Last Seen Blogs
lilatiny
my treasure
anjie22-blog
simplicity
alien-witch-fangs-rp
#ThinThins (Read the Pinned Post, then we'll talk)
Text
Spot the Fake
1. About a year ago on the news there was a fake doctor spotted and arrested in South Florida Hospitals.
In quotes found in new articles it was done by:
“The man, Wilvince Bazil, told NBC 6 he works for a staffing agency that pairs him up with doctors to take care of sick patients. He said he has aspirations to become a doctor.“
It was only detected by other doctors who reportedly been seeing the fake doctor at several other South Florida Hospitals.
The same concept can be applied to individuals wear steel cap boots, high vis vest and hard hats entering construction areas.
Source”
https://www.nbcmiami.com/news/local/Fake-Doctor-Spotted-at-South-Florida-Hospitals-511245961.html
2. Fakes found in everyday life are fake designer brand clothes made by 3rd party companies in China. If it can happen to clothes it can happen to anything.
0 notes
Text
Week 08 - Security Everywhere
At work(chemist), people who buy medication that can be used to make illicit drugs are monitored and tracked in a database system accessible from all chemist stores.
All pharmacist, clerks and assistant pharmacist have access to this data on the work computer. The data provided contains sensitive data about the individual because when obtaining prescription medication, the medicare card is required.
0 notes
Text
Week 08 - Reflective Blog of Lecture
Root Cause Analysis - figuring out what went wrong post incident
To prevent future incidents
HUMAN ERROR
Find a single person to blame
Easy solution to just sack them
Never really just the case where 1 person is at fault
Last one to touch the thing/check off the thing etc. gets the blame
Culture
Something that doesn’t change very easily
Doesn’t blame anyone
Doesn’t really fix the problem
Not a wrong answer, but it’s just very convenient
The system is at fault
Too tightly coupled
Not coherent
Vulnerable to attack
Human Weakness of the Week: Honesty
Everyone lies, somethings you don’t even know your lying
Very difficult to tell if someone is lying
Misdirection and Limited Focus
Humans cannot see the whole picture (Having a flashlight in the dark)
Condense things into a few points, missing the smaller details
This can lead to a misdirection in focus (What magicians do)
Humans should focus on what’s logically important, but instead focus on what’s psychologically salient - Curiosity killed the cat
Heuristics
Matching similar things
Makes situations familiar
Focus/attention is tiring so seeing something familiar is easier
Brain always goes into autopilot in similar scenarios
Difference between an attack and an accident: the intent
In an attack there’s an adversary who wants something to go wrong
Swiss cheese analogy
Programming the devil’s computer
In an accident, your adversary is Murphy’s law. A roll of a dice really determines if the thing does go wrong
When given contradicting evidence, people will confirm your bias by looking at your evidence to confirm your theory but not the side
"Habit diminishes the conscious attention with which our actions are performed" William James 1980
People prefer positive statements
People want to verify generalizations, rather than falsify them
Group-think syndrome (Mob mentality)
When you value above all else the group membership, harmony in the group etc. you don’t want to jeopardize it.
People don’t speak about the bad things in the group
3 design principles in OOP
High coherence
Low coupling
Low complexity in each component, but each component must do something
This creates a system that is not brittle. It can handle change without rewriting the whole damn thing.
Common mode failure: reason for one thing to fail also causes other things to fail. This can ruin what might look like defense in depth.
Hindsight bias: given an event that happened, people will give it a higher chance of happening than it actually had
Invisible errors - immediate feedback is required
Failures which may happen now, but only reveal their consequences later are extremely dangerous (e.g. if an amusement park ride had a magnetic lock, and some barrier to keep cars on the track - if either fails you never know, until both fail)
Latent errors
Automated safety devices deskills operators
They only need to deal with bad things, when they go really, really badly
"Dead Battles like dead generals hold the military mind in their dead grip, and Germans, no less than other people’s prepare for the last war." - Barbara Tuchman
Even when we think we’re planning for the future, we’re probably only planning for the past.
Privacy:
Websites track you
Will happily sell info to governments or other companies
Use incognito, duck duck go, vpn, tor, etc.
