Zurich!

I thought I’d vary from just posting my academic papers and publish some information on my experiences in Zurich. Maybe some of this will assist others visiting the city. I’ll continue to provide updates and edits during my stay in Zurich.

Language
The people here primarily speak Swiss-German, in order to prepare for the trip I’d taken a bunch of lessons via DuoLingo in order to learn at least some German as I couldn’t find any software readily available to assist with learning Swiss-German. Some forums I had read online suggested Swiss-German varied greatly from German to the point that native German speakers couldn’t understand it. I found this not to be the case, what I will say however is that DuoLingo got me to the point I can read most information signs (warning, shopping centre, etc) and understand most of the announcement systems throughout the airport and city. That was about it however, interpersonal communication was almost impossible, I wasn’t prepared for the speed at which people speak.

The majority of people in Zurich seem willing to speak English, as long as you are apologetic about not speaking anything else. Unlike some other countries, the effort to speak the local language doesn’t seem to be required or expected as a courtesy. In the areas further from the city center you will find people who can’t or don’t want to speak English. A cashier at Aldi Zürich-Altstetten for example did not seem to be able to follow what I was saying.

SIM Card
When I travel I make a habit of buying a local sim card / prepaid data plan in order to be able to use Google Maps and Translate. There are a few options available which are documented well here. I ended up going to a Swisscom shop and getting a Natel Easy Smart SIM card for $19.90 CHF. It includes $20 CHF credit, supposedly $2 CHF will be deducted each day for unlimited text/voice/data usage with a fair usage cap at 2GB per 30 day period. It isn’t documented but the card appears to come with 100MB of data prior to the initial daily usage being triggered, I’m still within this at the time of writing. As such I can’t comment on the auto deduction functionality.

On activation you will receive 5-10 text messages in Swiss-German. I didn’t bother to translate these, the important information seemed to be the following two items. First, “Herzlich willkommen Firstname Lastname! Ihre Nummer 4179XXXXXXX ……” The number is your mobile number including the country code. Second, a link to cockpit.swisscom.ch which when accessed over the mobile data network gives you access to your account’s admin panel.

Free WiFi
A large number of shops, public transport stations, restaurants, museums, etc will provide free WiFi. Around 95% of these will require you to provide a mobile phone number, which will be sent a password allowing access. I’m not sure what the justification for this is. These services were all able to accept an international phone number. Access is generally quite good with low latency and acceptable bandwidth for the purpose of uploading images etc. A few of the access points I came across blocked access to non web resources such as SSH and VPN services.

Money
There is a severe shortage of ATMs in Zurich. Given that this city is known for its finance sector this shortage is very strange indeed. I eventually found an ATM using the ATM Locator Anywhere app (I havn’t analysed this app and can’t comment on the security/nature of it).

Most stores will accept Visa/Mastercard without issue, some supermarkets are the exception to this though. I suggest confirming with the cashier that your payment card is accepted prior to shopping. 90% of the time you get a look as if you are stupid, but it saves you from the 10% of the time where you are left without a means for payment (As I experienced at Aldi). The payment terminals at Coop Stores stores accepted all cards I attempted to use without issue, even performing currency conversion based on the currency of the card. There was no option provided to pay in the local currency however, which was a bit disappointing as the conversion rate provided by Coop was about five percent below that provided by my card.

Public Transport
The public transport system is poorly documented compared to that in my home city of Perth. In order to determine which class of ticket I required I used Google Maps to provide directions to my destination using the public transport-planning feature. Subsequently I looked at the ZVV Zone Map to determine which Zones I passed through.

The ticket purchase process is conducted via terminals located throughout the city. For some reason the terminals at train stations do not provide the same variety of tickets as those located elsewhere. As I wanted a six day ticket I needed to purchase this from a terminal located anywhere other than a train station. When purchasing a ticket you need to select the type of ticket you require, which in my case was a six day multi-ticket. Then you must provide the destination suburb for the ticket. The system will offer you direct or indirect tickets which each include different zones, I chose the direct option, as I would be taking the same route each day. Finally the machine will show a summary screen, which also allows you to select your class of travel, concession status, or purchase additional tickets. This final screen had me somewhat confused, as there was no option to complete the purchase. Eventually I figured out that the payment terminal to the side had become active (without any prompt on the main display). I paid with a credit card and now had my ticket.

