# An Almost Painless Introduction to Encryption

An Almost Painless Introduction to Encryption

Anybody who doesn’t happen to have a degree in science or math tends to shy away from the subject of encryption. One could hardly blame the layman – it’s heady stuff! But if you’re involved in telecommunications at any level, operating anything from a desktop computer to a mobile phone, you’re confronted with encryption every day. Here is at least a basic understanding of why encryption has to be such a complex science.

The first codes.

Probably the simplest code you might be familiar with is the letter substitution. One of the most common ones is “rotation-13”, also known as the Caesar cypher. In it, you just break the alphabet into two rows, like this:

ABCDEFGHIJKLM
NOPQRSTUVWXYZ

A = N, B = O, and so on with 13 pairs to transfer all 26 letters. It’s called a rotation because you can apply the same method to encode and decode any given text. Letter substitution codes can be any kind of pattern where one letter means another one, and are commonly used on the Internet to hide plot spoilers when describing a movie or hide the punchline to a riddle. They even appear in word puzzle games, such as those printed in the daily newspaper.

As you might guess, letter substitutions are easily cracked on paper, and of course even faster to crack with a computer. In the above rotation-13 example, the key to the code is the two rows of letters. Finding the key to any code results in cracking it.

The reason simple letter substitutions are so easy to break is because one can always use letter-frequency analysis to guess at least half the key. In American-standard English, the twelve most commonly-appearing letters are: “ETAOIN SHRDLU”. Sounds like a magic spell, doesn’t it? Well, you could just take any text encoded by letter-substitution and have a computer count how many times each letter appears. The most common letter will represent “A”, the next “T”, and so on.

So let’s expand the concept!

As an intermediate step to understanding more complex cryptography, let’s see if we can imagine a key that would be harder to discover. What if we used a 3-digit number to represent each letter, but the three digits can appear in any order? E could be 428, 284, 842, and so on. With each letter appearing this way, we could also group the digits randomly to try to hide the pattern. Using this scheme with the key letters in the word “WORD” with W = 123, O = 456, R = 789, and D = 015, we could use any of these sequences:

31-24-65-9-87105
23164-58970-15
2-136547-8951-0

And they could all decode as “WORD”. Our software program would know to ignore the spacing and read the digits in bursts of three, and take the three digits in any order to substitute for the letter in our key table.

But once again, this code is easy to break. Over time, if you had enough sample space (encrypted text) a computer analysis would find a pattern, and once again, where there’s a pattern, there’s a key! But we can still see that it would take much more work to find the pattern, due to the various false leads that you would take if you came upon the encrypted text for the first time without knowing the key.

So cryptography evolves…

Our above two code methods are examples of “stream cyphers”. Stream cyphers encrypt one symbol at a time. Another method is “block cyphers”, which take the symbols in blocks of a set number of characters and encrypt them all at once. Other methods include deterministic hash functions (in which the encrypted text produces a condensed unique ‘key’), asymmetric key cryptography (in which two different keys are used, one to encrypt and one to decrypt), and the one-time pad (in which the plain, unencrypted text is combined with a huge amount of random text, and eliminating the random text is the “key” to decrypting it).

There are many other methods that are used, but by now you’re at least getting the whole point with cryptography: ALL codes can eventually be cracked, but if you have a code algorithm that’s sophisticated enough, it will be practically unbreakable because it would take an eternity to solve it with our present technology.

All of the encryption methods we have now will one day become obsolete, because computers get faster and more powerful all the time. Thus, there is a kind of “arms race” that has gone on since ancient times. We have to keep developing more and more complex algorithms that can stand up to more sophisticated methods of discovering the keys.

What does this mean to the end user?

Just to follow the current conventional wisdom on what the current standard of secure encryption is. Depending on how private your data is (or how paranoid you are!) it is easy to protect confidential data with a variety of available software tools, and a passing knowledge of how they’re used.

# Wakefield Employment Solicitor Wins 500,000 Pounds For Prison Guard ‘Whistle-blower’

Wakefield Employment Solicitor Wins 500,000 Pounds For Prison Guard ‘Whistle-blower’

We all remember school days when one child told the teacher about some wrongdoing and was labelled a ‘grass’ or a ‘snitch’ by their classmates; juvenile, cruel and a little ridiculous, but then we can always excuse such behaviour in children. The same behaviour is, however, inexcusable in adults, especially when it is directed at someone who has stood up for a just cause and is receiving horrible treatment as a direct result of their bravery.

This was the case in a recent expose on the state of a Wakefield prison, when a prison officer gave evidence at a disciplinary hearing against a former colleague and unwittingly became the target of much abuse for the violation of a certain tacit code that apparently the officers all work and live by.

After she gave evidence at the tribunal, she began to receive despicable treatment at the hands of her fellow workers, including a wreath being sent to her house, grass cuttings being sent to her by mail and she even saw her young son spat on by a colleague.

