Web hosting

Wednesday, October 31, 2012

More Automated Research/Analysis

I've been examining the 'Automated Research/Analysis' concept further (especially in the context of real time analysis) so that I can design/build a prototype. One of the problems that was faced is the actual filtering of the actual content an underlying file format itself. As I've seen myself on a number of occassions depending on the format recovering the original data can be difficult if not impossible depending on how the developers created it (possibly compressed, packed, encrypted, has a proprietary format, or something else strange was done with it...) Moreover, depending on the nature of the programs data corruption or just mis-alignment (better word may be inconsistency)(through inadequate collection of data, incompetence, inadequte survey design, etc...) of data is possible. In the context of both quantitative and qualititive analysis 'outliers' are always a possibility but as the field of statistics is reasonably well explored (and predictive analysis)(although I admit it's still very much evolving) so I don't see too much of a problem in most circumstances (Still fleshing this out... My thoughts may change after seeing more data.).

Data collection can be any means. I've been playing around with speech recognition technology for a long while and it has come a long way (look at what they've done with Echelon), video surveillance technology has made significant strides (there are a group of researchers in Adelaide who are working on technology that allows you to scan and track a target in real time across multiple cameras though there are still some criticisms of facial recognition technology), and oscillators and data acquisition cards can be had for less than four/three figures from any number of sources and electronic stores.


After that it's a question of extracting useable/maleable data from the digital representation of the physical phenomena. One part of this may involve an intermediate data format. For instance, in the context of search engines data is often converted to a text format or otherwise a performance optimised, resilient, binary format that allows you to determine whether language in two text strings have similar taxonomy/meaning/context (whether across languages or inside a single language). In the context of facial recognition and images, you may use particular landmarks, shapes, and ratios to determine whether you may have something of interest...


From the quantitative (even the qualititive side as well if we factor in taxonomy and semantic variations) analysis side a lot of the concepts that we require are already here. Determing relationships between sets of data is something that is done manually at high school level via algebra with more complex analysis of curves via calculus done at later high school and University level (complex graphing calculators were often used which could automatically define limited relationships between sets of data).



Even if it isn't possible to determine a theory which works for the entire range of data it may still be possible to put together theories in series which include boundaries on which the data doesn't 'quite correlate'. For example, in Physics there is something known as the, 'Grand Unified Theory' which is a theory which attempts to model supposedly independent interactions, symmetries, and coupling constants into a single theory.

From this base it should be clear that we can lift the base and use it to work on all sorts of automated forms of analysis and research.

If we look at law enforcement/surveillance we have a history of real time facial recognition systems (which have had their fair share of criticism). But if we think about this further we don't need necessarily require real time analysis nor perfect facial recognition (I'm thinking about automated crime reporting rather than tracking people). If we are able to capture particular movements (literally and figuratively) then we can have a general idea of where a suspect is and what crime they have committed. For instance, if we look at the human body and examine a punching movement we have an arm (which is generally about 1/2 to 1/3 the length of the body from the tip of the hand to the top of the shoulder, has a hand that will generally be flesh coloured) which is moving at certain critical velocities with reference to the body (a punching movement will generally go up or across. Clothes are generally of a single colour and of very similar shapes which allow you to distinguish the body while the head is generally uncovered which will allow you to correctly identify most people (unless they are nude though there are laws against that (or they are wearing flesh covered clothing)) and in reference to the target body. Then it's simply a matter of periodically watching for specific relationships to show up particular data sets. For instance, if the punching movement was determined the by equation y = jx^2 + b + a^5cbz^3 and we found this particular relationship showing up in multiple points in our data set then we can be fairly sure that this particular event occurred. Obviously, we can extend the concept further to allow for unique equations that can represent other actions as well. As Quantum and High Performance Computing technology progresses the possiblity of real time analysis and a machine which roughly replicates 'The Machine' from 'Person of Interest' quickly becomes a reality. All you have to do is integrate surveillance, GPS, and time based information and you would be away. Time to think some more and flesh out other details....


- as usual thanks to all of the individuals and groups who purchase and use my goods and services

Saturday, October 27, 2012

More Security Analysis, Deception Training, and Bugs

One of the things that I've learnt over time is that no matter what the circumstance your first instinct should be that people will lie to you during an investigation. As has been discovered by various other people though there are a multitude of ways (many are arguably pure 'pseudoscience' while others may have some merit) in which to (hopefully) detect the veracity of someone's claims. More often than not though I've found that you need to use a variety of methods in order to determine what's actually going on. While some methods of lie detection are well known and have been extensively researched, it's also clear that people have been trained on how to 'beat the box' and depending on your industry you may have even be taught these techniques as part of your training.

