Tag Archives: university

Wanted – 12-13 inch Windows Laptop

Hi all,

I’m looking for a small windows laptop, between 12-13 inches for effectively, university use.
Microsoft Office, Internet browsing, Netflix etc but small/light enough to carry around and transport.

Does anyone one have such a laptop they are looking to sell?

Thanks,

Ben

Location: Nottingham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Robot social engineering works because people personify robots

Brittany “Straithe” Postnikoff is a graduate researcher at the University of Waterloo in Ontario who has been researching robot social engineering — the intersection of human-robot interaction and security and privacy — for the past four years.

Postnikoff has found human-robot interaction (HRI) to be surprisingly close to human-human interaction in many cases, which piqued her interest into the security and privacy concerns that could arise if robots were used in social engineering attacks. Her research has included using cameras on robots to spy on people, getting victims to give personal information and even using a robot to change people’s opinions.

Although her research is still in early days, Postnikoff has found striking results, not the least of which is how little security is built in to consumer robots on the market today.

How did you begin studying robot social engineering? Did you start on the social engineering side or on the robotics side?
 
Brittany ‘Straithe’ Postnikoff: I guess I started on the social engineering side, but I didn’t understand that at the time. For background, I collect post-secondary pieces of paper. I have college diplomas in both business administration and business information technology. And in both of those programs, I acquired people management skills, which I learned were useful in social engineering attacks when I attended DEF CON for the first time.
 
As for robot social engineering, I casually began studying this topic shortly after I started university to get my computer science degree. I had joined a very small robotics team, and within my first three months of university, the team flew to China for a competition.

During this competition, the robots and the humans on the team wore matching blue jerseys and toques that looked like Jayne’s from ‘Firefly.’ You can look up ‘Jennifer the Skiing Robot’ to see what we looked like.

So many people stopped my teammate and I during the competition to take photos with us and our robots. We noticed this wasn’t happening to the other teams. What was really interesting to me was that people cheered for us and our robots even if we were their competition.

I wondered why. Why are people cheering for our robot instead of theirs? Why are we getting all this extra attention? It’s then I started to see opportunities to blend my marketing and human resources knowledge with robots, security and privacy.

Luckily, my undergraduate university was also host to a human-robot interaction lab. I joined the lab the next semester and learned about concepts like robot use of authority, body positioning and gesturing from my senior researchers that are the foundation of the robot social engineering research that I now pursue full time.

Are there any major differences between what people would normally think of as social engineering and robot social engineering?
 
Postnikoff: Well, the biggest and clearest difference is that the attack is performed by a robot instead of a human. Otherwise, the base attacks are generally quite close to human-performed attacks.

Like a human, robots can make use of authority to convince people to do things; they can make use of empathy to convince someone to take particular actions and so on. What is important for a robot social engineering attack is that the robot has a body and it’s able to interact with humans on a social level.

The interesting thing about the embodiment of a robot is that people will believe each physical robot is its own individual entity, especially if the robot is known to act autonomously. It doesn’t normally occur to people that a typically autonomous robot acting erratically might have been taken over by a third party.
 
In researching your work, it appears that the human empathy toward the robot is a big part of the attack. Is that right?
 
Postnikoff: Yes, just like with some human-performed social engineering attacks, robots that are able to interact on a social level with humans can make use of a victim’s empathetic side in order to perform some attacks. For example, a malicious entity could infect a robot with ransomware and only restore the robot once the ransom has been paid.

If it’s a robot that someone is extremely attached to, in need of, or if they have put a lot of work into personalizing the robot and training it, this could be a particularly devastating attack.

What is next in your robot social engineering research?
 
Postnikoff: Next in my research is performing more attacks in both controlled environments and in the wild in order to collect some stats on how effective it really is. I think it’s important to determine how widespread this issue could become. Hopefully, I’ll be able to post those results publicly in a couple months.
 
How does artificial intelligence factor into your research into robot social engineering?
 