The sales machines also perform validation of multi-tickets. There is a slot on the left-front of the machine which you can insert a multi-ticket into. The machine will clip one of the tabs from the side marking one day as having been consumed and will stamp it with the current date and time.

Posted in Uncategorized | Leave a comment

Paper: “Exchanging Demands: Weaknesses in SSL Implementations for Mobile Platforms”

Title: Exchanging Demands: Weaknesses in SSL Implementations for Mobile Platforms

Authors: Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone

Abstract
The ActiveSync protocol’s implementation on some embedded devices leaves clients vulnerable to unauthorised remote policy enforcement.This paper discusses a proof of concept attack against the implementation of ActiveSync in common Smart phones including Android devices and iOS devices.A two-phase approach to exploiting the ActiveSync protocol is introduced. Phase 1 details the usage of a man-in-the-middle attack to gain a vantage point over the client device, whilst Phase2 involves spoofing the server-side ActiveSync responses to initiate the unauthorised policy enforcement.These vulnerabilities are demonstrated by experiment, highlighting how the system can be exploited to performa remote factory reset upon an Exchange-integrated Smart phone.

Files: Full Paper (PDF)

Posted in paper, security | Leave a comment

Paper: “Geo Forensics: Classes of Locational Data Sources for Embedded Devices”

Title: Geo Forensics: Classes of Locational Data Sources for Embedded Devices

Authors: Peter Hannay

Abstract
A number of devices, web services and applications are being released with, or updated to be locationally aware. The use of location data can be used for a wide variety of purposes, including navigation, social networking, data mining and providing localised content. This location data has potential for establishing a locational history for these devices. The sources of this location data exceed the global positioning system (GPS) based data, including pre- and post-incident triangulation of mobile and cell towers, images and network histories. This paper proposes a classification framework ranking the reliability of potential evidence. This ranking is dependent on the intended purpose of the mechanism involved the generation of such. The classification classes proposed are implicit, connectivity based and metadata, each representing a different level of confidence and identifying features.

Files: Full Paper (PDF)

Posted in forensics, gps, paper | Leave a comment

Paper: “Eavesdropping on the Smart Grid”

Title: Eavesdropping on the Smart Grid

Authors: Craig Valli, Andrew Woodward, Clinton Carpene, Peter Hannay, Murray Brand, Reino Karvinen, Chris Holme

Abstract
An in-situ deployment of smart grid technology, from meters through to access points and wider grid connectivity, was examined. The aim of the research was to determine what vulnerabilities were inherent in this deployment, and what other consideration issues may have led to further vulnerability in the system. It was determined that there were numerous vulnerabilities embedded in both hardware and software and that configuration issues further compounded these vulnerabilities. The cyber threat against critical infrastructure has been public knowledge for several years, and with increasing awareness, attention and resource being devoted to protecting critical in the structure, it is concerning that a technology with the potential to create additional attack vectors is apparently insecure.

Files: Full Paper (PDF)

Posted in paper, security | Leave a comment

Paper: GeoIntelligence: Data Mining Locational Social Media Content for Profiling and Information Gathering

Title: GeoIntelligence: Data Mining Locational Social Media Content for Profiling and Information Gathering

Authors: Peter Hannay, Greg Baatard

Abstract
The current social media landscape has resulted in a situation where people are encouraged to share a greater amount of information about their day-to-day lives than ever before. In this environment a large amount of personal data is disclosed in a public forum with little to no regard for the potential privacy impacts. This paper focuses on the presence of geographic data within images, metadata and individual postings. The GeoIntelligence project aims to aggregate this information to educate users on the possible implications of the utilisation of these services as well as providing service to law enforcement and business. This paper demonstrates the ability to profile users on an individual and group basis from data posted openly to social networking services.

Files: Full Paper (PDF)

Posted in gps, paper, security | Leave a comment

Paper: “The 2011 IDN Homograph Attack Mitigation Survey”

Title: The 2011 IDN Homograph Attack Mitigation Survey

Authors: Peter Hannay, Greg Baatard

Abstract
The advent of internationalized domain names (IDNs) has introduced a new threat, with the non-English character sets allowing for visual mimicry of domain names. Whilst this potential for this form of attack has been well recognized, many applications such as Internet browsers and e-mail clients have been slow to adopt successfUl mitigation strategies and countermeasures. This research examines those strategies and countermeasures, identifYing areas of weakness that allow for homograph attacks. As well as· examining the presentation of IDNs in e-mail clients and Internet browser URL bars, this year’s study examines the presentation of IDNs in browser-based security certificates and requests for locational data access.

