miércoles, 2 de mayo de 2018

Cryptography is fun, TC2027

Let's wikipedia:

Cryptography is the practice and study of techniques for secure communication from third parties.
It is about constructing and analyzing protocols that prevent unauthorized access to the message.

Modern cryptography is based on mathematics and computer science, thanks to computers, we have the power to encrypt data and make it 'impossible' for a human to decrypt it.

Getting started
The way I got into cryptography, was with the series "Gravity Falls", they put some hidden messages all over the place, on the intro, at the end of the episode, and they used different encryption methods. It was really fun to try to decypher a code that you found on an episode.
If you know nothing about cryptography, I would recommend to enter the link provided at the end of this document, and to watch the animated series.

Encryption methods
Some encryption methods that were used on Gravity Falls are:

Caesar cipher: substitute the original letter for the nth letter before it. In the case for letters X, Y, and Z, (if n = 3) one would have to cycle through to the beginning of the alphabet.

Atbash cipher: decoded by reversing the letters. (A turns into a Z)
EXAMPLE: World -> D


A1Z26: simple substitution cipher decoded by substituting the nth letter of the alphabet for given number n.


Vigenère cipher: it's a series of Caesar ciphers where each letter shift depends on a key word. Vigenère ciphers use a Vigenère square to encrpyt the message.

These are relatively simple Encryption methods, computers use other methods but I will write about it on another blog, I want this one to be for "begginers".



http://gravityfalls.wikia.com/wiki/List_of_cryptograms

Revolution, TC2027

We need one, we need a revolution on the way we learn.

I am currently developing a project that started with one of our professors, Sergio Hernández.
He started Estación Meiquer to give Social Service hours to ITESM GDA students. I was lucky to be one of them, because it covers topics I really like.
But for about a year now, we wanted to do more than giving Social Service hours, we see that there is a need for kids to change the way they think and the way they learn. We see everyday the consequences of a bad educational system, even here, at my school; there hasn't been a single time where partials are comming, and I see students studying from very specific questions and exercises (it took me a few semesters to realize they were studying from exams). I've seen students that take pictuers of the exam as soon as it's on their hands, before making it and after the professor gives them back so we can check our mistakes. What went wrong? Why is it more important to get an exam or find really clever ways to copy, than actual learning? Why is a number (grade) more important than all the effort someone can make on a whole semester learning by experimentation or research? Why aren't we allowed to make mistakes? We're not perfect, we learn from mistakes, I can tell you that the things I remember or learned the most, are things I struggled with, I had to find a way to solve it or I f*cked up really bad.

Our project is called Estación Meiquer, our goal is for kids to develop skills that, according to the World Economic Forum, will drive the 4th Industrial Revolution. These skills are:

  • ·         Problem solving
  • ·         Critical thinking
  • ·         Creativity
  • ·         Emotional intelligence
  • ·         Collaboration

We should stop and think about what we’re learning, having the ability to solve problems on our own and in a creative way. We do so with activities and games, every one of them focuses on at least one of these skills. For every activity, we do the following steps:
  1.  Inspire: we inspire the kids with a story or an example of something big that has been made or something important for the activity we will present them.
  2. Imagine: we give them time to imagine what they want to do, to draw whatever their solution is, with the intention to let them explore their imagination and don’t give them any limitations.
  3. Create: now we let kids create the idea they worked on, here they face challenges and roadblocks, we don’t tell them the solutions, we encourage them and guide them to try to solve them on their own.
  4. Share: After they’ve created their idea, we let them share it with their classmates, to make them feel proud of what they made and it’s a space in which they must talk in front of other kids while the attention is on them, they also learn what other kids created.
  5. Play: we give them this free space to play, using what they created, with other kids.

Our intention is to change the lives of these kids, showing them how awesome learning can be and letting them experiment and never be afraid of failing. We want them to fail, we want to show them that when we fail or f*ck up, NOTHING happens, that's the way A LOT of things that we have nowaydays happened. We don't want them competing for a place, or a number, we want them to work at their pace, and believe they are capable of doing great things.

I imagine, if everyone learns this way or is motivated this way, we wouldn't see the things we see even at a school such as ITESM, where students are really, really good... at cheating.

Elevation of Privileges, TC2027

What is Elevation of Privileges? 

Elevation of Privileges or Privilege Escalation is exploiting a system or application to gain more access than you normally should have. This means you have the power to do unauthorized actions.

There are two branches of privilege escalation, Horizontal and Vertical.

Horizontal

  • Access to other user's information or content. It's horizontal because you are in the scope of a user, but you can gain access to other users, this is still gaining more access than you should, but not at a higher level.

Vertical

  • Access to information or content that should only be accessd by someone with higher access. You stay on your scope, but now you "escalate steps" in the privilege section.

The following image shows the different levels of privileges that a system has. 


My favorite example of elevation of privileges:

Jailbreak

I remember I was in highschool when I got my first iPod Touch, it was Christmas and Santa gave me and my brothers an iPod. I was really excited and I opened it on the bathroom, as soon as I took it out of the box, it fell.
I always liekd playing and listening to music on my iPod, but after a while (still in highschool) I discovered that you could "jailbreak" it, letting you add more functionalities and customize your iPod, I didn't know it back then but that was a form of Elevation of Privileges. 
Normally, you couldn't do all those things that Cydia allowed you to do, but when you jailbreaked it, you gained control of many things and it felt really nice. 

Other methods
This webpage tells more about EoP and ways that it cacn be exploited: 
https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/06/07/all-you-know-about-stride-elevation-privilege-threat-eop
Here there are 6 ways to exploit and gain EoP that the webpage mentions:


  1. User Group / Profile Manipulation: In order to get the write access a non-privileged user can create the profile of the legitimate user using different parameters/ profiles/ ids passing in the HTTP request/ response.
  2. Condition value Manipulation. In an environment where the server throws an error message contained as a value in a specific parameter in a set of answer codes. Manipulating those values to get administrative rights.
  3. IP Address Manipulation: Some websites uses IP address to limit the access or log the number of error login based on IP address. For example - If the website uses the value of 'X-forwarded-For' as client IP address, attacker may change the IP value of the 'X-forwarded-For' HTTP header to work around the IP source identification and fulfill the requirements. 
  4. URL Traversal: Try to traverse the website and check if some of pages that may miss the authorization check. 
  5. White Box: If the URL authorization check is only done by partial URL match, then its likely hackers may workaround the authorization by URL encoding techniques. Ex - endswith(), contains()
  6. Weak Session Id: Weak Session ID has algorithm may be vulnerable to brute Force attack. For example, one website is using MD5 (Password + UserID) as session ID. Then, attacker may manipulate and generate different Session ID in order to get unprivileged access.

There are many methods to gain EoP, but this is something we have to have in mind when we design software, we DON'T want people WITHOUT access to do things they shouldn't.