March 29th 2015

Securi-Tay IV Conference, 27th February 2015, Dundee

Back in February, I attended the Securi-tay IV infosec conference, run by the students from Abertay’s Ethical Hacking Society. It included fantastic talks, great networking opportunities, and a chance to catch up with people I hadn’t seen for a while. A good day all round. The students deserve a huge well done for arranging and managing the event.

I thought I’d give a brief overview of the talks I attended on the day.

The Five Stages of Security Grief by Gavin Millard (Tenable)
This talk was based on the Kϋbler-Ross model of grief (denial, anger, bargaining, depression and acceptance) and how it applies to the world of computer security. Due to security issues, companies will spend $76.9 billion on the topic in 2015 alone. It was mentioned that education is the key to moving on from denial- this was an interesting point as my research is currently focussed around educating users about security issues.

 

Virtual Terminals and POS Security; How I Had the Chance to Become a Billionaire by Dr Greg Fragkos
This was perhaps one of my favourite talks at the conference and a lot of people were talking about it afterwards! The talk essentially explained just how easy it could be to abuse POS terminals. Obviously, much of the vital information was redacted from the talk (such as specific keypress combinations needed) but the theory alone was terrifying!

 

Robbing Banks and Other Fun Tales by Freaky Clown
An interesting talk on how to use penetration testing techniques and social engineering to get into buildings. He made it sound so simple and I’m amazed at the places he managed to get into without being questioned. Great talk!

 

We Don’t Take Kindly to Your Types Around Here by Graham Sutherland
The software developer in me had been looking forward to this talk. Serialization is a concept that I’ve been discussing in one of my classes this semester and, this talk covered some of the security issues involved when serializing/deserializing objects in languages such as PHP, C# and Java. The talk has made we want to write a few test programs to see if I can replicate some of the flaws in Java.

 

Guest to Root- How to Hack Your Own Career Path and Stand Out by Javvad Malik
I’d heard of Javvad via Twitter and knew he had published many infosec videos, so I was looking forward to his talk. He focussed on how to get noticed in the security industry, and how to prevent yourself from just blending in as just another “faceless” employee. A very engaging talk.

 

Social Security by Dr Jessica Barker
Jessica’s talk sounded like one which might fit in with my research- I was right! The talk concentrated on various aspects of infosec, leaning towards the sociological/psychological side. It largely confirmed what I’ve concluded from my work- the biggest security flaw nowadays is humans! Many people simply suggest that users are stupid, which is a form of victim blaming. Instead, it depends on how you teach the user about security- if you make a user feel stupid during this process, they will shut down. Users must be encouraged to see why the topic of security matters to them.

 

Abusing Blu-ray Players- Stephen Tomkinson (NCC Group)
This talk considered a security issue I hadn’t really thought about: how to circumvent the sandboxed system of a device like a blu-ray player. Stephen demonstrated a number of ways in which he bypassed the security measures the player had implemented, so an attack could begin. If you want to read a little bit more on the subject, Security Week wrote an article about the research- http://www.securityweek.com/attackers-can-use-blu-ray-discs-breach-networks-researcher.

 

If these talks sound interesting, a selection of them were filmed and will be available to watch on YouTube shortly. They will be available from https://www.youtube.com/user/AbertayHackers

March 28th 2015

Jersey Boys, His Majesty’s Theatre, Aberdeen, 7th March 2015

Oh what a night (well, afternoon….see what I did there?). I’d heard a lot about Jersey Boys, and I even passed the theatre it was playing in on Broadway a few years ago. When the UK tour rolled around, I had to get tickets.

The premise of the show: it’s a jukebox musical that chronicles the story of The Four Seasons: how they got together, their successes, their money issues and how they broke-up. Bonus: it’s full of songs you’ve probably heard before.

What did I think of it? Absolutely brilliant show, great performances by the cast. Another show to see again!

February 16th 2015

Benchmarking the Raspberry Pi

raspberry pi
Since I now have various models of the Raspberry Pi sitting on my desk, I figured I’d benchmark them (to satisfy my own curiosity). Obviously, the new Raspberry Pi 2 Model B is faster, that’s a no brainer, given the improved spec of the system.

A few points before I begin. My Raspberry Pi Model B is the version with 512MB RAM. As for cases, my Model B is in an original Pibow case, the other 2 devices are encased within Pibow Coupes. All have 16GB class 10 SD Cards in them. No overclocking, no overvolting. I’m not going to list the full spec of each of the devices; this page contains information for each revision.

The benchmarking tools came from Roy Longbottom. Longbottom’s site provides a comprehensive library of benchmarking tools, along with an explanation of what each of the tests actually do.

Here’s a summary of the tests I ran.

Whetstone Benchmark
Raspberry Pi Model B Raspberry Pi Model B+ Raspberry Pi 2 Model B
MWIPS (million whetstones instructions per second) 270.808 272.801 530.060
secs 10.044 9.934 9.980
Dhrystone Benchmark
Raspberry Pi Model B Raspberry Pi Model B+ Raspberry Pi 2 Model B
Nanoseconds one Dhrystone run 671.88 668.75 370.00
Dhrystones per Second 1488372 1495327 2702703
VAX MIPS rating 847.11 851.07 1538.25
Linpack Double Precision Unrolled Benchmark
Raspberry Pi Model B Raspberry Pi Model B+ Raspberry Pi 2 Model B
MFLOPS (mega floating-point operations per second) 41.76 44.02 119.79
Livermore Loops Benchmark (overall ratings)
Raspberry Pi Model B Raspberry Pi Model B+ Raspberry Pi 2 Model B
Maximum 146.7 148.6 250.1
Average 64.4 64.7 126.6
Geomean 54.8 55.0 115.4
Harmean 46.7 46.7 104.3
Minimum 21.3 17.6 41.8

I also ran a few temperature tests though I’m not convinced the results I got were accurate. The tests showed that the Model B produced temperature readings which were 7-8 degrees celcius higher than the other 2 Pis. It had been sitting running constantly for a few days prior to testing so I’d expect it to be warmer in this case. The other 2 Pis had only just been switched on.

So there you have it. The Raspberry Pi 2 Model B is definitely faster (duh). Still, I think the figures presented in each of the tables make for an interesting comparison.

February 14th 2015

Raspberry Pi 2 Model B and a camera flash

You may have heard about an issue with the new Raspberry Pi 2 Model B computers which were released recently. If you haven’t, the story is that the Pi will unexpectedly reboot if a camera flash is triggered too close to the computer. Apparently it’s caused by the photoelectric effect, which is very interesting. The camera has to be relatively close for it to work though and I don’t think it’s a huge issue. Cool though!

My conclusion: the Pi is shy, and there’s nothing wrong with being shy.

I managed to replicate the issue, and I have posted a video of it on YouTube.

February 14th 2015

Raspberry Pi 2 Model B- an overview

Last Monday, the Raspberry Pi foundation announced the launch of the Raspberry Pi 2 Model B. Being a massive geek, I had to purchase one, and on Tuesday evening, one landed on my doorstep.

The Raspberry Pi 2 Model B is a huge improvement compared to both the first and second revisions of the original Raspberry Pi Model B. The original Model B had a 700 MHz single-core ARM1176JZF-S processor and 256MB RAM. The newly released Raspberry Pi 2 Model B features a 900MHz quad-core ARM Cortex-A7 CPU and 1GB RAM. Saying that it’s much faster is an understatement!

The Raspberry Pi 2 Model B also features 4 USB ports, 40 GPIO pins, HDMI port, Ethernet port, 3.5mm audio jack/composite video port, camera interface, display interface, micro SD card slot and a VideoCore IV 3D graphics core. All for just under £30 which is an absolute bargain!

The new Raspberry Pi will also be capable of running Windows 10. Microsoft announced the version of Windows 10 for the Pi will be free and will run natively. Currently, the Maker community is being encouraged to register as a Windows Internet of Things Developer. The link is- https://dev.windows.com/en-us/featured/raspberrypi2support.

Though I haven’t yet had much time to play with the new Raspberry Pi, I’m really excited about the development. I think the foundation are making computing education more accessible and affordable. Purchasing my first Pi inadvertently taught me about electronics, and it even got me soldering again (something I hadn’t done since my first year of High School). If a Pi has had that effect on me, a seasoned nerd, it must be fantastic for those just starting to learn about computers.

Anyway, I’m off to think up some new projects for my new Pi!