A Django site.
April 23, 2010

Inside Security News
insecnews
is about »
» InfoSec Europe 2010

Uni. of Glamorgan's ISRG group will be at #InfoSec10 Europe located at Stand R93 or at the Uni. Pavilion: http://goo.gl/blZk

» My Twitter on Security

Hey everyone, I have finally found a reason to have twitter. It aint the best medium but it is the fastest way to say something, which can be followed by an article on a blog etc. For now I will maintain my own twitter, so if you want to track anything I track or write (tweet) that is security related checkout: https://twitter.com/kxynos

February 11, 2010

Inside Security News
insecnews
is about »
» Research PhD Studentship

Network Attack Impact Analysis and Counter Measure Deployment via the Application of Behavioural Engines

University of Glamorgan - Faculty of Advanced Technology
Programme of Research:

Behavioural engines are a new and more effective approach than the traditional, large, rule-based engines. In particular they are far more effective at eliciting tacit knowledge and maintaining internal self-consistency, which in turn produces a system that is easier to adapt as systems change. This makes behavioural engines an attractive proposition for analysing CNA, as attacks are becoming more complex and are continually adapting. However the application of such engines to this area has not been researched. Instead basic rule-based systems is the nearest available technology.

The aim of this PhD project is to research the basic methods by which such engines can be applied and based on the best of those methods examine the feasibility of real-time computer network attack impact assessment and response being performed via the application and extension of a multi-attributed based heuristic behavioural engine.

This PhD project will seek to create a system that is capable of receiving computer network defence and computer network management data in real time and perform an impact analysis calculation of for the selection and deployment of a policy driven security countermeasure via the Application of Behavioural Engines. Thus the goals are:

•To extend the core behavioural engine to support the policy-directed assimilation and analysis of multiple data sources across multiple security domains.
•To utilize a policy engine for the selection and deployment of security countermeasures across multiple security domains.
•To validate the feasibility of such an approach will via the construction and execution of a proof of concepts demonstrator.
Please note: the studentship is open to persons holding UK/EU passports only.

Applications are invited, from highly motivated individuals with a good first degree in a computing related degree (2.1 or higher), for a full-time PhD position in the Faculty of Advanced Technology at the University of Glamorgan. Relevant subject expertise in computer network attack / computer network defence / behavioural engines would be beneficial, but not required. The student will be required to undergo a UK government security check.

A bursary amount of £13,290 (tax free) and UK/EU fees will be paid.

The closing date for applications is 19th February 2010 and interviews will be held on week beginning 22nd February 2010.

Contact details
Name: Dr. Huw Read
Address: Faculty of Advanced Technology, University of Glamorgan, CF37 1DL
Telephone: 01443 654287
Email: isrg [at] glam.ac.uk (replace [at] with @)

Original reference: http://www.jobs.ac.uk/job/AAQ821/research-phd-studentship/

December 29, 2009

Inside Security News
insecnews
is about »
» GSM encryption attack lowers privacy to zero

In Europe mobile phones use the GSM standard to communicate with the carries. Encryption was and still is used to protect the calls and special intercepting abilities are built-in to the standard to assist law-enforcement.

Early versions of GSM use a weak encryption algorithms (e.g., A5/1) that are out of date and everyone now (hopefully) should be using UMTS (3G) (i.e. USIM) which include newer and better encryption algorithms.

What Karsten Nohl [2], his team and contributors have achieved is to utilise the advances in processing power (e.g., CUDA) to pre-calculate a code book[2] that will enable real-time decoding. Obviously the attacker will have to have access to the encrypted packets. This can achieved by setting-up a fake base station.

If you are thinking of doing this in the UK you will need special licence or permission from Ofcom or face the possible consequences [3].

Once again the weaknesses are known and the fact that this type of attack has emerged just demonstrates that relying upon incomputable algorithms is not always the best option. The only way to staying ahead of the game is with new encryption implementations.

Links Used:
[1] - http://news.bbc.co.uk/2/hi/technology/8429233.stm
[2] - http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html
[3] - http://www.ofcom.org.uk/radiocomms/ifi/enforcement/illegalbroadcast/

December 9, 2009

Inside Security News
insecnews
is about »
» PhD Studentship

PhD Studentship
Job Reference No. PhD FAT2
Salary: Stipend of £20,000 per year, minimum. Plus payment of enrolment fees
Closing Date: December 13, 2009
Interview Date: PM Wednesday 16/12/09
Terms: Permanent
Job Type: Support Staff
Job Class: External
Location: Treforest

Title of Research
QoS and Routing in Encrypted Networks

Programme of Research
This industry funded research project is in partnership with QinetiQ Ltd. The company is a leading international provider of technology-based services and solutions to the defence, security and related markets; and work with government organisations, predominantly in the UK and USA including defence departments, intelligence services and security agencies.

This PhD project will be an investigation of quality of service and routing implications over all encrypted networks (AEN), based on different traffic types ands structures, scenarios and use cases for use in experimentation and demonstration.

This research is to be carried out mindful of the specific security constraints in the field of traffic management. In particular, this work will involve the following work packages:

1. Requirements Analysis
2. Solution Analysis
3. Implementation
4. Exploitation and Realisation
5. Experimentation
6. Demonstration

Applications are invited, from highly motivated individuals with a good first degree in a computing related degree (2.1 or higher), for a full-time PhD position in the Faculty of Advanced Technology at the University of Glamorgan. Significant experience in a major programming language is required (C++, C#, .net), with knowledge of web services such as SOAP/REST preferred. Relevant subject expertise in computer network attack / computer network defence / QoS and relevant certifications (e.g. CHECK / CREST / TIGER) would be beneficial, but not required. The student will be required to undergo a UK government security check. The PhD position is open to UK nationals only.