However, as is the case with true 'Stealth Technology' (For true/actual (not 'low visibility' as is the case with current generation technology) stealth craft there is a 'hole' that is left in space in the space that it occupies) sometimes it's fairly obvious when someone has been 'trained' (It's worse and can be borderline comical when they they have only been recently, been poorly 'trained', or have been retrained halfway through an investigation/interrogation because their responses change drastically all of a sudden. Moreover, while some people may be trained in one particular method of lie detection evasion it is often clear that they haven't been trained in other ways. Another problem is when someone (or a group of people) is trained by one source only. In these cases, the way they attempt to deceive you is often very simliar with regards to patterns of behaviour and physiological response across that entire sample. Depending on the type of deception involved the actual true root cause/motivation may not be immediately obvious (I once recall two separate programs. One was a highly sophisticated program that relied on advanced technological analysis of physiological behaviour and another was based on holding an egg. Both measured stress levels and worked fairly well but both also suffered from the same problem. Namely, you couldn't determine the source of the anxiety. It could have been because they were lying or it could have simply been because of the local ambient environment.). You can use surveillance/bugging as another means of lie detection but that's fraught with it's own difficulties (legal as well as technical).

It's ultimately a case of intuition, analysis, negotiation, and a general sense of thoroughness and awareness when it comes to techniques with regards to deception training. The more data points ('equipment' can come from a variety of sources but you should know that even COTS smartphones have the ability to run 'spectral analysers' now) you have to measure/examine though the more likely you will be successful. 


One thing that really needs to be thought about though is whether or not they know what they are saying is untrue or not though. There is a long history of legal precedent which states that eyewitness testimony can be problematic. This is due to many differing reasons including the impact caused by the stress of the incident, external (and vested) interests, and even just poor memory. Moreover, if you (or they) do consider using drugs or other additives the reliability of the testimony can be questionable and may not be possible to enter in a conventional setting.


Voice biometrics as a means of authentication is something that I (and others) have thought about previously. The obvious attacks are simple such as playing back a recording, or using continuous speech analysis to be able to develop a voice synthesiser so that you can create whatever pattern is required. Obviously, the only way to really know whether or not it is effective is to test it...


A closer approximation/variation of what I was talking about with regards to behavioural/cognitive fingerprinting.


Interestingly, such technology/concepts are now being used to protect critical infrastructure as I originally intended. One thing that needs to be thought of though is that the higher the level of the abstraction the more easily it can be abused. For instance, it's easier to change the permissions of a particular file or folder than recreating a bit stream of data with a correct CRC that is clock synchronised to a particular frequency.

Have been thinking further about cyberwarfare/intelligence. There seems to be very little reason for there to be officially sanctioned missions (Traditional intelligence operations tend to have a fairly low percentage of covert operatives/NOC's (though much higher in particular cultures) but given the nature of the Internet and the underlying protocols (perhaps we should think about building non-repudiation mechanisms into/on top of existing protocols/networks?) and the fact that it is possible to mis-direct your investigator via 'Anti-Forensics' I see very little reason why you would opt for this norm. I suspect that the number of non-sanctioned operations will be inversely proportional percentage wise when compared to physical operations.).


After all, even if you are just conducting pure scouting missions what benefit would it be to make it known to your opponent that you are conducting such an operation? Perhaps the only real reason why you would have 'declared operations' may be to reduce the chances of a counter-attack (if they somehow believe that your activity may be grounds for retaliatory action). It may also help to develop training by having people work against real world systems (training missions help both attacker and defenders by establishing configurations/patterns of attack though I suspect that you may only have such missions between allies though. The biggest problem is if there is an actual breach or if a third party decides to interlace their attack between the actual operation itself though... (A proper logging procedure on critical systems it would be 'helpful' in distinguishing between a 'sanctioned' attack and one that isn't of course.)(I've been thinking of using MPLS VPN's and other forms/types of VPN's as a means of developing virtual online battlegrounds. I've also been playing around with the concept of using particular border gateways/trunks as a way of establishing virtual geographical boundaries.))


If you've ever been involved with hacking (either as a 'actor' or as a 'watcher') then you'd realise that motivations can vary drastically. Another thing you'd realise is that in many firms and most jurisdictions laws/legal frameworks for dealing with incursions/breaches aren't particularly well developed. Factor in issues relating to health, regionality, and extradition and you have the potential for mayhem.


There doesn't seem to be enough of a distinction between 'levels of hacking'. At the moment, those who break in 'for fun' are often stuck in the same situation with corporate spies (if/when they are caught). Admittedly, there are systems which should never be touched (health, defense, infrastructure, intelligence, and so on...) I suspect that there will be need to be several layers. 

I've been exploring the notion of 'damage' (CVSS may be one particular measure of this but we may need to develop other/more distinct metrics in light of some of the dangers we're facing especially with regards to critical infrastructure and the physical and very widespread impact that they may have.)

As I discovered during my experiment ('Convergence' document) reporting security holes doesn't necessarily result in a response or a guarantee of remedial action. For critical infrastructure (there already are fairly strict controls/requirements that need to be adhered to if you are a defense contractor though the White House has recently tried to pass updated cyber legislation) I suggest that we provide amnesty (maybe even a possible reward) to anyone (internal or external to the organisation) who is willing to point out existing holes if they, 'play by the rules' (no data breach and maintain confidentiality). If the company doesn't take action (or if the reporter prefers), a third party (an anonymous 'Wikileaks' or media release is one possibility though not the cleanest/ethical) that people can go to get the problem fixed.


Don't know why some people are bothered with regards to UEFI, Windows, and the ability to be able to boot alternative operating systems (x86 isn't so much of a problem as is the ARM platform). As with the cash/currency industry it's a cyclical game of defense and offense. Moreover, there already appear to be cracks in the system already. If you are interested in learning more about this, I suggest you read up on computer forensics, reverse engineering, low level programming, and system architecture.


