by O’Reilly and others

Ever want unlimited access to books at the click of a mouse? Yes there is Google’s effort to catalogue everything (Google Books [1]) but it has been met with much resistance. On the other hand the team at [2] has done a better job in the computing and business area. I wont go through all the details of what is offered as their website does a better job.

As for pricing it is not free. The subscription (as of 31 Aug 2009) is USD $22.99 per month or USD $252.99 per year for the 10-slot Safari Bookshelf version. This means every month you can fill your 10-slots with any book and browse it freely, some books take more than one slot.

If you like something more complete then look at the Safari Library version that costs USD $42.99 Per Month or USD $472.89 Per Year and you have unlimited access to any book you wish and sneak peaks and commenting abilities of books still in production (rough cuts). You also get 5 complimentary tokens per month which you can use to download chapters or whole books on offer.

Recently the IEEE Computer Society has introduced the 10-slot Safari Bookshelf version with their membership, besides the other great benefits of being a IEEE member. I think this really adds value to the IEEE Computer Society and is a great idea. As for the price see the dues for IEEE membership and IEEE Computer Society on the IEEE site [3].

As an example a student for a full year (as of 31 Aug. 2009) you will pay $27.00 per year for IEEE memebrship and USD $25.00 per year for IEEE Computer Society with access to

Did I mention the free search facility?

I would like to make it clear that I have not been sponsored by in anyway. It is just such a good resource to use in research, literature reviews and everyday computing. I hope it doesn’t make libraries obsolete!

Links Used:

[1] Google Books –
[2] Safari Books Online –
[3] IEEE Dues –


Book Review: Grey Hat Python

This is my first “short” book review, but it is more of a book recommendation really. I am a member of the site that provides the ‘Safari Library’ subscriber full access to all their books. It is a researcher’s paradise. All these books freely available to scroll through and legally.

As I was sifting through some books I came across ‘Grey Hat Python’ (details bellow). I am a fan of the Python Programming/ Scripting Language. It is so powerful and easy the majority of Bachelor and Master students can pickup and develop prototypes and proof of concepts with. The hacking community has also picked up on the fact (yes, Google Code and many others out there) and many projects/add-on modules have been developed in order to expand Python’s capabilities.

From skimming through this book I see that it has some really nice examples of doing: debugging, hooking, dll and code injection, fuzzying (software testing) and fuzzying techniques and demonstrates how to work IDAPython and PyEmu.

Overall a good hands-on book and we await for more like it to cover more topics, as the book has only scrapped the surface.

Book Details:
Grey Hat Python
Publisher: No Starch Press
Pub Date: April 20, 2009
Print ISBN-13: 978-1-593-27192-3
Pages: 216


MD5 hashing algorithm is dead, get over it!

I had a funny argument with a friend the other day about the MD5 hashing algorithm. The argument was that it had been heard that MD5 is not vulnerable to collisions. Anyone having doubts can see the great examples provided by (creators of WinHex) and the relevant paper.

In case the site goes dead here is an example they have:

Input vector 1:

d1 31 dd 02 c5 e6 ee c4 69 3d 9a 06 98 af f9 5c
2f ca b5 87 12 46 7e ab 40 04 58 3e b8 fb 7f 89
55 ad 34 06 09 f4 b3 02 83 e4 88 83 25 71 41 5a
08 51 25 e8 f7 cd c9 9f d9 1d bd f2 80 37 3c 5b
d8 82 3e 31 56 34 8f 5b ae 6d ac d4 36 c9 19 c6
dd 53 e2 b4 87 da 03 fd 02 39 63 06 d2 48 cd a0
e9 9f 33 42 0f 57 7e e8 ce 54 b6 70 80 a8 0d 1e
c6 98 21 bc b6 a8 83 93 96 f9 65 2b 6f f7 2a 70

Input vector 2:

d1 31 dd 02 c5 e6 ee c4 69 3d 9a 06 98 af f9 5c
2f ca b5 07 12 46 7e ab 40 04 58 3e b8 fb 7f 89
55 ad 34 06 09 f4 b3 02 83 e4 88 83 25 f1 41 5a
08 51 25 e8 f7 cd c9 9f d9 1d bd 72 80 37 3c 5b
d8 82 3e 31 56 34 8f 5b ae 6d ac d4 36 c9 19 c6
dd 53 e2 34 87 da 03 fd 02 39 63 06 d2 48 cd a0
e9 9f 33 42 0f 57 7e e8 ce 54 b6 70 80 28 0d 1e
c6 98 21 bc b6 a8 83 93 96 f9 65 ab 6f f7 2a 70
Identical MD5 value, verified with WinHex: 79054025255fb1a26e4bc422aef54eb4

If you were to put theses two hex values into a file (with a Hex Editor) and then through a MD5 hashing function and a SHA-1 hashing function you can see that MD5 produces the same result were as SHA-1 produces a different one. What is interesting is the amount of changes made. Very few. Is it doctored? I think not! Game over! …sorry if I am re-iterating an old issue, but like the media many time people need to hear about certain issues. Especially digital forensic analysts who rely upon these values for integrity and in their comparison functions.

MD5 hashing algorithm is dead, get over it! Long live the next one!! …or as long as you can that is!

Links Used:
[1] MD5 Collision –


Facebook PI, the spy who knew.

Facebook. A composite word that has nothing to do with a face or a book. Maybe if you post your face then we have at least a face. Still it is the top of the top in social networking, keep many in touch and up-to-date with their weird and wacky friends (yes I did say you are weird, get over it!).

