Well-known security researcher and commentator Ed Felton and colleagues at Princeton report on a technique for breaking many whole-disk encryption schemes, including the most common ones. The attack is based upon scanning RAM for encryption keys, and is even (reported to be) effective on a machine that has been recently powered down.
ASIMO is a robot that resembles a human that is created by Honda Motor Company. It was created at the Wako Fundamental Technical Research Center in Japan. The current version of this robot is version eleven. This robot, which is about four feet tall, looks like an astronaut wearing a backpack and it can walk and run on two feet. In addition, there are various features that ASIMO can perform. For example, it can recognize moving objects, postures and gestures, and environments. Therefore, it can react under various situations. In addition, ASIMO has facial recognition capabilities and distinguish sounds. It can also find information such as weather report by connecting to the Internet or greet and guide visitors given that they are valid visitors in the user’s network. Assuming ASIMO robots will be able to work as security guards in the future, here is the security review for the robot.
(Read on …)
This comic should make more sense after today’s lecture.
Anyone who has travelled within the past 6 years has experienced the excruciating joy of going through modern airport security. For most domestic flights your checked bags go through one set of security procedures, and your person and carry on items go through another. I will be focusing on the personal/carry on side of airport security. (Read on …)
At its essence CyberLocks are like mechanical locks++, enabling you to bring intelligent electronic access control to even the padlock level. CyberLock cylinders, which cannot be picked and maintain an audit trail of usage, can replace virtually any traditional lock (e.g. for doors, cabinets, padlocks, server racks, etc.) without any wiring. However, with the introduction of these additional features comes also the increased potential for new vulnerabilities and attacks. The following is an overview of the typical CyberLocks usage scenario that I will review (see this video for a clear and concise overview of the system (after which you may be able to skip to the Assets section of this review)).
According to Scientific American, the US Navy is considering to deploy a new technology, Deep Siren, to improve communication to and from submerged submarines. As of now, submarines have to be no deeper than 60 feet and towing a floating antenna behind them before they can communicate with the outside world. This makes the submarines far less agile and much easier to detect. The Deep Siren System will theoretically allow subs to communicate at any depth and speed.
(Read on …)
Adding to the current furor of news surrounding the issue of electronic voting machines, an egregious mistake by American voting machine producer Diebold (now known as Premier Election Systems) has lead to heightened doubts concerning the integrity of electronic voting.
Diebold has a history of security mishaps dating back to 2003, when they posted the source code for their voting software on a public FTP site. The availability of this code led to the discovery of an exploit in 2004 that would allow for the manipulation of votes as they are tabulated at a central location.
In the company’s most recent debacle, the first major issue of note is that the same physical key can be used to open the locks on all of the touch-screen voting machines that Diebold produces. Secondly, Diebold unwittingly posted a picture of this key on their website on a page that described how replacement keys can be ordered by official account holders. Ross Kinard of sploitcast.com was able to construct several keys based on this image that proved to successfully unlock a test voting machine.
The implication of this security breach is that it is now much easier for an adversary to gain physical access to the innards of a voting machine and attack it by modifying the software via a flash drive or by altering the hardware. This could result in misappropriated votes or denial of service attacks where people’s votes are rendered useless.
Many policy makers are lobbying to make a return to paper ballots, which arguably have fewer undetectable vulnerabilities, but are more tedious to deal with. It is unclear whether electronic voting machines will continue to be used in future or not, but serious changes need to be made before they become even remotely secure. In addition, companies like Diebold/Premier rely on their reputations, and they must earn and maintain the trust of the public in order to be successful.
Youtube video of a homemade key opening the lock on a Diebold electronic voting machine:
The security of our nation’s borders is a topic of great importance. The importance of border security, like most forms of security, can only be truly appreciated when it fails. Some forms of border security failure can have devastating consequences (9/11, though I don’t presume to say that border security was alone at fault for this tragedy), while other failures can have less obvious consequence, such as the draining of tax dollars to support illegal aliens receiving free health-care and education. The problem comes down to foreigners wanting to illegally enter our country for two contrasting reasons: to either benefit from a superior quality of life or to inflict damage on our nation. Defending against illegal immigration is no easy feat, as we have to consider the vast Southern border, the even bigger (though much less troublesome) Northern border, the coasts, and all international airports. Furthermore, distinguishing via identification and authentication between a foreigner who is legally residing within our borders and one that is doing so illegally is also a very hard problem. (Read on …)
Summary:
Automated Teller Machines (ATMs) have been around since the late 1930s. Nowadays they can be found all over the place. The common and accepted use of these machines is to draw money from your bank account in a convenient and accurate manner. To do this, we typically insert a bank card into the machine with a magnetic strip encoded with our account information such as our name, our account number, a special PIN, and maybe another number or two for security depending on the card. Once we input our card, we must communicate with the machine through the display and keyboard interfaces. These are the only means of communication for normal transactions.
