With OS X Yosemit – Who’s next in Apple’s sights?


Apple are well known for their focus on constraining both hardware and software vendors to work within their specifications for Mac OS X and iOS. They are also a company who have the resources to target a successful business area for others, and have the resources to follow through and gain significant adoption. From a company who were floundering with computer systems which did not fit-in with the main-stream, and build with custom chips and with their own operating system, they have effectively become the company who set the standards within the computing industry, and in a way that IBM did in the 1970s. So with the release of Yosemite, we’ll see who Apple have in their sights. As other computer companies sit back, and try not to rock the boat, Apple have shown it has the guts to take on the industry, and steer it in their direction. From since the glory days of IBM has seen such a drive on setting industry standards.

Adobe stand-off

After the computing industry shook off its IBM dominance, Apple’s main competitor was flashMicrosoft, and, through meetings with Steve Jobs and Bill Gates, the two companies managed to work together, especially around the porting of Microsoft Office to the Mac. The main target, though, for Steve Jobs was Adobe Flash, who, in April 2010, wrote an open letter outlining the reason that Apple would not support Flash on the iPhone, iPod touch and iPad. For any software house, the reasons given were a dead-nail, and included:

  • Considerable energy consumption.
  • Poor security.
  • Lack of touch integration.
  • Poor performance on mobile devices.

And, to push them off the mobile platform, he dictated that there was a desire to exclude third party software coming between the developer and the operating system, and that Flash, which was claimed to be open software, was a closed system.

This was the beginning of the end for Flash for mobile devices, where developers had to quickly migrate their software towards the iOS, or quickly lose customers. For many Adobe Flash had been the way to develop once for a range of platforms, and possibly this was at the root of the problem for mobile devices, as Adobe were trying to cover so many bases. With this a developer could develop for a desktop, and then the same Flash content would run on both Android and Apple iOS. It was one of the few software plug-ins that could cover all of these, and which seamlessly downloaded the plug-in and associated updates. From an industry point-of-view, the future looked rosy for a platform that could cover the migration from desktops to mobile devices, but Apple’s decision effectively stopped them in their tracks. Apple tried to justify its approach too by stating that online video no longer required Flash, leaving Apple plug-ins such as QuickTime ready to take on the increasing requirements for video streaming.

For all the arguments around it’s cross-platform nature, Adobe Flash has been weak around its security integration, and has ended-up being the rogue’s gallery for software vulnerabilities, being highlighted with one of the three main threats which expose users to malware: CVE-2013-5331 (Adobe Flash), CVE-02007-0071 (Adobe PDF) and CVE-2013-1723 (Java). If a user has an unpatched system, they can be exposed to each of these vulnerabilities.

The threats are fairly easy to implement for script kiddies using exploit kits such as the Phoenix Exploit Kit v2.5, which has all the scripts required to create the documents and the code required to exploit the user’s machine (Figure 1). There’s a whole industry in exploit kits, where, for a maintenance fee, the Exploit Kit creators will patch their exploits to make use of the most up-to-date vulnerabilities, and try and overcome some of the patches applied by venders.

Apple have, though, removed the restrictions related to third-party tools, languages and frameworks, which does allow Flash deployments on iOS using Adobe’s iOS Packager. This approach is still risky for many developers, as the door may be closed on future updates. For Adobe, the have moved their efforts away from a Flash plug-in for mobile browsers, and to port their ActionScript programming language and Adobe AIR towards native mobile apps.

slide24Figure 1: Adobe and Java exploits

Yosemite and the user experience

The clash with Adobe Flash highlights that Apple identified that there was a great worry that customers would move away from the App Store, as equivalent Flash applications would have provided a suitable alternative, especially as applications could be developed to support not only iOS, but also Windows, Linux, and Android. Along with this, Apple are keen to control the user experience, as the new Yosemite, where they have seamlessly integrates a new look-and-feel for the user. As shown Figure 2, Apple have gone for a flatter user experience, and it is one which users take to almost instantly, and actually forget the updates to the GUI. This approach is to not radically change, as we have seen with Windows 8, but to seamlessly update and refresh.
Screen Shot 2014-10-20 at 08.40.21Figure 2: Yosemite OS X

A demo is shown here:

Personal opinion

I have personally spent a great deal of time developing with Flash, but it became along unmanageable to maintain the ActionScript code. So when ActionScript 2.0 came along, I had the decision to port all my code to ActionScript 2.0 or to go with Java or .NET. My choice was .NET, and I’ve never regretted it. Unfortunately .NET is not really that well supported on iOS from a user interface point-of-view, but I’ve generally spent my time developing for the Web, and with ASP.NET MVC, I have the perfect development environment, where I can share code across my applications, and clearly separate the user interface from the middleware. So, here’s one of my old Flash apps:


The next target?

With Apple now content in constraining the applications and user experience that they gain on OS X and iOS, their next target is Cloud synchronisation, as users are increasingly storing their content onto Cloud-based systems. With a generalised Cloud synchronisation package, such as Dropbox, users can easily update all of their files on a range of device, of which could be both Apple-based or not. This provides users the ability to move and edit their documents on Windows or Mac desktops, and then synchronise on their mobile devices (typically either an iPad or an Android tablet).

The Cloud sync package thus holds a great deal of power in the way that systems are architected, and users will develop trust in their Cloud sync provider, especially as they do not have to backup their system with complex software. And so the target for Apple is Cloud sync apps, and one of the key features of Yosemite is its seamless integration with the iCloud, where files can be synched between Apple iOS and Mac OS X. This is especially focused on users with an Apple iPhone, an Apple iPhone, and a Mac book. For them, from Apple’s point-of-view, the three devices are integrated together, but it risks a closed Cloud environment, which pushes out Windows and Android, and could lead to a lock-in for users.


Adobe possibly tried to cover too many bases with their Flash plug-in, and forgot that mobile devices were different beasts to desktops, and where the consumption of energy and CPU were not good things. They slipped too in consider security considerations for the desktops, and have become part of the rogues gallery, being the exploit of choice for malware writers. The writing was on the wall, though, with the move towards HTML 5, and the track for Flash was always going to be a difficult one, especially as Flash has always been seen as a resource hogger.

