If you are having trouble viewing this email,
click here to view this online  |
|
VOLUME 51 |
ISSUE 51 |
22 October 2015 | |
| | Article of the Month | | | | Around the World | |
Story Behind the Ctrl+Alt+Del
keys for login
| |
Have you ever seen Ctrl+Alt+Del,
also known as the "three-finger salute" required at login on certain Windows
systems before the password can be typed in? From a user experience point of
view, it's a bad idea as it's adding an extra step in getting access.

But do you know there
is security behind it?
Let me describe how it helps users to secure their system. Actually this
combination is called a secure attention key (SAK) or secure attention
sequence (SAS). The operating system kernel, which works directly with the
hardware, is able to identify whether the secure attention key has been
pressed. When this event is identified, the kernel begins the trusted login
processing. The secure attention key is designed to make suspicious login
attempts impossible, as the kernel will suspend any program, including those
masquerading as the computer's login criteria, before starting a trustworthy
login operation. On systems that are configured to use an SAK, users must
always be suspicious of login prompts that are shown on display without
having pressed this key combination.
Secure Attention Key for
windows is Ctrl+Alt+Del and for Linux is Ctrl+Alt+Pause.
There is a history of this combination. The soft reboot function via
keyboard was firstly designed by David Bradley. Bradley, as the chief
engineer of the IBM PC project and engineer of the machine's ROM-BIOS, had
originally used Ctrl+Alt+Esc, but thought it was too easy to bump the left
side of the keyboard and reboot the computer suspiciously. Based on his own
account, Hallerman, who was the chief programmer of the project, therefore
introduced switching the key combination to Ctrl+Alt+Del as a safety
concern, a combination is not possible to press using one hand on the
original IBM PC keyboard.
| | | | | |

The method was originally conceived only as an Easter egg for internal use
and not aim at to be used by end users, as it triggered the reboot without
warning or further authorization�it was developed to be used by users
creating programs or documentation, so that they could reboot their
computers without shutdown. Bill Gates (former Microsoft CEO) described it
as "just something we were using in development and it wouldn't be available
elsewhere". The feature, anyhow, was documented in IBM's technical reference
documentation to the original PC and thereby opened to the general public.
Bradley is also known for his good-natured jab at Gates at the celebration
of the 20th anniversary of IBM PC: "I may have invented it, but Bill made it
famous"; he quickly added it was a reference to Windows NT logon procedures
("Press Ctrl + Alt + Delete to log on").
During a Q & A presentation on 21 September 2013, Gates introduced "it was a
mistake", mentioning to the decision to use Ctrl+Alt+Del as the keyboard
combination to log in to Windows. Gates stated he would have planned a
single button to function the same tasks, but IBM did not let him to add the
extra button into the keyboard.
That is the story behind Ctrl+Alt+Del login.
Anuruddha
Hewawasam
Anuruddha is an
undergraduate of the University of Colombo School of Computing who is
currently following Bachelor of Science in Computer Science, Currently he is
working as Intern - Information Security Engineer at Sri Lanka CERT|CC
References | |
1 Statistics on the Internet growth in Sri Lanka | |
http://www.trc.gov.lk/images/pdf/ | |
statis_sep_2012.doc | |
2.The Dragon Research Group (DRG) | | |
http://www.dragonresearchgroup.org/ |
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC | |
https://www.jpcert.or.jp/english/tsubame/ | |
4.Shadowserver Foundation | | | | | | | | | |
http://www.shadowserver.org/wiki/ | |
5. Team Cymru | |
http://www.team-cymru.com | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | |
| |  | | | |
 | |  |
FACEBOOK WILL NOW WARN YOU IF GOVERNMENT TRIES
TO HACK YOUR ACCOUNT | | |