After contacting a Wakefield employment solicitor for legal advice as to what to do about the situation, she began mounting a case against her employers and the colleagues that were abusing her.

The outcome of the trial saw the prison officer awarded £500,000 for her damages, a landmark figure in such ‘whistle-blowing’ cases, which will go along way in helping her to recover from such ill-treatment. The court also decreed that external agencies should now take measures to intervene to protect such workers who step up and speak out against injustice in the workplace.

This is an extreme example of whistle-blowing, as a prison is a volatile environment at the best of times; however, wrongdoing can occur in any line of work and all it takes is for people to sit by and do nothing for such ill treatment to prevail. It takes a brave worker to speak out about a fellow colleague, even if the colleague in question is totally in the wrong, yet you must not suffer in silence, or even allow others to suffer while you sit by.

If you feel uncomfortable at work and there is a certain issue that is making you feel unhappy in your position, or if there are any other employment issues that you would like to discuss then you should contact a Liverpool employment solicitor today to see if you can find a solution to your problems.

# Operations Security Indicators

Operations Security Indicators

OPSEC Indicators are friendly actions and open sources of information that can be detected or interpreted by adversarial intelligence systems, and combined with other known information to derive friendly critical information.

An indicator has five characteristics: Signature, Associations, Profiles, Contrasts and Exposure.

A signature causes an indicator to be identifiable and stand out. If a signature is unique and stable, it reduces the ambiguity of a particular indicator and reduces the number of additional indicators that must be observed in order to determine the significance. If the indicator’s signature is stable, meaning that the behavior is constant and repeated, an adversary may accurately predict future actions. By varying the pattern of behavior, the signature’s stability can be interrupted and increase the ambiguity of an adversary’s observations.

An association is the relationship that an indicator has to other information or activities. Adversarial Intelligence Analysts spend a considerable amount of time comparing current observations with past observations, which may reveal possible relationships. For example, an observer may note a particular employee report to work after hours. Though previous observation, the Analyst is aware of that employee’s position as an on-call computer forensics analyst. Given the association between those two observations, the Adversarial Intelligence Analyst could conclude that the organization has suffered a computer breach of some sort.

An association can also take the form of a pattern. For instance, if it is observed that field exercises are always preceded by weapons maintenance and vehicle loading, an analyst may be able to accurately predict these exercises. Lastly, an association can take the form of organizational patterns, particularly in military units. The analyst may be aware that a particular unit is comprised of Headquarters Company, a maintenance company and a transportation company. If one of these elements is detected, the presence of the others would be strongly suspected.

A profile is the sum of multiple signatures. In other words, when multiple signatures are detected, the combination therein would be more or less unique to a particular mission or task. For instance, if signatures are detected that indicate that aircraft fueling capacities are in place, as well as air traffic control, personnel and weaponry, a profile can be compiled indicating future air-based operations. If a unique profile is observed, an analyst may be able to accurately determine which type of operation is in progress, minimizing the need for additional observation and analysis.

Contrasts are any differences between the established pattern and current observations. Contrasts are the most reliable indicators because they depend on differences in established and repeated profiles, and need only to be observed rather than understood. A contrast can take many forms; for instance leaving work at a different time or the presence of vehicles or aircraft that were not previously observed. When noting a difference, the analyst will attempt to determine if the change is isolated or widespread, if the change has occurred previously (and has a matching association), if anything significant has occurred since the change and what the change may represent. While a contrast may not “give away the farm”, it may result in increased adversarial observation.

The exposure of an indicator refers to the length of time and the time frame in which the indicator is observed. If an indicator is allowed to be observed for a long period of time, it will be assimilated into the profile and be assigned a meaning. If an indicator is able to be observed for only a short period of time and does not repeat, it is less likely to attract attention. However, if the indicator is observed for short periods of time, but is repeated frequently, it will begin to be seen as a contrast to a normal profile. It is important to note that if an indicator is observed for any length of time in conjunction with a specific activity, it will gain increased importance as a precursor to that activity.

It is important to understand the different classes of OPSEC indicators, and to understand the collection efforts of adversaries. After all, if you don’t know what to protect, how do you know you’re protecting it?

# Keep Hackers Off Your Wireless Router

Keep Hackers Off Your Wireless Router
Keep Hackers Off Your Wireless Router

Securing your wireless router is the foremost thing you have to do after you set it up. Other individuals acquiring access to your network is not something you would be glad to experience. This is specially significant if you have precious documents put in in your desktop computer.

Before purchasing a wireless router you are supposed to a short online search about which routers are believed to be best secured. Internet critiques will be really helpful here. After the purchase, associate it with your internet modem and configure it in the following way.

