This document discusses generating random prime numbers for use in cryptography. It begins with an introduction to prime numbers and their importance in public key ciphers like RSA. It then covers generating random numbers, both true random sources from physical phenomena and pseudorandom number generators that appear random. The document discusses prime number theory, the importance of primality testing for large random numbers, and describes some common primality tests like Fermat's, Solovay-Strassen, and Rabin-Miller. It concludes with an implementation of a random prime number generator in Python using the Rabin-Miller test.
Y-Banners is a multi-level marketing company that sells cloud storage and web banner advertising packages. It allows individuals to become associates and earn commissions on product sales. The company's compensation plan includes bonuses, residuals, and career ranks for building a team and accumulating points in a binary tree structure. Top ranks receive luxury gifts such as cars for recruiting many new associates.
Vulnerabilities in login authentication methods and password storage in Windo...John-André Bjørkhaug
This document discusses vulnerabilities in login authentication methods and password storage in Windows 8. It begins with an introduction to alternative authentication methods introduced in Windows 8 to address usability issues with passwords on touchscreens. It then covers classic attacks on Windows password storage, such as extracting hashed passwords and cracking them with rainbow tables or GPUs. It also discusses bypassing login authentication through techniques like editing password hashes in the SAM file from an external operating system. The document focuses on new authentication methods in Windows 8 like PIN codes and picture passwords, analyzing their vulnerabilities. It concludes with recommendations for mitigating discussed vulnerabilities.
The document discusses the history and development of the Hagelin M-209 cipher machine used extensively by Allied forces in World War 2. It describes how Boris Hagelin developed earlier electromechanical rotor cipher machines in the 1920s and 1930s to compete with the German Enigma machine. Key developments included the fully mechanical C-35 in 1935 and subsequent models like the C-36 that addressed cryptanalysis. The US Army adopted a modified version called the M-209 in 1942, which went into mass production and over 140,000 were produced before the end of the war. The compact, portable M-209 remained the US Army's standard cipher machine through the Korean War, demonstrating its importance and longevity.
The international postgraduate program of Advanced Studies in Urbanism and Real Estate Development (ASURED) was specifically designed for RICS accreditation, which was granted in July, 2014. RICS (The Royal Institute of Certified Surveyors) is a prestigious real estate and urban planning accreditation body and was founded in the United Kingdom in 1868.
Fighting buffer overflows with Address Space Layout RandomizationJohn-André Bjørkhaug
This document discusses Address Space Layout Randomization (ASLR) as a defense against buffer overflow attacks. It begins with background on buffer overflows and the need for ASLR. It then describes how ASLR works to randomize the locations of programs, stacks, and libraries in memory. The document outlines ASLR implementations in major operating systems like Windows, Linux, Android, OS X, and iOS. It aims to provide a comprehensive overview of ASLR and its role in defending against buffer overflow exploits.
Determination of some heavy metals possibly present in drinking stations foun...dfajdbsj
This study analyzed water samples from drinking stations in various colleges at a university in Manila, Philippines to test for heavy metals. Water samples were collected from 7 locations on campus, including colleges of medicine, nursing, dentistry, pharmacy, and arts and sciences. The samples underwent acid digestion and were tested qualitatively for various heavy metals. They were also tested quantitatively for lead and cadmium using atomic absorption spectroscopy. The study found lead and cadmium concentrations in some samples exceeded EPA standards for safe drinking water. The presence of these toxic heavy metals poses a risk to students and others who consume water from the drinking stations on campus.
This document discusses generating random prime numbers for use in cryptography. It begins with an introduction to prime numbers and their importance in public key ciphers like RSA. It then covers generating random numbers, both true random sources from physical phenomena and pseudorandom number generators that appear random. The document discusses prime number theory, the importance of primality testing for large random numbers, and describes some common primality tests like Fermat's, Solovay-Strassen, and Rabin-Miller. It concludes with an implementation of a random prime number generator in Python using the Rabin-Miller test.
Y-Banners is a multi-level marketing company that sells cloud storage and web banner advertising packages. It allows individuals to become associates and earn commissions on product sales. The company's compensation plan includes bonuses, residuals, and career ranks for building a team and accumulating points in a binary tree structure. Top ranks receive luxury gifts such as cars for recruiting many new associates.
Vulnerabilities in login authentication methods and password storage in Windo...John-André Bjørkhaug
This document discusses vulnerabilities in login authentication methods and password storage in Windows 8. It begins with an introduction to alternative authentication methods introduced in Windows 8 to address usability issues with passwords on touchscreens. It then covers classic attacks on Windows password storage, such as extracting hashed passwords and cracking them with rainbow tables or GPUs. It also discusses bypassing login authentication through techniques like editing password hashes in the SAM file from an external operating system. The document focuses on new authentication methods in Windows 8 like PIN codes and picture passwords, analyzing their vulnerabilities. It concludes with recommendations for mitigating discussed vulnerabilities.
