A Django site.
August 5, 2010

Funding Matters Weblog News
fundingnews
Funding Matters - Home is about »
» FP7 Calls – 2011 Work Programmes published

The latest FP7 calls which cover a number of thematic and multidisciplinary areas have been announced at the end of July through the publication of the 2011 Work Programmes. There are 51 new calls which cover four FP7 specific programmes (Cooperation, Ideas, People and Capacities) across areas including Health, Security, Energy, Environment and Transport. Deadlines vary across the four specific programmes.

FP7 Cooperation

The specific programme on ‘Co-operation’ supports fosters collaborative research across Europe and other partner countries through projects by transnational consortia of industry and academia. Research will be carried out in ten key thematic themes:

-Health (3 calls)

-Food, Agriculture and Fisheries, and Biotechnology (FAFB) (5 calls)

-Information and Communication Technologies (ICT) (8 calls)

-Nanosciences, Nanotechnologies, Materials and new Production Technologies (12 calls)

-Energy (8 calls)

-Environment (including Climate Change) (8 calls)

-Transport (including Aeronautics) (9 calls)

-Socio-Economic Sciences and the Humanities (4 calls)

-Space (1 call)

-Security (1 call)

More Information: Cooperation Calls

FP7 Ideas (European Research Council, ERC)

The Ideas programme will support “frontier research” solely on the basis of scientific excellence. Research may be carried out in any area of science or technology, including engineering, socio-economic sciences and the humanities. In contrast with the Cooperation programme, there is no obligation for cross-border partnerships. Projects are implemented by “individual teams” around a “principal investigator”.

ERC Starting Independent Researcher Grants

ERC Starting Grants aim to provide critical and adequate support to the independent careers of excellent researchers, whatever their nationality, who are at the stage of establishing or consolidating their own independent research team or programme.

More Information: Ideas Calls

FP7 People (Marie Curie)

The People programme provides support for researcher mobility and career development, both for researchers inside the European Union and internationally. It is implemented via a set of Marie Curie actions, providing fellowships and other measures to help researchers build their skills and competences throughout their careers. Calls which have recently been announced are:

Marie Curie Industry-Academia Partnerships and Pathways (IAPP)

This activity will seek to open and foster dynamic pathways between public research organisations and private commercial enterprises, particularly SMEs. It aims to achieve this predominately by secondments between sectors and networking activities.

Marie Curie Initial Training Networks 2011 (ITN)

This action aims to improve career perspectives of early-stage researchers in both public and private sectors, thereby making research careers more attractive to young people. This will be achieved through a trans-national networking mechanism, aimed at structuring the existing high-quality initial research training capacity throughout Member States and associated countries. Direct or indirect involvement of organisations from different sectors, including (lead-) participation by private enterprises in appropriate fields, is considered essential in the action.

More Information: People Calls

FP7 Capacities

There are a number of interesting schemes under the ‘Capacities’ specific programme that cut across a number of research themes. It can be approached in a more bottom-up way than the ‘Co-operation’ programme. The programme aims to support the coherent development of policies; complement the Co-operation programme; contribute to EU policies and initiatives to improve the coherence and impact of Member States policies; find synergies with regional and cohesion policies, the Structural Funds, education and training programmes and the Competitiveness and Innovation Programme (CIP). Within ‘Capacities’ there are seven main activities which can be seen below:

-Research Infrastructures (3 calls)

-Research for the benefit of SMEs (2 calls)

-Regions of Knowledge (1 call)

-Research Potential (1 call)

-Science in Society (2 calls)

-Activities of International Cooperation (3 calls)

More information: Capacities Calls

Please visit the relevant call links above or contact the European Office for advice on which call is best suited to your needs.

EuRO recommends that anyone who is interested in accessing EU funding makes contact with the European Office in plenty of time prior to the submission deadline to fully benefit from our professional advice and support.

Any application for external funding requires the completion of an External Funding Application Submission (EFAS) form, to create a form please visit EFAS

April 23, 2010

Inside Security News
insecnews
is about »
» InfoSec Europe 2010

Uni. of Glamorgan's ISRG group will be at #InfoSec10 Europe located at Stand R93 or at the Uni. Pavilion: http://goo.gl/blZk

» My Twitter on Security

Hey everyone, I have finally found a reason to have twitter. It aint the best medium but it is the fastest way to say something, which can be followed by an article on a blog etc. For now I will maintain my own twitter, so if you want to track anything I track or write (tweet) that is security related checkout: https://twitter.com/kxynos

February 11, 2010

Inside Security News
insecnews
is about »
» Research PhD Studentship

Network Attack Impact Analysis and Counter Measure Deployment via the Application of Behavioural Engines

University of Glamorgan - Faculty of Advanced Technology
Programme of Research:

Behavioural engines are a new and more effective approach than the traditional, large, rule-based engines. In particular they are far more effective at eliciting tacit knowledge and maintaining internal self-consistency, which in turn produces a system that is easier to adapt as systems change. This makes behavioural engines an attractive proposition for analysing CNA, as attacks are becoming more complex and are continually adapting. However the application of such engines to this area has not been researched. Instead basic rule-based systems is the nearest available technology.

