#lecturereflection

In the morning lecture, we started off by covering errors, and the question was, when something goes wrong, what is the root cause? We covered root cause analysis, where we try to work out what was the original reason something went wrong, because if we can work that out, we can prevent future errors from occurring. We went through a cyber disaster example:

We could blame user error (shift the blame)

We could blame the culture 

After that we went through how humans focus on what grabs our attention instead of what’s important. We talked about magicians and how the whole trick relies on the magician controlling the audiences attention, drawing them away from where the real trick is happening. 

We covered frequency gambling, where we match the current situation with previous situations, and we pick the most common solution we’ve used in the past. We covered a few smaller topics like confirmation bias and satisficing (good enough, not perfect). Admittedly at this point in time my attention was drawn elsewhere and I stopped taking notes on the morning lecture. Hopefully I’ll be able to read through the compiled week 08 notes for what I missed out on.

In the evening lecture, Richard Buckland read us a story! About the 3 mile island nuclear reactor incident. “If you design a system without security in mind, expect normal security breaches” - Richard. He said we have to stop focusing on scapegoats and systems that can’t fail, and design systems so that the impact is limited when things go wrong. 

We covered the steps in asset management 

Work out your most important assets, and just defend them

We started off the morning lecture by going over some of the mid sem questions. I’m pretty sure I chose integrity for the question where they ask if you were the commander of an army and only the president knows the 10 digit nuclear launch code, what would you be worried about? I get that it’s Type 1 / Type 2 error in retrospect, at the time I was just thinking like what if the message was tampered with or something. The other question we covered, Q10 had no right solution! Full marks for everyone! 

We covered Proof of liveness quickly - proof that there is somebody behind the message. Followed by going over Diffie Hellman again. I remember we went through this in an earlier lecture. Diffie Hellman is to set up a shared key. 

So Allison and Bob both agree on a base and a modulus and they both pick their own secret. They each calculate base^(their own secret) mod modulus and they send that to each other. Then they get the other persons message and do secret = (other persons message)^(their own secret) mod modulus. In the end they both get the same shared secret. The diffie hellman exchange relies on the discrete log problem, where it is really hard to reverse the calculation base^(their own secret) ,mod modulus. 

https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

We covered some definitions 

(From the lecture slides)

Vulnerability - a potential weakness in something

Exploit - attack a vulnerability

Software bug - vulnerability in software

Stack and the Heap

Stack - First In First Out 

When functions are called, their temporary information is stored on the stack 

Heap - when space is known at compile time - store on heap

Malloc -> put data on heap 

We covered types of software bugs 

Memory corruption - attacker changes the memory, attack can control what the program does

Format String Attack 

C uses printf, 1st argument is format string telling it what to do with the remaining arguments, but if it’s not a control variable, it just prints it out 

printf(”Richard %s”) works fine, since there is no next argument in the function call, printf will just look lower into the stack and print it out 

Doing printf(”%x%x%x%x”); will just dump out the stack (cool!) 

Printf(%n) can write to the stack -> wow

Integer Overflow

Integers have fixed amount of space

If you know there’s a counter in memory, type in a big enough password so the counter wraps around

Let’s it pass some test or trick it in some way 

We also covered shell code

Old hackers would try to make a remote shell pop up w/ privileges 

We covered the national vulnerabiltity database, if you found a new vulnerability, it was numbered and added to the list. Plus we went through some cool bug exercises, we were shown c code and we had to find the flaw. After that we started covering assets, security is there to protect your assets, but sometimes we protect the wrong assets. We need to first brainstorm, what is it we are trying to protect? Ask a lot of people, from different backgrounds on what they think need protecting, and do this every month or so. 

