Security Bullet In
Communiques from the security front, sir
Friday 5 February 2010, 6:24 PM
Bletchley Park calls for operators for Bombe rebuild
The home of World War II codebreaking has called for engineers to operate an electro-mechanical machine developed by mathematician Alan Turing.
The Turing Bombe was a brute-force code-breaker which built on previous work conducted by Polish crypto-analysts. Bletchley Park has rebuilt one Turing Bombe, and now the museum is to launch a recruitment campaign for volunteers to operate it.
The volunteer recruitment open days at the museum, which will be on Friday 12 and Saturday 13 March, are designed to recruit operators for the project, as well as museum guides.
"We've got a number of opportunities for people interested in the history of technology," director of museum operations Kelsey Griffin told ZDNet UK on Friday. "We're looking for electrical and mechanical engineers to help operate the Turing Bombe rebuild."
Griffin said that the museum is understaffed for volunteers, a situation which has been exacerbated by growing visitor numbers.
"Visitor numbers in 2009 exceeded 100,000 visitors for the first time – while we had budgeted for the [economic] downturn," said Griffin. "It's fantastic, but it puts a strain on an already understaffed volunteer team."
The Turing Bombe was an electro-mechanical device that mechanised the process of breaking into crypto streams which had been formed by German Enigma machines, used for military communications. The Bombe was designed by Alan Turing and another mathematician, Gordon Welchman.
The machine was wired to conform to a 'menu' devised by mathematicians, based on 'cribs' or guesses of short parts of Enigma messages which could have contained commonly used words. The Turing Bombe found potential Enigma settings not by proving them, but by disproving every incorrect setting in turn.
The Bombes were built by the British Tabulating Machine company, based in Letchworth. By the end of the war, Bletchley Park and its outstations boasted 210 machines, which were subsequently broken up and destroyed to maintain secrecy at the start of the Cold War.
"[Winston] Churchill was adamant that he didn't want anyone to know how successful our codebreaking had been," said Griffin.
The museum's existing Bombe was rebuilt from a series of black and white photos and the original blueprints. The machine took fourteen years to rebuild by a dedicated team of engineers.
The Turing Bombe was a brute-force code-breaker which built on previous work conducted by Polish crypto-analysts. Bletchley Park has rebuilt one Turing Bombe, and now the museum is to launch a recruitment campaign for volunteers to operate it.
The volunteer recruitment open days at the museum, which will be on Friday 12 and Saturday 13 March, are designed to recruit operators for the project, as well as museum guides.
"We've got a number of opportunities for people interested in the history of technology," director of museum operations Kelsey Griffin told ZDNet UK on Friday. "We're looking for electrical and mechanical engineers to help operate the Turing Bombe rebuild."
Griffin said that the museum is understaffed for volunteers, a situation which has been exacerbated by growing visitor numbers.
"Visitor numbers in 2009 exceeded 100,000 visitors for the first time – while we had budgeted for the [economic] downturn," said Griffin. "It's fantastic, but it puts a strain on an already understaffed volunteer team."
The Turing Bombe was an electro-mechanical device that mechanised the process of breaking into crypto streams which had been formed by German Enigma machines, used for military communications. The Bombe was designed by Alan Turing and another mathematician, Gordon Welchman.
The machine was wired to conform to a 'menu' devised by mathematicians, based on 'cribs' or guesses of short parts of Enigma messages which could have contained commonly used words. The Turing Bombe found potential Enigma settings not by proving them, but by disproving every incorrect setting in turn.
The Bombes were built by the British Tabulating Machine company, based in Letchworth. By the end of the war, Bletchley Park and its outstations boasted 210 machines, which were subsequently broken up and destroyed to maintain secrecy at the start of the Cold War.
"[Winston] Churchill was adamant that he didn't want anyone to know how successful our codebreaking had been," said Griffin.
The museum's existing Bombe was rebuilt from a series of black and white photos and the original blueprints. The machine took fourteen years to rebuild by a dedicated team of engineers.
Friday 29 January 2010, 5:29 PM
Metropolitan Police reveal anti-counterfeiting project
A project designed to limit equipment that organised criminals use in counterfeiting scams has been revealed by the Metropolitan Police.
Project Genesius, which has been running for two years, seeks to encourage the printing industry to sign up to a voluntary code of conduct, to prevent printing equipment and technologies falling into the wrong hands.
Detective chief inspector Nick Downing said at a press conference in New Scotland Yard on Tuesday that the Met would like anyone selling or reselling specialist printing equipment to profile customers.
"Customer profiling is vitally important," said Downing.
Indicators which should raise suspicions if taken together include: if it is a cash only purchase; if there is no delivery address; no invoice required; if purchasers don't quibble about the price; no company name; if it is delivered to a residential address.