Log out of shit when you don’t need to be logged in
Be careful visiting sites like Google; they can still track and ID you even if you try to stay anon
Give fake info
Just cause you don’t have anything to hide, doesn’t mean you shouldn’t care about privacy
Vpn can get cheaper plane tickets
You can block signals from getting to your phone with a Faraday cage
Stages of forensics:
Imaging
Analysis
Reporting
Types of forensics:
Computer = memory, data
Mobile = phone
Network = router, switches, packets
Database
Video
Steganography (finding hidden files within files)
Tools:
EnCase
Autopsy/The Sleuth Kit
FTK Imagery
File
Strings
Xxd
Fremost
Binwalk
Mmls
Hard drives/USB drives: don’t actually delete, just mark the space as unallocated and available. Assuming nothing has overwritten it, it can be fully recovered.
0 notes
Text
Week 04 - Something Awesome Blog
Vladimir Lenin
Vladimir Lenin was born during the Russian Empire which functioned as an absolute monarchy where the monarchs held supreme authority and where that authority is not restricted by written laws, legislature or customs. During his early life, Lenin distinguished himself by studying physics and mathematics and graduating at the top of his class and further pursuing his studies in law. However, Russia was under the rule of a Tsarist Government which attempted to suppress knowledge individual as they had to ability to rally the working class which lead to highly educated and intelligent individuals to be denied elementary civil and political rights in fear of a revolution. A government fearing the spread of public education had suppressed individual such as Lenin’s father and eldest brother by executions for conspiring with a revolutionary terrorist group that plotted to assassinate Emperor Alexander III. Whilst in his studies, Lenin become in contact with previous revolutionaries and began to read revolutionary political literature such as Marx’s “Das Kapital” solidifying that his ideologies have become that of a Marxist.
Following, Lenis graduation in law, he worked with poor peasants and artisans and grew to understand the class bias in the legal system but also the prevalent class disparity between the lower and upper class. Lenin would begin the formation of a revolutionary party by unifying the Marxist groups of the capital in an organization known as the “Union for the Struggle for the Liberation of the Working Class.” The Union issued leaflets and proclamations on the workers’ behalf, supported workers’ strikes, and infiltrated workers’ education classes to impart to them the rudiments of Marxism. Lenin joined other Marxist editors in a newspaper called “Iskra” (“The Spark”) which aim to unify the Russian Marxist groups into a cohesive Social Democratic Party.
Vladimir Len’s newspapers had 3 focuses:
1. Writing leaflets that aimed to shake the workers’ traditional veneration of the Tsar by showing them their harsh life was caused by their support of Tsar
2. Attacking the self-styled Marxists who urged Social-Democrats and workers to concentrate on wage and hours issues whilst leaving political struggle to the upper class
3. Addressing himself to the lower class
Lenin actions would echo throughout Russia as he had sided with the working class, those without a voice and unable to act individually. He gave them a view that if there was a revolution that overthrow the Tsar Government, they would be able to usher in socialism. At the time, Russia began to progressive move towards a capitalist state which they aimed to rapidly increase growth of industry. Lenin voiced his opinion by showing people the repercussions that would occur from a capitalist country where lands would be divide amongst individuals and a free market in agricultural produce, the result would not be socialism.
The widespread nature of media allowed Lenin to recruit intellectuals to Marxism given them enough power to intervene in the First Congress in 1898 in Minsk but failed to achieve anything. This followed by another intervention in the congress in Brussels in 1903 where key questions centered around the relation between the party and the proletariat, for which Lenin spoke for. As Lenin continued to fight as the vanguard for the working class, The Russian Revolution in 1905 and World War I divided the classes in Russia causing more anxiety and suffering for the lower class. Lenin took this opportunity to instigate the February Revolution in 1917 which lead to the overthrow of the Tsar as Russia began suffering from economical and social problems compounded with World War I in 1914 sought great dissatisfaction in the governing body by all classes.