The strongest anti-tampering solutions have tended to be those that tended to require some form of network connection and a form of repeated/secure authentication. Even then, they're generally considered 'fiddly' by many people and may even impact on sales. For instance, take Football Manager 2009. An extremely popular series but it was hobbled by a sub-standard backend infrastructure to backup their copyright protection mechanism. So much so, that subsequent patches have removed the need to activate altogether and have a copy of the original disc in the drive.


Have being examining Stellar Wind, Trailblazer, and Thin Thread operations at NSA further. Problems with these programs seem to be familiar based on what I've been reading. Even though their 'setting' may be unique they suffer from many of the same problems that more 'standard' organisations have. Reading between the lines, it seems as though there may have been staffing (too many specialists or generalists but not enough people to bind/bring the whole thing back together), project management, and perhaps even a lack of overall support/input...


Countries most at risk against cyberware/intelligence are those who are making the transition from developing to developed or who are already developed but have a 'trusting' culture. We won't discuss who these particular cultures are but some of them have recently acknowledged these problems need to be addressed.

Something to do for those with some spare time...


If you are on a system but don't have administration rights but need to quickly wipe/sanitise unallocated space, just use 'dd' or 'fsutil' to create zero'd files of varying size and repeatedly copy them to wipe your space. Defense includes better use of quotas though this is rare in a SOHO setting.

Ironic that some of world's stealthiest/low visibility (in terms of both classification as well as RADAR cross section, etc...) projects give off enormous sonic booms...


There are design alterations that can be made of course but like the F-117 Nighthawk this may result in severe degradation of aerodynamic performance.


My bugs of the week.

Leadtek WinFast PVR2
Sound not coming through on 9 GEM (AC3 sound). Need to install AC3Filter and re-install program to re-register/configure sound filters. Don't need to necessarily do a LiveUpdate. Possible to download the program and re-install to get things running properly again (discovered because I was having MTU issues with one of their regional servers and had to manually select a new server to download from). Validation of characters in filenames not handled properly. When filenames have a '/' character in recorded filenames recording not allowed. Tried a shell escape, didn't work, but perhaps they should have considered just substituting/removing these characters?


Possible Bug. Can have multiple songs simultaneously. Namely, one that is controlled by the user interface and another that is running in the background . Have discovered that it can sometimes be down to another program on the system that is responding to signals from handsfree controller. Removing conflicting (or re-configuring) programs can help to fix the problem. When this isn't the problem restarting program is another workaround. Believe that it is only under very unique circumstances this happens though. Dig further when have time or when it crops up again.

Unhandled exception (seems to be problem across the board for this program actually though I don't have the absolute latest version admittedly) if no channels setup and you attempt to watch. Would be nice if it automatically prompted you setup channels when required to do so. 'C:\Temp' folder is not setup properly which is required for buffering of Live TV. Threading not handled well in some situations. Deletion of channels can result in stalls in user space even on high end hardware. Need to do some work on auto configuration. Video wasn't coming through initially required some 'tweaking'.

Doesn't allow to remove files from list without stopping transcoding process. Move files through queue but current filename doesn't refresh accordingly and results in blank filename. Sometimes state/progress of transcoding process just doesn't update properly or program window just doesn't work at all when switching between windows. Hopefully, this doesn't have anything to do with my experiments with ThrottleStop and clock modulation to maintain a stable thermodynamic environment.

Tor Browser Pack
Thought portable Tor program was virtually industructable. Not so, recently had some trouble building a secure circuit. May have been due to file corruption (removing and re-extracting files seemed to fix the problem). Would be nice to see some file integrity checking on launch if this is the case (I tried on at least half a dozen occasions at different time intervals via different systems/connections)).

HP ProCurve Switches
Some dialogue boxes have sentences that don't wrap around properly. Looks awkward but is obviously non-critical problem.


- as usual thanks to all of the individuals and groups who purchase and use my goods and services

Monday, October 22, 2012

More Security and Surveillance Analysis

I should probably put some of what I've previously said (http://dtbnguyen.blogspot.com/2012/10/more-security-oscilloscope-and-wireless_6750.html)  into better context. I was examining Ethernet over Power solutions and it seems clear that a lot of them use the same chipsets and can often be configured by the same software to be interoperable. Hence, my interests in the total possible number of practical/theoretical 'class breaks' in existing security technology.

My interest in surveillance/counter-surveillance stems from recent discussion regarding a possible change in laws in several developed countries. The laws basically state that a chunk of metadata regarding communications should be held on file for a short while by service providers to aide law enforcement/intelligence operations. There are arguments from both sides.