Files: Full Paper (PDF)

Posted in paper, security | Leave a comment

Paper: “Using traffic analysis to identify The Second Generation Onion Router”

Title: Using traffic analysis to identify The Second Generation Onion Router

Authors: John Barker, Peter Hannay, Patryk Szewczyk

Abstract
Anonymous networks provide security for users by obfuscating messages with encryption and hiding communications amongst cover traffic provided by other network participants. The traditional goal of academic research into these networks has been attacks that aim to uncover the identity of network users. But the success of an anonymous network relies not only on it’s technical capabilities, but on adoption by a large enough user base to provide adequate cover traffic. If anonymous network nodes can be identified, the users can be harassed, discouraging participation. Tor is an example of widely used anonymous network which uses a form of Onion Routing to provide low latency anonymous communications. This paper demonstrates that traffic from a simulated Tor network can be distinguished from regular encrypted traffic, suggesting that real world Tor users may be vulnerable to the same analysis.

Files: Full Paper (PDF)

Posted in paper, security | Leave a comment

Paper: “GeoIntelligence: Data Mining Locational Social Media Content for Profiling and Information Gathering”

Title: GeoIntelligence: Data Mining Locational Social Media Content for Profiling and Information Gathering

Authors: Peter Hannay, Greg Baatard

Abstract
The current social media landscape has resulted in a situation where people are encouraged to share a greater amount of information about their day-to-day lives than ever before. In this environment a large amount of personal data is disclosed in a public forum with little to no regard for the potential privacy impacts. This paper focuses on the presence of geographic data within images, metadata and individual postings. The GeoIntelligence project aims to aggregate this information to educate users on the possible implications of the utilisation of these services as well as providing service to law enforcement and business. This paper demonstrates the ability to profile users on an individual and group basis from data posted openly to social networking services.

Files: Full Paper (PDF)

Posted in forensics, gps, paper, security | Leave a comment

Paper: “Kindle Forensics: Acquisition & Analysis”

Title: Kindle Forensics: Acquisition & Analysis

Authors: Peter Hannay

Abstract
The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.

Files: Full Paper (PDF)

Posted in forensics, paper, security | Leave a comment

Paper: “Backtrack in the Outback – A Preliminary Report on Cyber Security Evaluation of Organisations in Western Australia”

Title: Backtrack in the Outback – A Preliminary Report on Cyber Security Evaluation of Organisations in Western Australia

Authors: Craig Valli, Andrew Woodward, Peter Hannay

Abstract
The authors were involved in extensive vulnerability assessment and penetration testing of over 15 large organisations across various industry sectors in the Perth CBD. The actual live testing involved a team of five people for approximately a four week period, and was black box testing. The scanning consisted of running network and web vulnerability tools, and in a few cases, exploiting vulnerability to establish validity of the tools. The tools were run in aggressive mode with no attempt made to deceive or avoid detection by IDS/IPS or firewalls. The aim of the testing was to determine firstly whether these organisations were able to detect such hostile scanning, and secondly to gauge their response. This paper does not extensively analyse the resultant empirical data from the tests this will be the subject of several other papers.
Of the 15 agencies investigated, only two were able to detect the activity, and only one of these escalated this to authorities. Many had intrusion detection or prevention systems, but these did not appear to detect the scanning which was conducted. Others did not have any form of detection, only logging without active monitoring and some had no persistent logging of anything. Of those who did detect, the lack of a formal incident response and escalation plan hampered their ability to respond and escalate appropriately. Many of these organisations had recently, or very recently undergone penetration testing by external audit or IT companies, and yet there were still numerous vulnerabilities, or their system did not detect the scan. The conclusion is that organisations need to be very specific about what their needs are when engaging external agents to conduct network security testing, as current penetration testing is giving them a false sense of security

Files: Full Paper (PDF)

Posted in paper, security | Leave a comment