Question 5: Suppose there is a 10 digit pin to arm the country's nuclear weapons …
The correct answer is Type I / Type II error. The biggest problem is that having a 10 digit pin introduces a reasonable mechanism to stop a launch when it shouldn’t launch. When you have a launch that should happen, that is when type I error occurs because he is a single point of failure for their launch.
Question 10: Merkle Puzzle Question
RSA 64, you can crack this very fast. Then Richard realised that non of the answers are correct so we all get full marks in this question. Wow.
This uses the fact of exponentiation, remember that if you raise something to the power and then another power, you get the same value if your do it the other way round (duh). The idea is that if we both think of a secret number and then raise it to the power of each other's secret number, we will have the same number. A hacker cannot observe this because they don’t know the individual numbers. The two now use this as a key.
The difference between this is and RSA is that we have the same key where as in RSA we exchange keys.
Good at establishing confidentiality but not authentication.
A very nice castle, has two rings of defence around it (defence in depth). No one could ever breach the inner wall. They then failed to social engineering because of a fake letter from someone
This is just something that
When a software has a mistake in it, it is not always a vulnerability. A collection of bugs can be the main vulnerability
The main types of bugs we are concerned about are:
Memory Corruption: the simplest type of this is a buffer over flow. If the amount of space you need for a buffer is known before run time, you store it in the heap. Attacks to the stack are more diabolical.
How functions are called in C: This is process switching that your operating system does. So function calls and stuff. He went pretty quick.
Integer Overflow: If you keep adding to an integer it will eventually overflow the allotted size. This obviously depends if it is a signed or unsigned int.
C has a strange way of printing things with printf. This is a function and expects a variable number of arguments passed into it. The first one is a format string that tells you what to do with the other arguments. We all know this. In the old says you are supposed to do it like this printf("%s", "Hello World!");
This is long so everyone would just do this printf("Hello World!");, everyone would put what they wanted to print out as the format string.
An issue with this is having some string callled name that takes in your name, then calling printf(name);. This is vulnerable because the name could have % in it then you can change the printfs. E.G. if you put in Tom %s into the printf, since C does not check if there are two arguments put in, it just looks somewhere lower in the stack for the %s. So if we put our name then %x %x … %x, this will print out everything in the stack in hex. This is an information gathering attack and could potentially reveal things like stack canaries. %n writes to memory if you do it in the print command. This is very bad.
The Swiss cheese if you have it as a block, it is a solid block of cheese but if you slice it up you get holes in it. This is analogy for bugs in code, sometimes the holes (bugs) will line up and then you get a major vulnerability.
Memory Leak: printf is a way of getting this.
National Vulnerability Database
This is like naming new animals, it is a world wide data base for discovering a new vulnerability, you get to name the number.
When you find the vulnerability you're supposed to tell the person first then slowly escalade it to higher ups. There are still many debates about this.
This is optimising indenting. Lol.
Security Engineering - Assets:
Work out what all the things you should be protecting and their relative value to you. E.G, the Louvre is priceless so destroying it is not worth it at all.
It is easy to protect the wrong thing, dedicate some time to deciding what your assets are.
Regularly surveying the values of people of the involved in what you are protecting. Multiple pairs of eyes is a good asset.
Develop a sensible plan - well designed to tease this information out of them. Humans are generally poor at regurgitating everything they know.
Periodically revise current lists of assets
Think of Coke, the brand is worth more than the actual formula to make the drink.
This is a huge problem, if the computer has been pre-loaded with a shared secret, it can use that but once it has been used once, what happens then? This is a very difficult problem, a computer in a room with no context has to make a decision.
You can have a one sided difficulty, say for example there is a store and you are interacting with them. The store does not care about if you are real or not, they just want your money where as you care if the store is real and legitimate. This is a one way street. You can get destroyed by a man in the middle attack, they intercept the public key and give your own.
Man in the middle attack:
Web of Trust: (PgP) find how this works.
PKI (this is the more dominant one and common one ): This solves the man in the middle problem but creates a whole lot of other problems.
SSL is how we will communicate between each other (TLS is another name I think)
This is kind of like a passport. It is a document that links a photo of me to my name and other information. X509 Certificates links a public key with a domain and maybe some other information. Signed with a public key of specific signers, the padlock that comes up in your browser shows this.
Look up how tls handshake works, find example of when CA were compromised
Bug Bounties presentation:
Hacker 101 has some good tips on bug bounty hunting.
This is a technique you use to look for bugs. There are different types of this. You put in some input then mutate it / generation based stuff to see if the output is what to be expected.
You can back door a mac https://null-byte.wonderhowto.com/how-to/hacking-macos-configure-backdoor-anyones-macbook-0184637/
This is an authorized simulated cyber attack on a computer system to evaluate security risks.