Saturday, February 23, 2013

GPS Improved Accuracy

GPS Improved Accuracy

Research conducted by Universidad Carlos III de Madrid (also known as UC3M) have found they can boost conventional standard GPS devices by a magnitude of 90% and significantly decrease the margin of error to improve positioning and location. UC3M see an objective to integrate their system into smartphones. This could assist the emergency services to improve pinpointing in emergency cases, in addition to added capability where handsets have modules included using existing conventional GPS capability.

A system that improves the precision of GPS in cities by 90 percent - http://www.uc3m.es/ 

Tuesday, February 19, 2013

Smart Device Usage

The latest report from Flurry reported through Venturebeat, a website that reports China technology usage, confirms China has out smart device usage that of the US. Moreover because the US only has 310-million population and China has 1.3-bilion population it is unlikely, Flurry believes, the US will ever rise to the top usage spot again because of population sizes. Well maybe so, but population size isn't all it is about, but requires regulation, liberalisation, free markets and economic indicators etc, too. What is interesting is that Flurry also envisage the only possible competitor to matching China's growth in smart device usage could probably come from India, which the report states has a 1.2-billion population.

A short note in the report identified other countries having growth in smart device usage. "Countries that grew faster than China in the past year were Columbia, Vietnam, Turkey, Ukraine and Egypt."

See report here: China becomes the world’s largest smartphone market - http://venturebeat.com/2013/02/18/china-becomes-the-worlds-largest-smartphone-market/

Further reading on possible outcomes for Chinese OSs - Originals and Copies. Britain and Smartphone Manufacturing http://trewmte.blogspot.co.uk/2012/10/originals-and-copies-britain-and.html

Sunday, February 17, 2013

Cyber Wrapping

Susan Brenner has had published her article 'Cyber-threats and the Limits of Bureaucratic Control' published in MINN. J. L. SCI. & TECH. [Vol. 14:1] and downloadable from the link below. Susan's brief synopsis is available here: http://cyb3rcrim3.blogspot.co.uk/2013/02/fyi-maybe-new-article-on-cyberthreats.html. A further link to material for review is here: University of Minnesota http://conservancy.umn.edu/handle/144222.

This is a very useful and informative article from Susan and sets out challenges about understanding the impact of 'cyber-' and how a "State" copes with control of such threats.

The marketplace is burgeoning with 'cyber courses' e.g. with content such as: "cyber attack and defense, digital analysis, computer forensics, security policies and strategies, risk analysis, ethical and legal issues, operational processes, cyber crime, and more" (http://www.excelsior.edu/web/news/college-news/-/blogs/five-cybersecurity-programs-certified-to-meet-the-nsa%E2%80%99s-committee-on-national-security-systems-cnss-training-standards) which appears to suggest cyber people have been unable to distinguish cyber as a platform of its own without subsuming e.g. computer forensics and therefore dismantling this job title and work in an attempt to top it.

My original thinking when getting to grips to understand what the cyber-people wanted to show when the approach started back in 2000 was that, irrespective of the technology, it is the fundamental messages/signals, instructions or information included and transmitted through electrical impulses, analogue/digital signalling and so on would complement existing investigatory, examination and forensics programmes and employment and tools. Instead, cyber appears to want to cast a veil over all of these mature approaches to make everything science/technology neutral and claim they are subsets of cyber.

Fundamentally, cyber is a subset to all forms of communication mediums, transmitters and receivers and the technology that interprets communications and signalling. Moreoever cyber-attack/crime/etc is a 50/50 proposition and a subset of "intention" (pragmatically and legally) and must be judged in that context when compared to a "mistake" where the person had no intention to generate an attack but an unwanted outcome occurs anyway.

Download: http://conservancy.umn.edu/bitstream/144222/1/Cyber-Threats-by-Susan-Brenner-MN-Journal-Law-Science-Tech-Issue-14-1.pdf

Sunday, February 10, 2013

One hit, hits all

As you know setting a 'percentage expectation' for disruptive events is common in any operating plan, QoS plan, security plan etc. Contingency (forward planning) of something that might/may happen as a percentage factored in advance in order to ensure support being available is standard practice.

The author Henry Basset's 'Red Sky Alliance' records in his blog (http://henrybasset.blogspot.co.uk/2013/02/attackers-collaborate-defenders-are.html):

"20-50 compromised computers per day (7 days/week) could (should) be expected."

The article does not state that 20-50 will happen daily. Moreover, it is very difficult to reconcile how events happening on weekdays will equally occur in the same percentage on weekends due to staff not working at that time, thus terminals not being used in the workplace, which is another factor suggesting the statement is geared towards forecast or contigency rather than actual fact.  

It is not entirely clear either that the 'inventory computers' could corroborate a computer identified in that inventory being the disruptive source, as opposed to merely being a compromised device, thus repetition of events could continue to be propagated against that same device. A reason for that is that an inventory of computers may not take account for 'BYOD devices' (http://www.trewmte.blogspot.co.uk/2013/01/smartphone-byod.html), which, quite horrifically, are being proposed for business. Laundering such ideas as relevant, cost-effective (sorry, a cheap way for a company to provide IT/comms without cost to the company) and a must-have, apparently, on employee-centric wish-lists crudely ignores common-sense security policies, practices and procedures. Moreover, BYOD is more likely to increase the chances of ICT (information communications technology) disruption/compromise, which is crudely labelled 'cyber attack/crime'. Cyber attack/crime is itself is being used in an attempt to downgrade the important differences and characteristics between science technologies by applying to them a technology-neutral title, 'cyber' (c.f. Andrea C Simmons comments about cyber wrapping http://www.bcs.org/content/conBlogPost/1861 )

Promulgating the noun/adjective/verb 'cyber-', lauded as the title of the next big threat to the World will in itself generate changes down the line eventually forcing Governments to create localised technology standards to deliberately undermine and reduce the chances of global cyber attacks/crimes occuring based upon common code used by many countries. This perhaps can be illustrated in terms of  the enormous economic and fiscal effort that has gone into maintaining the 'Euro' contrasted with the 'British Pound'. Were it the case the Euro actually went down the localised British Pound would still be there. Local individual currency proving a far sounder bet than global common currency. Or looked at from a different angle, if a local individual currency did go down it wouldn't drag down other currencies partners. This tends to reinforce the positive that 'local standards' offer far better security and protection but minimises disruption, whereas global standards create the greater threat of 'one hit, hits all'.

EMV and ePayments

ParseIT
As some of you may know I have over the last several years been extending the range of my skillsets, beyond previous skills of mobile devices/PCs/laptop/MACs, to include EMV and the known CVV (Card Verification Value) code that is stored in the card’s magnetic stripe and iCVV (Integrated Chip Card Card Verification Value) code that is stored in the card’s chip. This work into includes the range of payments systems that are already or will be introduced to smart phone payment systems.

The transactional data contained in the 'exchange messages' are of paramount importance to post-fraud investigations; in the absence of an actual physical instrument involved in the originating activity associated with a transaction. Having the ability to examine copies of the original transactional data contained in electronic files requires a tool designed to output the field data into the known field structures/parameters as set out by iso8583. ParseIT is one of those free tools that provides a useful starting point to output the data to assist an investigation.

- ParseIT is a parser tool to analyze transactional messages from raw data and logs.
- ParseIT provides a simple and effective way to fast detect, parse and compare messages.
- The intuitive interface provides quick access to the fields of the message, their value, their description and their validation.

Because its free and doesn't require a commercial, then it is worth including in the investigators' soft toolkit.

http://www.kasys.ca/parseit.php

Download - http://www.kasys.ca/parseit/update/setup.exe