TechNews digests: Jan - Nov 2008

TechNews is a technology, news and analysis service aimed at anyone in the education sector keen to stay informed about technology developments, trends and issues. TechNews focuses on emerging technologies and other technology news. TechNews service : digests september 2004 till May 2010 Analysis pieces and News combined publish every 2 to 3 month

Distributed architecture to enhance systems protection against unauthorized activity via USB devices

Cyberattacks exploiting Universal Serial Bus (USB) interfaces may have a high impact on individual and corporate systems. The BadUSB is an attack where a USB device’s firmware is spoofed and, once mounted, allows attackers to execute a set of malicious actions in a target system. The countermeasures against this type of attack can be grouped into two strategies: phyiscal blocking of USB ports and software blocking. This paper proposes a distributed architecture that uses software blocking to enhance system protection against BadUSB attacks. This architecture is composed of multiple agents and external databases, and it is designed for personal or corporate computers using Microsoft Windows Operating System. When a USB device is connected, the agent inspects the device, provides filtered information about its functionality and presents a threat assessment to the user, based on all previous user choices stored in external databases. By providing valuable information to the user, and also threat assessments from multiple users, the proposed distributed architecture improves system protection

Пособие по английскому языку для аудиторной и внеаудиторной самостоятельной работы для студентов дневной формы обучения специальностей 1-40 03 01 "Искусственный интеллект" и 1-53 01 02 "Автоматизированные системы обработки информации"

Ban Oksana Vasilievna. Цифровая реальность. English manual for classroom and extracurricular independent work for full-time students 1-40 03 01 "Artificial Intelligence" and 1-53 01 02 "Automated processing systems information"Пособие по английскому языку для аудиторной и внеаудиторной самостоятельной работы для студентов дневной формы обучения специальностей "Искусственный интеллект" и "Автоматизированные системы обработки информации" направлено на углубление языковых компетенций обучающихся. Основная цель данного пособия – развитие и закрепление навыков практического владения английским языком студентами. Задания составлены в соответствии с учебной рабочей программой, разработанной на кафедре иностранных языков по техническим специальностям БрГТУ и рекомендованы к изданию

Killing your device via your USB port

The USB killer is a testing device that has been marketed as having been designed to test the limits of the surge protection circuitry of electronics. The device can 'fry' an electronic device in a fraction of a second. The aim of this research is to identify to what extent the data that is stored on the device can be destroyed when utilising the USB Killer 2.0 since it could potentially become the weapon of a malicious user with access to a device with an active USB port. The authors conducted a series of experiments utilising the USB killer in different hardware configurations. The paper introduces the USB protocol and discusses the functionality of the USB killer before outlining the experiment and presenting the results of the study

Refining the PoinTER “human firewall” pentesting framework

PurposePenetration tests have become a valuable tool in the cyber security defence strategy, in terms of detecting vulnerabilities. Although penetration testing has traditionally focused on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyber-attacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper we reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. In this paper, we propose improvements to refine our framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny.MethodologyWe conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet our requirements to have an ethical human pentesting framework, we compiled a list of ethical principles from the research literature which we used to filter out techniques deemed unethical.FindingsDrawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, we propose the refined GDPR compliant and privacy respecting PoinTER Framework. The list of ethical principles, we suggest, could also inform ethical technical pentests.OriginalityPrevious work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature

The Impostor Among US(B): Off-Path Injection Attacks on USB Communications

USB is the most prevalent peripheral interface in modern computer systems and its inherent insecurities make it an appealing attack vector. A well-known limitation of USB is that traffic is not encrypted. This allows on-path adversaries to trivially perform man-in-the-middle attacks. Off-path attacks that compromise the confidentiality of communications have also been shown to be possible. However, so far no off-path attacks that breach USB communications integrity have been demonstrated. In this work we show that the integrity of USB communications is not guaranteed even against off-path attackers.Specifically, we design and build malicious devices that, even when placed outside of the path between a victim device and the host, can inject data to that path. Using our developed injectors we can falsify the provenance of data input as interpreted by a host computer system. By injecting on behalf of trusted victim devices we can circumvent any software-based authorisation policy defences that computer systems employ against common USB attacks. We demonstrate two concrete attacks. The first injects keystrokes allowing an attacker to execute commands. The second demonstrates file-contents replacement including during system install from a USB disk. We test the attacks on 29 USB 2.0 and USB 3.x hubs and find 14 of them to be vulnerable.Comment: To appear in USENIX Security 202

TechNews digests: Jan - Nov 2009

TechNews is a technology, news and analysis service aimed at anyone in the education sector keen to stay informed about technology developments, trends and issues. TechNews focuses on emerging technologies and other technology news. TechNews service : digests september 2004 till May 2010 Analysis pieces and News combined publish every 2 to 3 month

Design and Implementation of a Podcast Recording Studio for Business Communications

Podcasting is the creation of recorded information and its delivery over the Internet, using web syndication technology. Businesses around the world are increasing their use of podcasts as a means for delivering information to their customers and employees. The purpose of this project paper is to examine the business need for podcasting, and to demonstrate that businesses can assemble an inexpensive recording studio to create podcasts. The review of previous literature included an examination of why podcasting has become important to business communications; how some businesses are currently using podcasting as a communications tool; the technology involved in podcasting; and the tools needed to create podcasts and how web syndication is used to distribute the finished recordings to end users. The paper includes information on the audio recording software that is necessary to record and edit the podcast. Also included is a discussion of the additional audio hardware such as microphones and mixers that are required to record audio. Configuring the equipment in the podcasting studio is described. This includes setting up the computer to be used for recording, attaching the audio mixer to the computer, and connecting the microphone to the audio mixer. The installation of the recording software is also described. The paper concludes with recommendations for businesses to find ways to track the results of podcasts. Also included is a recommendation for further academic study of the uses of podcasting

ETHICS_ Communication Breakdown - It\u27s Always the Same (But it\u27s Avoidable)

Meeting proceedings of a seminar by the same name, held February 22, 2022