With the latest integration of Yosemite OS X, we can see the coming together of a range of devices to seamless integrate them. For Apple, they would like users to have all three of their devices, so Yosemite sees the first real attempt to bring them together using the iCloud. Thus Dropbox and Cloud sync providers are now a target for Apple, and, for a company that Steve Jobs tried to buy many years ago for its iCloud, it has managed to develop a strong business, but one will see if it can stand up against the might of Apple. Some small integration issues around the installation of Yosemite perhaps show it will be a bumpy ride for Dropbox.

Analysis of UK General Election Betting


Previously I have analysed the betting patterns around the Scottish Independence referendum, and found some significant trends (here). So, while the UK election is still a long way of, this blog will analyse some of the trends within the UK election, and see if we can use some of the pointers from the Scottish Independence referendum to highlight possible signposts. One thing that was highlighted in the analysis of the referendum is that the bookies actually predicted the result, and give pointers to the geographical votes, at an earlier stage than many of the analysts.

Outline of odds

In the UK election poll, there are four horses in the race, so over the next few months we’ll be analysing the key turning points in the odds. The way that odds are normally defined is the fraction which defines the return, so Evens is 1/1, where for every £1 bet, you will get £1 back in addition to your stake (so you get £2). If the odds are 2/1 (2-to-1 against), you get £2 back plus your stake (so will get £3 on a win). For 1/2 (or 2-to-1 on), you get half your money back, and you’ll get £1.50 on a win. These types of odds are known as fractional odds, where the value defines the fraction for your payback. The multiplier, though, does not show your stake coming back to you, so decimal odds are used to represent this, and defines a value which is multiplied to the stake to give the winning amount (basically just the fractional odds plus 1, and then represented as a decimal value).

The factional odds value of Evens gives a decimal odds value of 2 (where you get £2 back for a £1 stake), and 2/1 (2-to-1 against) gives 3.0, while 1/2 (2-to-1 on) is 1.5. In terms of roulette, Evens would define the odds for a bet of Red against Black (as each are equally probable). In roulette, though, the odds are slightly biased against the player for a Red v Black bet, as 0 changes the odds in favour of the casino. For betting, overall, bookmakers try to analyse the correct odds so that they have attractive ones (if they want to take the best), against others. If they take too much of a risk, they will lose, so their odds around the election vote should be fairly representatives of the demand around bets, and the current sentiment around the debate.

Current betting

As of 27 October 2015, the average decimal bets are given in Table 1. It can be seen that there is not much between Labour and Conservative, where Labour are moving in with their odds, and the Convseratives moving slightly out. UKIP, though, have moved from 44/1 to 40/1 in the last two weeks, while the Liberal Democrat vote has drift out to 308/1, with some bookies offering 1000/1, which is not even odds you would see in FA Cup betting.

Table 1: Current average odds

Labour 1.67 (approx 4/6)  – shortening from 1.7  on 19 Oct 2014
Conservative 2.15 (approx 11/10) – lengthing from 2.1 on 19 Oct 2014
UKIP 41 (40/1) – shortening from 45.8 (approx 44/1) on 19 Oct 2014
Liberal 309 (308/1) – lengthing from 267.8 (approx 266/1)

To put a bid of context, Stoke City ar 40/1 to win the FA Cup, and Yeovil or Leyton Orient are 200/1 to win it. So, in terms of football, UKIP are Stoke, and the Liberal Democrats are Yeovil. For Labour, it is a home win for Cardiff  against  Leeds, and for the Conservatives it is Stoke to beat West Ham at home.

Majority or not?

In terms of a majority of seats, the current average betting (27 October 2014) favours no overall majority at 1.9 (which is 10/11), followed by a Labour majority at 3 (2/1), and then a Conservative majority at 4.4 (10/3). A UKIP majority comes in at 56 (which is 55/1) and Liberal Democrats at 280 (which is 279/1).

In terms of the next UK Government, a Labour Government is pitched at an average of 3 (2/1) with a Conservative one at 4.3 (10/3), and a Labour/Liberal Democrat Coalition at 5.1 and  Conservative/Liberal Democrat Coalition at 6.5 [21/5]. The minority governments for both Conservative or Labour sit at 7.9 [7/1] and 8.2 [7/1], respectively, with any coalition for UKIP at 8 [7/1]. The next contender is a Conservative/UKIP coalition at 12.1 [56/5].

1. Labour Majority 3 [2/1]
2. Conservative Majority 4.3 [10/3]

3= Labour/Liberal Democrat coalition 5.1 [4/1]
3= Conservative/Liberal Democrat Coalition 6.5 [21/5]

5= Any Coalition Involving UKIP 8 [7/1]
5= Conservative Minority 7.9 [7/1]
7. Labour Minority 8.2 [22/3]
8. Conservative/UKIP coalition 12.1 [56/5]


  • Conservative/Labour coalition 51 [50/1]
  • Labour/UKIP coalition 67 [66/1]
  • Labour/SNP coalition 101 [100/1]
  • UKIP Majority 101 [100/1]
  • Lib Dem Majority 317.7 [316/1]

In a related bet, you’ll get around 1.1 [1/10] for a male prime mininter and 6 [5/1] for a female one.


If we look at Labour’s odds over the past few months, we can see there is very little change, with them sitting in a band between 1.6 and 1.8. As this is the early stages of the campaign, it is likely that there will be few movements around the odds, as there are few disruptions to influence them. While the Labour and Conservative odds have remained fairly static, and within certain bands (Labour: 1.6 to 1.85), UKIP shows the most disruptive range of odds (Figure 3). The strangest odds are by Boylesport on 23 August 2014 who offered 19 for UKIP to win. Overall it can be seen that there is no real consensus currently for the UKIP vote with a range between 26 (888.com) to 67 (Betway). For the ranges from August to 19 October 2014:

  • Labour range: 1.56 (BETFRED, 19 Aug) to 1.83 (Paddypower, 7 Oct).
  • UKIP range: 19 (Boylesport, 23 Aug) to 151 (Sporting Bet, 19 Oct).
  • Conservative range: 1.83 (Paddypower, 7 Aug) to 2.38 (Sportingbet, 1 Oct).

odds02Figure 2: Analysis of the Labour’s odds for winning most seats (6 Aug to 27 Oct 2015)

odds3Figure 3: Analysis of the UKIP’s odds for winning most seats (9 Aug to 27 Oct 2015)

odds4Figure 4: Analysis of the Conservative’s odds for winning most seats (9 Aug to 27 Oct 2015)

Scottish Analysis

In Scotland, the bookies are currently pitching +12.5 seats as a key breakpoint for SNP seats, with similar odds for over and under, at 1.83 [5/6] (12 and under) and 1.83 [5/6] (13 and over). So the bookies are predicting between 13 and 14 seats for SNP, and which would be well up on their six seats.