In the evening lecture, the bug bounty group presented. Then we started talking about authentication on the internet, how do we know we are trying to access the correct website? We looked at PKI

PKI

Public Key Infrastructure

A “passport” that links your public key with a domain name

Certified by “trusted” companies

We started by going over some of the content from last week. We recovered Initialisation Vectors (IV) and how WEP uses them to encrypt the packets. When an algorithm deals with a sequence of things (such as merkle damgard), it needs something to start off with, i.e. an IV. One of the basic requirements of an IV is that it must be unique, as in it’s used only once. 

https://en.wikipedia.org/wiki/Initialization_vector

We talked about how mixing data and control was a bad idea, using his post office story as an analogy. If there is an ambuguity between data and control, and if the user has control over the ambuguity, then the user has control over the channel. 

We started covering buffer overflows. The basic idea is that if you write data to a buffer, and the data is larger than the buffer, the data can overwrite whatever is adjacent to that buffer. We also covered stacks, which I kind of remember from comp1521, where when a program is paused to allow another program to run, its data/variables are stored on the stack, and will be accessed when the program is allowed to run again. You can do buffer overflows on the stack. 

https://en.wikipedia.org/wiki/Buffer_overflow

We covered proof of work. An example of this is in cryptocurrency, most notably bitcoin where it takes a lot of work to create a new page/ledger. Making it hard to fake pages means it gives a guarantee that the money is safe. Another example we covered is password stretching, i.e. 3 chances at a password before you get a timeout. 

Moore’s Law, where it was discovered that the number of transistors in technology doubled every year, and computing power doubles at a slightly faster rate - 18 months. 

Disk encryption, especially how microsoft windows doesn’t actually encrypt when you ask it to. Cold boot attack, where you unplug a computer and lower the temperature really quickly, hoping that the data stored on the RAM won’t disappear as fast. In the evening, two groups presented Web & Crypto. 

We covered the difference between symmetric and asymmetric ciphers. We started covering the last of the CIA properties, authentication. There were 3 factors to authentication

Something you know (like a password)

Something you are (like fingerprint or retina)

“Don’t roll your own” - leave it to the experts. Meaning don’t try to make your own cryptographic function, hehe watch me 

We spent some time covering Wired Equivalent Privacy (WEP), a security protocol designed to make wifi as secure as wired lan. Unfortunately it was a heavily flawed protocol, with so so many exploits and vulnerabilities. Unsurprisngly, people continued to use it anyways despite knowing it was compromised, kind of like MD5. We covered exclusive ORS (XOR) and how it’s used in WEP to encrypt the packets. The biggest flaw in WEP I think was that an attacker could retransmit a packet back to the access point. And the access point would do all the work, stripping the outer layers and it would then transmit it straight to whatever address the attacker placed in the packet. 

We covered how old phones used tones to access phone calls/international calls. Captain crunch cereal once had a promo where they gave away free whistles, which made the same tone as 2600 hz, same tone used by AT&T for calls. Moral of the story was don’t mix access and control/data. Also covered a bit more about hashing, how a broken hash was when an undesirable property from the protcol was exploited, and allowed a faster break than brute force. Little breaks would lead to bigger breaks, like the rumblings of a volcano. 

We had a guest speaker - Dr Lisa Parker who talked mostly about bias, and how drug companies would host free lunches for doctors, and it would influence the doctors decision on which drug to prescribe. 

“A $20 lunch impacts doctors choice of drug recommendation”. 

Also companies sometimes fund research, but they give an outline of an agenda. And that if something which is bad for the company is discovered, the company can just throw away the research instead of publishing it. 

Insider attacks -> drug companies will target certain people to bias/ corrupt/ influence them, Hard to change 

It’s hard to change how people think

Hidden curriculum - higher ups are a role model of how to act, if the higher ups do the right thing, more will follow?

OPSEC & Passwords Presentation - Just listened didn’t take down any notes 

For the passwords presentation, I found the live demo’s really interesting

Especially when they analysed the text file full of hashed passwords, not surprisingly, “password” was the most common password, followed by 123456 and linkedin third 

That third password made me think back to my highschool days, I had one of those red lenovo laptops given to every student, guess what my password was for it? “lenovo” :) :) 

We covered merkle damgard constructions, how you break down a message into blocks and feed them into a hash function. So you’d start off with an initialisation vector + the first block, pushs it into a hash function which spits out a hash. And you’d combine that hash with your second message block, back into the function etc. He also covered length extension attacks, where once you know the length of the message you can add your own messages at the end. 