Postnikoff: Artificial intelligence is very important, but tangential to the research that I’m currently pursuing. In HRI, we often use the ‘Wizard of Oz’ technique, which involves a person sitting behind a curtain — or in a different room — and controlling the robot while another person is in the same room as the robot and interacting with it. The people interacting with the robot often can’t tell that the robot is being controlled and will assume that the robot is acting on its own. For this reason, I don’t spend time researching AI, because we can fake it effectively enough for our purposes at this time.

Many other experts are working on AI, and my time is better spent focusing on how the physical embodiment of robots and the actions of robots can impact the people they interact with.
 
How many robots do you have right now?
 
Postnikoff: Right now, I have direct access to about 30 robots, but I only have five different models of robots. Thankfully, I have a lot of friends and contacts who are in other universities and companies that are willing to let me play with their robots and complete tests and experiments once in a while.

Sometimes, I help them set up their own experiments to try with the robots, and they let me know what happened as a result. Or, I provide them with the background information and resources they need for their own research. Additionally, people will send me robots to perform experiments on if I promise to do security assessments on them.

To me, these are all win-win scenarios.
 
Are they all consumer robots?

 
Postnikoff: For the most part, yes. I try and work though all the different types of robots — consumer, industrial, medical and so on. But, unfortunately, many of the medical and industrial robots are quite pricey and are harder to get access to. This leaves me to experiment primarily with consumer robots.

Consumer robots are also more likely to be widespread, which does offer some benefits considering the research that I do — especially when I can show what sorts of things I can do inside somebody’s home. Saying that, much of my research also applies to what can happen inside companies that make use of robots — banks and malls — when they don’t understand what can be done with a social robot if it’s not adequately secured.
 
How have you found the security to be in the robots you use?
 
Postnikoff: Not great. A number of the robots I deal with really do need a lot of help. And that’s one reason why I’m trying to bring awareness of this topic to the security and privacy community, especially before robots become more widespread.

What’s interesting here is that the topic of robot security overlaps heavily with IoT security, and most of what is being done in that field to make devices more secure also applies to robots.
 
With the robots that you use where you’re controlling them, is it generally difficult to get control access?
 
Postnikoff: It depends on the robot, but many are surprisingly easy to gain control over. There were some first-year computer science students at my university that I was mentoring, and after a bit of instruction and background, they were able to get into the robots, even though they had no experience doing this sort of thing just hours before.

A number of the robots I looked at have had default credentials, sent usernames and passwords in plaintext, transmitted unencrypted video streams and so on. These are a lot of the same problems that plague many of the other devices that people in this industry see.
 
What kinds of robot social engineering attacks have you run?

Postnikoff: One of my favorite attacks is putting snacks on top of the Roomba-like robot as a way to get access into a locked space.

First, I research who might be in the space, then write that person’s name on a nameplate and put it on the robot, along with the robot’s nametag and the snacks. I use an app to drive the robot to the door, and I get it to run into the door a few times. People hear the robot’s knock, answer the door and might let it in. Meanwhile, I’m able to use the app to look through the robot’s camera and hear through its microphones to absorb what is happening in the space.

There is a paper out by [Serena] Booth et al. called ‘Piggybacking Robots‘ that does a great job of describing a similar attack that inspired me to try this. So, if you ever try one of those food delivery robots that are in D.C. or the Silicon Valley area, you might not want to let them into your house if you don’t have to. You never know who might be piggybacking on the robot’s camera or video feed.
 
Do you have to be within Bluetooth range to be able to control the robots, or can they be controlled over the internet?
 
Postnikoff: Some yes; others no. A lot of the robots that I’m personally dealing with have remote-access capabilities. That is actually a common feature that companies selling consumer robots like to boast about. They might say that if you want to check if your front door is locked, you can hop into the robot, point it at your door and use the robot’s camera to check if the door is locked. That might be great for you, but this same capability is also pretty great for an attacker if they can get remote access.
 
Is there anything else people should know about robot social engineering research?
 
Postnikoff: Robot social engineering attacks are starting to happen in the wild. I have had a number of groups approach me with incidents involving their social robots that could easily be classified as robot social engineering attacks. If we start focusing on this issue now, we can prevent greater issues in the future.