'...The company implemented this system because attacks from
state-affiliated organizations �tend to be more advanced and dangerous than
others,� Stamos said. Facebook won�t reveal how it distinguishes between
security breaches that originate from the government versus those that come
from other hackers.....' | | | | | |  |
Should companies hire criminal hackers? | |
|
 '...The
rationale for hiring criminal hackers is based on the thinking that "It
takes a thief to catch a thief." But some in the security community --
including some hackers at the Black Hat conference this week -- say that it
is no longer necessary.....' | | | | |  |
GOOGLE GLASS COULD HELP AUTISTIC PEOPLE 'SEE'
EMOTIONS | | | |
 | |
| |
'....�OK, Glass: What are other people feeling?�
This is the thrust behind a new tool that helps kids on the autism spectrum
understand other people�s emotions. The Autism Glass Project, as it�s called,
uses Google Glass, machine learning, and artificial intelligence to recognize
other people�s faces and give real-time feedback on their expressions, a
challenge for many people on the autism spectrum....' | |  |
Russian-Speaking Turla Attackers Hijacking
Satellite Internet Links | | |
 | | |
'....Known as the Turla cyber-espionage group (also known as Snake or
Uroburos), the attackers are leveraging a technically easy method to hijack
downstream bandwidth from various ISPs and packet-spoofing to obtain a much
higher degree of anonymity than possibly any other conventional method such
as renting a Virtual Private Server (VPS) or hacking a legitimate server,
the Russian security firm said.......' | | | | |  |
A CISO's Nightmare: Digital Social Engineering | | |
 | | | | | | | '...Olga
Redmon is an attractive young professional whose resume includes experience
in customer service and Microsoft Office. Her LinkedIn profile boasts 500+
connections and dozens of endorsements, all of which come from Midwestern
professionals in the automotive industry. Olga�s profile picture depicts her
in a tight black tank top and red lipstick....' | |
|
| Month in Brief | | Facebook Incidents Reported to Sri Lanka CERT|CC in
September 2015 | |
 | | | | | | | | |
Statistics - Sri Lanka CERT|CC | | |
| |  |
WHAT WE KNOW ABOUT THE HACK OF THE CIA
DIRECTOR�S PRIVATE EMAIL | |
| |

| |
'...A hacker claims to have accessed the personal email account of John
Brennan, director of the U.S. Central Intelligence Agency. In a Twitter post
that is no longer available, the hacker posted an image of what appears to
be a spreadsheet containing the personal information of a number of
government officials, including Brennan.....' | | |  |
Ethics in Security: Less About Technology, More
About Choice | |
 | |
'...On August 15th, 2014, the Washington Post published an article by Barton
Gelman which revealed that a modified version of a network defense tool
created by CloudShield Technologies was likely used by an unknown number of
intelligence agencies outside the United States for offensive cyber and
domestic surveillance operations....' |  |
Why Do Our Honeypots Have Accounts On Your
Website? | |
 | |
'...This was how we learned that Ashley Madison users were being targeted
for extortion online. While looking into the leaked files, we identified
several dozen profiles on the controversial site that used email addresses
that belonged to Trend Micro honeypots. The profiles themselves were quite
complete: all the required fields such as gender, weight, height, eye color,
hair color, body type, relationship status, and dating preferences were
there. The country and city specified matched the IP address�s
longitude/latitude information. Almost half (43%) of the profiles even have
a written profile caption in the home language of their supposed countries....' |
| | | | | | Notice Board | | | Training and Awareness Programmes
- October 2015 | | | | | | | | | Date | Event | | Venue | | | | | | - |
08/10/15 |
Madeena College, Kandy
Cooperative Training Institute, Kandy | |
Principals Training for 1000
secondary school principals
| | - |
08/10/15
|
Wattegama M.M.V
| |
Safe Use
of Internet Awareness session | | - |
15/10/15
|
Mahinda Rajapaksha College,
Homagama
| |
Safe use of Internet for
Teachers of Homagama District | - |
16/10/15
|
St. Mary's College Negombo
| |
IT Day For Negambo Zone
| - |
28/09/15 to 01/10/15
|
IPICT Institute
| |
Training Programme for ICT
Teachers
| - |
03/10//15 to 09/10/15
|
Managemet Training Center,
Meepe
| |
Training Programme for ICT
Teachers
|
- |
17/10//15 to 23/10/15
|
Managemet Training Center,
Meepe
| |
Training Programme for ICT
Teachers
|
|
| | | | | Brought to you by: | | |  | |
| |