In response to a question from ZDNet UK, Downing conceded that a manufacturer or reseller's primary concern was to sell the equipment, but added that the Met would be grateful to the printing industry if it kept its eyes open.
"Yes, their number one priority is business," said Downing. "But we all have a responsibility to make sure [the industry] is selling products in a responsible, safe way."
Project Genesius has resulted in the seizure of hundreds of printers and specialist equipment, the Met said in a press statement on Tuesday.
Project Genesius, which has been running for two years, seeks to encourage the printing industry to sign up to a voluntary code of conduct, to prevent printing equipment and technologies falling into the wrong hands.
Detective chief inspector Nick Downing said at a press conference in New Scotland Yard on Tuesday that the Met would like anyone selling or reselling specialist printing equipment to profile customers.
"Customer profiling is vitally important," said Downing.
Indicators which should raise suspicions if taken together include: if it is a cash only purchase; if there is no delivery address; no invoice required; if purchasers don't quibble about the price; no company name; if it is delivered to a residential address.
In response to a question from ZDNet UK, Downing conceded that a manufacturer or reseller's primary concern was to sell the equipment, but added that the Met would be grateful to the printing industry if it kept its eyes open.
"Yes, their number one priority is business," said Downing. "But we all have a responsibility to make sure [the industry] is selling products in a responsible, safe way."
Project Genesius has resulted in the seizure of hundreds of printers and specialist equipment, the Met said in a press statement on Tuesday.
Wednesday 20 January 2010, 5:36 PM
17-year-old Microsoft flaw affects Windows 7
A flaw that has been present in Microsoft software since 1993, and still affects Windows 7, has been published by a security researcher.
Tavis Ormandy published details of the flaw on the Neohapsis mailing list on Tuesday.
The problem lies in the Virtual DOS Machine, Heise security explained on Wednesday.
"Microsoft isn't having an easy time of it these days," said the Heise article. "In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level – and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7."
Workarounds include users disabling the MS-DOS subsystem by starting the group policy editor and enabling the "Prevent access to 16-bit applications" option in a sub-menu of the computer configuration tab, according to the Heise article.
Tavis Ormandy published details of the flaw on the Neohapsis mailing list on Tuesday.
The problem lies in the Virtual DOS Machine, Heise security explained on Wednesday.
"Microsoft isn't having an easy time of it these days," said the Heise article. "In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level – and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7."
Workarounds include users disabling the MS-DOS subsystem by starting the group policy editor and enabling the "Prevent access to 16-bit applications" option in a sub-menu of the computer configuration tab, according to the Heise article.
Thursday 14 January 2010, 5:06 PM
Android apps pulled for trademark infringement
Applications on the Android marketplace were pulled because they infringed banks' trademarks, Google has said.
A number of security websites reported earlier in the week that a mobile application developed for use on Android handsets and offered for sale in the Android Marketplace could have been a banking Trojan.
However, a Google spokesperson told ZDNet UK on Monday:
"The Android Market Content Policy clearly states that we don't allow applications on Android Market to identify themselves with third-party marks without permission. If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations."
ZDNet UK understands that Google analysed the applications, but found they were not malicious.
A number of security websites reported earlier in the week that a mobile application developed for use on Android handsets and offered for sale in the Android Marketplace could have been a banking Trojan.
However, a Google spokesperson told ZDNet UK on Monday:
"The Android Market Content Policy clearly states that we don't allow applications on Android Market to identify themselves with third-party marks without permission. If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations."
ZDNet UK understands that Google analysed the applications, but found they were not malicious.
Friday 8 January 2010, 5:07 PM
UK gov't conducts comms resiliency test
The government conducted a test of the UK's broadband and comms networks in November, it has emerged.
A Digital Britain implementation update published in December said that the test was a drill to rehearse responses in the event of the UK telephone network coming under attack, or otherwise failing.
"On 11 and 12 November, the Government successfully carried out a major test of the UK’s ability to manage and recover from a major loss of network capacity," said the update. "The test centred on the loss of the Public Switched Telephone Network."
A spokesperson for the Department of Business, Innovation and Skills (BIS) told ZDNet UK on Friday that the operation had been codenamed White Noise, but declined to provide any further details.
A Digital Britain implementation update published in December said that the test was a drill to rehearse responses in the event of the UK telephone network coming under attack, or otherwise failing.
"On 11 and 12 November, the Government successfully carried out a major test of the UK’s ability to manage and recover from a major loss of network capacity," said the update. "The test centred on the loss of the Public Switched Telephone Network."
A spokesperson for the Department of Business, Innovation and Skills (BIS) told ZDNet UK on Friday that the operation had been codenamed White Noise, but declined to provide any further details.
Previous