If you have been using it lately (those who do) you may have noticed some weird behaviour in one of its facilities. This facility is the ‘Friend Suggestion’ option that can be obviously deduced that it would suggests people/ friends you may or may not know. Which you would in turn add, remove or just ignore.

The thing that is starting to spook people is the suggestion [1] of people/ friends that you may know in real life, have no affiliation on Facebook (as in no common friends etc.) and yet it knows that you might be interested in them or know them from somewhere/ somehow. I read some forms really quickly and can only deduce that it is either people who have supplied their email account details and Facebook has used the accounts to make connections with people and their emails [2].

Why you would want Facebook to have your contact details I have no idea. But that is a personal matter which I do not agree with.

Yes I know Facebook must have some other complex algorithm that some how finds other people you might know through facts found on your profile or numerous degrees of separation etc. It is really spooky though when people are suggested when they have no commonalities, no common friends, nothing as they are new users on Facebook, and yet it knows to suggest them to you.

Beware of what you post and what applications you use on Facebook as everything can be used!

From a marketing perspective, it is a win for Facebook. Funny eh, but true!
But who knew, they do!

Links Used:

[1] Yahoo Questions – Facebook is too scary .. how the heck does it know? –

[2] insidefacebook .com – Facebook Now Suggesting Friends Found in Imported Contact Lists? –

1 Comment

When numbers boomerang and collide in AES encryption

I was really surprised, yes there is a pattern to me being surprised and my blog postings (I blog usually when something surprises me), to read[1, 2] that AES has been attacked [2] (i.e. cryptanalysis attack by using a related-key boomerang attack) which presents weaknesses (local collisions) in the AES algorithm. Still it is claimed that we are still secure as it might be possible to reduce the complexity to 2110.5 data and time,compared to the current 2119, which attacks are still both computationally unfeasible for AES-256.

2119 * wishes it is so!

Links Used:

[1] Bruce Schneier, ‘New Attack on AES’ –
[2] Alex Biryukov and Dmitry Khovratovich, “Related-key Cryptanalysis of the Full AES-192 and AES-256” –

1 Comment

Masked man or masked password?

I was reading this article[1] on about the usability of masked (i.e., hidden) password fields on GUI forms and webpages. It is just crazy to even think that showing the password field is a good thing compared to current practice that has the password fields masked with dots or asterisks.
My arguments:

  1. Attackers will be fine with screenshots of when you login to webpages instead of keyloggers
  2. What about remote screen sharing and when you have to login to a service or webpage?
  3. What if I have a colleague looking at my screen and I need to login somewhere? Sorry can you please leave till I login because you can see my password…. everyone can see it really (even the person across the street with the telescope(not that you should).

There are probably more but I can not think of any right now. I think you get the point. It is a just a bad idea. Maybe they should make the field UV and no one can see it unless they are wearing special glasses (a bit better solution, I think).

Link Used:
[1] Reported by – “Masked passwords must go” –


Handling Personal Data then Do You follow a Code?

If you are handling personal data then the BCS has put together the Personal Data Guardianship Code[1]. It lays out the responsibilities of organizations and people have when handling personal data. It is also a handbook for people who provide their information to services (e.g., online and forms etc).

At first glance it provides a better understanding of how to go through the processes associated with the data life span, as it is called. Its simple and clean layout and formatting shows that the target group is quite large and everyone should read it.

The Code also provides example where appropriate and help the reader understand a section slightly better.

As mentioned quite often by the BCS, on the site and in the document, the Code is not a legal document but a guideline and the users should refer to the relative legislation, e.g. Data Protection Act etc.

Links used:
[1] BCS, Personal Data Guardianship Code –


Disk Study 2008-2009

We do the disk study every year and really look forward to what might pop up. It is a bit like the feeling you get when unwrapping gifts at a birthday or Christmas. This year[1-7] we had some very interesting drives come our way. As Prof. Andrew Blyth said “While it’s not getting worse, its not getting any better either” which is really worrying.

Let me take this opportunity to mention also that we use AccessData as our analysis tool and that the drives provided were all randomly and blindly delivered to us.

We had two drives containing data from the Scottish NHS hospital with confidential patient data and a disk from the German embassy in Paris (France) containing interesting security logs.

The case that has made the headlines is that of a drive found in America by the partnering University (Longwood University) contained test launch procedures etc. I also think that the drive involving a US-based consultant, formerly with a US-based weapons manufacture, that revealed account numbers and details of proposals and $50bn in currency exchange was as equally interesting.

Details from the following companies are included in [5], they are Laura Ashley, Lanarkshire NHS, Ford Motor Company, Swindon Council and Nokia.
Updated content and links at 16:32

Full coverage can be found at:








Leave a comment

Infosec 2009

At stand K47 getting ready to welcome the visitors and any inquisitive minds.


Prof. Andrew Blyth at the stand making sure that all lollies and apples are in order for handing out with a complimentary pen.


Iain Sutherland and Huw Read were at hand for any further questions.


The Information Security Research Group in a group photo with Phil Zimmerman at Infosec 2009.


Exactly opposite from our stand was GData who had a “Back to the Future” like DeLorean on show.

Posted in Uncategorized | 1 Comment

The ISRG @ Infosec 2009

The Information Security Research Group (ISRG) is going to Infosec 2009 (Infosecurity Europe, 28-30 April 2009, Earls Court, London Come by and have a chat with one of our representatives. See what courses and consultancy the group has to offer.

You can find us at Stand K47 (

1 Comment