GPG Key Signing Party in Seoul 2015/06/24

Seoul Tech Society is having an introduction to Public Key Infrastructure (PKI) Wednesday, June 24th at D.CAMP in Seoul. We will give an introduction to PKI, followed by a tutorial for generating your own keys with GPG. We will cover electronically signing documents and software distributions, verifying signatures, basic encryption and authentication using your keys.

<div class="separator" style="clear: both; text-align: center;">
</div>After, we will talk about - and play with - paranoid.email, which allows you to force partial encrypted email transmission, even when others are not using PKI.

Once all that has been covered, and everyone has their own GPG keys, we will have a GPG Key-signing PaRtY!~ Help improve the Web of Trust and have free drinks and light snacks at the same time!

Please RSVP at Meetup.com

If you are thinking about running a key-signing party, please check out this guide.
<iframe frameborder="0" height="300" src="https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6329.998350719924!2d127.04509669999996!3d37.507937600000005!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x357ca4092dfbb341%3A0x1def741afd8a1b43!2s683-34+Yeoksam+1(il)-dong%2C+Gangnam-gu%2C+Seoul!5e0!3m2!1sen!2skr!4v1434952351093" style="border: 0;" width="400"></iframe>

~1 min read

A Proposal for Cyber Peacekeeping (CPK)

After a year of collaborative effort we submitted a paper about Cyber Peacekeeping (CPK) to ICDF2C 2015 (http://d-forensics.org/) and have just learned about its acceptance.

In this work, we propose an initial definition and framework for Cyber Peacekeeping. The goal of the proposed framework is to provide a solid foundation for practical implementation of CPK, and points for future discussion of the subject. As one of reviewers noticed: “CPK could be performed under the auspices of some international organization, perhaps modeled on ITU IMPACT”. Although we have proposed some areas from practical implementation, we hope our work will contribute to the development of a real-world solution for a global challenge of safety and security in cyberspace.

Another reviewer keenly summarized that the proposed CPK framework with six goals, four roles and sixteen functions maps to three possible scenarios: No Conflict, During Conflict and After Conflict. Rightly so, we attempt to address not only ongoing conflicts but prevention of pre-conflict escalation as well as solutions for regaining normalcy after conflicts. We note that conflict aftermath is not usually considered, especially for cyber conflicts.

Practically, we propose a potential organizational structure of Cyber Peacekeeping to support its defined roles and functions with respect to short and long term goals. Some functions fulfill urgent actions whereas others can be fulfilled when participating parties reach an agreement (long term).

Through a case study of a notable conflict between China and Taiwan, examples of practical Cyber Peacekeeping are shown, as well as the roles that peacekeeping could have played in such conflicts.

Importantly, the reviewers suggested interesting feedback and directions for improvement, which we will certainly incorporate in our future research. Meanwhile, we are looking forward to discussing this topic with the community of researchers and practitioners online or at such events like ISCR 2015 (https://iscr.cyber.go.kr) and ICDF2C 2015 (http://d-forensics.org/). And stay tuned, we will announce about publication of our full paper in the fall.
1 min read

Modifying Javascript Variables Real Time with Chrome aka AdBlock Detection Subversion

Sometimes you may want to see what scripts a website is trying to run on your system. Other times you may want to be able to not only watch, but also modify javascript variables.

<div class="separator" style="clear: both; text-align: center;"></div>Doing this with Google Chrome is relatively easy. After opening chrome, open “Developer Tools” either from Menu -> More tools -> Developer tools or with ctrl+shift+I.

From the top of the developer tools menu, choose “Sources”, and the source file you would like to look at. From here you should be able to see what the website is trying to run (just like view source with more information).

Form here there are many things that you can do. For a more comprehensive list, please see the Chrome DevTools Overview.

Setting Javascript Variables
One of the most useful things about chrome developer tools is the ability to set javascript variables.

An example that I find often is sites using javascript to detect adblock software. When doing research on sites that might be malicious, you may want to access all features of the site without enabling ads (or other potentially malicious stuff). However, some sites will redirect or do other tricks when ad blocker software is detected.