The document discusses the history and development of the Hagelin M-209 cipher machine used extensively by Allied forces in World War 2. It describes how Boris Hagelin developed earlier electromechanical rotor cipher machines in the 1920s and 1930s to compete with the German Enigma machine. Key developments included the fully mechanical C-35 in 1935 and subsequent models like the C-36 that addressed cryptanalysis. The US Army adopted a modified version called the M-209 in 1942, which went into mass production and over 140,000 were produced before the end of the war. The compact, portable M-209 remained the US Army's standard cipher machine through the Korean War, demonstrating its importance and longevity.
The international postgraduate program of Advanced Studies in Urbanism and Real Estate Development (ASURED) was specifically designed for RICS accreditation, which was granted in July, 2014. RICS (The Royal Institute of Certified Surveyors) is a prestigious real estate and urban planning accreditation body and was founded in the United Kingdom in 1868.
Fighting buffer overflows with Address Space Layout RandomizationJohn-André Bjørkhaug
This document discusses Address Space Layout Randomization (ASLR) as a defense against buffer overflow attacks. It begins with background on buffer overflows and the need for ASLR. It then describes how ASLR works to randomize the locations of programs, stacks, and libraries in memory. The document outlines ASLR implementations in major operating systems like Windows, Linux, Android, OS X, and iOS. It aims to provide a comprehensive overview of ASLR and its role in defending against buffer overflow exploits.
Determination of some heavy metals possibly present in drinking stations foun...dfajdbsj
This study analyzed water samples from drinking stations in various colleges at a university in Manila, Philippines to test for heavy metals. Water samples were collected from 7 locations on campus, including colleges of medicine, nursing, dentistry, pharmacy, and arts and sciences. The samples underwent acid digestion and were tested qualitatively for various heavy metals. They were also tested quantitatively for lead and cadmium using atomic absorption spectroscopy. The study found lead and cadmium concentrations in some samples exceeded EPA standards for safe drinking water. The presence of these toxic heavy metals poses a risk to students and others who consume water from the drinking stations on campus.
This document provides an overview and analysis of threats to smart grid networks and security architecture. It begins with background on smart grids and their benefits, but also notes security is often not adequately considered. The document then outlines its threat analysis approach, identifying threats by the STRIDE methodology (spoofing, tampering, etc.). It analyzes threats specifically to different parts of smart grids, including the distribution system operator, smart meters, communication lines, third party equipment, and the power grid itself. For each, it discusses the security risks and implications of various threats.
The document discusses plans for redeveloping Makati North in the Philippines' premier business district of Makati. It outlines a 5-year, 60 billion peso redevelopment plan for Makati Central Business District. Specifically, it details plans to transform Makati North through mixed-use developments including office, retail, hotel, and residential spaces, as well as civic spaces, walkways, and a sky park. A key part of the plan is the redevelopment of Gateway 1, which will include a retail podium, mall, alfresco dining, performance space, and sky park to be completed in phases by 2018.
This document provides a summary of key concepts in algebra of functions including basic operations, composite functions, domains and ranges, the vertical line test, odd and even functions, standard composite results, and the principle domain of trigonometric functions. It defines domain as the initial values input into a function and range as the set of output values. A function is a relation where each domain value corresponds to exactly one range value, as tested by the vertical line test. Odd functions have rotational symmetry around the origin while even functions have reflectional symmetry across the y-axis. Standard results are given for composing odd and even functions.
The document provides information on probability concepts including Venn diagrams, union and intersection of events, useful probability formulas, mutually exclusive vs independent events, and examples testing these concepts. Specifically, it defines union as "taking everything in A and B", intersection as "taking common parts in A and B", provides formulas for probability of unions and intersections, and shows how to determine if events are mutually exclusive or independent using the probability of their intersection. It also includes worked examples testing concepts like mutually exclusive events and independence.
X2 t01 01 arithmetic of complex numbers (2013)Nigel Simmons
The document discusses complex numbers. It begins by using an imaginary number, i, to solve the quadratic equation x2 + 1 = 0, which has no real solutions. It then defines i as the number that satisfies i2 = -1. All complex numbers can be written as z = x + iy, where x is the real part and iy is the imaginary part. Basic operations on complex numbers, such as addition, subtraction, multiplication and division, are discussed. The conjugate of a complex number z, denoted z*, is defined as z* = x - iy. Some key properties of conjugates are also outlined.
