If you are having trouble viewing this email, click here to view this online

 

VOLUME 51

   ISSUE 51

22 October  2015

Article of the Month Around the World

Story Behind the Ctrl+Alt+Del keys for login

 

Have you ever seen Ctrl+Alt+Del, also known as the "three-finger salute" required at login on certain Windows systems before the password can be typed in? From a user experience point of view, it's a bad idea as it's adding an extra step in getting access.


But do you know there is security behind it?


Let me describe how it helps users to secure their system. Actually this combination is called a secure attention key (SAK) or secure attention sequence (SAS). The operating system kernel, which works directly with the hardware, is able to identify whether the secure attention key has been pressed. When this event is identified, the kernel begins the trusted login processing. The secure attention key is designed to make suspicious login attempts impossible, as the kernel will suspend any program, including those masquerading as the computer's login criteria, before starting a trustworthy login operation. On systems that are configured to use an SAK, users must always be suspicious of login prompts that are shown on display without having pressed this key combination.


Secure Attention Key for windows is Ctrl+Alt+Del and for Linux is Ctrl+Alt+Pause.


There is a history of this combination. The soft reboot function via keyboard was firstly designed by David Bradley. Bradley, as the chief engineer of the IBM PC project and engineer of the machine's ROM-BIOS, had originally used Ctrl+Alt+Esc, but thought it was too easy to bump the left side of the keyboard and reboot the computer suspiciously. Based on his own account, Hallerman, who was the chief programmer of the project, therefore introduced switching the key combination to Ctrl+Alt+Del as a safety concern, a combination is not possible to press using one hand on the original IBM PC keyboard.

 

 


The method was originally conceived only as an Easter egg for internal use and not aim at to be used by end users, as it triggered the reboot without warning or further authorization—it was developed to be used by users creating programs or documentation, so that they could reboot their computers without shutdown. Bill Gates (former Microsoft CEO) described it as "just something we were using in development and it wouldn't be available elsewhere". The feature, anyhow, was documented in IBM's technical reference documentation to the original PC and thereby opened to the general public.


Bradley is also known for his good-natured jab at Gates at the celebration of the 20th anniversary of IBM PC: "I may have invented it, but Bill made it famous"; he quickly added it was a reference to Windows NT logon procedures ("Press Ctrl + Alt + Delete to log on").


During a Q & A presentation on 21 September 2013, Gates introduced "it was a mistake", mentioning to the decision to use Ctrl+Alt+Del as the keyboard combination to log in to Windows. Gates stated he would have planned a single button to function the same tasks, but IBM did not let him to add the extra button into the keyboard.
That is the story behind Ctrl+Alt+Del login.
 

Anuruddha Hewawasam
 

 Anuruddha is an undergraduate of the University of Colombo School of Computing who is currently following Bachelor of Science in Computer Science, Currently he is working as Intern - Information Security Engineer at Sri Lanka CERT|CC

References

1 Statistics on the Internet growth in Sri Lanka
http://www.trc.gov.lk/images/pdf/
statis_sep_2012.doc
2.The Dragon Research Group (DRG)
http://www.dragonresearchgroup.org/
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
https://www.jpcert.or.jp/english/tsubame/
4.Shadowserver Foundation
http://www.shadowserver.org/wiki/
5. Team Cymru
http://www.team-cymru.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
  
 

FACEBOOK WILL NOW WARN YOU IF GOVERNMENT TRIES TO HACK YOUR ACCOUNT

  

'...The company implemented this system because attacks from state-affiliated organizations “tend to be more advanced and dangerous than others,” Stamos said. Facebook won’t reveal how it distinguishes between security breaches that originate from the government versus those that come from other hackers.....'

  Should companies hire criminal hackers?
   

'...The rationale for hiring criminal hackers is based on the thinking that "It takes a thief to catch a thief." But some in the security community -- including some hackers at the Black Hat conference this week -- say that it is no longer necessary.....'

GOOGLE GLASS COULD HELP AUTISTIC PEOPLE 'SEE' EMOTIONS

   
  

'....“OK, Glass: What are other people feeling?”

This is the thrust behind a new tool that helps kids on the autism spectrum understand other people’s emotions. The Autism Glass Project, as it’s called, uses Google Glass, machine learning, and artificial intelligence to recognize other people’s faces and give real-time feedback on their expressions, a challenge for many people on the autism spectrum....'

Russian-Speaking Turla Attackers Hijacking Satellite Internet Links

  

'....Known as the Turla cyber-espionage group (also known as Snake or Uroburos), the attackers are leveraging a technically easy method to hijack downstream bandwidth from various ISPs and packet-spoofing to obtain a much higher degree of anonymity than possibly any other conventional method such as renting a Virtual Private Server (VPS) or hacking a legitimate server, the Russian security firm said.......'

A CISO's Nightmare: Digital Social Engineering

'...Olga Redmon is an attractive young professional whose resume includes experience in customer service and Microsoft Office. Her LinkedIn profile boasts 500+ connections and dozens of endorsements, all of which come from Midwestern professionals in the automotive industry. Olga’s profile picture depicts her in a tight black tank top and red lipstick....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in September  2015
 
  
  Fake
 Hacked
  Other
   
  Statistics - Sri Lanka CERT|CC

WHAT WE KNOW ABOUT THE HACK OF THE CIA DIRECTOR’S PRIVATE EMAIL

'...A hacker claims to have accessed the personal email account of John Brennan, director of the U.S. Central Intelligence Agency. In a Twitter post that is no longer available, the hacker posted an image of what appears to be a spreadsheet containing the personal information of a number of government officials, including Brennan.....'

Ethics in Security: Less About Technology, More About Choice

'...On August 15th, 2014, the Washington Post published an article by Barton Gelman which revealed that a modified version of a network defense tool created by CloudShield Technologies was likely used by an unknown number of intelligence agencies outside the United States for offensive cyber and domestic surveillance operations....'

Why Do Our Honeypots Have Accounts On Your Website?

'...This was how we learned that Ashley Madison users were being targeted for extortion online. While looking into the leaked files, we identified several dozen profiles on the controversial site that used email addresses that belonged to Trend Micro honeypots. The profiles themselves were quite complete: all the required fields such as gender, weight, height, eye color, hair color, body type, relationship status, and dating preferences were there. The country and city specified matched the IP address’s longitude/latitude information. Almost half (43%) of the profiles even have a written profile caption in the home language of their supposed countries....'

 
Notice Board
  Training and Awareness Programmes - October 2015
  
DateEventVenue
- 08/10/15  Madeena College, Kandy
Cooperative Training Institute, Kandy
Principals Training for 1000 secondary school principals
 
- 08/10/15
 
Wattegama M.M.V
 
Safe Use of Internet Awareness session 
- 15/10/15
 
Mahinda Rajapaksha College, Homagama
 
Safe use of Internet for Teachers of Homagama District
- 16/10/15
 
St. Mary's College Negombo
 
IT Day For Negambo Zone
 
- 28/09/15 to 01/10/15
 
IPICT Institute
 
Training Programme for ICT Teachers
 
- 03/10//15 to 09/10/15
 
Managemet Training Center, Meepe
 
Training Programme for ICT Teachers
 
- 17/10//15 to 23/10/15
 
Managemet Training Center, Meepe
 
Training Programme for ICT Teachers
 

Brought to you by: