Showing posts with label Spoofing. Show all posts
Showing posts with label Spoofing. Show all posts

February 13, 2018

Cyber Attacks Typology

Saw this acronym to describe the types of cyber threats and thought it was useful.

STRIDE

Spoofing - Falsifying identity to gain systems access

Tampering - Making unauthorized changes to data or systems

Repudiation - Forging identify of actions to data or system to deny responsibility or even blame a 3rd party

Information Disclosure - Stealing (exfiltrating) information and disclosing it to unauthorized individuals

Denial of Service - Depriving legitimate users access to data or systems

Elevation of Privilege - Transforming user account to allow it to exceed legitimate user privileges (e.g. admin account or superuser)

Funny-sad enough, these six types of cyber attacks can cause any information security officer to lose their stride. ;-)

(Source Photo: Andy Blumenthal 
Share/Save/Bookmark

July 30, 2013

When GPS Takes You Down The Wrong Path

Mashable is reporting that a team of university students from University of Texas at Austin were able to spoof the GPS receivers on an $80 million yacht with false signals and make it veer off course without anyone even noticing!

I remember a couple of years ago, I was heading to an offsite meeting for work. 


It was planned for a location that I wasn't extremely familiar with.


Of course, I turned on my GPS device in the car and set the destination.


It was a cold snowy day--the roads were iced--and it was already treacherous driving. 


But I followed the GPS directions to a T.


I ended up in someone's backyard--at a dead end--practically in the middle of a cornfield. 


I'm thinking to myself Crap!--what type of crazy GPS is this? 


Thank G-d, I had my smartphone in my pocket and I opened up the GPS app on it and set the destination again. 


Sure enough, it takes me off and running to the meeting location--about 10 minutes away!


Some things I learnt:


1) OMG, we are so very dependent on our technology; with technology gone wrong, I was stuck in nowhere land USA; with it right--I got out of there and to the correct location and thank G-d. 


2) GPS is a capability that is critical for everything from getting us to where we need to go to getting our missiles to hit on target. Take away or mess with our GPS and we end up missing the mark--potentially big time and with devastating consequences. 


3) Always have a backup, plan B. One GPS can be wrong as in this case, while the other GPS was correct. Redundancy and contingency planning is a must have, period. 


4) When you're heading down the wrong road (or you're off course in international waters), man up and admit it and make a course correction. You don't win any brownie points for continuing to drive into the cornfields. ;-)


(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

July 6, 2008

Biometrics and Enterprise Architecture

Biometrics is “the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.” (Wikipedia)

Biometrics is crucial for identifying and taking out of play enemy combatants, terrorists, and criminals or for providing access to trusted employees or partners in public or private sector organizations, like the intelligence community, defense, security, and various sensitive industries like financial, telecommunications, transportation, energy, and so forth.

National Defense Magazine, November 2007 has an article on the significant advances being made in biometric technologies and their applications to our organizations.

According to “’The National Biometrics Challenge,’ a report produced by the Office of the President’s National Science and Technology Council…’a tipping point in the maturation of the technology has been reached.’

Both the FBI’s Information Services Division and The Department of Defense Biometric Fusion Center are leading the way in this field.

Currently, identity is established based on the trinity: “something you know (such as a password), something you have (like an identity card), or something you are, which is where biometrics comes in.”

Biometrics includes technologies for recognizing fingerprints, facial features, irises, veins, voices, and ears, and even gait.

But these are technologies identification means are not fool-proof: remembering multiple complex passwords can be dizzying and identity cards can be lost, stolen, or forged. So biometrics becomes the cornerstone for identity management.

However, even biometrics can be spoofed. For example, fake rubber fingers have been used in lieu of a real fingerprint (although now there are ways with living flesh sensors to protect against this). So therefore, biometrics is evolving toward “multi-modial” collection and authentication. This could involve using 10 fingerprints versus one or combing fingerprint, iris scans, and digital mugshots (called the “13 biometrics template” and used to gain access in U.S. managed detention centers in Iraq) or some other combination thereof.

Biometrics has advanced so much so that an Iris scan system from Sarnoff Corp. of Princeton NJ “can scan and process 20 people per minute from distances of about 10 feet away, even those who are wearing glasses.”

The keys to further enterprise application of these technologies in our enterprises are the following:

  1. Lowering the cost (especially to make it available to local law enforcement agencies)
  2. Making it rugged enough for extreme environments for the military
  3. Making it portable so that it can be used for a variety of law enforcement and defense operations
  4. Reengineering business processes so that measurements are captured, stored, accessible, and readily available for making a match and generating a decision on someone’s identity in real-time
  5. Developing policies that “effectively govern the proper use of the data” and ensure adequate protection for civil liberties and privacy.

Overall, biometrics has moved from emerging technology to applied technology and needs to be planned into your identity management architectures.


Share/Save/Bookmark