1. A veterinarian's rule is that 1 year of a dog's life is equivalent to 7 years of human life.
2. If a dog is 6 years old, its equivalent human age is 6 * 7 = 42 years.
3. To find the equivalent human age of a dog that is 10 years old, multiply the dog's age by 7. So a 10 year old dog's equivalent human age is 10 * 7 = 70 years.
The document discusses the development and properties of complex numbers. Integers were originally used to count whole objects, then fractions were developed to represent portions of wholes. Real numbers were created to represent all numbers that can be written as decimals. However, some equations like x^2=-1 do not have real solutions. To solve these, an imaginary number i=√-1 was defined, where i^2=-1. A complex number is defined as a number of the form a+bi, where a is the real part and bi is the imaginary part. Complex numbers can be added or subtracted by treating i as a variable.
The document discusses conditional probability and provides examples. It defines conditional probability P(A|B) as the probability of event A occurring given that event B has already occurred. An example calculates probabilities for drawing marbles from a bag. Another example finds probabilities for selecting chocolates with different flavors from a box containing chocolates of various flavors. Formulas and step-by-step workings are provided for calculating conditional probabilities.
A function is a relation where no x-values repeat. Function notation uses f(x) to represent the input and output, where f(x) is equivalent to y. To write a function rule for a table, you first try adding, subtracting, multiplying or dividing the input value x. Then check if the rule works for each pair of x and y values in the table. The steps are to make an educated guess and then verify it is correct.
This document discusses the complexity of primality testing. It begins by explaining what prime and composite numbers are, and why primality testing is important for applications like public-key cryptography that rely on the assumption that factoring large composite numbers is computationally difficult. It then covers algorithms for primality testing like the Monte Carlo algorithm and discusses their runtime complexities. It shows that while testing if a number is composite can be done in polynomial time, general number factoring is believed to require exponential time, making primality testing an important problem.
This document provides an introduction to partial fractions. It defines key terms like polynomials, rational functions, and proper and improper fractions. It then outlines the three main cases for splitting a fraction into partial fractions: (1) a linear factor (ax+b), (2) a repeated linear factor, and (3) a quadratic factor (ax^2+bx+c). For each case, it provides an example of how to write the fraction as a sum of partial fractions. It concludes by emphasizing two important checks: (1) the fraction must be proper, and (2) the denominator must be completely factorized before attempting to write it as partial fractions.
The document discusses solving rational equations by clearing fractions. It explains that to solve an equation with fractional terms, we first multiply both sides of the equation by the lowest common denominator (LCD) of the fractions. This clears the fractions by distributing the LCD. Then the resulting equation can be solved using normal algebraic techniques. Two examples are provided to demonstrate this process.
The document provides lessons on complex numbers. It defines a complex number as being of the form z = x + iy, where x and y are real numbers. It discusses operations like addition, subtraction, multiplication and division of complex numbers. It also defines the complex conjugate and gives some examples of performing operations on complex numbers.
Hyggelig gjensyn med presentasjon fra den gangen jeg underviste i Datakortet på Noroff Lillehammer/Oslo. Denne presentasjonen ble holdt første gang rundt årtusenskiftet.
This document provides an overview and analysis of threats to smart grid networks and security architecture. It begins with background on smart grids and their benefits, but also notes security is often not adequately considered. The document then outlines its threat analysis approach, identifying threats by the STRIDE methodology (spoofing, tampering, etc.). It analyzes threats specifically to different parts of smart grids, including the distribution system operator, smart meters, communication lines, third party equipment, and the power grid itself. For each, it discusses the security risks and implications of various threats.
The document discusses plans for redeveloping Makati North in the Philippines' premier business district of Makati. It outlines a 5-year, 60 billion peso redevelopment plan for Makati Central Business District. Specifically, it details plans to transform Makati North through mixed-use developments including office, retail, hotel, and residential spaces, as well as civic spaces, walkways, and a sky park. A key part of the plan is the redevelopment of Gateway 1, which will include a retail podium, mall, alfresco dining, performance space, and sky park to be completed in phases by 2018.
This document provides a summary of key concepts in algebra of functions including basic operations, composite functions, domains and ranges, the vertical line test, odd and even functions, standard composite results, and the principle domain of trigonometric functions. It defines domain as the initial values input into a function and range as the set of output values. A function is a relation where each domain value corresponds to exactly one range value, as tested by the vertical line test. Odd functions have rotational symmetry around the origin while even functions have reflectional symmetry across the y-axis. Standard results are given for composing odd and even functions.