Wanted – 12-13 inch Windows Laptop

Hi all,

I’m looking for a small windows laptop, between 12-13 inches for effectively, university use.
Microsoft Office, Internet browsing, Netflix etc but small/light enough to carry around and transport.

Does anyone one have such a laptop they are looking to sell?

Thanks,

Ben

Location: Nottingham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – 12-13 inch Windows Laptop

Hi all,

I’m looking for a small windows laptop, between 12-13 inches for effectively, university use.
Microsoft Office, Internet browsing, Netflix etc but small/light enough to carry around and transport.

Does anyone one have such a laptop they are looking to sell?

Thanks,

Ben

Location: Nottingham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – 12-13 inch Windows Laptop

Hi all,

I’m looking for a small windows laptop, between 12-13 inches for effectively, university use.
Microsoft Office, Internet browsing, Netflix etc but small/light enough to carry around and transport.

Does anyone one have such a laptop they are looking to sell?

Thanks,

Ben

Location: Nottingham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – 12-13 inch Windows Laptop

Hi all,

I’m looking for a small windows laptop, between 12-13 inches for effectively, university use.
Microsoft Office, Internet browsing, Netflix etc but small/light enough to carry around and transport.

Does anyone one have such a laptop they are looking to sell?

Thanks,

Ben

Location: Nottingham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple MacBook Pro Core i5 2.4 13″ Late 2011 – 4GB – 500GB

Apple MacBook Pro Core i5 2.4 13″ Late 2011

This was bought for my daughter to see her through college and university so although it’s fine, it is not in pristine condition and is priced accordingly.

No box, just the MacBook and charger. Battery holds charge reasonably well although seems to lose charge when in sleep mode (certainly more than my Air does).
Missing two feet on the base (see photos) and some general wear and tear to the case although it’s not bad given its age.

Collection from Newcastle under Lyme or delivery at £15.

Price and currency: 175
Delivery: Delivery cost is not included
Payment method: PPG / BT
Location: Newcastle, Staffs.
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple MacBook Pro Core i5 2.4 13″ Late 2011 – 4GB – 500GB

Apple MacBook Pro Core i5 2.4 13″ Late 2011

This was bought for my daughter to see her through college and university so although it’s fine, it is not in pristine condition and is priced accordingly.

No box, just the MacBook and charger. Battery holds charge reasonably well although seems to lose charge when in sleep mode (certainly more than my Air does).
Missing two feet on the base (see photos) and some general wear and tear to the case although it’s not bad given its age.

Collection from Newcastle under Lyme or delivery at £15.

Price and currency: 175
Delivery: Delivery cost is not included
Payment method: PPG / BT
Location: Newcastle, Staffs.
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Yale data breach discovered 10 years too late

Yale University discovered it suffered a data breach — 10 years ago.

The Yale data breach occurred at some point between April 2008 and January 2009, but officials are unsure exactly when. The Yale data breach included sensitive data such as names, Social Security numbers and birth dates on an unknown number of people, as well as some email addresses and physical addresses.

Because the Yale data breach happened so long ago, the University claimed it did not have much information on how it occurred. In its announcement of the breach, Yale noted that in 2011, the school’s IT “deleted the personal information in the database as part of an effort to eliminate unneeded personal information on Yale servers, but the intrusion was not detected at that time.”

The Yale data breach was not discovered until June 2018 when the school’s IT was “testing its servers for vulnerabilities and discovered a log that revealed the intrusion.”

Ryan Wilk, vice president at NuData Security, said the data included in the breach was more than enough to put users at risk.

“Although financial information was not exposed, even having your Social Security number, name, address and date of birth stolen can still cause problems,” Wilk wrote via email. “Cybercriminals can use this information to create a complete profile of students. Add a bit of social engineering, and they can start cracking all types of accounts and even open up new accounts in the students’ names.”

The school said it notified those students, alumni, faculty and staff memers affected by the breach and has offered identity monitoring services.

