Hackers and Hollywood

I submitted a paper to the 3rd International Conference for Internet Technology and Secured Transactions and I'm pleased to say I just got word back that the paper has been excepted. The paper, whose title is "Hackers and Hollywood: Considering Filmic Cyberthreats in Security Risk Analysis", looks at the way computer hackers (really "crackers") are portrayed in movies to determine if that influnces the security policies of organisations.

Defining what exactly constitutes a hacker movie was the first step. To do this a large number of potential candidates movies were reviewed to determine whether or not they were truly hacker movies, and using Grounded Theory a series of guidelines were developed to explain why some movies were added and others rejected.

• GUIDELINE 1: A hacker movie must feature a hacker in it, it is insufficient to have an act of hacking in the movie, the hacker must appear in the movie as being either the main protagonist or antagonist, or at least be a well-developed character with their hacking being integral to the plot.
  
• GUIDELINE 2: Not all cyberpunk movies can automatically be considered as hacker movies.
  
• GUIDELINE 3: Only Science Fiction movies that feature recognisable hacker scenarios should be included.
  
• GUIDELINE 4: No animated movies will be considered.
  
• GUIDELINE 5: No movies will be considered whose sole focus is cryptography.
  
• GUIDELINE 6: No hacker documentaries will be considered, only movies.

Following this a list of 50 movies featuring a total of 60 hackers were compiled from the 1960s to the 2000s. And from here a general list of characteristics that hackers are most commonly portrayed with in movies was complied which was then compared with the reailty of hacking.

More detail here;
http://thetech.pbwiki.com/HackersandHollywood

The Search for Creativity

Creativity is something I am very interested in; What is it? How does it work? Is it different from Innovation? Can we teach it? Are some people better than others at it? How does it relate to programming and design?

I have been investigating concepts related to creativity and have been looking for sources of creativity. Part of this research has been working on projects with Edward de Bono to look at models of supporting creativity, e.g. The Six Thinking Hats, the CoRT techniques and Po. Some of the other models of creativity I have investigated, experimented and published research additionally with the following techniques; MindMaps, BrainStorming, Analogies, and Freewriting.

But models are not enough, to help identify sources of creativity I am looking at a range of people in a range of fields to determine if there is any commonality. I'm looking at inventors and their approaches. I'm looking at how literature is created, and how different authors have created their works. I am also looking at comics to see if their writing differs significantly from books. By looking at Television writing I am hoping to see if writing for a medium that is not only visually-based, but action-based, is significantly different. Finally I am looking at RPGs to see if they can aid creativity.

http://www.comp.dit.ie/dgordon/Research/research11.html

A Vision of Students Today

A short video summarizing some of the most important characteristics of students today - how they learn, what they need to learn, their goals, hopes, dreams, what their lives will be like, and what kinds of changes they will experience in their lifetime. Created by Michael Wesch in collaboration with 200 students at Kansas State University.

Wow !

IBTS and the Missing Laptop - Part III

I e-mailed the IBTS regarding this decrypt-recrypt thing, here's what I got;


from "Corrigan, Arthur"
to Damian Gordon
cc "Bowler, Patrick"
date 3 Mar 2008 08:20
subject Missing laptop
mailed-by ibts.ie

Dear Damian

Thank you for your recent email in relation to the stolen laptop in New York. The reason the information on the laptop was re-encrypted because the IBTS had provided the New York Blood Centre the data on an 256 bit encrypted CD and in order to load this information on to laptop they had to decrypt it and then re-encrypt it again as it was being loaded on to the laptop.
I hope this answers your query.

Regards,

Arthur Corrigan


IT Manager
Irish Blood Transfusion Service


This really didn't make a lot of sense to me, so I sent this;


from Damian Gordon
to "Corrigan, Arthur"
date 3 Mar 2008 16:18
subject Re: Missing laptop
mailed-by gmail.com

Hi,

I'm not trying to be difficult about this but I really don't understand what you mean, in your original email you said "The reason the information on the laptop was re-encrypted because the IBTS had provided the New York Blood Centre the data on an 256 bit encrypted CD and in order to load this information on to laptop they had to decrypt it and then re-encrypt it again as it was being loaded on to the laptop."

I don't get this, why couldn't they upload encrypted data onto the laptop from the CD, that shouldn't be an issue. You can copy encrypted data from a CD to a laptop without having to do this.

My main problem is this, if the CD was decrypted and re-encrypted "on the fly" or whatever, the reality is that as it was being decryped the results of that information had to be stored somewhere, to allow that data to be again re-encrypted, and chances are that it was on the virtual memory of the laptop. So even if there was never a file created on the laptop with the decrypted data, the decryption process had to happen somewhere, and if it was on the virtual memory of the laptop, then it could be possible to restore that data.

I would be very grateful if you could check for me exactly why the data had to be de-crypted and re-encrypted, and is it possible that it occured in the virtual memory of the laptop,

many thanks,

Damian


Looking forward to their response.

IBTS and the Missing Laptop - Part II

Just got a call from the IBTS to clarify the situation for me, here are the highlights;

1. Yes, the IBTS knew that employees of the NYBC would be transporting confidential data around on their laptops and bringing it home because they would have to be working late hours on this project, so the IBTS gave them permission to do this.

2. Regarding the statement in the letter that the data was "encrypted with a 256-bit encryption. Those records were transferred to a laptop and re-encrypted with a 256-bit encryption", the person I spoke to said that he didn't really know what that actually meant, maybe the data was unencrypted at some stage and maybe it wasn't, but was happy to confirm that, yes, the laptop mentioned here was the laptop that was stolen.

3. I queried the statement "To our knowledge there has never been a report of a successful attack against a 256-bit encryption key.", he said that this was what he had been told by the NYBC and they took care of all of the encryption stuff.

IBTS and the Missing Laptop - Part I

Yipee, it's like winning the lottery, I just got a letter today from the Irish Blood Transfusion Service (IBTS) telling me some great news, my donor records were one of the 171,324 records that were on a laptop that was stolen in New York on 7th February.

I have been dreading this since the news broke on the Irish news over a week ago. In summary, the IBTS 'loaned' this data to the New York Blood Centre (NYBC) because they need a new data extraction tool that it seems no one in Ireland is capable of developing. An employee of the NYBC had a copy of the data on his laptop and lost the laptop when he was mugged outside of his home. I find it very disturbing that anyone was allowed to bring this type of data outside of a secure centre.

According to the letter I recieved the data was "encrypted with a 256-bit encryption. Those records were transfered to a laptop and re-encrypted with a 256-bit encryption", what does this mean? Why did it have to be re-encrypted, does this mean at some point the data was unencrypted? If it was, and this is the same laptop that was stolen, that is bad news.

But it's OK because according to the CEO of the IBTS Andrew Kelly the chances of decrypting this information is "extremely remote", and, "To our knowledge there has never been a report of a successful attack against a 256-bit encryption key." He should read the 2005 paper "Cache Attacks and Countermeasures: the Case of AES" by Dag Arne Osvik, Adi Shamir and Eran Tromer who in one attack managed to obtain an entire 256-bit AES key after 65 milliseconds.

The Data Protection Commissioner undertook an investigation of the entire event and according to their conclusions the IBTS seems to have done everything correctly, well that's alright so.

The Dangers of Teaching

I have just finished teaching a module on the D.I.T.'s MSc in Applied eLearning, which I really enjoyed doing. I always approach the idea of teaching other teachers or lecturers with a bit of trepidation since I never know what sort of interaction I’m going to get. It is one of the problems of being a lecturer or teacher that in your job you become used of coming into a room and everyone becoming silent and taking notes on everything you say. This can sometimes lead teachers to conclude that even in non-work situations they always have something significant or important to say. Round Table journal comparing Eamon de Valera to a teacher said ”He can lecture but cannot negotiate, and his enthusiasm for abstract propositions prevents him from facing realities”. I definitely feel there are times when this sort of characterization applies to all of us, so it’s always a bit of a worry teaching teachers, will they ruin the flow of the lecture by always trying to score points or will they be open to the process.

I think one of the few things keeping teachers from going totally over-the-top is the students, invariably there will be students who keep you modest either from their knowledge of the subject, or their genuine curiosity, or their remarkable humanity. This brings me back to what I started this posting about, which was teaching the D.I.T. lecturers, I was blessed with a group of colleagues who came to learn and share, there was no one-upmanship or showing off, so to them and to all students who are willing to participate in the process I offer you my sincerest thanks, in the words of Albert Schweitzer;

“Sometimes our light goes out but is blown again into flame by an encounter with another human being. Each of us owes the deepest thanks to those who have rekindled this inner light.”