The document provides information on probability concepts including Venn diagrams, union and intersection of events, useful probability formulas, mutually exclusive vs independent events, and examples testing these concepts. Specifically, it defines union as "taking everything in A and B", intersection as "taking common parts in A and B", provides formulas for probability of unions and intersections, and shows how to determine if events are mutually exclusive or independent using the probability of their intersection. It also includes worked examples testing concepts like mutually exclusive events and independence.
X2 t01 01 arithmetic of complex numbers (2013)Nigel Simmons
The document discusses complex numbers. It begins by using an imaginary number, i, to solve the quadratic equation x2 + 1 = 0, which has no real solutions. It then defines i as the number that satisfies i2 = -1. All complex numbers can be written as z = x + iy, where x is the real part and iy is the imaginary part. Basic operations on complex numbers, such as addition, subtraction, multiplication and division, are discussed. The conjugate of a complex number z, denoted z*, is defined as z* = x - iy. Some key properties of conjugates are also outlined.
1. A veterinarian's rule is that 1 year of a dog's life is equivalent to 7 years of human life.
2. If a dog is 6 years old, its equivalent human age is 6 * 7 = 42 years.
3. To find the equivalent human age of a dog that is 10 years old, multiply the dog's age by 7. So a 10 year old dog's equivalent human age is 10 * 7 = 70 years.
The document discusses the development and properties of complex numbers. Integers were originally used to count whole objects, then fractions were developed to represent portions of wholes. Real numbers were created to represent all numbers that can be written as decimals. However, some equations like x^2=-1 do not have real solutions. To solve these, an imaginary number i=√-1 was defined, where i^2=-1. A complex number is defined as a number of the form a+bi, where a is the real part and bi is the imaginary part. Complex numbers can be added or subtracted by treating i as a variable.
The document discusses conditional probability and provides examples. It defines conditional probability P(A|B) as the probability of event A occurring given that event B has already occurred. An example calculates probabilities for drawing marbles from a bag. Another example finds probabilities for selecting chocolates with different flavors from a box containing chocolates of various flavors. Formulas and step-by-step workings are provided for calculating conditional probabilities.
A function is a relation where no x-values repeat. Function notation uses f(x) to represent the input and output, where f(x) is equivalent to y. To write a function rule for a table, you first try adding, subtracting, multiplying or dividing the input value x. Then check if the rule works for each pair of x and y values in the table. The steps are to make an educated guess and then verify it is correct.
This document discusses the complexity of primality testing. It begins by explaining what prime and composite numbers are, and why primality testing is important for applications like public-key cryptography that rely on the assumption that factoring large composite numbers is computationally difficult. It then covers algorithms for primality testing like the Monte Carlo algorithm and discusses their runtime complexities. It shows that while testing if a number is composite can be done in polynomial time, general number factoring is believed to require exponential time, making primality testing an important problem.
This document provides an introduction to partial fractions. It defines key terms like polynomials, rational functions, and proper and improper fractions. It then outlines the three main cases for splitting a fraction into partial fractions: (1) a linear factor (ax+b), (2) a repeated linear factor, and (3) a quadratic factor (ax^2+bx+c). For each case, it provides an example of how to write the fraction as a sum of partial fractions. It concludes by emphasizing two important checks: (1) the fraction must be proper, and (2) the denominator must be completely factorized before attempting to write it as partial fractions.
The document discusses solving rational equations by clearing fractions. It explains that to solve an equation with fractional terms, we first multiply both sides of the equation by the lowest common denominator (LCD) of the fractions. This clears the fractions by distributing the LCD. Then the resulting equation can be solved using normal algebraic techniques. Two examples are provided to demonstrate this process.
The document provides lessons on complex numbers. It defines a complex number as being of the form z = x + iy, where x and y are real numbers. It discusses operations like addition, subtraction, multiplication and division of complex numbers. It also defines the complex conjugate and gives some examples of performing operations on complex numbers.
Hyggelig gjensyn med presentasjon fra den gangen jeg underviste i Datakortet på Noroff Lillehammer/Oslo. Denne presentasjonen ble holdt første gang rundt årtusenskiftet.
3. Hvorfor studere autentisering i Windows 8
•Mange papers å skrive på en masterutdanning ...
