UW Computer Security Research and Course Blog

Overview

This is a security review of “Smart Guns,” a general class of locking/use prevention mechanisms for firearms that rely on biometrics or other authentication indicators (such as “smart” chips embedded in the gun and in rings or other tokens worn by the intended user) to identify a person who is authorized to use the firearm, while preventing unauthorized persons from discharging the weapon. The Wikipedia article has some further broad overview information regarding the subject.

(Read on …)

Summary

Car GPS navigation systems are handy tool for finding one’s way on the road. With features like local points of interest, address book and SD card backup it would not be surprising if becomes a common everyday item soon. Here is a review for a GPS navigation system similar to the Magellan Maestro 4200:

(Read on …)

Amazon’s Simple Storage Service (S3) experienced an outage on the morning of February 15th, causing inaccessible content in the thousands of websites that rely on S3 for data storage. According to Amazon’s official explanation, the outage was due to a significantly increased volume of authenticated calls from multiple users. From the security perspective, this leads to more questions than answers.

(Read on …)

Since ISPs, most notably Comcast, some time ago began identifying and purposefully destroying or severely throttling BitTorrent connections passing through their networks, the struggles on both sides of the fence have been nothing short of a game of cat and mouse.

(Read on …)

Home monitoring systems like Quiet Care exist to allow independent living for elderly people. The system works by monitoring the person’s daily movements with wireless activity sensors in each room. The information collected from these sensors is gathered at a communicator and then is sent to the Quiet Care server and is analyzed for patterns. If the server detects unusual behavior, it contacts the caregivers of the individual.

(Read on …)

As many of you may have heard, two undersea cables were cut on January 31st severing internet to millions of users in the middle east. At first it was reported that these cables were severed by a ship’s anchor, but it is now being confirmed that this is false. The map of undersea cables and those affected can be found here.

However, in the last few days, two more cables have been cut. An illuminating internet traffic report is here.

The probability of all of these events being random accidents seems vanishingly small. Could this be a new sort of attack intended to black out an entire region? If so - what could the motivations be and who could be behind this? Could this be done for commercial reasons? Could this be a government or terrorist organization about to mount an attack?

Some other enlightening posts can be found here: part I, part II, part III

More than half of the million images that are private photos of MySpace users was stolen and uploaded onto BitTorrent. This is a huge privacy breach to MySpace users. The hacker, “DMaul”, said that he learned the security hole from the WIRED and used the method of attack. This security hole was surfaced last fall and because of this, various adversaries such as possible pedophiles, voyeurs, and advertisements were able to steal these photos. DeMaul ended up seeding these photos and advertised them as “pictures taken exclusively from private profiles”. It turns out that his attack cycles through the accounts by MySpace Friend ID numbers, thus did not target any specific group of people. Although, the attack did not target any specific group, this is a significant breach that affected users who are under 16 because their accounts are automatically set of private and their adversaries are more dangerous. Even though the attack result in leaks of a huge amount of pictures, it seems that MySpace didn’t follow up with the issue properly.

(Read on …)

Last May during a protested movement of a World War II soviet statue, Estonian governmental and political sites were flooded in a series of Denial of Service (DoS) attacks. These attacks consisted of hammering the sites servers with requests till they crash or shut down. While investigating, Estonia blamed the attacks on the Russian government, increasing the political tension between the two countries. Today, a twenty year old Estonian was fined for organizing some of the attacks.

Many Estonians of Russian decent were angered last May at the movement of the statues and there many rioted. A DoS attack perhaps was also used as a form of retaliation because of its relative ease. Whereas an attack on government building is easily caught, an attack over the internet can be easier to do and much harder to trace.

It isn’t clear what sort of protection these servers had from such attacks. However, preventing a DoS attack is difficult. While servers can be made to shut down more gracefully when attacked, it is hard to prevent denial of service. Firewalls and filters can help as well but they can keep out legitimate use of a site as well as attacks. The best solution seems to be preparedness. Quick detection and intervention of an attack occurring can allow more evidence to identify the offending party quicker. That coupled with high fines can also probably deter more attacks.

What is most interesting is the political side to these attacks. Cyber attacks can be used as a vector to make political statements as well as exacerbate political situations. The internet is a different and convenient medium for malicious groups wanting to increase political tensions or perhaps even start a war. For something with such impact it is surprising that these attacks are not so well protected against.

http://politics.slashdot.org/politics/08/01/25/0120221.shtml

http://www.nytimes.com/reuters/technology/tech-estonia-cybertrial.html?scp=2&sq=estonia&st=nyt

http://www.nytimes.com/2007/05/29/technology/29estonia.html?scp=6&sq=estonia&st=nyt

With many people living off campus, biking is a popular method for getting to class in a timely manner.  Bikes can be quite expensive, however, and riders are usually forced to put them in a public location (for sake of convenience/necessity).  As such, there are some security measures that can be taken to deter thieves from stealing these expensive publicly-displayed commodities.  The most common (and only?) tool used to this end is a bike lock.  For those of you who don’t know, bike locks are basically some loop of metal that has a lock to break the continuity.  The two types I’m familar with are the U-shaped locks (with a bar across the top of the U containing a lock) and, more commonly, the snake of heavy cable that has a lock in the middle somewhere.  With bikes as prevalent as they are, keeping them from getting stolen is a high priority.
(Read on …)

The UK has proposed to embed offenders with RFID chips as part of an expansion of the electronic tagging scheme that would allow British officials to to help enforce home curfews.  This sort of tagging already exists within pets like cats and dogs that have been properly licensed. The RFID tag will contain information about who they are, where they live, and the offending record. The use of this technology will be used to keep certain criminals out of certain hot zones at which a crime may occur, for example, a sex offender, entering a school zone.  (Read on …)