In the address bar of your favorite browser write 192.168.1.1 or 192.168.2.1 if nothing happens when you write the first IP address. This is going to give the configuration settings panel of the router.

Modifying the basic administrator password is a must since many hackers recognise the default passwords. After you change it, save the new password for some other time. This is important because you may to configure your router once more or reset it, and without a password it will be closely out of the question.

The SSID (service set identifier) or the Net name has to be altered too. In order to be capable to retrieve it easy we suggest to change it to your individual or relatives name. Like with the password, not changing the default SSID can leave your network threatened. After you do that, the next thing would be to turn out SSID transmitting. In this way your network won’t be able to send signals so it will practically become hidden to some other individuals.

After that turn on the encryption settings and alter it to WPA2. Take the freshest firmware for your router from the router manufacturer’s website. This way you will detect if there are any glitches and faults that might break the security system of your network. Also take note on the backup configuration of your router, just in case you need to reconfigure it. Adopting these measures will keep the security of your router on a decent level.

# Getting the Most Out of Your Whistleblower Program Investment

Getting the Most Out of Your Whistleblower Program Investment

A lot of people question the time and money it takes to develop an effective ethics and compliance program. It’s never made much sense to me, because the costs of noncompliance are much greater. A recent story making news in Canada discusses the wasted money that has been spent on the Public Servants Disclosure Protection Tribunal. I’ll explain the case below, as well as three ways you can make sure your investment in ethics, compliance and whistleblower protection isn’t tossed out the window.

The Public Servants Disclosure Protection Tribunal

Here’s the gist of the current situation facing the Public Servants Disclosure Protection Tribunal, as found in the Vancouver Sun article “Little-known, Little-used Whistleblower Panel Budgets \$ 8.1 Million”:

Established in 2007-The goal of the Tribunal is to protect public servants from retaliation after they report misconduct in the government. Since 2007, the Tribunal hasn’t heard a single case. In the past 3 years, Ouimet has received 170 complaints, but her team found no wrongdoing in any of the cases. The Tribunal was supposed to handle cases referred to them by Ouimet’s office- explains the previous point. On October 18th, Canadian federal public sector integrity commissioner, Christiane Ouimet, announced that she was stepping down. At the same time, it was reported that her office was being investigated.

The article also states that:

“Fifty-eight whistleblowers complained to the commissioner’s office since 2007-2008, saying they were mistreated or violated after filing a report. The commissioner launched only four investigations as a consequence of those complaints, and only two have been completed.”

A Waste of Money

In this particular case, the efforts to protect whistleblowers has been considered a watse of money, as no action has been taken and no one has been protected. Here are 3 things you can do to make sure your company protects internal whistleblowers:

1. Investigate Complaints

You’ve already invested time and resources into developing multiple channels for employees to report misconduct. Take these tips seriously. Conduct preliminary investigations into incoming cases to determine whether or not the claims warrant further investigation. If employees feel that you are not listening and acting on their concerns, they will stop reporting misconduct internally, and will likely look to someone outside of the organization to listen- such as the EEOC. Investing in case management software is a wise idea, as cases can be entered in a number of ways and built in alerts help keep investigators on track.

2. Be Proactive

When an employee brings forward a complaint, take action and keep an eye on them to make sure they don’t fall victim to retaliation. I’ve written a few times about the retaliation monitoring program at KPMG. Vicki Sweeney and her team monitor changes in employee performance appraisals, pay raises and other workplace opportunities to make sure that an employee isn’t facing backlash for reporting misconduct. Vicki also advises employees to approach her immediately should they feel they are being retaliated against. When a company takes a proactive approach like this, employees feel confident that they will be supported for raising concerns about workplace misconduct- and not find themselves in trouble for doing the right thing.

3. Education and Promotion

Ongoing education and promotion of your program is necessary to get the message across to your employees. An e-mail and a policy handout once a year won’t cut it. Explain and train employees on the multiple ways they can report misconduct or retaliation and give them to option to remain anonymous. Include all of the information on the first or last page of your code of conduct. Promoting your program keeps ethics, compliance and retaliation in the minds of your employees, and also lets them know that you take their concerns seriously. One of the most important things to remember is that employees need to see you take action and need to know that others and being reprimanded for violating workplace policies. It might be wise to create monthly newsletters and dedicate a section of it to letting employees know what the program has accomplished and action taken against violators- without including names and specific examples.

# Unlocking iPhone 4S: Complete Step by Step Procedure & Guidelines

Unlocking iPhone 4S: Complete Step by Step Procedure & Guidelines

With the launch of iPhone 4S in the market, there are many people are looking for ways to unlock the device in order to use network service of their choice. Once you are able to unlock the mobile successfully, you are somewhat hacking the network accessibility by a certain provider. As a result of which one does not have any particular boundation for a network provider and can change from one network to another as and when one feels like.

It is very important that one carries out the unlocking procedure in a correct manner otherwise the mobile might become locked which in turn can cause a lot of frustration for the user concerned. Below given is a complete procedure to unlock iPhone 4S in a step by step manner.

The first and the foremost step in the process to unlock your smartphone is to look for a effective software program. When you get yourself online, there are many companies that offers software in order to unlock iPhone 4S. It is important that you should avoid such programs that are available either free of cost or is very cheap in nature. It is not that those software would not be able to work properly, but it can cause some sort of problems later on. So go for a software that is trusted, genuine and has some sort of price tag on it.

# Outsmart the Internet Hackers

Outsmart the Internet Hackers

Ten years ago, there were only a handful of wireless Internet hotspots. Today there are hundreds if not thousands. And because they’re made to be easily accessible, they’re wonderlands for evil geeks who can sift through your mail, monitor info you’re transmitting or even access your hard drive. If you log in at a cafe or other public place, follow these rules.

Check the name

As you search for networks, chances are you’ll see something called ‘Free Public Wi-Fi’. Don’t connect. It could be a trap. Hackers set up networks with friendly, inviting names, hoping unsuspecting users will join. Once you do, you’re compromised. Before you connect to a network, confirm its name with someone – a coffee shop employee.

Browse wisely

Hackers may still watch you through legitimate networks, so don’t send passwords or credit card info over public Wi-Fi. If you must, do it only on websites with addresses that start with ‘https’. (These are more secure than the usual http sites.)

Heed warnings

Most error messages are indecipherable – what’s a 404 code, anyway? – but here’s one you must heed: a warning about a site’s certificate being expired or invalid. That’s tech lingo for ‘a hacker may be intercepting everything you do’. If you see this message, check the URL; you may have mistyped it. Try once more, and if the message pops up again, stop what you’re doing, shut down your computer and don’t use that Wi-Fi hotspot. There’s a high risk that the network has been infiltrated.

Computers have public folders – often storing your music and photos – and they’re easily made available to anyone using the same network. Make sure you don’t keep anything personal in those folders. To be even more safe, store any private documents on your computer in a password-protected folder, out of the reach of digital intruders.

Instead of risking your security on public networks at all, why not travel with your own Internet access? Most telephone companies offer 3G/ HSDPA (wireless broadband Internet).

Update security

Block gremlins from the start. Keep your antivirus and antispyware programs up to date. These protect you against common attacks. Microsoft offers a free spyware program called Windows Defender.

Delete previous network searches

Your computer remembers every network it connects to, and it will automatically connect to one it recognizes. The bad guys know that, and create networks with names that have been commonly used before so your computer will choose it. To avoid that, find the list on your computer (the option is often called ‘manage wireless networks’) and clear out anything old.

# An Attempt to Define Phishing

An Attempt to Define Phishing

When attempting to define Phishing, there is one constant being the goal: to get hold of your personal information. Phishing scams come in many shapes and sizes. The most common scams are emailed out to millions of people daily. These scams look like legitimate emails from a trusted company or even a government agency.

Typically, in the email, you are asked to click on a link which redirects you to a replica website. In these cases, the websites look exactly like the original one, with minor differences an unsuspecting user would not spot. You must go to the site to take advantage of the particular deal, winnings, or other scam the email explains. At the fraudulent website, you are asked for private information such as credit card details, bank account information, password, etc.

Now, this entire process is a scam that’s been engineered to make you give up your private information. That’s how you define phishing, or what others also refer to as ‘brand spoofing’. Phishing is a play on the word ‘fishing’ as the crooks are out there dangling bait in front of people, hoping for someone to bite.

To define phishing is not enough. You also need more insight into the various forms it can take. While it is impossible to go into all the types of phishing techniques, some more recent methods should be examined.

In the past, there have been many phishing scams using fake banks. During the past year, thieves have been hammering on a new scam that informs the recipient of the email that there is a large amount of money in his account that needs to be claimed. You are asked to log into the account to claim all the money and provide sensitive information to verify the transaction.

Voice Mail Phishing

Another phishing technique uses voice mail messages which are supposed to be from legitimate organizations. The message is usually framed in a manner to cause some alarm and you are given a toll free number to contact. Once you do, you are required to provide information to confirm your identity so that you can clear up the problem.

Spear Phishing

Spear phishing targets a specific individual and sends across highly personalized messages. Because of the personal nature of these messages, it makes them very difficult to recognize as a phishing scam.

Where am I Most Likely to Come Across Phishing?

After you define phishing, it’s important to know the places you are most likely to encounter a phishing scam. The answer to that is, almost anywhere! A message from your bank, company you work for, or even a co-worker could be a phishing scam. Types of websites where these scams are prevalent are social media sites, networking sites and fake charity websites. You can even receive attempted phishing scams on your cell phone or instant messenger programs.