Attending and Presenting at the 2017 National Conference for Learning and Teaching in Cyber Security

In April 2017 a number of Canterbury Christ Church University final year students and staff members attended, and presented, at the National Conference for Learning and Teaching in Cyber Security at Liverpool John Moores University. The two day Conference had a positive edge starting with the first day having been centric toward student presentations and competitions. It was great to see that a number of final year students from Universities in the United Kingdom working on some fantastic projects in a vast range of areas, such as web applications, malware, mobile phone apps and cybercrime. Many conferences lack this element to provide students the opportunity to step into the limelight, so it was fantastic to see feedback and questions posed for the students. Encouraging work and a fantastic experience for the final year students, as I am sure they would agree. It was also positive to see the vibe the student competitions provided at the event. 

Continue reading

Advertisements

First Computing, Digital Forensics & Cybersecurity Film Event

IMG_1266.JPGComputing, Digital Forensics & Cybersecurity held our first film screening last Wednesday.  Zero Days was a great way to start, and the film, pizza and drinks were enjoyed by all in attendance.  We have got another event coming up on Wednesday 15th March 2017 starting at 15:00.  Students can vote for what they want the next film to be (see Blackboard!) and current front runners include The Social Network and Citizenfour.  I’m voting for Citizenfour (I’ve seen The Social Network).  I’m hoping no-one (ever!) votes for Skyfall which portrays Q as the worst cybersecurity expert ever when he plugs in a compromised machine to the MI6 network.  Don’t even get me started on how realistic Swordfish is and always remember they only made one Matrix film!

We look forward to seeing our students at the next event!

IoT BLE Security Vulnerability

Results of a study undertaken by an SRA supported by School RKE funds.

“Things” as referred to in The Internet of “Things”, are everyday objects that have been adapted to be hosts for low energy sensors. These sensors provide the data thus enabling  these “Things” (Devices) to communicate with a network of some kind, in order to either share data or be managed, using a range of Bluetooth and Wireless technologies.

Low energy sensors can be embedded into many devices such as light switches, door locks, power sockets and actuators, which in turn are used to control or monitor more complex things such as central heating systems and home security systems.

Continue reading

Happy New Year 2017

The Computing, Digital Forensics and Cybersecurity team would like to wish a Happy New Year to our students and a welcome back to term after a festive season break.

fireworks-3594_960_720.jpg

Whether you are in your first or third year of study, the beginning of a New Year is an excellent opportunity to think about things you would do differently.

Continue reading

Security in light of Drone Delivery

In recent news Amazon’s Prime Air has successfully completed its first drone delivery, and we get to see the actual flight footage … no simulation!

For a number of years we have known of the intentions for companies to experiment with the use of drones for the delivery of parcels. Back in 2015 we saw a video released by Amazon which explained how the process would work, for Amazon Prime Air, noting we could eventual see the delivery of individual packages within 30 minutes of ordering. Since, Amazon has begun its trials for Prime Air’s drone delivery service. Currently trials are being run nearby to Amazon’s drone testing facility near Cambridge.

Amazon released official footage of the first ever successful drone delivery in the middle of December 2016. The video (below) demonstrates a customer who ordered an Amazon TV streaming stick and a bag of popcorn to their own garden. It is reported that the delivery, with no human pilot involved, delivered the package to the customer in 13 minutes from the click for delivery (Bezos, 2016).

Continue reading

Here we go again … passwords marked never to be used, still in the top ten

Our previous post by Joseph Williams titled ‘Bad passwords or just bad advice’ discussed the poor password habits of an online savvy society. Discussing that “the past few decades [of password advice] hasn’t quite sunk in” (Williams, 2016). In light of the leak of a Yahoo database, most likely tied to the huge data hack in recent headlines, researchers have once again looked at the most popular passwords uncovered.

Insecure passwords such as “123456”, “password”, “abc123”, “welcome” and “qwerty” were among the top ten exposed (Wang et al., 2016). Amongst these classic passwords, other users were using simple combinations of easily identifiable information (e.g. name, age and birthday). Generally, some users make their passwords easy to remember and simple for convenience. Yet, this leads us to an argument of convenience vs security. Continue reading

Cheap(ish) Scanning at Home using a Microsoft® Kinect

It is accurate to say that everybody knows what a printer is – a device that puts information on paper. Fast-forward to the 21-century, and printers still have a place in the world. Although now, the most common form of a printer is one which prints information from the computer onto paper. There are a variety of printers available to do this including inkjet, laser and dot-matrix – the latter of which is no longer in common usage (thankfully).

In a similar way that the aforementioned computer printers print 2-dimensional information onto paper, 3-dimensional printers can create objects using plastic. This is done using a heated nozzle laying down layers of molten plastic in a pre-defined pattern. The layers (which are commonly a fraction of a millimetre thick) eventually build up into an object.

Continue reading

A warm welcome to our new Computing, Digital Forensics and Cybersecurity Students

The Welcome Programme 2016 at Christ Church University (CCCU) gave us a delightful opportunity to welcome our new 2016/17 undergraduate students to Computing.