If we look at the trend, the bookies have been moving up the breakpoint bet for the number of seats they will gain from +6.5 in April 2014 to the current value of +12.5, and even an increase of 5 seats since the referendum vote:

30 Apr 2014: +6.5
26 Aug 2014: +7.5
18 Sept 2014: Referendum vote
22 Sept 2014: +8.5
10 Oct 2014: +10.5
19 Oct: +11.5
27 Oct: +12.5

UKIP and Liberal Democrat Analysis

For UKIP, the bookies have the breakpoint at +5.5, with six or more seats at 1.75 [3/4] and for five and under at 1.95 [approx Evens]. The analysis of the trend over the past few months has not seen UKIP advance much on +5.5, with an increase from +3.5  With the Liberal Democrats, the bookies are pitching their vote around the +31.5 mark, with odds of 1.83 [5/6] for 31 and under, and 2 [Evens] for 32 and over. As with UKIP, there has not been much variation around this mark, but they have generally slipped from +33.5 to +31.5.

So overall some of the key changes have been:

Change (UKIP): Aug +2.5 … 27 Oct: +5.5. Gain: +3
Change (LD): 12 July + 34.5 27 Oct: +31.5. Gain: -3
Change (SNP): 30 Apr: +6.5 … 19 Oct: +13.5 Gain: +7

Number of seats

For the bookies, the sweet spot for Labour and Conservatives are:

Converatives 276.5 [1.83 for both under and over]
Labour 306.5 [1.83 for both under and over]

So, going on the conservative side of the estimate, here’s is what the bookies are predicting:

Labour 306
Conservatives 276
Liberal Democrat 31
SNP 13

Note that the Greens are an Even bet to win a seat.

The Next Prime Minister

In terms of the next prime minister, it seems like a two horse race, with Ed Miliband (at 4/5) and David Cameron (at Evens) nearly neck-and-neck. Boris Johnson comes in ahead of the rest of the pack at 23/3, and some way behind him are Theresa May and Yvette Cooper. The following outline the average current bets for the next Prime Minister:

1. Ed Miliband         1.8 (4/5]
2. David Cameron    2 [Evens]

3. Boris Johnson    8.7 [23/3]

4. Theresa May    15 [14/1]
5. Yvette Cooper    16.3 [46/3]

Also rans:
6. George Osborne    28.7
7. Phil Hammond    31
8. William Hague    31
9. Ed Balls    31.3
10= Andy Burnham    34
10= Michael Gove    34
12. Chuka Umunna    36.3
13. Nigel Farage    39.7
14. Caroline Spelman    41
15. Jim Murphy    47.7

EU – in or out?

The bookies seem to be predicting that the move towards UKIP and pulling out of the EU is a short-term blip, with an average of 4 (3/1) on the UK leaving the EU by 2020, but these odds have generally splipped in from 9 (8/1) in May 2014, and that the projected seats are between 2 and 3.


Both Labour and Conservative are fairly consistent in odds at the present, although there are been a small drift up for the Conservatives. UKIP’s odds have not really settled down, and show a fairly wide range of odds at the current time. I will update this on a regular basis, especially around key breakpoints in trends. For the majority of the seats, No Majority is well out in front with 10/11, followed by Labour at 15/8, and Conservatives at 16/5. For Prime Minister it is a clear race between Ed Miliband   and David Cameron, with Boris Johnson chasing them, but quite a way back.

In terms of a majority, the bookies are currently predicting an overall majority for either Labour (3/1) or Conservatives (10/3), with either a Labour/Liberal Democrat coalition or a Conservative/Liberal Democrat Coalition at 21/5. A minority government or any coalition involving UKIP sitting at 7/1.

In Scotland, it looks like the bookies see the key breakpoint at 13.5 seats for the SNP. This would mean a fairly large increase on the existing six seats. For UKIP the prediction is around 5.5 seats, and for the Liberal Democrats it is 31.5 seats. For the UK to leave the EU by 2020, the odds have moved from 8/1 in May 2014 to 3/1 on 27 October 2015, but the odds are still very much with the UK staying-in.

Lollipops and Apples – Entering The Crypto Age!


Large safe, openGoogle’s Lollipop will be released next week, and security will be at the core of its changes. An important element of this is in encryption-by-default, where users will have to opt-out of encryption of their files. Apple, too, with iOS 8 have taken the same route, and users must ask: “Why didn’t it happen before this?”

Our file attributes and content types have developed with little thought on keeping things truly private, and where systems are often still viewed as stand-alone machines. We also created an Internet which is full of the same protocols that we used in the days of text terminals and mainframe computers, where users typed in commands to access data, and where there was little thought about protecting the data as it is stored, analysed and transmitted. As we are increasingly move mobile, we are now carrying around our sensitive data, that at one time was protected behind physical firewalls, and the risks to our data increases by the day.

The major tension, though, is between law enforcement and the right to privacy. The FBI currently see the status quo as a way of investigating criminals and terrorists, but can see this opportunity reducing with encryption-by-default, such as with the file encryption system used in Apple’s iOS 8. With iOS 8 and Google Lollipop there will be no electronic methods to access encryption keys from existing digital forensics toolkits, and thus the encryption method breaches current laws, which force users to reveal their encryption keys when requested by law enforcement investigators. This would mean that users may be breaching current laws in both the US and the UK. The same battle too exists with Tor, where law enforcement are scared that crime can go un-noticed, whereas privacy advocates promote the rights of privacy of using Tor.