The fall of the Tsar only sparked the beginning of the Rise of Socialism and from here on Lenin aimed to increased the popularity of the Bolsheviks party. During the fall of the Tsar, a party formed the Russian Provisional Government which was heavily dominated by aristocrats and capitals led by Aleksandr Kerensky wanted to continue their involvement in World War I disregarding the social and economical status in Russia. Lenin capitalized on the growing disillusionment of people as the Provisional Government began losing popular support as increasing war-weariness and the breakdown of the economy overtaxed the patience of workers, peasants and soldiers. Lenin took charge and demanded peace, land and bread which won support among workers, soldiers and peasants which allowed the Bolsheviks majority vote.
Lenin’s decision to establish soviet power derived from his belief that the proletarian revolution must smash the existing state machinery and introduce a “dictatorship of the proletariat”; that is, direct rule by the armed workers and peasants which would eventually “wither away” into a non-coercive, classless, stateless, Communist society. He expounded this view most trenchantly in his brochure The State and Revolution, the brochure, though never completed and often dismissed as Lenin’s most “Utopian” work, nevertheless served as Lenin’s doctrinal springboard to power.
Until 1917 all revolutionary Socialists rightly believed, Lenin wrote, that a parliamentary republic could serve a Socialist system as well as a capitalist. But the Russian Revolution had brought forth something new, the soviets. Created by workers, soldiers, and peasants and excluding the propertied classes, the soviets infinitely surpassed the most democratic of parliaments in democracy, because parliaments everywhere virtually excluded workers and peasants. The choice before Russia in early September 1917, as Lenin saw it, was either a soviet republic—a dictatorship of the property-less majority—or a parliamentary republic—as he saw it, a dictatorship of the propertied minority.
After two revolutions, civil war broke out between the Red Army lead by Lenin and the White Army consisting of political monarchs, capitalist, alternative forms of socialism followers and former Tsarist generals. The White Army was supported by the Allies which advocates for capitalism as the Allies feared the Rise of Communism. However, By proclaiming the right of the peoples to self-determination, including the right to secession, he won the active sympathy, or at least the benevolent-neutrality, of the non-Russian nationalities within Russia, because the Whites did not recognize that right. Indeed, his perceptive, skillful policy on the national question enabled Soviet Russia to avoid total disintegration and to remain a huge multinational state. By making the industrial workers the new privileged class, favoured in the distribution of rations, housing, and political power, he retained the loyalty of the proletariat. His championing of the peasants’ demand that they take all the land from the gentry, church, and crown without compensation won over the peasants, without whose support the government could not survive.
0 notes
Text
Trump Phishing
Craft a phishing email attack aimed at Donald Trump that would succeed in luring Trump into clicking a link in an email.
Dear Trump,
This is your father, your small loan of a million dollars needs to be repaid in full, send your money to the link I’ve sent.
www.definitelynotascam.com
Love from,
Your father.
0 notes
Text
Social Engineering Simulator
You objective is to use social engineering over email to achieve the following objectives :
Obtain the Facebook login credentials from the Puppy Love organisation Facebook page
Organise for a payment of $1200 to be made to your fake account by the Puppy Love accounts team :
BSB : 123456, ACC NO : 12347890
The social engineering can only occur via the email link below. Puppy Love is a fictitious company.
0 notes
Text
Week 07 - Something Awesome
Reflection
Psychology is the study of the human mind and behavior by understanding human emotion, personality, intelligence, memory, perception, cognition, attention and motivation. Social engineering is utilizing the ideologies of psychology to manipulate individuals into divulging confidential or personal information that may be used for malicious intent.
In my blogs, I started off by exploring Karl Marx and how his ideologies affected the Rise of Communism which spread from Russia to many other countries. We ask, how is it possible for the words of one man who passed away before the events of the Russian Revolution still be relevant in todays society? Whilst arguing and fighting for workers right and wages isn’t occurring on a national scale, Unions act as the mediator between workers and companies. Karl Marx’s words are still relevant because of the inherent class differences of companies and workers, take for example the wage gap in America and the class struggle that exist between the rich and the poor.
