Internet Politics Technology

Global strategic war declared on governments against Internet Liberty

Dilbert Data SecurityRecently I wrote about the UK Government’s refusal to upgrade the ancient obsolete browser known as Internet Explorer 6 and how they were citing Security reasons for remaining on the ancient browser. With the British government yielding the current Internet Villian of the Year, then they must be confident in their security.

Lulzsec and Anonymous however may be about to put that security confidence to the test, the two hacking groups have joined forces in a joint operation that they are referring to as Operation Anti-Security. They have openly declared war against organizations, with a particular emphasis on Government and Banks (although I am not sure why they want to focus on banks) which are known to have dubious reputations in the internet liberties front.

Taking into account the governments highly controversial digital piracy laws which would see users and companies struck from the Internet for downloading unauthorized files I expect Lulzsec’s glare may shift towards the insecurity of the British Government. Who knows, perhaps they may in co-ordinating strategic attacks against the government awaken a sleeping generation of non voters prompting them to stand up and be counted at the next general election.

Suggestions that it may be a plot to give governments an excuse to take more control of the internet seem to be unfounded. The two groups have been increasingly becoming more high profile with recent attacks. The two groups if they play wisely, should stay away from attacking banks, despite the world distrust of the banking sector, people are still financially motivated. Removing access to financial information by striking down banks will lead to the general public siding with the banks and government instead. Keep it strategic and go after governments and a good population will not be unsympathetic to the cause.

The Inquirer |  PCMag | iGyaan

News Politics

Just how involved was David Cameron in the telephone hacking

Police Commisioner and David CameronCould David Cameron be trying to cover up his involvement in the conspiracy of the telephone hacking that seems to have spread through many senior members of parliament.

Certainly if he was hoping to hide the whole situation it looks less than likely that he will be able to do so. Likewise the metropolitan police commissioner may want to keep his head out of the limelight for a while.

MPs are demanding an independent review of the police investigation which will most certainly ruffle some heads of the senior police and the heart of the government.

According Andrew Grice and Mark Hughes of the Independent, Son and Heir to the Rupert Murdock media empire, had a “private” dinner with Prime Minister Cameron. This just days after the Prime Minister striped Vince Cable of his power to decide upon weather James Murdock’s News Corporation to purchase the remaining 61% of BSkyB – which would give them total ownership.

The now resigned director of communication for downing street, Mr Coulson’s departure was hoped by many in the government that the whole matter would simply disappear.

The possible connection to the news empire and the prime minister could seriously jeopardise the trust and respect of the prime minister whom should have an aura of responsibility and neutrality about him.

The Independant

Internet Technology

UK Government not prepared for Cyber attacks

Cyber SecurityIt seems that whilst London has been busy fighting over where money should be going they may have forgot there is a nation to run. This week has seen some serious warnings about the failings of the UK National security preparations. Government Communication HeadQuarters (GCHQ) director Iain Lobban has warned of a threat of cyber attacks on the UK infrastructure.

A former advisor to the whitehouse working now at security firm RSA highlights that international efforts must be made to deal with the threat of cyber attacks. There are countries that still turn a blind eye to the activities so long as that they are being directed from outside their borders. These nations must deal with activities such as this – and I suspect these countries may belong to the middle east.

The house of lords have also held a debate for 2 hours into the subject of cyber defense. How productive that may have been im not sure, but the conclusion was that the Government needed to take action so even if they are clueless the right advise was suggested anyway. The debate came about as a result of an EU recommendation of an NATO-EU joint effort to protect member states from such threats. Of course, that was published in May, so its good to see the Lords are up to speed!



High numbers of students turn to hacking

HackerIn a survey conducted by Security Firm Tufin Technologies, it acknoleges that around 1 in 5 students are admiting to hacking. The real intresting question is, are the other 4 being honest? When I was in high school , I knew one guy whom would be considered a hacker. At college I did a small amount – mostly accidental stuff – I tried to log on to an Oracle Database server with the system administrator log on – turns out the IT department had not changed the pasword for it. One of my freinds at that college showed me a technique to bypass a BIOS password, and it worked.

There is two sides to the story as always, ethical hacking, such as that taught at Dundee Abertay college in their Ethical Hacking and Countermessures allows students to develop skills of nessesary evil. If you are unaware of how to hack into a system, how can you possibilly prevent unauthorized access to it?

It is generally a grey area – hacking for ethical sake without the authority of the system in question such as an IT department clearly is wrong no matter what your intentions are. The study found that the vast majority of the students surveyed did agree with this assessment. Combining the remaining 16% whom do not recognize it as being wrong, the ones that have tried hacking from that lot are the ones that we need to worry about – they dont realise or do not understand what they are doing is wrong, and they have the skills to actually do it. These are the kinds of people that are going to cause us the problems.

Strangely, they suggest there is no gender bias but I find that hard to belive unless they actually interviewed equal number of students – generally speaking in computing science courses (at least the courses I have been on) have had a higher number of boys to girls ratio. Therefore less girls would be questioned and make up the ‘guilty’ selection.

On another consideration, the research does not define what they mean by hacking. How  many of the ones that admited it had merely overlooked a shoulder as a password was being typed? Or used completely automatic tools that got in? Neither of these are really major threats, its the ones that can sit down with just a shell and still manage to get in that we really need to worry about.



Graphics card may be hacking you

HackerResearch has been conducted which shows that the processing capacity of graphics cards has been eradicating the strength of passwords. The architectural design of modern graphics cards as a parallel processing unit has given advantages to the graphics card for brute force attacks on passwords.

In 2000, the fastest supercomputer of the time reached a processing capacity of 7 teraflops a second. Comparitvely, graphics cards are  now able to put in 2 Teraflops into a standard desktop PC.

Researchers at Georgia Tech point out that:

  • Password Length exponentially increases the possible passwords for each character.
  • Two Token Authentication reduces risk to almost no risk.

Two token authentication makes attacks almost impossible as it uses a second key which is physically used to authenticate the user, such as RSA SecureID which generates a code that is changing every minute usually which is only displayed on the key. This must be entered to verify the user.

Brute force has been around for a long time, but in the past it has not been very successful against a long password due to processor capabilities being low inside PCs. However nowadays with many PCs having two or more processor cores, and graphics cores multiplying also, the average PC processing capability is much higher. Attackers may not even need to go to the effort of a brute-force attack. In 2007 an attack on MySpace revealed many passwords and the study of those showed some disturbing passwords, with ‘password1’ being the most common.

The Interweb
RSA SecureID