No right to remain silent with Cryptography

In the UK, citizens have the right to silence (a Fifth Amendment Right in the US – related to the right against self-incrimination) but there is an exception to this related to encryption keys, and the failure to reveal encryption keys can often be seen as a sign that someone has something to hide, and is covered by Section 49 of RIPA. The move by Apple and Google may thus breach law as they must be able to hand-over their encryption key when required. This was highlighted in 2014 when Christopher Wilson, from Tyne and Wear was jailed when he refused to hand encrypted passwords related to investigations related to an attack on the Northumbria Police and the Serious Organised Crime Agency’s websites. He handed over 50 encrypted passwords, but none of these worked, so a judge ordered him to provide the correct one, but after failing to do this, he received a jail sentence of six months.

In 2012, Syed Hussain and three other men, were jailed for discussing an attack on a TA headquarters using a home-made bomb mounted on a remotely controlled toy car. Syed, who admitted have terrorist sympathises, was jailed for an additional four months for failing to hand-over a password for a USB stick.

The following outlines some key features in disk encryption:

The Perfect Storm

The main problem that we have with computer system security is that as computer systems have evolved we created file systems which only protect using file attributes. This works well from a corporate point of view, where we can keep compatability with previous systems, and also allow system administrators to keep full control of them. The mobile device operating system creators (mainly Google and Apple), though, have different issues to the traditional desktop operating system creators, as their devices are on-the-move, and often stolen or left behind.

As we increasingly integrate the mobile phone with our lives, especially in creating a digital shadow on the Cloud, the devices need to be more protected that our traditional desktops. Along with this, Apple and Google have complete control over their operating systems, and can implement radical changes in a way that Microsoft would have struggled with (and still keeping compatibility with an operating system released over a decade ago: Windows XP). So Apple and Google are not constrained by the past, and find their hardware platforms are whizzing along with increased processing speeds and memory capacities, in a way, again, that Microsoft would struggle with, as they have so much legacy hardware that would struggle with modern cryptography.

So Apple and Google now find themselves with a market that will quick change their mobile devices and keep up-to-date, and this do not have the long tail of devices to support. If a user wants to stick with a certain operating system, they can, but there’s a good chance that their applications won’t work. With phone manufacturers pushing new phones all the time, both Apple and Google are keen too to plug the gaps in traditional operating systems, especially related to security, and they have the perfect storm with SSD (rather than the horribly slow HDDs), and fast multi-core processors, each which now make encryption possible on a device that fits in your hand. Gone are the days when you needed a special maths chip to do complex cryptography.

Some basics

It is important to understand how disk encryption typically works, as weaknesses can be identified. Overall there is no way method that is the best for securing a system, and it basically comes down to the risk level on the data contained on it. As Figure 1 illustrates, the four main methods are: to have a passphase; store key(s) on usb drive; generate access code from a OTP (One-Time Password); or use a biometric device. These methods typically allow access to the encryption keys which are used to secure the encrypted files. On many systems the encryption keys are held on a digital certificate on the host (or on the domain controller), but these can often be opened using password cracking on the certificate. Along with this, if we encrypt the whole disk, it will be difficult to get access to the digital certificate on the host, as it is part of the encrypted system. Microsoft Bitlocker gets round this problem by having two disk partition, and where one can hold the protected encryption keys.

Slide4Figure 1: Disk encryption access methods

Increasing, though, the method of using a digital certificate is difficult to sustain, and thus the move is towards a TPM (Trusted Platform Module) which embeds the encryption keys into a chip on the device. The operating system boot process then is able to access the encryption keys, and where they are protected by one of the methods defined in Figure 1. For both Apple and Google, TPM is at the core of their approach for encryption-by-default, and where the user has control over the release and methods of security around the encryption keys. If they use a PIN number, their keys are easily found, but pass phrases make it much more difficult.

Slide7Figure 2: TPM

Public and Private Keys working in harmony

Many users, even computer science graduates, thing that we either have public or private key for our secure systems, but often the two work in harmony, and focus on what they are good at. With private key, such as AES, we have a high optimized encryption method, which is fast, especially if we have the right key. Thus most encryption that happens on the disk is private key (typically 256-bit or 128-bit AES). The protection of the key then is done by public key, and where a public key encrypts the File Encryption Key (FEK), and where it can only be decrypted by the private key (Figure 3). In this way, public key does the protection of the key, and private key is the workhorse of the reading and writing of the data. The other method that is used is to generate a key based on a passphrase, and where we add some salt to it, to make sure it is an ever changing key. Overall, though, public key encryption, such as RSA, is hardly ever used in disk encryption, as it is such as slow method. As RSA keys move toward 4,096 bits, it is become increasingly difficult to process large amount of data, in real time.

Slide8Figure 3: Protecting the FEK (File Encryption Key) with public key

From File Attributes to File Encryption

At present files are typically secured by file attributes, which are acceptable on desktop systems, especially especially ones which connect to domains, but on mobile devices it is extremely difficult to define protection levels. For Unix-type systems we have simple attributes of:

drwxr-xr-x   16 billbuchanan  staff   544B 28 Sep 19:27 mydir
-rw-r--r--     1 billbuchanan  staff   201B 16 Apr  2014 results.txt
-rw-------     1 billbuchanan  staff   210B 16 Apr  2014 run.save
-rw-r--r--     1 billbuchanan  staff   194K 11 Jul 19:04 salt.svg

where were we have r(ead), w(rite) and e(x)ecute for the owner, their group and the rest of the World. In terms of keeping things simple, this is about as good as it gets, but it is often difficult to define other rights, such as for deleting and creating a file. So NTFS defines other attributes of F (Full Access), M (Modify Access), D (Delete Access):

 perm is a permission mask and can be specified in one of two forms:
     a sequence of simple rights:
             N - no access
             F - full access
             M - modify access
             RX - read and execute access
             R - read-only access
             W - write-only access
             D - delete access  

C:\dropbox>icacls *.zip
networksims_accounts.zip NT AUTHORITY\Authenticated Users:(I)(F)
                         NT AUTHORITY\SYSTEM:(I)(F)

tables_xp_free_fast.zip NT AUTHORITY\Authenticated Users:(I)(F)
                        NT AUTHORITY\SYSTEM:(I)(F)

Successfully processed 2 files; Failed processing 0 files

And then lots of extensions on the inherited rights:

 (OI) - object inherit
 (CI) - container inherit
 (IO) - inherit only
 (NP) - don't propagate inherit
 (I) - permission inherited from parent container

So NTFS works extremely well in managing the access and rights to files on a domain, and where a domain controller defines the rights for the files at a central point. It only defines the overall “owner” as the system administrator for the complete domain, so as long as it connects to the domain, the administrator has complete rights to files. This type of approach can thus be used in any investigation, where the rights on the files can be changed to suit the investigation. On a mobile device, it would be difficult to implement such complex rights, especially as many of the systems are Linux-based, so encryption is the natural way to protect files, and where the user themselves have control over their access.