•"Foundations in information security" @ HiG
•"Vulnerabilities in login authentication methods and password storage in Windows 8"
•http://www.slideshare.net/JohnAndrBjrkhaug/bjorkhaug2014windows8
4
5. Klassiske passordsårbarheter [1] Hashes
•Hash av passord er lagret i SAM database
•Ingen salt (random data lagt til passord)
•Brute-Force, Dictionary, Rainbowtable
•LM (Opp til Windows Vista/2008)
•Passord -> omgjort til store bokstaver og delt i 7+7
•Rainbowtable -> 14 tegns passord, alle tegn
•NTLM
•Rainbowtable -> 8 tegns passord, alle tegn
•Kan brukes i «pass-the-hash» attack
•Logger på enheter med samme passord vha hash over nettet (SMB)
•Metasploit
•Snakk med Per ! :-)
6
6. Klassiske passordsårbarheter [2] Omgå passord
•Bytt passord vha offline editering av Registry
•Linux boot CD (Peter Nordahl-Hagen)
•Patch pålogging ved oppstart
•KonBoot
•Patch autentiseringsmekanisme i minne
•FireWire (Inception, Carsten Maartmann-Moe)
•PCI Express (DefCon 2014, Fitzpatrick/Crabill)
•Utility manager, Utilman.exe (Win+u)
•Sticky keys, sethc.exe (shift x 5)
7
7. Klassiske passordsårbarheter [3] "Klartekst"-lagring av passord
•Innført i Windows XP
•Wdigest
•"Single sign on" mot HTTP (eks Sharepoint)
•tspkg
•"Single sign on" mot RDP (Remote Desktop)
•LiveSSP, Kerberos +++
•Disablet i Windows 8, men enables hvis SSO blir benyttet
•Kryptert med LsaProtectMemory, men dekrypteres lett med LsaUnprotectMemory<-fast nøkkel :-D
•mimikatz fra Benjamin Delpy
•Windows Credential Editor fra Amplia Security
8
9. Alt det gamle fungerer fortsatt!!!
•Offline registry edit
•NTLM, ingen salt -> Rainbowtables
•Pass-the-Hash
•Patching av autentiseringsmekansime, boot eller i minne
•WDigest etc.
•Utilman/Sethc
•Microsoft: Hvorfor?
10. Touchscreen og passord
•Skjermtastatur
•Kronglete med 1337Pa$$W0rD!!#
•iOS & Android
•PIN
•Mønster
•PWND -> Shouldersurfing
•Ansiktsgjennkjenning
•Pwnd -> bilde
•Fingerprint (iPhone 5, Galaxy S5)
•Pwnd -> trelim
•Windows 8 på mange forskjellige enheter nå
11
Bildet hentet fra: http://www.abica.co.uk/uncategorized/windows-8-business-personal-or-both/attachment/windows-8-devices/
12. DPAPI & Windows Vault [1]
•Data Protection Application Programming Interface
•Introdusert i Windows 2000
•Ingen detaljer offentliggjort av Microsoft
•Enkel metode for å lagre sensitive data på disk
•Outlook, Skype, Internet explorer, Credential manager, Microsoft Vault (erstatter Credential Manger fra Windows 7) etc etc
•Windows 7
•AES256 encryption in CBC-mode
•SHA512 for hashing
•PBKDF2 for nøkkelgenerering i public key
13
13. DPAPI & Windows Vault [2]
•Nøklerhentes fra master key file, og lagres i minne
•Kan da hente ut passord ol. fra Vault
•Pre-Windows 8: Kun innlogget bruker
•FOM Windows 8: DPAPI-NG. Samme «database» for alle lokale brukere på samme maskin
•PIN, Picture password og fingeravtrykk, gjør at passord blir lagret i Vault!
14
14. PIN
•Maksimum 4 siffer !
•Statistikk: http://www.datagenetics.com/blog/september32012/
•Bruk av PIN gjør at både PIN og passord lagres i Vault
•Fram til januar 2014, kun russiske Passcode med kommersiell "dyr" programvare kunne lese ut informasjon fra Vault
15
16. Bildepassord
•Shoulder surfing
•Bruk av bildepassord gjør a både koordinater og passord lagres i Vault
•Dump med mimikatz:
17
Bilde hentet fra: Bilde fra Terminator 2
17. Fingeravtrykk
•Mythbusters
•Latex
•Papir
•youtube.com/watch?v=lkvwhInv828
•Bruk av fingeravtrykk gjør at både fingeravtrykk og passord lagres i Vault
•Dump med mimikatz:
18
18. 19
Flerfaktorautentisering
•Ved bruk av Smart kort, lagres PIN og passord i Vault
•Dump med mimikatz fra Delpy --------->
19
20. Løsninger
Full Disk Encryption
Bitlocker
BIOS passord
Tastelås på enheter/skjermsparer
Ikke bruk Firewire
Lås PC kabinett (PCIe)
Rope på Microsoft ...?