Arguments against include civil liberties, that it doesn't really help (based on experience in Europe), cost (it's not cheap to store the amount of data we're talking about here. I know of medium sized cloud companies who chew through terabytes of data a month. Even if the amount of data is small securing it is not cheap. Moreover, based on personal experiments (using a web proxy Squid in combination with SARG to examine the total amount of traffic flowing through my personal network) even if you turn off all images and most scripts you're still only halving the amount of downstream traffic flowing through your network (if you're curious proxying has resulted in mostly single digit percentage cache hits on a daily basis. Disabling certain types of traffic have resulted in significant gains though.) Nonetheless, even if we only look at the remaining traffic that's still a lot content from a lot of different sources. Use TamperData/FireBug add-ons on Firefox and you'll see a lot of content/traffic that often makes little sense in the current context without further digging. Do some more research on EverCookies and other tracking mechanisms ('waterhole' strategies are becoming more popular amongst intelligence/criminals based on what I've being seeing rather direct 'spearphishing' attacks.)), and combine this with the fact that there are already many countermeasures out there already (anonymous tunneling of phone traffic via the Internet and increased use of solid encryption) and you'll begin to see how much more difficult the defensive position becomes.

Arguments for include that cybercrime/terrorism have made (and continue to make) substantial strides in tradecraft and technology has only aided that (as I've stated previously there seems to be strong and widespread knowledge of how to bypass existing computer security in highly policed states) and yet law enforcement/intelligence have not had an adequate increase in resources/powers along the way, crimes are becoming increasingly sophisticated and the only real way to keep track of everything is to basically log everything (real time analysis is difficult and requires a high level of resources to setup/maintain and many programs designed to achieve this have had problems that have limited their usefulness in the past (NSA). Even so automated programs have been able to achieve high levels of efficiency. Some forms of intelligence analysis were claimed to have gone from several days/hours down to minutes at the CIA) and hope that there is trail left over afterwards after a report is made (I'd love to see more research between the actual time of incursion and time of detection.). Access would only be granted to such information under exceptional circumstances (for more serious crimes) but it's clear that we've seen abuses both locally and elsewhere in the past. If this goes ahead there needs to be strong oversight/controls in place.

There is public debate at the moment regarding these issues but in a lot of cases I wonder whether or not enough of the right people are involved in the decision making process. It always seems as though the same people involved. Namely, the usual government agencies and lobbyists such as Electronic Frontiers Foundation (EFF), and GetUp. Moreover, the decision making process has not been entirely transparent. It's true that being more transparency may result in giving certain entities a 'heads up' with regards to what particular forms of communication to avoid but it's also clear that in a semi-democratic/democratic environment the dog should wag the tail, not he other way around. Making a decent decision (and with 90% of the picture rather than 60%) now rather than making a panicked legislation in the aftermath of an attack will help us to avoid us becoming a democratic society in name only.

With regards to actual surveillance/counter-surveillance it should be obvious that in this day and age there are enormous variations with regards to the options with regards to both. We'll cover them only briefly here. The are four main types are outlined here, http://www.tscm.com/typebug.html

Combined with computer hardware/software (keycatchers, keyloggers, trojans and other malware, cloners, jammers, scanners, noise/signal generators, frequency counters, and so on) you have serious problems from the defensive perspective.

Perhaps the worrying thing is that jamming/interception (technically illegal depending on the circumstance) equipment is available if you know of the correct channels and at the right price. Given the stringency of communications interception laws in many democratic nations it seems strange (to me) that many forms of surveillance and some forms of counter-surveillance equipment is openly/widely available without requiring a license. If you do purchase such equipment though a strong tip is to test it before purchasing/using it (quality varies drastically and so does cost depending on where you go to), if it requires assembly be prepared to have some or develop some technical knowledge, and it is best to have separate/specialised detection devices for each type of bug that you encounter (a hybrid camera/RF bug detector is often inferior to separate camera and RF bug detectors and so on).

Just as with computer security, most of the time a knowledgeable and creative attacker should technically/strategically always be in the stronger position. In fact, even professionals have troubles when doing a proper sweep (time consuming even when you have the right equipment if the person doing the bugging is sufficiently skilled/creative) sometimes (Hence, my interest into multiplexing, encoding, encryption, stenography, power, and so on... as a means of defense).

To put this into perspective, I recall a story about an embassy being bugged. Clearly, they knew that there bugs in that particular room. In fact, they ran a sweep and while most of the bugs were found they didn't find them all (they were located in a metal window sill in one room). Since they knew that their integrity had been compromised but couldn't find the bugs they built a SCIF (it's far easier to keep a SCIF clean than it is to maintain the integrity of an entire building. In fact, some countries have been using portable SCIFs and SCIFs within existing rooms for decades.) and then basically did nothing of any worth in the room where the bug was supposed to be (The bugs were actually placed in the building during the process of constructing the building. Hence, a proper sweep that could have found these devices would have had them tearing the place apart. However, that was out of the question for various cultural, technical, and other reasons. Hence, they left things as were.).

With regards to Business Continuity Planning (BCP) and Disaster Recovery (DR) I think it's becoming clearer that in secure environments you should be planning backwards rather than forwards. Start from the weakest point (your last backup) and then secure it from there. As I discovered during my experiment ('Convergence' document) a lot of the time people just forget/neglect non-primary systems. The worrying thing is that others are more likely to discover these particular flaws than the actual person running these systems themselves (particularly in under-resourced, under-manned, or under-motivated environments (Something which I recently thought about is that in some environments balancing the security and accessibility of end users is borderline impossible. Some environments quite simply can not be secured simply because that is the nature of the business. The only way to achieve it would be to have (physical or virtual) separate networks and a lot of the time depending on the environment this may be impossible due to resource restrictions.)).

