UW Computer Security Research and Course Blog

Within the last couple of years, Valve Corporation (of Half-Life fame) over in Bellevue designed and implemented a content distribution platform called “Steam” with the intent of distributing its games through a distributed network placed around the world. Their goal was three-fold: (1) make it simpler to roll out updates instead of forcing clients to manually download patches, (2) make a streamlined interface to purchase, configure, and use the games, and (3) cut out the middle-man (the publisher) and take the additional profit to implement Steam.

(Read on …)

While the idea of software viruses is by no means new to those who work with computers, a new vector of attack seems to be developing in the form of hardware shipped from the manufacturer that is already infected with malware. In the past few weeks, a set of digital peripherals, particularly USB picture frames and IPods, have been found to contain one or more malicious executables. With such a method of delivery, it seems that the security industry may need to rethink what can and cannot be considered secure.

 http://www.cnn.com/2008/TECH/ptech/03/13/factory.installed.virus.ap/index.html?iref=mpstoryview

  (Read on …)

The premise is, at some point in the future, it would be ideal for the internet to be using IPv6 as it’s main backbone, rather than the current IPv4. A discussion of the features and algorithms of IPv6 is beyond the scope of this review, but if you are unfamiliar with it, or have questions, wikipedia has some good information. The target of this review is that hypothetical night when ISPs, whether all at once or one-by-one, shut off access to the internet via IPv4.

(Read on …)

iPhone offers lots of convenient functionality, such as phone, internet, music play and etc., making it a communication power house. However, it also opens up lots of new security risks. Since there is already an security review on iPhone 3rd party apps, I will focus on iPhone it self. (Read on …)

I was recently informed about a rather interesting service that is being used in Kenya called M-PESA.   According to their website, “M-PESA provides an affordable, fast, convenient and safe way to transfer money by SMS anywhere in Kenya. Through M-PESA you can:  

At first glance, I thought that the original intent M-PESA was for buying and transferring airtime while financial transactions were just a side affect; however, according to the FAQ M-PESA is intended to be “an innovative mobile payment solution that enables customers to complete simple financial transactions including person to person money transfer. It is aimed at mobile customers who do not have a bank account, either through choice, because they do not have access to a bank or because they do not have sufficient income to justify a bank account.”  (Read on …)

It was recently announced that last February at least one hacker was able to gain access on one server at Harvard University potentially viewing private information on up to 10,000 grad students and applicants of the Graduate School of Arts and Sciences.

(Read on …)

Zone-H(http://www.zone-h.org/content/view/14928/30/) has recently released a statistical breakdown of all the attacks from last three years. Surprisingly, Linux servers are the most attacked servers, even more than all version of windows combined. They suspect the reason for this is due to the fact that most server migrated to Linux, thus the attacks migrate too. I think this statistics is very interesting, because it really shows how “assets” comes into the play. It is not really the vulnerability or security weak spots within the operation system that draws most of the attack, but the assets guarded by them.