., half the output bits flip). SP Boxes - a network takes a block of the plaintext and the key as inputs, and applies several alternating “rounds” or “layers” of substitution boxes (S-boxes) and permutation boxes (P-boxes) to produce the ciphertextblock. The S-boxes and P-boxes transform (sub-)blocks of input bits into output bits Fiestal Networks - Symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel Block Ciphers - an encryption method that applies a deterministic algorithm along with a symmetric key to encrypt a block of text, rather than encrypting one bit at a time as in stream ciphers. Stream Ciphers - Encrypting a single bit at a time

Ciphers 1 and 5 both have 16 byte blocks (as number of bits will only increase after every 16 characters of length). They both repeat halfway if given 2 codes which are identical and also 16 bytes e.g.

Thus they have properties of ECB.

Ciper 2′s length is proportional to its input, thus using CTR.

Cipher 3 and 4 must use CBC by deduction. jk. They also have 16 byte blocks, but when changing a character in an earlier block, all preceding blocks will have their values modified, thus using CBC.

W7 - Privacy Debate

The one tutorial where I was sick (and unable to attend class :( ). I caught up by asking some classmates about what had happened and the general gist was asking whether or not we wanted the government to have our information (hence lessening our privacy). They then split into two opposing groups arguing for each side and given time to discuss, but were hit with a fat curveball when Hayden made them switch sides. Changing their mindset seemed to be difficult as they were already set on one vision, and then were given time to present ideas and rebut each other.

W7 - Lecture Recap

Some mid-sem exam material was reviewed today.

Diffie Hellman A method of securely exchanging keys over a public channel. This is done by using the properties of modulus and a simple example can be seen below:

Vulnerabilities

Buffer overflow - see last week

Format strings

Shell code - can grant terminal console on remote device.

NOP Sled - runs a long list of No-Ops (0x90) so that it can ‘slide’ to the portion of code that attacker wants.

Responsible disclosure

Assets Analysing assets helps to identify priorities and what we need to protect. Some effective steps to asset protection can include:

Getting a broad perspective by asking a lot of people.

Become familiar with the values of the people involved with your assets by performing regular surveys.

Continually re-evaluate the your list of assets.

Fuzzing Automated software testing technique to find unexpected inputs (often invalid or random data) for a program. It also looks for exceptions when run such as crashes or memory leaks.

Bug Bounties Discovering bugs withing software (essentially getting paid to hack).

W6 - 5G

Dear CEOs of Telstra, Vodafone and Optus,

I have come to the conclusion to refuse Huawei’s involvement in constructing Australia’s 5G network. This decision was made solely on the interest to protect Australia’s security and the privacy of each of our citizens. Information leaked has a much greater value than that we can monetarily afford so this investment into independently establishing our network will ensure our safety of such a threat. We will continue to work with you to overcome this issue and support your future projects.

Prime Minister Jun

W6 - One Time Pads

An encryption method which uses a completely random key that is at least the same length as the to-be encoded message. Each letter of the plain text is the incremented by the corresponding letter within the key such that if the letters were A(1) and C(3), the resulting code would be D(4). The name was given as the key was often distributed on paper and destroyed immediately after use, hence one time. The security of one time pads relied on the following:

The pad must be generated from truly random numbers. If the pad is not generated from a perfectly random source, than it is possible to predict values from the pad and thus crack the code.

The pad must be as long as the message

The pad must never be reused

’Cribb Dragging’ is technique which can be used to attempt to crack many time pads.

“Lpa” is repeated in three of the codes, leading me to believe it is a common word such as “the”. Thus T(20) + x mod (26) = L (12), x = 18 H(8) + x mod 26 = 16, x = 8 E(5) + x mod 26 = 1, x = 22. And applying the key on the first 3 letters of the other codes gives “Eve” and “Can”, both valid words. I also deduced that capital letters marked the start of new words and that space characters were ignored. I continued my deduction by comparing the keys provided by words I experimented with on the other codes, continuing only when it looked like possible words and finished with:

The Secret To Winning Eurovision Is Excellent Hair

Everyone Deserves A Hippopotamus When Theyre Sad

Can You Please Help Oliver Find The Flux Capacitor

The Most Important Person In The World Is Me Myself

he Price Of Bitcoin Is Too Damn High Given The Data

This shows how many time pads are not secure methods of encryption.

W6 - Russia Attacks

This week’s case study asked use about possible action to take if we were thrown into a cyber-war with Russia. My group came up with these solutions:

Create a massive ‘firewall’ (the Great Barrier Reef Wall) to filter all incoming and outgoing data. This allows us to stop any attackers from outside before they reach our systems, and also prevents inside attackers from relaying information outside (unless they physically leave and I suppose then we would need to block off that flight path)

Providing education to our current and future generations. Social engineering is the most prominent attack and this would greatly reduce the odds of it being successful. It may also inspire potential minds to discover and design better methods of combating this issue.

Create more self-sustainable systems. This could include implementing more solar-powered technologies so that if our electrical systems get attacked, we would not be in the dark.

W6 - Lecture Recap

Richard was sick this weeks so he Skype called us for our lecture (and played kahoot with very high latency)

Advanced Encryption Standard (AES) A specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. Works by using a substitution-permutation network, and can’t been broken yet without a very long time period or powerful computer.

Symmetric Encryption A type of encryption where only one secret key is used to both encrypt and decrypt electronic information. The entities communicating via symmetric encryption must exchange the key so that it can be used in the decryption process. This encryption method differs from asymmetric encryption where a pair of keys, one public and one private, is used to encrypt and decrypt messages.

Buffer Overflow An attack where input is greater than the buffer size, overrunning its boundaries and writing into adjacent memory. A useful video on buffer overflow.

Blockchain Blockchain - The Most Trusted Crypto Company

W5 - Lock Picking

Some lock picking techniques which I forgot in the exam (and got the question wrong :( )

https://en.wikipedia.org/wiki/Lock_picking

Raking https://www.youtube.com/watch?v=QrEizJNRNlo This is performed by rapidly sliding the pick past all the pins, repeatedly, in order to bounce the pins until they reach the shear line. This method requires much less skill than picking pins individually, and generally works well on cheaper locks.

Bumping https://www.youtube.com/watch?v=w42dkL5Gvxw This is performed by inserting a key which has been cut so that each peak of the key is equal and has been cut down to the lowest groove of the key. This key is then struck sharply with a hammer whilst applying torque. The force of the blow is carried down the length of the key and will move only the driver pins leaving the key pins in place. If done correctly this briefly creates a gap around the shear line allowing the plug to rotate freely.

W5 - Case Study

This week’s case study seemed fishy to me from the start as rather than displaying the study on the projector as per the previous weeks, groups had been given individual slips of paper. This led me to believe that there may be differences in what we were asked to provide (and I was right!). The case study reviewed the viability of a company in pursuing automated cars. My group was allocated a response to a company executive (whereas others were asked to speak on behalf of a company representative to the government). The major differences between our responses were our priorities - we focused more on company image whereas they focused more on moral obligations (though funnily enough we had similar conclusions). My group’s consensus was that automated cars should not be allowed onto the road unless every car is automated as we believe that only then would there be a truly efficient and safe system. This was heavily disputed by a passionate Hayden, who believed that they should be on the road ASAP since they’re more reliable than people (and I can see his point).

Trending Blogs

Recently Viewed Blogs

COMP6441 BLOG