- as usual thanks to all of the individuals and groups who purchase and use my goods and services

Sunday, October 21, 2012

'The Art of Persuasion', Bugs, and Power

Someone once said to me that I should read, 'The Art of Persuasion'. It's supposedly a classic and shows people how to influence and shape conversations/organisations for mutual interests. In reality it's not that simple though. Many people and organisations often have vested interests making decision making extremely complex and difficult especially when there are potential veto powers involved. This problem is exacerbated by cultural issues which makes discussions between managers and sub-orindates difficult if not impossible even if the technical technical arguments are significantly in favour of the sub-ordinate (Personal experience has indicated that a lot of the time by the time you've convinced them it's too late or you've probably moved on to other problems by then in which case you're only choice may be to simply get on with life.). Moreover, depending on the nature of the argument and cultures involved compromise is not only difficult but sometimes totally unacceptable. Take the territorial dispute between China, Japan, Taiwan and others as a example.

Lets take a more pragmatic/practical perspective. It's land (you could argue that some of the islands are merely large rocks) that can be divided/shared but if you were more cynical you could maintain the status quo (leave discussion about the land for a later time) and merely divide/share the proceeds of any mineral resources based on further discussion and once mining were underway. The way I see it the change in leadership in some of these countries is an opportunity, not a hindrance. They and many other 'Lame Duck' heads of state are doing themselves and their countries massive a massive dis-service. They have an incredible opportunity (provided they have the requisite powers and support) to be able to do something purely for the benefit/sake of their country without having to deal with the potential awkwardness of a successive term.

While we're on 'The Art of Persuasion', one of the things that was a little bit surprising to me was the relative difference in the standard of some graduates in IT. Some of them are quite good, others not so. However, with recruitment sometimes not being as rigorous (short tests, interviews, and referee checks can all be circumvented with the right preparation) as it should be it sometimes is hard to find the difference between those who can pass the test and those who can truly excel given the right opportunity. So I say use proper projects as a means of guaging opportunity. A two week University project is nothing in comparison with a multi-month/year long project. Pick something, anything (game, search engine, trading system, operating system, etc...). Don't train the prospective candidate but pay them enough money for them to survive and then let them build it. Maintain regular reports to reduce the chances of plagiarism. It would amount to a apprenticeship/postgraduate education without many of the risks associated with them (time/money). If they're good enough give them an employment offer. If not, at least they have a project they can take away to show to another employer (make the project shorter to reduce the chances of exploitation).

If you think this is unfair or overly difficult then let's put this into perspective. In my recent history I've completed about 1200+ pages/300K+ words (6 thesis/dissertation length research projects) of private research work (with progress records) so I don't have any doubt that any reasonably skilled, motivated graduate should be able to do something similar.

You've probably discovered that I regularly discover software flaws. Here are my 'Bugs of the Week'.

I sometimes use a Direct Attached Storage (DAS)(Thecus) device. However, I also use a require a NEC Electronics USB 3.0 Host Controller ExpressCard to use it to it's maximum capibility. The DAS uses a particular driver which is also used by another piece of background software which seems to manage/monitor drive caching to boost efficiency efficiency. Several times I've tried removing the device but sometimes the monitoring software doesn't want to unload the driver from memory even though it is doing nothing with the device. If the behaviour was predictable it would be fine but in this case reverse engineering is required to figure it out. Removing it/replacing it with an alternative has proven to be a simpler option.

MediaCoder doesn't play nicely with Windows 7 Firewall Control (finer grained control of outbound behaviour of Windows network behaviour in particular). If you don't create an enabling rule you can't open up the Setting page from the 'File' menu.

Known about this one for a while now. Older version of Opera on Debian platform isn't able to deal with having ~/.opera folder deleted while program is still running in memory elegantly. Program crashes without enough detail to debug. Problem has been fixed in subsequent revisions.

Not so much of a bug but still annoying. When programs run out of memory on Knoppix they simply crash quietly without warning. 'dmesg' gives you the details but surely there should be a service/daemon which monitors memory usage and gives you prior warning before a crash?

Adobe Flash plugin under Opera/Knoppix doensn't play nicely with sometimes. Under certain circumstances (during playback of certain video files) it will simply send you to another TTY (Alt + Ctl + F? to send you to the right one). At first thought they were terminal kernel panics/oops. Examination of message said otherwise. Will need more time/examples to determine exactly what is happening.

Surprising how much electricity some appliances use.


Continuing work on 'Cloud and Internet Security' report... Will post back further findings here at another time as the amount of content is stacking up and summarising can sometimes be time consuming.

- as usual thanks to all of the individuals and groups who purchase and use my goods and services

Wednesday, October 17, 2012

More Security Analysis and 'The Machine'

As you may be aware have been investigating security technologies. One of the things that has really surprised me though is just how professional cybercrime/cyberwarfare/cyberterrorism has become. Support contracts, modular design, and commercial nous are all part and parcel of the this particular field now. In fact, I think it's such a big problem I wonder whether or not losing them the general ecosystem would not cause significant collatoral damage economically. The counter argument is that a crack down in cybercrime would cause a massage surge in legitimate growth through taxation, better conditions for legitimate businesses growing, so on and so forth (I'm about 635+ pages/178K+ words on the the 'Cloud and Internet Security' Report. Believe that it may become larger but am trying to keep things short but that is hard with when you consider the amount of content and the amount of editing that needs to be done. The average postgraduate thesis/dissertation is around 200+ pages.).