The aim of this PhD project is to research the basic methods by which such engines can be applied and based on the best of those methods examine the feasibility of real-time computer network attack impact assessment and response being performed via the application and extension of a multi-attributed based heuristic behavioural engine.

This PhD project will seek to create a system that is capable of receiving computer network defence and computer network management data in real time and perform an impact analysis calculation of for the selection and deployment of a policy driven security countermeasure via the Application of Behavioural Engines. Thus the goals are:

•To extend the core behavioural engine to support the policy-directed assimilation and analysis of multiple data sources across multiple security domains.
•To utilize a policy engine for the selection and deployment of security countermeasures across multiple security domains.
•To validate the feasibility of such an approach will via the construction and execution of a proof of concepts demonstrator.
Please note: the studentship is open to persons holding UK/EU passports only.

Applications are invited, from highly motivated individuals with a good first degree in a computing related degree (2.1 or higher), for a full-time PhD position in the Faculty of Advanced Technology at the University of Glamorgan. Relevant subject expertise in computer network attack / computer network defence / behavioural engines would be beneficial, but not required. The student will be required to undergo a UK government security check.

A bursary amount of £13,290 (tax free) and UK/EU fees will be paid.

The closing date for applications is 19th February 2010 and interviews will be held on week beginning 22nd February 2010.

Contact details
Name: Dr. Huw Read
Address: Faculty of Advanced Technology, University of Glamorgan, CF37 1DL
Telephone: 01443 654287
Email: isrg [at] glam.ac.uk (replace [at] with @)

Original reference: http://www.jobs.ac.uk/job/AAQ821/research-phd-studentship/

December 29, 2009

Inside Security News
insecnews
is about »
» GSM encryption attack lowers privacy to zero

In Europe mobile phones use the GSM standard to communicate with the carries. Encryption was and still is used to protect the calls and special intercepting abilities are built-in to the standard to assist law-enforcement.

Early versions of GSM use a weak encryption algorithms (e.g., A5/1) that are out of date and everyone now (hopefully) should be using UMTS (3G) (i.e. USIM) which include newer and better encryption algorithms.

What Karsten Nohl [2], his team and contributors have achieved is to utilise the advances in processing power (e.g., CUDA) to pre-calculate a code book[2] that will enable real-time decoding. Obviously the attacker will have to have access to the encrypted packets. This can achieved by setting-up a fake base station.

If you are thinking of doing this in the UK you will need special licence or permission from Ofcom or face the possible consequences [3].

Once again the weaknesses are known and the fact that this type of attack has emerged just demonstrates that relying upon incomputable algorithms is not always the best option. The only way to staying ahead of the game is with new encryption implementations.

Links Used:
[1] - http://news.bbc.co.uk/2/hi/technology/8429233.stm
[2] - http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html
[3] - http://www.ofcom.org.uk/radiocomms/ifi/enforcement/illegalbroadcast/

December 9, 2009

Inside Security News
insecnews
is about »
» PhD Studentship

PhD Studentship
Job Reference No. PhD FAT2
Salary: Stipend of £20,000 per year, minimum. Plus payment of enrolment fees
Closing Date: December 13, 2009
Interview Date: PM Wednesday 16/12/09
Terms: Permanent
Job Type: Support Staff
Job Class: External
Location: Treforest

Title of Research
QoS and Routing in Encrypted Networks

Programme of Research
This industry funded research project is in partnership with QinetiQ Ltd. The company is a leading international provider of technology-based services and solutions to the defence, security and related markets; and work with government organisations, predominantly in the UK and USA including defence departments, intelligence services and security agencies.

This PhD project will be an investigation of quality of service and routing implications over all encrypted networks (AEN), based on different traffic types ands structures, scenarios and use cases for use in experimentation and demonstration.

This research is to be carried out mindful of the specific security constraints in the field of traffic management. In particular, this work will involve the following work packages:

1. Requirements Analysis
2. Solution Analysis
3. Implementation
4. Exploitation and Realisation
5. Experimentation
6. Demonstration

Applications are invited, from highly motivated individuals with a good first degree in a computing related degree (2.1 or higher), for a full-time PhD position in the Faculty of Advanced Technology at the University of Glamorgan. Significant experience in a major programming language is required (C++, C#, .net), with knowledge of web services such as SOAP/REST preferred. Relevant subject expertise in computer network attack / computer network defence / QoS and relevant certifications (e.g. CHECK / CREST / TIGER) would be beneficial, but not required. The student will be required to undergo a UK government security check. The PhD position is open to UK nationals only.