Students were provided with a timetable of stimulating, introductory and fun activities/events to socialise, make friends, and discover what it means to learn at CCCU in Computing. A social gathering welcomed students to meet the team, get to know each other, and get to know their lecturers.

First week (26 – 30 September) of teaching for our new students, and a welcome back to existing students, we hope you are all settling into the swing of things. We would like to provide our new students with a few tips for keeping organised from the beginning of your studies.

So let’s get started …

Continue reading

How vulnerable are you?

You might be one of those people who always update their devices as soon as a patch comes out.  Maybe you like to wait a while to let the inevitable “Version x.y.z broke my wifi” niggles get resolved; perhaps you even take the view “if it’s not broke, don’t fix it!”.   Whatever your appetite for risk, there is almost certainly going to be some vulnerability that you are exposed to and there’s little you can do to avoid it.

Lets take an example.  Let’s say you have an iPhone running a flavor of iOS.  Not so long ago, it used to be that Apple products boasted there was no need for security protection.  Apple even used this in their marketing: “MAC vs PC Commercial – Viruses” (Apple Videos, 2007)

But time has moved on and the bad guys eventually realized there were a growing number of people out there with unprotected devices just aching to be exploited.  In the case of the iPhone, there are plenty of ways for others to get their hands on your cash, your identity or just your messages and contacts.

We all now know that iPhones are no longer the once fabled secure place that even the FBI can’t invade; a sort of digital embassy where its digital citizens can feel secure from hostile interests.   The San Bernardino iPhone put a stop to that idea.  The phone was reportedly unlocked using a zero-day exploit: “FBI vs San Bernardino iPhone Case cracked by hackers zero day” (Smith, 2016)

Zero-day exploits are weaknesses in systems that are either unknown by the vendor or not yet patched in the wild.  A bit like going out, remembering you left a window open and then trying to get in touch with your neighbor who has keys to enter your home and close it before you are robbed.

Security researchers are constantly looking for these zero-days exploits to get them confirmed and published as quickly as possible.  If you want to see how vulnerable you really are before Abobe, Apple, Microsoft or other vendors decide to warn you, you need to take a look at the CVE database.

The Common Vulnerabilities and Exposures (CVE) database houses a dictionary of cyber security vulnerabilities you really need to know about if you are going to make informed decisions on what risks you choose to tolerate and those you cannot.  You can search by keyword or by providing a CVE identifier.  Each identifier refers to an individual reported vulnerability (CVE, 2015).

Another, slightly more detailed resource that is linked to the MITRE database is here: (MITRE, 2016)

This site is particularly good for visually spotting trends in known cyber security issues.  Take a search for Apple iPhone’s iOs:

VulnerabilityTrendsOverTime

VulnerabilitiesByType

Source: “Apple Iphone Os: Vulnerability Statistics” (2016)

Ignoring the partial 2016 results, there is a clear upward trend in iOS vulnerabilities.

So imagine you see a notification pop up telling you to update your phone. What’s the risk if you don’t?  Let’s say you check out the update on Apple’s website:

SecurityContentiOS93.png

Source: Apple Inc. (2016)

Is Apple telling us everything here?  Let’s look up the CVE number CVE-2016-1734.  We can look this up on MITRE’s website and this will give you a little more independent detail that the Vendor may provide on their own page (bear in mind that no vendor likes to admit there are weaknesses in their products).

Lookup the CVE identifier on the cvedetails.com website we find:

CVSSscoresTypes.png

Source: “Vulnerability Details : CVE-2016-1734” (2016)

This informs us of a total disclosure of system files, a total compromising of the system, rendering the system (your phone) unusable without any credentials being needed.  From the same page you can also check what other risks you are taking from the same version of iOS.  Clicking on the Vulnerabilities link for iOS v9.2.1:

ProductsAffectedCVE

This leads to a page of 38 other issues (at the time of writing) with iOS 9.2.1, colour coded with red, amber and green to given a threat score.

iPhoneSecurityVulnerabilities.png

So before you ignore that update notice on your laptop, phone or other device, at least be more informed about the risk you are taking.

It’s time to write an essay – don’t forget your references!

Thank you to Lynsey Blandford for this great post!

We’ve all been there, an essay is due within a week or even days and so we start to quickly read around our subject.  It’s really easy to forget to make a note of where we’ve found interesting ideas or even a page number for a quotation.  Why is that important?  Firstly, it’s only fair to acknowledge others’ work, but secondly, forgetting to reference will look like plagiarism!  If this scenario is familiar, follow these tips and it’ll make your life much easier come deadline day.

  1. You’ll need a list of references and also a bibliography at the end of your essay. If you refer to a writer or source, this will need to be included in your references list as well as your bibliography.
  2. Throughout your essay there should also be references either alongside a quotation or even just a mention of another person’s idea or work.
  3. There are different ways to reference different types of sources, here are some examples:

Online

In-text citation

There is evidence of a rise in cybercrime (Davies, 2016), which suggests …

Reference list

Davies, R. (2016) UK businesses battling huge rise in cybercrime, report says. Available at: http://www.theguardian.com/technology/2016/feb/25/cybercrime-uk-businesses-battling-huge-rise-silver-fraudsters (Accessed: 17 March 2016).

Continue reading