If you ever watched 'Person of Interest' you'll be aware of something called 'The Machine'. Basically, a massive computer that watches over the general public and helps to predict crime/terrorism before it occurs (There are organisations that have been pursuing such (on a more limited scale) research/work around the world.).


I've been thinking about how to build such a machine (I may try for a very limited prototype if I have time.). When you think about it all it's really doing is pushing the concept of data mining (search engine technology is common now and mostly static with regards to what it does with the data) to its most extreme. Let's say you have control over all the surveillance feeds out there (Forget issues of jurisdiction and so on. This is pure theory. Software that allow for automated 'penetration testing' is now available for research/commercial purposes if we don't have access to a clean/unprotected feed.), then it would be a case of being able to convert visual, audio, textual and other information into a form that can be analysed by existing computer systems (practical solutions for Optical Character Recognition (OCR), speech recognition, and so on have come a long way. A decade ago I recall experimenting/working with a University research (Sphinx) on a P3 laptop. Even after reducing the volcabulary and using a preamble processing time was comical. Moreover, even commercial solutions had their problems with real time, proper speech recognition. Now, you can get reasonably accurate voice recognition for under 200, OCR technology is widely used and deployed commercially, and data mining technologies are used everywhere from your Operating System to search engines such as Google, Yahoo, and Bing.).

Thereafter, it's a case of developing my 'Automated Research/Reporting/Analyses' concepts further. The more practical problems revolve around storage capacity, computing power, and so forth (though I suspect that Quantum computing has made significant strides behind closed doors). One big problem is the problem of 'context' though. It doesn't matter if your machine has all the power/capacity in the world. If it doesn't apply the correct algorithm to the problem the solution will never be correct.


Ironically some information (nothing critical, illegal. Just some technical information.) which was sought during my research has been easier to find in countries which have been supposedly been under some form of sanction/s. The other thing that also seems clear that while the 'bad guys' are fairly open with tools and information the same can not necessarily be said of the 'good guys'. While there are various programs to address this (The US DHS have been pursuing the notion of a 'CyberCorps', research material in some Universities is fairly openly available, and there are some commercial entities that are providing more than just advertising/marketing material when it comes to actual security analysis.) I believe that there is still a massive gap between where the 'good guys' and the 'bad guys' are. Education programs are 'gappy' and pursuing a career in this particular sector of the industry itself is hard even if you have a solid technology background.

In spite of extensive firewalling and filtering there seems to be wide spread knowledge of how to get around these particular problems in highly policed states.

Many people are concerned with so called, 'Rules of Engagement' in cyberspace at the moment. If history is anything to go by, if you open up you will generally develop a set of rules/morals/ethics which most people agree by in terms of war. Obviously, some people/states are willing to push it further than others though. What's acceptable in the East, West, and Middle East, are often very much different. Moreover, in intelligence/war things aren't always clear cut and you need to adapt to your circumstances.

Have been thinking further about concept of 'Algorithmic Masking'. Need to be careful with regards to being able to infer classified data from un/declassified data.

May have found a bug in blogger.com Under certain conditions/circumstances it will refuse to publish and a warning will be provided. Results in post being posted repeatedly even though it states that a bug has been found. Believe that it may be browser related but am working on other stuff at the moment. May test later on.

- as usual thanks to all of the individuals and groups who purchase and use my goods and services

Friday, October 12, 2012

More Security, Oscilloscope, and Wireless Foo

I've been experimenting further with Jaycar's YN8306. Dramatic increase in sensitivity once covers are taken off. Was able to see quadruple the number of access points at one test point than previously. Suspect that while some of the gaps in other USB wireless adapters that I've seen are for cooling but I believe that a secondary purpose may be to increase wireless signal permeability. Did some minor experiments with regards to different materials as an alternative for surrounding device but am surprised just how permeable/impermeable some substances are. Clear plastic, glass, can cut the sensitivity level significantly. Suspect that a cage type arrangement that protects the PCB but still allows it to 'breath' may be the best option. Would have to be careful with regards to turning it into a Faraday Cage type arrangement though.


While the device is advertised as being a 500mW device it's capable to 1000mW. Use the 'iw' command to change region and boost the possible transmission power (you'll notice that many chipsets run at lower power ranges for regional/legal reasons and to reduce power consumption. If you've ever analysed power consumption on mobile devices you'll realise how large of an impact it can have on battery life so turn off wireless capability whenever possible. It also helps with regards to security since there have been instances in the past of remote attacks (on poorly implemented network stacks) that have resulted in significant comprimises of system security didn't require authentication.).

It uses a combination of a 5dB external antenna and a single internal panel/smart/active/metamaterial antenna (unlike the Alfa's which often come with two external antenna combination). I may try to modify it to use a more conventional antenna system to see whether this would result in increased sensitivity but I suspect that this may require PCB modification (use a multimeter/continuity tester to understand how the thing is laid out) so I'll leave that for the less expensive D-Link DWA-125 A3.