With data breaches rising by the day, such as with 150 million passwords cracked with the Adobe infrastructure and over 120 million credit card details skimmed for Home Depot and Target, Apple and Google feel they have to build up trust with their users in their operating system. For this they are looking at encryption-by-default, where they encrypt file data (which is now stored on flash memory), and which now may breach the laws around reveal encryption keys. At one time, investigators could extract the memory from the device, and decode its contents, but without encryption keys this will be difficult. While Google and Apple have not responded to the dilemma, there could be the opportunities for them to work with the companies to overcome of the issues, which might reduce privacy settings on their data. Unfortunately if they do reduce the security on the encrypted data, they may leave open opportunities for others to learn the methods, and compromise the whole system. In a corporate market, Microsoft BitLocker is one of the most popular methods used for complete disk encryption. With this, there is always the back-door input into the encrypted data, by storing the encryption keys within the domain controller for the company.

For our rights systems, we are moving away from complex file attributes to protect files, toward simpler methods which define that we encrypt all content by default. Our old desktops have held the industry back for so long – with their lumbering magnetic hard disks and their separation of disk storage and memory storage. For mobile devices they have electronic memory for both running programs and storage, and will typically run 100s of times faster than their mechanical and magnetic brother. So for them, encryption by default is a natural extension, and with modern crypto methods such as AES, we have finally entered a new era of computing – The Crypto Age!

We have a long tail left of legacy with computer systems, typically through slow disk systems, limited processors, and a lack of memory. This shackles are now off for mobile devices, and they are free to push forward and properly integrate security, which must be build on a core of cryptography.

For the rights system on a mobile device we might have “It’s mine!”, and that’s it. From a corporate point-of-view, this will not be acceptable, so many system developers are working on properly integrating devices into the core of the infrastructure, and encryption by-default should aid this process, and not hinder it.

From a Murmor to a POODLE


Few things can be kept secret within computer security, and it has been the case with a flaw in SSLv3, where there were rumours of a forthcoming announcement. So it happened on Tuesday 14 October 2014 that Bodo Möller (along with Thai Duong and Krzysztof Kotowicz) from Google announced a vulnerability in SSLv3, and where the plaintext of the encrypted content could be revealed by an intruder. The flaw itself has been speculated on for a while, and this latest announcement shows that it can actually be used to compromise secure communications.

The vulnerability was discovered last month, and named POODLE (Padding Oracle On Downgraded Legacy Encryption) attack, and it relates to the method that Web servers deal with older versions of the SSL (Secure Socket Layer) protocol.

Secure Sockets and Tunnelling

Figure 1 outlines how network protocols fit together, where we use insecure protocols such as HTTP, TCP and IP to communicate with a Web site. Each of these protocols were designed at a time when security was not an issue on systems. The fix to improve security was to insert a layer between the network layer (IP) and the transport layer (TCP), and is named SSL. This later secures the upper level protocol, and creates a secure and encrypted tunnel between the client and the Web server, so that no-one can crack the communications for the connection.
123Figure 1: Networking stack with SSL integration

There are several different versions of SSL, from 1.0 to 3.0 , and with 3.1 it changed its named to TLS (Transport Layer Socket), so that SSL 3.1 is also known at TLS 1.0. Most systems now use TLS 1.1 or 1.2, and which are free of flaws which compromised previous versions.

SSL (as illustrated in Figure 2) works by the client telling the server which type of encryption it would like to use (such as RC4) and the other cipher parameters it can support. The server replies back with its preferred cipher scheme, along with its digital certificate. This digital certificate contains its public key, and the proof of its identity. The client then creates a new session key for the encrypted tunnel, and then encrypts this with the public key provided by the server. It then sends this to the server, where the server decrypts it, and thus has the same encryption key as the client. After this, the client and server can communicate with the session key (and the chosen encryption method) – thus creating a tunnel between themselves. This tunnel should be almost impossible to crack, as it uses a session key, which would take a long time to crack through brute force.lll3Figure 2: Outline of SSL tunnelling

SSL flaw

Within SSL, most servers will cope with previous versions of the protocol, and will downgrade from TLS 1.0 to SSLv3 if the handshake between the client and the server fails. The intruder will thus refuse a TLS 1.0 version, and go for an SSLv3 method, where they will be able to decipher the communciations. In the following example, we force the connection to the Google Web site to use an SSLv3 connection (with the -ssl3 option):

billbuchanan@Bills-MacBook-Pro:~$ openssl s_client -connect www.google.com:443 -ssl3
 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
 verify error:num=20:unable to get local issuer certificate
 verify return:0
 Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
 i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
 Server certificate
 --- missed out content
 subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
 issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
 No client certificate CA names sent
 SSL handshake has read 3578 bytes and written 299 bytes
 New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
 Server public key is 2048 bit
 Secure Renegotiation IS supported
 Compression: NONE
 Expansion: NONE
 Protocol  : SSLv3
 Cipher    : ECDHE-RSA-RC4-SHA
 Session-ID: F220B72DE15D22EB0AE909DBF25C1731FEE98B4D77E5AB123A6648425DADA398
 Master-Key: B3CB1EA901EEFCA6A2017E3C3E7DDBB5037FA171D20886A6C25C481D008F23535D2345E7E274704C1398ED138D05C6BD
 Key-Arg   : None
 PSK identity: None
 PSK identity hint: None
 SRP username: None
 Start Time: 1413353089
 Timeout   : 7200 (sec)
 Verify return code: 20 (unable to get local issuer certificate)

The problem around SSLv3 has been around for a while, and many in the industry professionals have been recommending that administrators do not allow its usage.