However, what are some of the other aspects of ATMs? The money is typically held in armored, metal drums these days with only one entry-exit point. Video footage of ATM use is recorded also these days in the event something does happen, so authorities will have more information at their disposable to react. Messages to and from Data Bank Centers are relayed via a network in order to confirm account details. The machine’s innards are encapsulated with layers of physical security such as an outer casing, the armored drum mentioned for the money, locks, and a series of sensors such as magnetic, seismic, and thermal.
Assets:
Potential Adversaries/Threats:
Weaknesses:
Potential Defenses:
Risks and other issues:
Out of the two assets above, I would say the money in the ATM is the item at most risk. This is due to the value of the asset compared to anything else the ATM is composed of. Cash is the most liquid of all forms of payment, and it cannot be traced easily. These properties make the asset highly attractive. Next, considering the threats and adversaries, I believe the employees who restock the machine have the least risk of being caught. This is because they have access to the machine at certain times. It would be obvious if they stole the money before restocking the machine, but accessing the machine afterwards might be feasible to make it appear as if someone else did the bad deed. Next, I would think the manufacturers of the machines would have the next least risk. They have knowledge of the system, and from the article above, it can be seen if you have only the owners manual, you can steal from someATMs . It would make sense then that people unaffiliated with the machines like criminals would have the most risk. They must break the security of the machine from scratch which is more difficult than if they had inside information. Finally, from the weaknesses above, I would think the last weakness, ram-raiding, is the approach to be most taken. This is because it seems quick with numbers of people on your side, it can be done without revealing your identity, and you have an escape vehicle on hand. The bank card approach seems tricky since once you have stolensomeone’s card, they can just cancel it, and in the interval of time when they haven’t canceled, you need to get to an ATM with knowledge of their PIN to draw money.
By exploiting any of these vulnerabilities above, an individual is definitely participating in an unethical act. Taking the money in an ATM is a classic example of stealing. As a society, we have agreed that stealing is wrong, so this does not need anymore explanation.
Conclusion:
Ever since ATMs were first introduced, criminals have sought to rob them. It is a serious deal, and the level of protection on ATMs these days shows just how serious organizations are to protect the assets inside. Nowadays, the security systems are probably “good enough”, and we should be more worried about user and design error. After a system is at a certain level of security, it might be too costly to go much further, and perhaps responding to acts against the ATM is a better course of action at that point. Design error should be a major cause for concern though. As the article linked above shows, if default passwords and operation modes are left available to anyone with the ATM manual, then things can go very wrong.
As i’m sure everyone already aware of, one way our country (and many others) directs traffic is with these things call traffic lights. We place them at intersections, at about a one to one ratio of oncoming lanes to traffic light boxes. A box has three states, green, yellow, red. Green means you can go, yellow means red is imminent, and red means don’t go. Of course.
Now, how are these lights choosing which state do display? A set of lights at an intersection should display a setting that does not give multiple lanes the right of way to crossing paths. But when do we change states? In the beginning, it was all done off timers. At set intervals the right of way was changed from one lane to another, ect. However, then people realized that depending on the time of day, we might want different settings. And then people were like, hey lets put in sensor’s to figure out if there is car waiting! These things are usually are metal detects, but weight detectors exist also. All these strategies used the idea that each intersections should be independent of all the others. But then humans got the idea that if we could get ‘waves’ of green lights to happen, we could get even more efficiency. This requires intersections to talk to other intersections, as well as the ability to program in this information, and maintain/reset it as needed.
Many intersections also have buttons for pedestrian’s to push if they wish to walk across. This would give another signal to the lights, and the lights would queue up this request, and execute it eventually. Emergency vehicles also have a similar ability (and in some cases public transportation such as buses and light rail), which is called traffic signal preemption. Depending on the implementation, it can use radio waves, infrared, strobe lights, and audio signals from a siren to trigger. This will switch only the emergency vehicle’s path to green, and everyone else to red.
(Read on …)