UW Computer Security Research and Course Blog

Within the last couple of years, Valve Corporation (of Half-Life fame) over in Bellevue designed and implemented a content distribution platform called “Steam” with the intent of distributing its games through a distributed network placed around the world. Their goal was three-fold: (1) make it simpler to roll out updates instead of forcing clients to manually download patches, (2) make a streamlined interface to purchase, configure, and use the games, and (3) cut out the middle-man (the publisher) and take the additional profit to implement Steam.

(Read on …)

While the idea of software viruses is by no means new to those who work with computers, a new vector of attack seems to be developing in the form of hardware shipped from the manufacturer that is already infected with malware. In the past few weeks, a set of digital peripherals, particularly USB picture frames and IPods, have been found to contain one or more malicious executables. With such a method of delivery, it seems that the security industry may need to rethink what can and cannot be considered secure.

 http://www.cnn.com/2008/TECH/ptech/03/13/factory.installed.virus.ap/index.html?iref=mpstoryview

  (Read on …)

The premise is, at some point in the future, it would be ideal for the internet to be using IPv6 as it’s main backbone, rather than the current IPv4. A discussion of the features and algorithms of IPv6 is beyond the scope of this review, but if you are unfamiliar with it, or have questions, wikipedia has some good information. The target of this review is that hypothetical night when ISPs, whether all at once or one-by-one, shut off access to the internet via IPv4.

(Read on …)

iPhone offers lots of convenient functionality, such as phone, internet, music play and etc., making it a communication power house. However, it also opens up lots of new security risks. Since there is already an security review on iPhone 3rd party apps, I will focus on iPhone it self. (Read on …)

I was recently informed about a rather interesting service that is being used in Kenya called M-PESA.   According to their website, “M-PESA provides an affordable, fast, convenient and safe way to transfer money by SMS anywhere in Kenya. Through M-PESA you can:  

At first glance, I thought that the original intent M-PESA was for buying and transferring airtime while financial transactions were just a side affect; however, according to the FAQ M-PESA is intended to be “an innovative mobile payment solution that enables customers to complete simple financial transactions including person to person money transfer. It is aimed at mobile customers who do not have a bank account, either through choice, because they do not have access to a bank or because they do not have sufficient income to justify a bank account.”  (Read on …)

It was recently announced that last February at least one hacker was able to gain access on one server at Harvard University potentially viewing private information on up to 10,000 grad students and applicants of the Graduate School of Arts and Sciences.

(Read on …)

Zone-H(http://www.zone-h.org/content/view/14928/30/) has recently released a statistical breakdown of all the attacks from last three years. Surprisingly, Linux servers are the most attacked servers, even more than all version of windows combined. They suspect the reason for this is due to the fact that most server migrated to Linux, thus the attacks migrate too. I think this statistics is very interesting, because it really shows how “assets” comes into the play. It is not really the vulnerability or security weak spots within the operation system that draws most of the attack, but the assets guarded by them.

My check engine light came on last week, so I called up Michael’s Toyota Dealership and Service Center in Bellevue, WA.  I made an appointment and had my husband bring the car into the shop and take a shuttle to work.  Later in the afternoon, the car is finished and I start walking over to the dealership to pick up my car.  With my mind on a hundred other things, I had left my purse at home!  With no time to go back home before the dealership would close, I decided just to try to get the car and hope it wasn’t going to cost me anything and that I wouldn’t need any ID to pick it up.  I told the Service Center attendant I was there for my car and what my last name was.  She typed it into the computer, found the service number, and called for the car to be brought up to the front.  Everything was covered under warranty, so I climbed into my car and went on my merry way.  So why do I tell you all this?  Because it seems to me that I could have picked up any old car with just a last name. (Read on …)

Today the House of Representatives voted on a bill that would amend the FISA Act of 1978, which deals with government wiretapping. The amendments would deny amnesty to telecommunication industries for complying with illegal warrant less wiretaps by the Bush administration but allow those companies to use government classified information in their defense to prove that they did comply with the law (if they indeed did). (Read on …)

Hey everyone. I found a website where you can try to use various ways to hack through levels of password. I think this is a fun way to get in touch with our security mindsets and see how far you can go. I wish everyone good luck 🙂

http://hackerskills.com/