The flaw is not a Heartbleed-type issue, which caused major compromises across the Internet. Overall it is basically highlighting a previously defined flaw. A more pressing issue with SSL/TLS is Man-in-the-Middle attacks, and where an intruder can get in-between the client and the server (using a proxy connection). The fix for POODLE is simply for administrators to disable SSLv3 on their Web sites, in order to avoid the downgrade of the secure connection. Even still, it’s not a major problem, as the intruder is just reading their own data.

A video lecture on SSL/TLS will appear here later today.

Dropbox Accounts Exposed? Multi-factor Authentication and Encryption By Default


The latest comprise of Dropbox accounts has nothing to do with a security breach at Dropbox, and relates to the hacks of other systems, but where users use the same email address and passwords across a range of systems. This type of hack is a particular problems in computer security, as users often have just a few passwords, and often use the same password for all of their logins. The originators of the hack claim that they have seven million compromised passwords, and where asking for Bitcoin donations for the release of the information, but, as of yesterday, had only managed to raise 4 cents worth of funding. It is reckoned that out of the 220 million users of Dropbox, that only around 3% of these accounts (6,937,081) could be at risk from the latest release of passwords.

A similar thing happened to Dropbox in 2012, where usernames and passwords were stolen from other sites and compromised a number of Dropbox accounts. For this, users found a folder such as:

16-Feb-12  03:15 PM    <DIR>          Your DropBox has been Hacked

which identified that a hacker had gained access to their Dropbox account. In 2011, too, Dropbox inadvertently published code on its own website allowing anyone to sign into anyone’s Dropbox account without any login credentials.  These issues have caused many to move towards multi-factor authentication for Dropbox storage.

Multi-factor authentication

For most, there is only one way to use Dropbox, and that is to use multi-factor authentication. In this way, just gaining access to someone’s email address and password will not allow access to their Dropbox account. In any multi-factor authentication, users are challenged with two or more of: “Something they know” [such as a username/password], “Something they have” [such as a smart card], “Something they are” [such as a fingerprint] and “Somewhere you are” [such as your location]. Increasingly systems are being designed to integrate these challenges, as usernames and passwords are becoming difficult for users to remember, and even when used correctly, often it is password for hackers to reverse the stored hashed version of the password (as have been seen with the Adobe hack, which involved the compromise of over 150 million usernames and passwords). Often we use out-of-band methods to allow the user to identify themselves, such as sending an SMS message through a mobile phone, which is then entered into a Web page for access. This is often more secure, as it is difficult for an intruder to gain access to both username/password and mobile phone device.

mfFigure 1: Multi-factor authentication

Encrypting into the Cloud

Increasing users are using Cloud-based systems, such as with Dropbox and SkyDrive, in order to share files with other users. With potential drive sizes which are greater than the disk space that corporations can offer, it is now an excellent method to store and share files. One of the best solutions is TrueCrypt, which is free and allows users to store files to an encrypted file contains. For more information on disk encryption:

HBGary Federal

The HBGary Federal example is the best one in terms of how organisations need to understand their threat landscape, and where a single password was used for a range of accounts. It started when Aaron Barr, the CEO of HBGary, announced he would unmask some of the key people involved in Anonymous, and contacted a host of agencies, including the NSA and Interpol. Anonymous bounced a message back saying that they shouldn’t do this, as they would go after them. As HBGary were a leading security organisation, they thought they could cope with this and went ahead with their threat.

Anonymous then searched around on the HBGary CMS system, and found that a simple PHP request of:


gave them access to the complete database of usernames and hashed passwords for their site. As the passwords were not salted, it was an easy task to reverse engineer the hashes back to the original password. Their target, though, was Aaron Barr and Ted Vera (COO), each of which used weak passwords of six characters and two numbers, which are easily broken.

Now they had their login details, Anonymous moved onto other targets. Surely they wouldn’t have used the same password for their other accounts? But when they tried, the can get access to a while range of their accounts using the same password (including Twitter and Gmail). This allowed Anonymous access to GBs of R&D information. Then the noticed that the System Administrator for their Gmail Email account as Aaron, and managed to gain access to their complete email system, and which included the email system for the Dutch Police.

Slide9Figure 2: Access to email and a whole lot more.

Finally they went after their top security expert: Greg Hoglund, who owned HBGary. For this they send him an email, from within the Gmail account, from a system administrator, and asking for confirmation on a key system password, of which Greg replied back with it. Anonymous then went onto compromise his accounts, and which is a lesson for many organisations. While HBGary Federal has since been closed down, due to the adverse publicity around the hack, the partner company (HBGary) has went from strength-to-strength, with Greg making visionary presentations on computer security around the World.Slide10Figure 3: Greg’s compromise


For many who have seen the problems around public cloud-based storage, the only solution is multi-factor authentication, and the mobile phone is typically the device of choice in properly identifying the individual (especially through out-of-band authentication). Along with this users need to also look towards encrypting their data into the Cloud, as no remote storage can be completely free from malicious accesses. TrueCrypt, for example, allows users to encrypt data into the Cloud, so even if someone gets access to the cloud data, they will not be able to read it (as it requires a secure password). So, for companies, the only way forward in using public cloud storage, is to both implement multi-factor authentication, and, if possible, to encrypt into the public cloud.

Users are being advised to move toward multi-factor authentication, but that is only the first step in moving towards encryption-by-default.

What? Our ATMs are still running Microsoft Windows?


Cartoon hacker with laptopOver the past decade we have seen some major viruses and worms infect systems running Microsoft Windows, where computers were often infected by a Trojan which then installed a malicious program, which then sustains itself by updating the registry file for the auto-startup on the system. In this way the malicious program would stay resident on the computer, and would often change its name to defeat defence systems. The malware would often only start resident for a short time on the host, and even try to disable the security controls to avoid being detected. On a more secure and locked-down system, it was more difficult for the malware to be downloaded or installed on the system, so the way round this was to force the Windows host to boot from a bootable CD, which give administrator access to the machine, and then could be used to install malicious software, with the normal controls that the operating system would place on the system. This is basically what has happened with the recent ATM back, where operators booted the ATM system from CD, in order to install the malware, which was then access at set times of the week, and with a randomly generated six-digital code. It seems amazing in these days or more secure systems, that a simple boot from CD on an ATM can result in money being withdraw at will. Figure 1 provides an overview for the hack.

atmFigure 1: ATM hack

Malware on Cash Machines

There are two key principles in computer security:

  • The overall security of the system is only as strong as the weakest link.
  • Systems need to be designed to reduce the surface area for an attack.