For those people who think it's easy to discern a signal from an existing waveform is simple think again. For people who watch the movies it's commonly assumed that there are programs and/or savants that can automatically distinguish a multiplexed signal from an existing waveform. Pure statistical analysis is possible but as we've seen with automated network traffic classification it is prone to false positives. Something I have been experimenting with is embedding or extracting particular instruments from songs as a means of investigating the possibilities in regards to stenography. As others have discovered it's not as simple as you think. It's possible but seeing as though songs are meant to molded together and embedding/multiplexing signals is the converse things are a lot of more complex. There are so many choices with regards to multiplexing, modulation, encryption, encoding, and you can even burst the traffic to make it appear as though it's simply random noise. I guess the only way you can assure that your power/existing infrastructure/communications doesn't have another signal multiplexed over it is to have equipment that have basically perfect waveforms (easier said than done) or have waveforms that are 'extremely' predictable. From this extracting any aberrations from the existing waveform should be a simple process of determining the difference between the final, modified waveform and the original waveform. Another alternative is using a common noise filter to find the primary signal and finding the difference between the filtered signal and the final waveform.

Have been thinking about communication system compromises. If we can assume a one to one, bit for bit representation of data then we can develop a means of accounting for the data that goes in/out. Of course, this only works for stream based ciphers. It doesn't really work for block based cipher systems. However, as long as the relationship between the the information coming in can be represented by a formula going out then we should be able to determine whether or not you may have been infected and therefore need to take precautions to protect your communications.


I'm guessing the same could be roughly achieved with power usage as well. The difference in the amount of power that is consumed while a phone is actually active compared to when it is in standby mode is drastic (see figures/specifications for any phone. You can track it using a program such as 'Android Battery Dog'.). By using relevant power measurement/graphing software, having an idea of how the power consumption should occur under various conditions, having an understanding battery conditioning (age/usage will obviously result in reduced battery capacity) you can achieve a gain a better understanding of what is normal behaviour and what looks like a compromised communication device.

A variation of a project/idea I've been pursuing for a while.

I called it 'Algorithmic Masking' (their program seems to be a combination of 'Automated Research' (some other research I've been pursuing) and 'Algorithmic Masking' (published in 'Convergence' document)) though and didn't intend for it to be used for national security purposes though. I originally came up with it to protect the privacy of consumers in the cloud space. Either way, given the amount of data that the NSA are dealing with and the analysis that they want to do it will be a spectacular program/project if it pans out.

Been playing around with flux gel while soldering but also using higher quality solder/solder with a lower melting point. Suspect that the latter may be the better option. Incredibly easier to work with.

Flying Saucer Declassified (though knowledge of these programs have been around for a long time now).

If you don't have a spare system available, nested VM's are more than possible but would only recommend if you can supply at least the following for the nested VM:
- 2 CPU
- 20GB HDD
- Intel Network Adapter (compatibility reasons)

For the actual system:
- i3 or higher
- the bigger your HDD the better



Really neat and quick if you haven't memorised the resister charting system yet.

Interesting reading if you're interested in Security Engineering.
A way to concatenate the PDF files if you require.

Alternative to when you don't have de-solder braid available is using copper wire (I use stranded wire from any broken network cables or coax cable that I around).


- as usual thanks to all of the individuals and groups who purchase and use my goods and services

Saturday, October 6, 2012

Audio Feedback Bug, Physical Security Systems, and Oscilloscope Research

Every once in a while I use an audio double adapter for recording or playback purposes. Recently, I noticed a bizarre bug though. If you understand how playback control circuitry works on headphones you'll understand that an electrical signal is sent to the device which (depending on the signal) will cause it to play, pause, rewind, and so on. With this particular adapter though under certain conditions signals would be looped over and over again. The only way to break it was to disconnect it from the second connected device or disconnect the adapter completely. I've thought of creating software to filter the signal itself but it doesn't seem to be much of a problem at this stage.

If you've been reading this blog of late you'll have realised that I've been conducting research into security of late. My latest work has involved looking at physical security systems. One of the things I've been looking at is how easy it is to disable low to mid level priced security devices (We'll neglect basic techniques such as physical destruction, cutting the power, and disconnecting the speaker siren.). What I've discovered is that what you see in the movies is basically what you get in the real world as well. If circuitry is reasonably simple it's almost trivial to see which particular pins need to be shorted in order to disable the system. On multi-PCB systems though things may be slightly more complex but the theory/practice remains the same. If you focus in on the switching circuitry/section (It doesn't matter whether the system depends on a keypad, cards, or something else. The principles are the same. You can choose to hack the keypad, cards, etc... but this is by far the easier option if it's available. Learn to use a continuity tester or multimeter. It will serve you in many more ways than you'll ever expect. Use alligator clips. They'll save you a lot of time.) then you can disable it fairly quickly.

Just like computer security though you'll notice that there are a lot more ways to disable it rather than enable it. If you don't want to go deaf with the siren disconnect it and reconnect it to a standard, adjustable, powered speaker.

The obvious countermeasures are to use alarm systems that depend on a 'heartbeat' or which are (or can be) monitored remotely, use something where circuitry between the reader and the authenticator are separate, or watch for PCB's which simply are complex to trace/read which gives the attacker less time to examine it. Other possible measures are actually painting over your PCB (to stop examination), ensuring that your alarm system is as physically secure as possible (It's ironic how many keypads/security systems often have openly available screws/ports through which to access the PCB easily. If you're confident in the reliability of your system glue it together or use tamper proof stickers.), and a good guard dog.