Closing time and date: 12 midnight Sunday 13/12/09.
Interviews to be held pm Wednesday 16/12/09.
Applicants will be informed if they are selected for interview by email on Monday 14/12/09

How to Apply
Please submit the university postgraduate research application form http://www.glam.ac.uk/apply/156/research.

Contact details
Name: Dr. Huw Read, Prof Andrew Blyth, Dr. Iain Sutherland
Address: Faculty of Advanced Technology, University of Glamorgan, CF37 1DL
Telephone: 01443 654287
Email: isrg@glam.ac.uk

Posted at: http://inform.glam.ac.uk/jobs/details/591/

December 7, 2009

Inside Security News
insecnews
is about »
» Your data selling for $30 to $40 USD by US companies

What do you mean you don't live in the US. Do you not use any of these companies services over the Internet?

Want an insight to what US companies do with their customer data? Check the documents data retention policies, surveillance capabilities and lawful data-interception guides posted at cryptome.org [1]. In the UK we hope that the Data Protection Act protects us to a point, but we still have to pay to see what is held about us. An expensive exercise.

Any sight of Google's policies?

[1] Cryptome.org [2] http://www.wired.com/threatlevel/2009/12/yahoo-spy-prices

November 8, 2009

Inside Security News
insecnews
is about »
» iPhone: myPhone on lock-down

...and you thought you were the only person to have the privilege of locking your iPhones screen. Think again. Once again a stunt and proof of concept demonstrates that high tech. mobile devices can be manipulated and possibly locked down by malicious people, leaving the users at their mercy. In some cases even try to get you to part with your money. This was demonstrated with the iPhone 'Your iPhone's been hacked' stunt as reported [1] by Wired.

It appears that jailbroken iPhones have SSH and a default root password (if not changed), allowing full remote access to the phone. It is that easy. The users are lucky that the creator didn't start locking the devices as we have seen with ransomware (malware that requests ransom to decrypt data or unlock a pc).

I would not be surprised if Apple didn't try to use this problem to demonstrate to people that jailbreaking the iPhone will mean that you are taking avoidable risks and that you are not being protected to the fullest.

[1] Wired - Hacker holds Dutch iPhones for €5 ransom - http://www.wired.co.uk/news/archive/2009-11/04/hacker-holds-dutch-iphones-for-€5-ransom.aspx

October 22, 2009

Inside Security News
insecnews
is about »
» Phone tapping the VoIP way

VoIP stands for Voice over IP (or the Internet). It is a cheap (or free) way of contacting people around the world. The most commonly used online application is Skype. When I came across this article [http://www.theregister.co.uk/2009/08/28/skype_trojan_source_code/] I had to write about it. It is amazing what people come up with and openly [http://www.megapanzer.com/source-code/#skypetrojan] demonstrate how programs can be created to intercept a normal programs function. In this case we have the redirection of a voice call saved to an MP3, encrypted (nifty) and sent over to a server.

Now I wonder how many SME's make use of VoIP and Skype...

By the bye, I am amazed that we still get charged so high for making International calls in the UK.

» e-Crime Wales Summit 2009

The e-Crime Wales 2009 Summithttp://www.ecrimewales.com/ held at Llandudno, Wales is over and a number of great speakers attended. Our own Prof. Andrew Blyth presented our findings on the installation of 15 IDS sensors in Welsh SME's around Wales. Hopefully the attendees (business owners etc) would have come into contact with a number of security professionals and brought upto date on how to protect their businesses or at least where to go from here.

The few that I did see at least, from the live feed, all pointed out the need to be aware of the security implications of using online resources and complacency should not an option, even though most people choose it. There is always one question that that needs to be answered before deciding to got (or watch the live feed) one of these events, 'What information will I walk away with?' . I think that it is a great opportunity to be exposed to the horror stories that the speakers have to offer through their experience and you can always pickup and relate to them at some point or hope not to.

Check out the twitter feed here [http://twitter.com/ecrimewales] with some questions and answers and a general overview of the speakers key points.

A picture of Prof. Andrew Blyth, Ed Gibson & Chris Corcoran http://bit.ly/3drSUL

A great service provided by SpamHaus are the advisory lists they provide (i.e., Spamhaus Block List, Exploits Block List and Policy Block List ). Check them out at http://www.spamhaus.org/.

e-Crime Wales also have a blog at http://ecrimewales.posterous.com/

Update (@11:20): We got a mention in the Welsh Daily Post: "E-crime costs Welsh companies hundreds of millions of pounds annually" - Oct 22 2009 - Daily Post - http://www.dailypost.co.uk/business-news/business-news/2009/10/22/e-crime-costs-welsh-companies-hundreds-of-millions-of-pounds-annually-55578-24989506/