Closing time and date: 12 midnight Sunday 13/12/09.
Interviews to be held pm Wednesday 16/12/09.
Applicants will be informed if they are selected for interview by email on Monday 14/12/09

How to Apply
Please submit the university postgraduate research application form http://www.glam.ac.uk/apply/156/research.

Contact details
Name: Dr. Huw Read, Prof Andrew Blyth, Dr. Iain Sutherland
Address: Faculty of Advanced Technology, University of Glamorgan, CF37 1DL
Telephone: 01443 654287
Email: isrg@glam.ac.uk

Posted at: http://inform.glam.ac.uk/jobs/details/591/

December 7, 2009

Inside Security News
insecnews
is about »
» Your data selling for $30 to $40 USD by US companies

What do you mean you don't live in the US. Do you not use any of these companies services over the Internet?

Want an insight to what US companies do with their customer data? Check the documents data retention policies, surveillance capabilities and lawful data-interception guides posted at cryptome.org [1]. In the UK we hope that the Data Protection Act protects us to a point, but we still have to pay to see what is held about us. An expensive exercise.

Any sight of Google's policies?

[1] Cryptome.org [2] http://www.wired.com/threatlevel/2009/12/yahoo-spy-prices

November 8, 2009

Inside Security News
insecnews
is about »
» iPhone: myPhone on lock-down

...and you thought you were the only person to have the privilege of locking your iPhones screen. Think again. Once again a stunt and proof of concept demonstrates that high tech. mobile devices can be manipulated and possibly locked down by malicious people, leaving the users at their mercy. In some cases even try to get you to part with your money. This was demonstrated with the iPhone 'Your iPhone's been hacked' stunt as reported [1] by Wired.

It appears that jailbroken iPhones have SSH and a default root password (if not changed), allowing full remote access to the phone. It is that easy. The users are lucky that the creator didn't start locking the devices as we have seen with ransomware (malware that requests ransom to decrypt data or unlock a pc).

I would not be surprised if Apple didn't try to use this problem to demonstrate to people that jailbreaking the iPhone will mean that you are taking avoidable risks and that you are not being protected to the fullest.

[1] Wired - Hacker holds Dutch iPhones for €5 ransom - http://www.wired.co.uk/news/archive/2009-11/04/hacker-holds-dutch-iphones-for-€5-ransom.aspx

October 22, 2009

Inside Security News
insecnews
is about »
» Phone tapping the VoIP way

VoIP stands for Voice over IP (or the Internet). It is a cheap (or free) way of contacting people around the world. The most commonly used online application is Skype. When I came across this article [http://www.theregister.co.uk/2009/08/28/skype_trojan_source_code/] I had to write about it. It is amazing what people come up with and openly [http://www.megapanzer.com/source-code/#skypetrojan] demonstrate how programs can be created to intercept a normal programs function. In this case we have the redirection of a voice call saved to an MP3, encrypted (nifty) and sent over to a server.

Now I wonder how many SME's make use of VoIP and Skype...

By the bye, I am amazed that we still get charged so high for making International calls in the UK.

» e-Crime Wales Summit 2009

The e-Crime Wales 2009 Summithttp://www.ecrimewales.com/ held at Llandudno, Wales is over and a number of great speakers attended. Our own Prof. Andrew Blyth presented our findings on the installation of 15 IDS sensors in Welsh SME's around Wales. Hopefully the attendees (business owners etc) would have come into contact with a number of security professionals and brought upto date on how to protect their businesses or at least where to go from here.

The few that I did see at least, from the live feed, all pointed out the need to be aware of the security implications of using online resources and complacency should not an option, even though most people choose it. There is always one question that that needs to be answered before deciding to got (or watch the live feed) one of these events, 'What information will I walk away with?' . I think that it is a great opportunity to be exposed to the horror stories that the speakers have to offer through their experience and you can always pickup and relate to them at some point or hope not to.

Check out the twitter feed here [http://twitter.com/ecrimewales] with some questions and answers and a general overview of the speakers key points.

A picture of Prof. Andrew Blyth, Ed Gibson & Chris Corcoran http://bit.ly/3drSUL

A great service provided by SpamHaus are the advisory lists they provide (i.e., Spamhaus Block List, Exploits Block List and Policy Block List ). Check them out at http://www.spamhaus.org/.

e-Crime Wales also have a blog at http://ecrimewales.posterous.com/

Update (@11:20): We got a mention in the Welsh Daily Post: "E-crime costs Welsh companies hundreds of millions of pounds annually" - Oct 22 2009 - Daily Post - http://www.dailypost.co.uk/business-news/business-news/2009/10/22/e-crime-costs-welsh-companies-hundreds-of-millions-of-pounds-annually-55578-24989506/

September 10, 2009

Inside Security News
insecnews
is about »
» Snort Rules checked by dumbpig

Writing custom Snort rules and what to check if they are correct? ..up to a certain point.
Well dumbpig [1] by Leon Ward is what you are after. For a good example check out VRT Sourcefire's blog entry [2].

...while you are at it have a look at Snoge [3] "Take your Snort or Sourcefire IPS events and place them onto Google Earth.".

Links Used:
[1] - dumbpig - http://leonward.wordpress.com/dumbpig/
[2] - Syntax Checking your Snort Rules - http://vrt-sourcefire.blogspot.com/2009/08/syntax-checking-your-snort-rules.html
[3] - snoge - http://code.google.com/p/snoge/