If you don't have an oscilloscope (cheapest handheld one I've seen is available for about 300 locally though they are often available inexpensively second hand) then there are other options. Some options include using sound cards and data acquisition cards (you need to ensure that the voltages are 'safe' for your card and your cards are fast enough to capture the data from the system being examined though) in combination with relevant software to examine the resulting waveforms.


Amazing how far translation technology has come. On the fly, verbal translation is now possible.


- as usual thanks to all of the individuals and groups who purchase and use my goods and services

Tuesday, October 2, 2012

Soldering, FTL Travel, and more Security Analysis...

There seems to be a common theme regarding posts on this blog of late. Obviously, many involve DIY solutions. Over the past week I've had a USB flash storage device as well as a mouse malfunction. In both cases, it was down to a soldering defects during manufacture. It's not the first time and as others have also discovered it's quite common on devices with micro/mini USB ports. Obviously, having a break occur at the port rather than the PCB level is preferable as you just resolder though... If there's anything I've learnt recently is that if you dabble in computing/electronics you should probably learn to solder. With the advent of SMD components things are obviously a bit more difficult and an Air Pencil is an unrealistic option (price) for most people. For others, I've come across the many options including (obviously, they aren't suitable for all situations/circumstances though. As a wise man once said, "think twice, cut once"):

- Solder Paste
- Liquid Silver
- Wire Glue
- other glue like hybrids/solutions are conductive...

If you have issues with plastic joins there are a range of glues/epoxies/cements out there but recently I started experimenting with plastic welding (heat source to weld pieces of plastic with one another using a third party (I've been using the plastic ring from soft drink bottles) plastic as a joiner). Success has been limited. It seems to work but only in a limited number of situations. I would not recommend it for stress bearing loads.

Some interesting reading for those looking to save energy.

Some wierd and wonderful ways to save energy.

Find it strange that many eReaders/USB flash storage (even Smartphones) devices continue to present FAT32 as their 'best' filesystem option. I understand the commercial reasons behind the decision but in this day and age of multi-gigabyte flash storage, critical data, and large file sizes it's not ideal. If it's a choice between raw speed and filesystem integrity then I choose the latter.

While contemplating/working on other research I was exploring the possiblity of WARP drive technology (yes, Faster Than Light (FTL) transportation technology). One of the avenues that I was pursuing similar to this one.


I didn't crunch the numbers but apparently, the energy levels required are actually realistic. There are many problems pursuing this particular line of thought though. For instance, how do you calculate where you end up? How does conventional communication deal with being sent through folded space time? Does it radiate isotropically? Can you change its radiation aperture? Is it possible that it may behave in a subspace like fashion? On to more practical matters, if you're basically moving at infinite speed how do your calculate your speed/WARP factor? How does biological material deal with such travel?

My suspicion is that if we are able to achieve FTL travel (Rocketry works but has many limitations and problems. Cost, safety, complexity, efficiency, and so on... Moreover, let's put put current space travel into perspective here. Voyager 1/2 were sent decades ago and were involved in all sorts of astronimical gymnastics, have only been able to achieve 10-30km/s, and have only just reached the edge of the solar system. We need a realistic alternative to truly explore space.) than it won't be via conventional science. It will revolve around going around rather than breaking through existing problems as has been outlined above and it will take a significant level of intermediate science to get from theory to practice. In spite of all this, I suspect the journey to the stars will be a difficult, though fascinating, and enjoyable one...

Found another minor problem with LibreOffice. On long documents it doesn't repaginate properly/quickly enough. You can force a proper refresh by restarting the program but obviously this isn't perfect. I'm around 604+ pages/170K+ words on my 'Cloud and Internet Security' report now. It's reached the point where editing has become much more difficult and I'm considering splitting into it into 2 or 3 volumes, of around 200-300 pages each? I didn't think it would reach this size but the fact is there is a lot of insecure technology out there. Basically, anything you look at in your vicinity can be used in a defensive/offensive capability in the context of cyberintelligence/cyberwarfare.





Since a lot of technology seems to be based off of the same theories (and the same goes for security technology as well) and modification of practical solutions we've seen throughout this document that once there is a break in a core theory there is a very big and real problem depending on the nature of the technology and how widely it is used. The problem is made worse since since it seems clear that time after time our existing paradigms/theories/solutions are being broken. Active Authentication/Cognitive Fingerprinting (behavioral/continuous authentication over time, a concept that I've been toying around with for a while (published in the 'Cloud' document, refined/detailed in the 'Convergence' document, and I'm continuing work on...), pursued by DARPA, Israeli, QUT and other researchers but whose roots go deeper and further back in time then most people would believe. It goes back to the Cold War and I suspect much earlier from there, see Clifford Stoll's Cuckoo Nest) represent one possible avenue of research.



- as usual thanks to all of the individuals and groups who purchase and use my goods and services

Automated Audiobook Maker Script, Random Stuff, and More

- wanted to find a way to automated building of audiobooks. Built the following: https://sites.google.com/site/dtbnguyen/audiobook_maker-...