Unfortunately, as the back-end systems become more secure, intruders are focusing on the development of malware at the front-end device, and where the surface area for attacks is at its greatest. Recently Home Depot , in the US, discovered that at least 56 million credit and debit card details have been compromised from all of it 2,200 stores in the United States, using a malware agent running on the PoS (Point of Sale) devices, and which has been running from April 2014 to the beginning of September 2014 before it was detected. This came after a similar hack at Target hack which exposed an estimated 40 million cards, and where a large number of credit and debit cards have appeared on the credit card clearing house site: rescator.cc .

Skimming devices are well known within ATMs, where an integrated camera and a card skimmer are used to read the details of the pin number and the card details when the user tries to withdraw cash. A while back the manufactures selected their operating system of choice, and in many cases it was initially OS/2 (which was developed jointly by IBM and Microsoft), but it is increasingly a standard build of Microsoft Windows. As Windows is often open to a range of vulnerabilities, it is now the case for ATM machines.

With the use of standard operating systems, such as Microsoft Windows, it has not taken long before intruders could probe the operation the card processing system in the ATM. Early this year Bruce Schneier outlined a new method of encoding malware onto the bank card and drops a file onto the ATM (isadmin.exe file). The isadmin.exe file was then used to replace lsass.exe (which has previously been compromised by the Sasser Worm) with a malicious version, and which then collected credit card details and PIN numbers. These details are then harvested when the hacker inserts a special control card into the ATM to gather user details, and, possibly, ejecting the cash storage unit.

The latest malware is Backdoor.MSIL.Tyupkin, and which is continually running on the system, but will only accept input commands on a Sunday and Monday night, uses a six digital key sequence that can only be generated by the gang leader. When entered correctly, the ATM displays the amount of money in the cassettes, and allows up to 40 notes to be extracted from the ATM.The malware differs from the one outlined by Bruce Schneier as it requires physical access to the ATM to install the malware, where the operator inserts a bootable CD into the ATM controller and which installs the malware. The money gatherer then gains access the ATM with a special six digit code, which is only told to them when they are ready to withdraw the money, as the malware gang do not want anyone going it alone. At present the malware has been active on at least 50 ATMs in Eastern Europe, but could also be infecting units in the USA and India.

Technical details

The installed malware basically copies the malware file of ulssm.exe into the c:\windows\system32 folder and which is sustained on the system by modifying the [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] registry key (Figure 2). This registry key is used to run programs automatically on startup, and thus the malware will stay on the ATM, when it is rebooted.  Once infected it then interacts with ATM through MSXFS.dll (Extension for Financial Services – XFS), and to avoid detection it will only allow access controller commands on Sunday and Monday evenings.

Screen Shot 2014-10-10 at 07.12.50Figure 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run registry key example

The following shows an example of malware installing itself onto a system, and then hiding, and updating the Windows registry to run itself when started (go to 25 mins 20 seconds for the examination on the registry for the Run registry key):


The current threat of CD booting and malware installation on ATMs, with sustained access through a start-up registry key, has been on standard desktops for the last decade, and few lessons have been learnt in terms of the security for physical access to the devices, and also in the rights that malware software can gain on the system. While many companies will focus on the interface with the user, it is often the debugging and diagnostic side which can provide ways into a system.

Most embedded control systems now too are locked-down so that no additional system can be installed, but the choice of standard builds of Microsoft Windows seems to provide easy mechanisms for malicious updates. Microsoft Windows, too, as the core operating systems for ATMs seems to be putting ATMs at great risk, especially it is allows hackers the opportunity to simulate and craft their malware on well-known versions of the operating system.

At the core of this attack is the physical access to the device, and thus access needs to be carefully monitored, but the key lesson, is that the operating system needs to be completely locked-down, and which provides only the software components required to accept user input and dispense of the cash in a reliable way. To still rely on Windows Registry keys, and for them to be updated by the booting of a CD, and to allow malicous programs, seems archaic and where we were over a decade ago with our desktops.

Goodbye Windows security problems – Hello to Mac vulnerabilities


Cartoon hacker with laptopAfter years of Microsoft Windows operating system vulnerabilities, we find that the new place which has moved to discovering sloppy programming in Java, Abode Flash, and Adobe Reader, and now Linux – with a common denominator typically focused around the C++ programming language. The issues around the Linux environment, causes Apple users problems, as Mac OS X has built its environment based on an underlying Linux environment.

In the days when Apple struggled to compete against Microsoft and Intel, and where the company nearly crashed, they made two major choices which completely changed their fortunes:

  • Move their architecture from Motorola/IBM (which was build on 68xxx processors) to the x86 architecture used by Intel. This was a smart move as it allowed them to keep up-to-date on hardware against the other PC manufacturers. From a software point-of-view, their programs changed from running Motorola codes to Intel ones, and they changed radically from “Big Endian” programs (where data is stored with the most significant byte first in memory location), to “Little Endian”, where the least significant byte is stored first.
  • Move their operating system to Linux. This allow them to reduce their development of their core operating system and focus on the user experience, but still use the reliability of the Linux operating system.

Thus the “special one” is basically just a customized Linux workstation (/server) using standard PC hardware, with a nice user interface on top.  Unfortunately the move to Linux might be coming back with anger on Apple, as serious flaws are now being found in the core infrastructure. Many bugs, which have gone unnoticed for many users, are being found, and these are often due to a lack of code review and testing. With OpenSSL, for example, and which caused Heartbleed, we still see C++ code developed Eric Young (“eay” lib) in 1998.

The other major rise at the current time is in pirated apps for the Mac, such as for Microsoft Office and Adobe Photoshop. When installed these apps provide admin access to the system, and can thus add a whole load of extra things and even reconfigure the computer to be part of a botnet.


