“Is Hacking Now Pervasive?” Security Presentation

My degree at University includes a second year module titled ‘Computer Security Management’, and although it is clearly aimed at Computing students it is my belief that everyone should be given this sort of information. Computer Security is a massive part of any IT professional’s life but the average user at a desk should be aware of the risks they are facing too. Knowledge is power!

As part of this module, we were asked to give a group presentation on any topic that we like (apart from topics already covered by our lecturer). My group consisted of Nathan (previously mentioned in my Java client server coursework) and Dan (@DannySlaney) and it took us weeks to find a topic that we thought would be interesting enough and have an element that we could demonstrate.

Eventually, after a few hardcore researching sessions at my house, a project came to us. We titled it “Is Hacking Now Pervasive?”. What we meant by this was, is the information and are the techniques traditionally only available to hackers readily available and easy enough to use? In short, our answer is yes.

Obviously Google is pretty helpful at finding information. The right search terms and you could be lost forever in the darker regions of the internet among the l33t haxx0rz. But surprisingly, the tools of the trade are made readily available, pre-compiled, and sometimes with a nice GUI on Open Source operating systems such as Backtrack. Backtrack is SUPPOSED to be used by the good guys for penetration testing, which is where ethical IT professionals use hacker type tools to test that their systems are secure and not vulnerable to common (and not so common) attacks.

Even more surprisingly, we found that tools are also available for your regular Android phone to perform a wide variety of ethically-questionable actions. WiFi Kill, FaceNiff, and Anti are just a few tools build as simple Apps for a rooted Android based mobile phone that use a variety of sophisticated techniques (such as ARP Spoofing) to perform attacks such as man in the middle, denial of service, and many more.

Being aware of the availability of these tools helps to be proactive in defending against them. Oh, and also, we got a first for this presentation (75%).

Site Update

Recently, I have been porting my old WordPress site (and by my site, I mean this) over to a Jekyll-powered, GitHub Pages-hosted, static site (Note: if you’re reading this then I’ve already deployed the new version of the site). My reasoning? about 33% intrigue, about 33% saving hosting bills, and about 33% for teh lolz.
As my site is now hosted on GitHub, you can see all it’s gooey inner working by viewing it’s repo.
As you can see, at the moment the design is basically the same as before, but I still have intentions of improving it. I think it will be easier now I’m using this system as I have it locally so I can hack away at it safely without the risk of completely screwing it up online. Also, as it’s a repository I can use all of Git’s features, such as branches, in the development of the site.

Java Cinema Booking Client and Server

Another University project that I want to talk about is a client/server cinema booking system written in Java. I worked with my good friend Nathan on this as it could be completed in pairs. We used GitHub (obviously) to host the project and the repo can be found under Task2.
We achieved a mark of 90% for this as we implemented all of the requirements to a good standard. We also had a report to produce, explaining design choices, etc. It’s not interesting, but the report’s here if you want it.
The main points that I’d like to discuss about this project are:

  • Implementing Multithreading

    Multithreading is the ability to run code in parallel within one process. Java makes this very easy by providing a Thread and Runnable classes to allow developers to extend or implement. The main problem that we faced when dealing with multithreading was multiple access to data. We had a central object on the server which contained all data, two threads (read user connections) should not be able to read from or write to this object at the same time. Access to this critical region was controlled by synchronising access to objects with synchronised methods and the synchronised keyword.

  • Building a protocol

    As this project was quite large (Nathan and I had not dealt with a project of this scale before) we needed to ensure that there was a formalised way of communicating between clients and servers. This helps to ensure that the server and clients can communicate easily and also makes it easy to notice an error. We built two classes to model the client/server communication in this project; a Request class, and a Response class. We chose these names as we felt that they fitted the nature of the connection. A client makes a ‘Request’ to the server (to log in, to make a reservation, etc.) and the server passes back a ‘Response’ with details of what happened (the result of a query, success message, error message, etc.)

  • Graphical User Interfaces

    Initially we had veto’d this aspect of the project as we were daunted by the scale of the project and didn’t think we should have enough time to learn and implement an AWT/Swing Java graphical interface. In the early stages of the project, while I was working on the basics of the server, there wasn’t anything Nathan could have been doing so he decided to look into Swing and took well to it quickly so we changed out mind about implementing a GUI. Nathan implemented most of the interfaces that are in the project, the rest were from my reuse of his code.

I loved this project and learnt a lot about software development, Java, and the client server model.

rserve: Java Web Server

Image of rserve running in Mac terminal having dealt with one request.

As one of my modules at University this year will require me to learn Java, and I like to get a head start on things, I decided to jump into Java. Using the very helpful course on WiBit.net (if you want to learn programming, check them out! Seriously!) I got a basic grasp of Java and started tinkering around with little things (see Learning-Java repo) but then my Christmas break came and I hibernated for a month. Once back at uni, I decided to create a web server as a personal project in Java as a way of ‘relaxing’ in-between catching up with the work I should have done over my Christmas break.

This is an ongoing project, but at the time of publishing this post I have just got it to serve the file at the requested path. Next step is constructing a response header rather than just throwing the file back at the client.

You can follow my progress on the rserve GitHub repository. Feel free to fork my code, send pull requests to help me out, or submit an issue.

Computer System Modeling and Development

In my Systems Analysis and Design module in the first year at University I was put into a group and given this specification for designing a computer system. Even though it was a group project, I ended up completing almost all the work because of absences and lack of skills of the other members. The project involved project planning, use-cases, multiple levels of abstraction of data flow diagrams, logic modelling, entity relationship diagrams at different stages of normalisation, and many other skills. This project taught me a lot about the systems development process and gave me a more formalised way of looking at potential projects. You can download the final portfolio here. For this project we were awarded 74% which is first class level. I am very pleased with this project and feel that without me the rest of the group would not have been able to meet such a high grade.

iOS Development Project

I have made it my summer project to make an iPhone (and iPad) app. Though, currently, I haven’t an idea which isn’t helping me concentrate on learning how to do it.<!–more–> I like to have clear goals before working on something and learning Objective-C and everything seems quite difficult when thinking in the abstract not in terms of ‘my app’.
If anyone is looking for a noob to make them an app. Get in touch! Not likely.