## “I saw armed cops being deployed against schoolchildren”

### November 25, 2010

I don’t really want to comment on this, but the simple quote

“I didn’t understand quite how bad things had become in this country until I saw armed cops being deployed against schoolchildren in the middle of Whitehall.”

says it all.

http://www.newstatesman.com/blogs/laurie-penny/2010/11/children-police-kettle-protest

And from the Guardian

“police mounted on horses charged at about 1,000 students”

“17 people were treated for injuries in London. Of them, 13 needed hospital treatment”

“some parents arrived at the police cordon pleading for their children to be released”

http://www.guardian.co.uk/education/2010/nov/24/student-protests-school-children-streets

## El Gamal explained

### May 19, 2010

This is a work in progress. I need to check as there is an Error in the Decryption ! I will edit when I get time to fix the issue.

El-Gamal (Simplified)

**Key generation**

Alice has a prime number (p) Special Number (g) and a random number for her private key (a)

- (p) is the key so needs to be long (1024\2048)
- (g) must be a primitive element modulo (p)
- (a) must be bigger than 1 and smaller than p-1

The algorithm is A = g^{a} mod p

Alice’s public key is A

Alice’s private key is a.

The system-wide parameters are p & g

**Simplified key generation Example**

p = 23

g = 11

a = 6

Therefore, A = g^{a} (mod p)

Therefore 9 = 11^{6} (mod 23)

Alice’s public key is 9 (A), and her private key is 6 (a).

The public key is known to everyone and the parameters p & g are known to everyone

**Simplified Encryption Example**

The example message Bob sends is 10 (M)

Bob generate a random number 3 (k).

Compute C1 and C2 where C1=g^{k} mod p and C2=MA^{k} mod p

Bob sends (C1,C2) to the Alice, this contains the message and value k.

Therefore if C1=g^{k} mod p and C2=MA^{k} mod p

Then C1=11^{3} mod 23 and C2=10*9^{3} mod 23

C1=20, C2= 22

The cipher text is (20, 22)

**Simplified Decryption Example**

Alice receives (20,22)

The calculation is C2 / C1^{a}=(g^{k})^{a} mod p

where 20^{6} = (11^{3})^{6}^{ }mod 23. Both calculate as 16

(This is where the final calculation goes, when I figure it out !)

## Lifelock –

### May 19, 2010

Lifelock is a company that guarantees to protect you from Identity theft, for only $10 dollars a month.

They are so cofident that they can protect your ID, that their advertisements include the Social Security Number of their CEO (From Wired.com)

Pretty good so far. Until you find out his identity has been stolen 13 times since 2007.

If the CEO of an identity protection company **can’t even keep his own identity secure,** would you trust them…….

## RSA explained

### May 5, 2010

I’ve been struggling to learn the mathematics behind RSA encryption. This is my “aid Memoir” I’m trying to memories.

**Key Creation**

**• Choose primes p and q**

Pick two prime numbers, e.g. 7 & 17

**• Calculate the Modulus N, where N=pq**

Multiply the two prime numbers to create N (7×17)=119

**• Choose an e, where 1 < e <(p-1)(q-1) and GCD(e, (p-1)(q-1)) = 1**

Pick a prime number e that is less than (p-1)*(q-1). (6*16)=96 and where the Greatest common devisor (GCD) of all three (e, p-1, q-1) is 1 (i.e. no other common devisors)

In This case, we pick 37.

**• Public key is (N, e)**

Public key are the two numbers N & e. (119,37)

**• Compute d, where d = e^-1 mod (p-1)(q-1)**

e^-1 mod (p-1)(q-1)

37^-1 mod 6×16

37^-1 mod 96

37*13=1 (Mod 96)

**• Private key is d**

The Private key is 13

p=7, q=17

N= 119

e = 37

d = 13

Public Key is (119,37)

Private Key is (13)

**Encryption**

We will use the cleartext “14” for this example

Encryption uses the algorithm **C ^ e = E ( mod N )**

This is Cleartext to the power of The Prime number from the Public Key = answer (Mod N (the multiplication of the original two prime numbers)

14^37= “Huge Number” (Mod 119) =63 (By my calculator)

The Encrypted text (E) is “63”

**Decryption**

Decryption uses the algorithm** E ^ d = C ( mod N)**

63^13 =C (mod 119)

63^13 = 14 (Mod 119)

63^13 = “Huge Number” (Mod 119) = 14

## Employee consent to allow data monitoring

### February 24, 2010

I was at the SC Magazine “Combating the Insider Threat” Conference yesterday, and one of the presentations raised a very interesting point.

Dave Chapman (Forensic Investigations Manager with TNT Express) was giving a presentation on “The Legalities behind monitoring employees to sensitively identify potential internal threats”.

He raised a couple of very interesting points

- Contractual consent to allow monitoring of your email\Internet access is just that, Consent. This can be formally rescinded at any point. Your employer can take action against this (Disciuplinary etc.) but they CAN NOT continue to monitor your information.
- “Fishing” for issues by looking through staff email\Internet traffic will not stand up in court as there needs to be a defined threat under investigation, to remove the possibility of entrapment.
- Most companies contracts or Acceptable Use Policies define that a limited amount of personal use of company resources is allowed. With this in mind, if the company monitors your email\Internet Access they are knowingly potentially viewing personal information without direct consent. This can be viewed as a breach of privacy. This can be, and has been, legally stated as a breach of Article 8 of the Human Rights Act (the right to respect for private and family life)

None of this necessarily means you can get away with things by arguing the above points, but It does mean that Information Security \ HR have to tread very carefully whilst investigating staff mis-behaviour.

Interesting.

## Elvis has left the Bui…, oh, what he’s still here !

### February 24, 2010

Ethical Hackers pass Amsterdam’s Schiphol airport Biometric Security using a Hacked Passport with the details of a dead man.

## Bills in Parliament, with no oversight by MP’s !!

### January 21, 2010

There’s a new bill in parliament regarding copyright information. The Anti-Counterfeiting Trade Agreement (ACTA)

and get this, MP’s have been told to that they cannot review documents on the bill as** MP’s CANNOT BE TRUSTED WITH OTHER GOVERNMENTS INFORMATION.**

Speechless

http://www.publications.parliament.uk/pa/cm200910/cmhansrd/cm100120/text/100120w0019.htm#column_402W

“the Anti-Counterfeiting Trade Agreement (ACTA) is taking place in confidence. Disclosure of any documents without the agreement of all our ACTA negotiating partners would damage the United Kingdom’s international relations. This would harm our ability to protect, promote and secure an outcome in the UK’s interest, and the premature release of documents that are not agreed and not fully developed may also have a negative effect on the Government’s reputation.

Mr. Watson: To ask the Minister of State, Department for Business, Innovation and Skills **which Ministers are given access to UK position papers** on negotiations on the Anti-Counterfeiting Trade Agreement. [311447]

Mr. Lammy: I am the Minister responsible-for Anti-Counterfeiting Trade Agreement (ACTA). ** ****I have no plans to meet with my ministerial colleagues to discuss the negotiation of the Anti-Counterfeiting Trade Agreement (ACTA)**. I will continue to discuss ACTA with officials whenever there are significant developments. I have discussed ACTA with** EU partners** in the past and will continue to do so when the opportunity arises.

These comments are edited out of the fulll discussion, but they are clear statements. I wont discuss it will UK MP’s, but will discuss with EU officials.

This was picked up from the Register – http://www.theregister.co.uk/2010/01/21/acta_lammy/

If this was military, or terrorism related, this could be understood. But secrecy with no oversight over COPYRIGHT legislation.

Make of that what you will.