Last week, Dr. Web (a Russian security company) outlined a new worm for OS X: “Mac.BackDoor.iWorm“, and which allows hackers to take control of the computer, and using it as part of a Botnet, such as for sending spam emails or performing Denial of Service attacks against web sites. Apple, on detecting over 17,000 users with the worm then was quick to respond, and added the signature of iWorm to its malware detector (Xprotect – and which is installed on every Mac computer). A key factor for users is that there Mac needs to be up-to-date with system updates, otherwise they can be open to the spread of the worm. The Xprotect signature defined is:

This worm has been used to search Reddit for a fake discussion forum related to Minecraft and also integrated links to hacker controlled command servers. Reddit then closed the hacker accounts that were used in order to share links to the commands servers, and banned the fake Minecraft subreddit – which stopped the worm from receiving orders from the hackers.

Pirate Apps + Admin Privilege = Problems

It is though that the worm itself was spread though pirated software, such as for Microsoft Office, Adobe Photoshop and Parallels (the virtualisation package used to run other operating systems on the Mac) and downloaded from The Pirate Bay. The problem with installing pirated apps on the Mac, is that they run with Admin privilege, which, just like using an administrator account on a Linux system, they can install a range of other software packages, and also have rights to modify the configuation of the system. It is thus not too difficult from the pirated software to setup backdoors on the machine, just by enabling a network port to be open for connection.

While it is named “iWorm” it is technically a trojan, as it infects the system by users being tricked into downloading malicious software from software which looks valid. To find out if you are protected, on your Mac, open up a command line console, and navigate to:


and there is a file there named XProtect.plist. Use ls -l to look at the date. The update is likely to have a timestamp of 5 October 2014 and the contents should show the signatures, such as:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">

Shell Shock

With Shell Shock the target was again Linux servers using Bash (GNU Bourne Again Shell), which is the command line interpreter used in many Linux based systems, including Apple OS X. Bash interprets the commands that users enter or are run from scripts, and then makes calls to the operating system, such as for running programs, listing the contents of a directory, or in deleting files. The discovered flaw allows intruders to remotely run arbitrary code on systems such as Linux servers including for web servers, routers, and many embedded systems. It was discovered by Stephane Chazelas of Akamai, who found that code at the end of a function of an exported variable is run whenever an environment variable is used within the Bash environment. Many Linux programs use environmental variables to pass parameters between programs, and the flaw thus allows for code to be inserted into a program whenever these environmental variables are called.

Shellshock focuses on CGI scripts, which are old-fashioned scripts that allow commands to be processed using a scripted language. While popular in the past, it has been largely replaced by PHP and other high-level scripting programs. In most cases CGI scripts reside in the /cgi-bin folder. For GNU Bash through 4.3, trailing strings after a function are processed in the definitions of environment variables. This allows intruders to execute arbitrary cod. For example, we have a function named mybugtest:

billbuchanan@Bills-MacBook-Pro:/tmp$ export mybugtest='() { :;}; echo I AM BUGGY'
billbuchanan@Bills-MacBook-Pro:/tmp$ bash -c "echo Hello"

Shell Shock can comprise a system by injecting a payload of code into the environment variables of a running process. When the process is started, the code is injected into the running program, in the same way as a user typing in some user input.

The code which can appear at the end of the Bash function can be fairly complex, and allow an intruder to inject code into the shell (and thus into running programs). In this example we copy some text into a text file (named newfile) and then copy the file to a new file (newfile2):

$ export mybugtest='() { :;}; echo "This is my new file..." > newfile; cp newfile newfile2'
$ bash -c ""
Segmentation fault: 11
$ ls myf*
myfile   myfile2
$ cat myfile2
This is a test

In this case we could move files around, but we couldn’t move a file to a privileged folder, as that would need administrator rights. In a well secured environment, the damage that Shellshock can cause should be minimal, as most of the important operations require a higher-level privilege. It is this attribute of Shellshock that highlights that this is not another Heartbleed, as Heartbleed allowed anyone to access the privilege area of memory on the server, without any restrictions. While Web servers may be safe, with a limited usage of cgi-bin scripts (which allow privileged access to the system), there may be risks with poorly secured embedded systems, which can often use scripts to setup their services.

Buffer overflows and underruns

The flaw within Bash, shows how sloppy software developers have been in the past, and it is a flaw which has existed for over 25 years without being discovered. Many of the problems being under covered have been caused by poor software coding in the C++ programming language, which often allows programs to act incorrectly when the input data is not formatted as expected. Once common method of exploiting a C++ program is a buffer overflow, where a certain amount of memory is allocated to variables, and where the user enters data which is more than the allocated memory, and which causes other parts of the memory to be overwritten, and cause the program to act incorrectly.

In the case of Heartbleed it was a buffer underrun which caused the problem, where an area of memory was read and which did not actually contain the required amount of data to fill it. If you are interested in Heartbleed, and its cause (OpenSSL):


So after years of Microsoft Windows being the target, hackers are turning the skills onto the Linux operating system, and Mac OS is a target of choice for the end user. The flaws found in iWorm and Shell Shock show that Linux is perhaps not as rock-solid from a security point of view as many thought. With its C++ code infastructure, and lots of code which are now over a decade old, we are likely to see increasing threats on Linux, and thus to Apple devices.

To their credit, Apple have been fast to detect, and patch, but there is a danger in users not paching their systems on a regular basis. This often happened on Microsoft Windows, were users often disabled the auto-updates, typically when it caused problems on their computer. So, Apple must make sure that their users keep their systems up-to-date, otherwise Apple users may be more of a risk than Windows ones.

Apple have been stung a little with the recent security threats, but have come out fighting, and show some guts to take security seriously. One key area will be for them to find their own vulnerabilities, and not leave it solely to the community, and where there is a race to between then exploiters and the patchers. The lack of a lock-out on the “Find My iPhone” service shows that they need to take penetration testing seriously for all the products.

Apple has also been fairly immune from pirated apps, but these will increasingly become a target, as they can used as a trojan to download a whole lot of threats to the computer, including reconfiguring the system to pose threats to users. It must be remembered that much of the core of a Mac is a powerful Linux server that can be configured in the same way as any other server.