Example adBlock detection script (real code I found at a random site):

<pre> var isBlockAds = true;
$(function () {
setTimeout(‘DoDetect()’, 3000);
});

function CheckAdImage(elem) {
if (elem.is(“:visible”)) {
isBlockAds = false;
elem.hide();
}
}

function DoDetect() {
CheckAdImage($(‘#adElement’));
if (isBlockAds) {
// redirect to new page
});
}
}
</pre>
This javascript code is doing a few things. First the variable “isBlockAds” is set to true. The next function runs the “DoDetect” function after 3 seconds. DoDetect calls CheckAdImage with the element identifier to check. If the element is visible on the page (not blocked) then isBlockAds is set to false. If isBlockAds is true at the end of the process, then redirect the page to somewhere else.

The end result is that if you are blocking ads, then you can use the page for a short period, but then are redirected to a new, possibly malicious page.

So how can we get around this? With the chrome developer tools do the following:

<ul><li>Open the target webpage</li><li>Under the list of sources, hit the pause button: <div class="separator" style="clear: both; text-align: center;"></div></li><li>Under “console” at the bottom, there is a white box with a > character. You can type here. <div class="separator" style="clear: both; text-align: center;"></div></li><li>In the console you can set global variables. Here we will set our variable isBlockAds to false: <div class="separator" style="clear: both; text-align: center;"></div></li><li>If the variable has already be defined, developer tools will should autocomplete. If not, you can set it. Note: in our example if we set isBlockAds before it is defined in the page, it will be reset to true later.</li></ul><div>That is it. In this case, hitting the pause button allows us to find the variable we want to change before the page redirects. We can then use the console to check and set any variables we want.</div><div>
</div><div>For example, if we want to see the value of a random variable we can do something like:</div><div>
</div><pre> console.log(iswhatsappCustomButton);
false
</pre><div>
</div><div>Check out Chrome DevTools Overview for much more information.</div>



2 min read

Child Exploitation Forensic Tool: NuDetective

I met some Brazilian Law Enforcement at the 2014 World Forensic Festival. They were talking about Child Online Exploitation in Brazil, and a tool they developed called “NuDetective”. The NuDetective tool AND training is free for Law Enforcement (from the Brazilian Police).

For more information please see (Portuguese): http://www.eleuterio.com
Or contact nudetective (at) gmail (dot) com.

From: http://www.eleuterio.com/nudetective.html

The NuDetective is a program developed in Java that supports the detection of juvenile pornography files still in search and seizure sites and crime scenes suspected of pedophilia. The software has been developed entirely by PCFs Pedro MS Eleuterio and Matthew C. Polastro and may be used by law enforcement and public entities for free.

The idea NuDetective arose from the child’s status change and acolescente (ACE) on November 25, 2008, which typified the possession of crime juvenile pornography files. Thus, the Criminal Experts would have to quickly identify, even at crime scenes, illegal files among the millions of files that can be stored on a computer, for example. Therefore, the tool has been developed and uses currently four main features, including the new Video Analysis to perform the detection of these suspicious files:

<ul><li>Image analysis software performs automatic detection nude images through skin pixels identification and computational geometry techniques.</li><li>Names of analysis: the NuDetective checks the file name in order to detect the most common expressions of pedophilia.</li><li>Hash Analysis: the program also compares the hash value of the files with a list of known illegal files values.</li><li>Video Analysis (new): The program calculates the ideal sample and extract frames from videos, performing nudity detection in frames from the algorithms used by the Image Analysis, allowing the identification of juvenile pornography videos.</li></ul>
The authors have published some articles on the development of the tool, including participation in the IEEE DEXA’10 in the city of Bilbao / Spain when shown for the first time, the tool and the results obtained. In 2011, the authors showed NuDetective the global gathering of forensic researchers, the 19th IAFS World Meeting (International Association of Forensic Sciences), and presented a number of other countries and institutions / forensic laboratories. In 2012, the first of videos developed detection strategy was published in IEEE WSDF-ARES’12 in Prague / Czech Republic, with a single research paper in the world and brought great advances in the state-of-the-art file detection of juvenile pornography. Currently, many police forces of many countries use the tool, with a unique contribution to Computer Forensics and for the protection of children and adolescents of our planet. The tool supports the Portuguese, English and Spanish, but can be easily translated to new languages. In 2014, the authors presented the tool in the main computer Congress of Argentina (JAIIO), which published another article on NuDetective showing results of using the tool in Brazil in the fight against pedophilia.

Forensic Tool NuDetective is free and exclusive use of the forces of law and public institutions. For more information, send email to nudetective (at) gmail (dot) com. This is the official channel of communication on the tool, where you can request more information.

2 min read