Zach Seward, CPO and executive editor at Quartz, was one victim in the Yale data breach, and he relayed his story on Twitter.

Wilk said it might not be Yale’s fault for not discovering the breach sooner.

“Malicious actors are learning not only to access a system but also to do it without leaving a trace. This extreme sophistication results in hard-to-uncover breaches that can take a long to reveal. We encourage companies and organizations to monitor their security system constantly and to stay alert for any unusual activity,” Wilk wrote. “Even if they’ve checked unusual activity thousands of times and it turned out to be nothing risky, the next time that anomaly may just be your cybercriminal at work.”

UNH InterOperability Lab expands IPv6 testing amid SDN growth

The University of New Hampshire InterOperability Lab updated its IPv6 testing program to comply with new government requirements specified by the National Institute of Standards and Technology. UNH-IOL, a technology testing facility in Durham, N.H., also added support for SDN protocols in its updated program.

The testing program applies specifically to U.S. government agencies, such as NASA, that procure networking equipment and need independent certification that the products meet regulation, according to Timothy Winters, senior IP manager at UNH-IOL. The new requirements come as IPv6 adoption continues to grow globally, as indicated by Google, which said over 20% of its users now have IPv6 addresses, Winters added.

Agencies and product vendors that are UNH-IOL members send devices that need certification to the lab, where UNH students and staff test the products for a month to ensure they support IPv6 and comply.

UNH-IOL tests a range of products, including routers, switches, phones, printers and security cameras. Increasingly, however, agencies and service providers have requested UNH-IOL’s help with SDN and IoT devices, Winters said.

“We’re encountering more devices we haven’t seen,” he said. “Some of this is because of IoT, where things are actually being networked and put on a network. They’re not sitting on a proprietary link anymore.”

IPv6 testing ramps up

Timothy Winters, UNH-IOL senior IP managerTimothy Winters

As operators and service providers realize IPv4 address space is decreasing, they’ve started moving to IPv6-only networks, Winters said. This transition caused UNH-IOL to update its IPv6 testing program accordingly.

“UNH-IOL is trying to push that support, so people building applications and services — or even routers and switches — can know which things work or don’t work in an IPv6-only network,” he said. These changes look at the requirements for building, installing and updating applications — processes that sometimes sound simple, but can actually be quite complicated, he added.

UNH-IOL also patched security loopholes in the IPv6 testing program and made the overall testing more generic, so governments outside the U.S. and other user groups could adopt it, Winters said.

Equipment suppliers have two years to comply with the new IPv6 testing specification. As a result, UNH-IOL will likely see 200 to 300 devices return to the lab to undergo the updated testing, according to Winters.

“I’m sure there are companies that have made some products legacy or don’t sell them anymore, so those won’t come back in,” Winters said. “But that’s a challenge: We have to get everybody back through the program.”

USGv6 testing program flow chart
This flow chart relays the process vendors undergo for IPv6 testing on their products.

IPv6 complements SDN

For us, the exciting part is getting students involved in learning a technology like this. It gives students the ability to build tools, see devices and test them.
Timothy Winterssenior IP manager, UNH-IOL

Additionally, he said the lab now regularly receives routers without a command-line interface to test. This change comes as more service providers and equipment providers find value in SDN — and discover how IPv6 complements SDN deployments, Winters said.

“For SDN, the ability to address multiple services is helpful when you’re trying to get into networks that are so complex they have to be programmed,” he said. Service providers, for example, can use IPv6, along with disaggregation, network slicing and segment routing. The IPv6 address helps identify to which service any particular packet is going.

Along with the other testing updates, UNH-IOL added support for SDN protocols, such as NETCONF and YANG, as well as specs for IoT capabilities. By doing so, Winters said he hopes the lab will help push IPv6 deployments. And, as another plus, UNH-IOL students tackle “the latest and greatest stuff” in networking.

“For us, the exciting part is getting students involved in learning a technology like this,” he said. “It gives students the ability to build tools, see devices and test them.”