We covered digital signatures, MAC’s and HMAC’s. 

First preimage attack - given a hash find the original message 

Second preimage attack - given a hash and a message, find another message that gives the same hash 

Collision attack - given a hash find two messages that give that hash 

Password stretching

Rainbow tables - precomputed passwords stored for brute forcing

This weeks lecture, I found it a bit difficult to take down notes, wasn’t sure what to write at times. We covered how patterns in data can be exploited. Most notably with the english language and the substitution cipher. Then we covered a telegraph example, and different ways to attack the telegraph between the central bank and a regional bank. We covered a little bit on hashing, with the birthday example and how it exploits hash collisions. 

In the evening lecture, it was mostly presentations. The social engineering group presented, it was really really interesting. Life cycle of social engineering, different ways to go about social engineering. A case study on an example with a small airplane base? And how to exploit people by using pyschology. After that it was the guest speaker from the reporter Matt O’Sullivan. He mostly talked about FOI requests. 

The main theme of the morning lecture this week is risk. I think that the key idea to take away that Richard wanted everyone to understand is that risk is invisible, and that taking the risk and getting away with it, is just as bad as if something bad did happen. He also talked about how humans are bad at estimating and thinking about low probability high impact events. We either obsess over it and pour billions of dollars in, or we’ll do nothing about it. 

He talked about centralising services, how we tend to clump together e.g. gmail. It’s good because these services work really well, but it turns into a single point of failure, and if something goes wrong, it can be catastrophic. 

The evening lecture moved away from risk and focused more on cryptography. Mostly about public key cryptography. We covered merkle puzzles which are really cool. Person A makes 100 notes, each note contains a number (1 - 100) and a key. Each note is encrypted with a simple cypher, maybe substitution. Person B picks a random note, easily decrypts it, encrypts his own message using the key taken from the note. Person B then tells person A, I’m using note number 33, heres my encrypted message. Person A can very easily find note 33 and find the corresponding key, but an attacker will take a lot longer to find the right note. It increases the “speed up”. 

Typology: a classification according to general type, especially in archaeology, psychology, or the social sciences.

It’s the idea that things can be classified or catergoised into sections and areas, such a Jamie McCartney’s “the great wall of vagina”. This piece was made to change the view of the female body, i think it does its job as it’s saying that not every lady’s vagina is the same - thus stopping women from feeling inferior towards their peers, giving a sense of relief and belonging in the sense that it’s okay that it’s a little different. As we’re all a little different and that’s okay, but we’re all women regardless of our differences.

Thomas Ruff did something similar but with his students, he took passport like photos of each student and blew the images up. Possibly suggesting theres a sense of uniform. Or it’s a play around with identity, in my opinion the work is a collection of students and how each of their photos makes them an individual but when together they’re united by the fact that they’re students. They can be easily catergorised by that tagline, that’s a common trait they share and thus unifying them.

When it comes to archetypes, Tarantino might have possibly created one for gangsters - as we associate sharply dressed men as gangsters possibly because of Tarantino. As he made this evident in the film Pulp fiction as Samuel Jackson and John Travolta were smartly dressed gangsters ready to kill. These two set the standard for future gangsters and they’re apearences, thus creating an archetype for sharply dressed gangsters.

Rave culture was more than about partying, getting layed and getting high -it was a movement formed by a community of people who seeked a change. An ulternative to the political choices that were around at the time, music and moshs brought people of all ethnic backgrounds together.

The political stand off was against neo liberalism, personally i’ve never really understood poltics - i would have appreciated more of a break down in regards to its policies and the impact it could bring.

Rave culture had many sub genres, from fashion to politics - there was so much to cover with little time. But i am glad it was covered, i never knew it had such an impact on peoples lives.