Category Archives: Uncategorized

What the WannaCry ransomware reminded us

This recent ransomware attack, which also hit parts of the NHS, has highlighted a number of problems the IT security industry already knew about.  WannaCry spread incredibly quickly and was only deactivated by accident, something we can be incredibly grateful for.

Let’s look at some things it reminded us.

Continue reading

Advertisements

Having Confidence

Confidence is something you have to develop, not just in yourself but also in the tools you use.  When electricity was new there was a lack of confidence in it (let alone whether we should use AC or DC!), but decades later we rarely think about it.  Similarly, most of us will get on a bus or in a car and do not panic that the vehicle will explode.

So, how and why is confidence important in IT?

Continue reading

Happy New Year 2017

The Computing, Digital Forensics and Cybersecurity team would like to wish a Happy New Year to our students and a welcome back to term after a festive season break.

fireworks-3594_960_720.jpg

Whether you are in your first or third year of study, the beginning of a New Year is an excellent opportunity to think about things you would do differently.

Continue reading

Security in light of Drone Delivery

In recent news Amazon’s Prime Air has successfully completed its first drone delivery, and we get to see the actual flight footage … no simulation!

For a number of years we have known of the intentions for companies to experiment with the use of drones for the delivery of parcels. Back in 2015 we saw a video released by Amazon which explained how the process would work, for Amazon Prime Air, noting we could eventual see the delivery of individual packages within 30 minutes of ordering. Since, Amazon has begun its trials for Prime Air’s drone delivery service. Currently trials are being run nearby to Amazon’s drone testing facility near Cambridge.

Amazon released official footage of the first ever successful drone delivery in the middle of December 2016. The video (below) demonstrates a customer who ordered an Amazon TV streaming stick and a bag of popcorn to their own garden. It is reported that the delivery, with no human pilot involved, delivered the package to the customer in 13 minutes from the click for delivery (Bezos, 2016).

Continue reading

How vulnerable are you?

You might be one of those people who always update their devices as soon as a patch comes out.  Maybe you like to wait a while to let the inevitable “Version x.y.z broke my wifi” niggles get resolved; perhaps you even take the view “if it’s not broke, don’t fix it!”.   Whatever your appetite for risk, there is almost certainly going to be some vulnerability that you are exposed to and there’s little you can do to avoid it.

Lets take an example.  Let’s say you have an iPhone running a flavor of iOS.  Not so long ago, it used to be that Apple products boasted there was no need for security protection.  Apple even used this in their marketing: “MAC vs PC Commercial – Viruses” (Apple Videos, 2007)

But time has moved on and the bad guys eventually realized there were a growing number of people out there with unprotected devices just aching to be exploited.  In the case of the iPhone, there are plenty of ways for others to get their hands on your cash, your identity or just your messages and contacts.

We all now know that iPhones are no longer the once fabled secure place that even the FBI can’t invade; a sort of digital embassy where its digital citizens can feel secure from hostile interests.   The San Bernardino iPhone put a stop to that idea.  The phone was reportedly unlocked using a zero-day exploit: “FBI vs San Bernardino iPhone Case cracked by hackers zero day” (Smith, 2016)

Zero-day exploits are weaknesses in systems that are either unknown by the vendor or not yet patched in the wild.  A bit like going out, remembering you left a window open and then trying to get in touch with your neighbor who has keys to enter your home and close it before you are robbed.

Security researchers are constantly looking for these zero-days exploits to get them confirmed and published as quickly as possible.  If you want to see how vulnerable you really are before Abobe, Apple, Microsoft or other vendors decide to warn you, you need to take a look at the CVE database.

The Common Vulnerabilities and Exposures (CVE) database houses a dictionary of cyber security vulnerabilities you really need to know about if you are going to make informed decisions on what risks you choose to tolerate and those you cannot.  You can search by keyword or by providing a CVE identifier.  Each identifier refers to an individual reported vulnerability (CVE, 2015).

Another, slightly more detailed resource that is linked to the MITRE database is here: (MITRE, 2016)

This site is particularly good for visually spotting trends in known cyber security issues.  Take a search for Apple iPhone’s iOs:

VulnerabilityTrendsOverTime

VulnerabilitiesByType

Source: “Apple Iphone Os: Vulnerability Statistics” (2016)

Ignoring the partial 2016 results, there is a clear upward trend in iOS vulnerabilities.

So imagine you see a notification pop up telling you to update your phone. What’s the risk if you don’t?  Let’s say you check out the update on Apple’s website:

SecurityContentiOS93.png

Source: Apple Inc. (2016)

Is Apple telling us everything here?  Let’s look up the CVE number CVE-2016-1734.  We can look this up on MITRE’s website and this will give you a little more independent detail that the Vendor may provide on their own page (bear in mind that no vendor likes to admit there are weaknesses in their products).

Lookup the CVE identifier on the cvedetails.com website we find:

CVSSscoresTypes.png

Source: “Vulnerability Details : CVE-2016-1734” (2016)

This informs us of a total disclosure of system files, a total compromising of the system, rendering the system (your phone) unusable without any credentials being needed.  From the same page you can also check what other risks you are taking from the same version of iOS.  Clicking on the Vulnerabilities link for iOS v9.2.1:

ProductsAffectedCVE

This leads to a page of 38 other issues (at the time of writing) with iOS 9.2.1, colour coded with red, amber and green to given a threat score.

iPhoneSecurityVulnerabilities.png

So before you ignore that update notice on your laptop, phone or other device, at least be more informed about the risk you are taking.

It’s time to write an essay – don’t forget your references!

Thank you to Lynsey Blandford for this great post!

We’ve all been there, an essay is due within a week or even days and so we start to quickly read around our subject.  It’s really easy to forget to make a note of where we’ve found interesting ideas or even a page number for a quotation.  Why is that important?  Firstly, it’s only fair to acknowledge others’ work, but secondly, forgetting to reference will look like plagiarism!  If this scenario is familiar, follow these tips and it’ll make your life much easier come deadline day.

  1. You’ll need a list of references and also a bibliography at the end of your essay. If you refer to a writer or source, this will need to be included in your references list as well as your bibliography.
  2. Throughout your essay there should also be references either alongside a quotation or even just a mention of another person’s idea or work.
  3. There are different ways to reference different types of sources, here are some examples:

Online

In-text citation

There is evidence of a rise in cybercrime (Davies, 2016), which suggests …

Reference list

Davies, R. (2016) UK businesses battling huge rise in cybercrime, report says. Available at: http://www.theguardian.com/technology/2016/feb/25/cybercrime-uk-businesses-battling-huge-rise-silver-fraudsters (Accessed: 17 March 2016).

Continue reading

Internet of Things (IoT) – How private is your private life?

Last November I was invited to give a keynote speech at the 2015 IEEE International Conference on Research in Computational Intelligence and Computer Networks (ICRCICN 2015) held in Kolkata, India.  I chose the topic “The Internet of Everything: How secure should it be?”* The more I thought about the security of the IoT, the more I realised how IoT could make individuals insecure and vulnerable and that the coming of IoT could seriously impact on our privacy!

Continue reading