Karl Marx and The Communist Manifesto ideologies were the driving force for many communist revolutions in China, Cuba, Russia and Vietnam. The cost of these revolutions were in the millions:
· Russian Civil War - 7 million – 12 million total casualties
· China Civil war - 8 million – 12 million deaths
· Vietnam Civil war - 800,000 – 3.8 million deaths
· Cuba Civil War - Over 5,000
In the scenario of Hitler and Germany, external factors such as:
· Repercussions of WWI
· Economical and social state of Germany
· Forcible introduction of Weimar Republic
· Rise of capitalism and communism
Lead society into a state of anger which allowed Hitler to feed their anger and provided “promises” that required his people to follow him unconditionally.
We explore history, understand the cause and effect of the situation and explore underlying issues such as the state of mind of people along with external factors. Most notably, we understand history in order to not repeat the same mistake again, however, we are relying on the human mind and emotions to enforce our actions. It is known that humans will always repeat the same mistakes as before, because under stress, we tend to retreat to habits of emotion regulation formed in the early stages of life. Habits rule under stress and when the regulatory processes of the prefrontal cortex are overtaxed from physical or mental exhaustion. Emotion regulation in the early stages of life are impulsiveness, poor judgement, self-obsession and volatile – primarily dominated by feelings. This is why when the social state of society is under immense stress due to the Rise of Communism and falling economic status it results in people being easily manipulated because people can feed the anger and stress of society and give society what it wants to hear in order to earn their trust.
Human evolution has come a long way and education is a key factor in helping people understand reality, themselves and their moralities, but our id still the same.
What is the id? Freud’s deconstructed the human psyche into 3 parts:
· Id – the primitive and instinctual part of the mind, containing sexual and aggressive drives along with hidden memories
· Ego – Realistic part that mediates between the desires of the id and the super-ego
· Super-Ego – the moral conscience
The id is the impulsive and unconscious part of our psyche which responds directly and immediately to the instincts. The personality of the newborn child is all id and only later does it develop an ego and super-ego.
The id remains infantile in its function throughout a person’s life and does not change with time or experience, as it is not in touch with the external world. The id is not affected by reality, logic or the everyday world, as it operates within the unconscious part of the mind.
The id operates on the pleasure principle which is the idea that every wishful impulse should be satisfied immediately, regardless of the consequences. When the id achieves its demands, we experience pleasure when it is denied we experience ‘unpleasure’ or tension.
The citizens of China, Russia, Vietnam and Cuba resorted to such emotions and as a result, the leader who lead the revolutions for each country also gave the people what they wanted which in regardless to human psyche, satisfied their desires, thus earning their trust in the hope that their leaders have societies best interest at heart.
We can see that social engineering is exploiting the vulnerabilities of humans, their emotions, and satisfying their desires by either presenting an idea that is satisfying regardless of the ramifications that occur during the process and after. After the civil war which results in the complete destruction of the opposing governing body, the surviving party assumes all assets and acquires complete control over a nation. In the minds of society, who rioted for better working hours, wages and conditions which we can see that has been achieved but at what cost. Whilst momentarily, society has gained what they were rebelling for but moving forward they have become a communist country which Marx describes it as “non-coercive, classless, stateless, Communist society” which results in the censorship and freedom of speech, equivalent to the loss of humanity.
In becoming a communist state, we are no longer in control, there is no free market and demand and supply, instead it is controlled by the governing body. However, the governing body controls all resources and aspects of our lives such as free speech and the access to information. E.g. Restriction from The Great Firewall.
It is difficult for us to understand because we take many things for granted and if we only have what people living in communist countries have. Would we be the same? Would we rebel and attempt to fight for more?
We have also never experienced comprising positions so when asked the age old question of “Individuality vs Security”, we would always back individuality because humans side with where they feel comfortable and safe.
0 notes
Text
Week 07 - Security Everywhere
Just my thought process based on real life experiences:
Trust and loyalty is very difficult to grasp and by placing your trust and loyalty in somebody, can we say that it is worthwhile?
There was a quote “A life of loyalty can be broken by a moment of disloyalty”(Not word for word - cant remember/find)
However, this comes down to human error, and essentially as humans we are flawed. The problem for human error is that the error exist because humans exist is there a way to punish/detect someone for the disloyalty/breaking of trust before they fully commit into.
Potentially, the great security risk is ourselves and human error and whether we can cover for such situations based on human error, which ironically and logically is no.
0 notes
Text
Week 07 - Reflective Blog of Lecture
How to establish a shared secret? Diffie Hellman
Publicly share a “base number”
Each person raises that “base” to a number they choose secretly, and then publicly share the raised number
Discrete log problem
It is very hard to reverse if the numbers are large enough
Once the raised number is received, the receiver will raise the new number to their secret number. Now both people will have the same number.
You can mod things to prevent numbers getting too large
“Forward Security”: even if people have the communications, and later find out the shared key, they can’t figure out the initial keys
Format strings
Printf vulnerability
Lets users print out the stack of the program. Information attack
%n in the string format, writes to memory. What’s written can be controlled by the user
Shell code: code which makes a shell pop up
Memory leak: vulnerability which lets you see the format of memory
Nop sled: long runs of “nop” at the front of your own inserted code. Then you have a bit of room to jump into, to get your own code to run
Defenders tried to detect long portions of \90, but then attackers find other ways to “do nothing”
Whack-a-mole
“Halting problem” means that the attacks will always win
Assets: what are you actually trying to protect
Physical assets, reputation, humans etc.
Make sure you are protecting the real assets
How do we find the assets?
Ask people, different perspectives
Red team the system
Make sure the asset list is constantly up to date
There are a lot of checklists etc. to comply by, but these really cover the bare minimum
Share registry: list of land titles, who owns what etc.
This was recently privatised
Coke: is the formula really what they need to protect. Their brand is more important honestly.
Coke vs Pepsi research studies
Tangible vs intangible assets
Bugs
Unwanted vulnerabilities
Once found notify company
If hired under bug bounty program
Report on it and submit it
Pen Testing
authorised simulated cyberattack on a computer system to evaluate security risk
identify weaknesses / vulns
full risk assessment
Possible consequences of breach
Data breach
Ransomware
Credentials compromised
IP
Importance
Discover vulnerabilities before others do
Test security controls
Firewalls
IPS
IDS
Diffie Hellman
Does not give authentication
Gives confidentiality (a bit of integrity)
Authentication in that you know it is the same person but not who they are
0 notes
Text
Week 07 - Reflective Blog of Case Study
This week in your tutorial class you'll be debating privacy - specifically should the government or government agencies collect and have access to your data for good purposes, or should citizens
· Data leaks
· Too much surveillance – big brother
· Data held by government can be used – e.g. campaign election
· Single point of failure
· Power corruption
· Government selling data
· Lost of the freedom of expression/freedom of speech
· A certain point of surveillance, a revolution cannot occur – 1984
· 3rd parties that access data pooled together can be use it for malicious intent – doctors accessing medical records
· People that work for the government have too much power
· Surveillance not expected to work as expected
Government forces companies/app developers to create a back door to their program – force decryption
0 notes
Text
5G Networks
What will you decide?
If you choose to allow Huawei to roll out the 5G network : write a letter to US President Donald Trump explaining why you have chosen to allow them to build the network and why you do not think it is a concern.
If you choose to not allow Huawei to build the 5G network, write a letter to the CEOs of Telstra, Vodafone and Optus, explaining the importance of the ban, and why the 3 x increased cost to them and their customers is work paying
Dear Trump,
I have decided to let Huawei roll out their 5G network into Australia because China is an important trade partner and not allowing them could potentially prevent further agreements later into the future.
Australia is a developed country with one of the lowest internet speeds of other developing and developed countries. I believe by allowing 5G we can see an exponential growth in this sector.
If China is really spying on us, which is probably already occurring, then regardless of Huawei rolling out the 5G network, China is already spying on us.
Regards,
Prime Minister of Australia.
0 notes
Text
Threat Modelling
Develop an attack tree for a company operating in the high voltage electricity transmission network in Australia, the US or Europe.
Consider the attacks against the business in areas such as business, national security, finance, assets, infrastructure. Consider who the attackers may be - including Russia, China and other global threats. Consider how they could have an impact on the company and network - including cyber attacks, supply chain attacks, people based attacks, espionage and coercion.
0 notes