Welcome

Welcome to my digital home! There are lots of articles you might find helpful buried in this site on topics such as modifying an Alfa Romeo 159, rebuilding a Lotus 7 (Robin Hood 2B), not to mention a ton of stuff on technology in general. It’s all here somewhere, so use the search function or navigate using the menu structure. if you want to talk, reach out via the contact function, I usually do answer!

Random Post Selection
GeneralWell it has been a while since I treated myself so the other day I stopped by West End DJ on my way into the office and I picked up an Akai APC 40. In fairness it was my birthday and I used that as a feable form of excuse for the expenditure, but I have a semi clear conciense as a reslut and another oh so sexy toy to play with! This toy really is the ultimate in Ableton Live control, extending the interface litterally to your fingertips and bringing a whole new world of possibility. You can read all about it on Akai’s site, but if you really want to see the potential, check out these YouTube links that just sum up the potential in full from my perspective: Ok, so its going to take me a while before I get  this good, but thats what its all about. ……watch this space 🙂Related Images: [...]
LiveMixesWell, this one is definatley better quality, on all fronts!! Music, mix & production. Let me know if you like it! https://jabawoki.com/wp-content/mp3/DJJD__ElectroFied__04082008.mp3 Podcast: Play in new window | Download Related Images: [...]
LiveMixesOldschool Hard House from the archives   https://jabawoki.com/wp-content/mp3/Jabawok_17122000_Stompin_Pumpin_Hard_House.mp3 Podcast: Play in new window | Download Related Images: [...]
InfoSecI was recently asked to comment on the new Chip & Pin attack created by Prof Ross Anderson from Cambridge University. In my original comment released to the press I make an assertion in relation to a change in process that “breaks the circuit” of this attack – see below: Jay Abbott, director in charge of Threat & Vulnerability Management, PricewaterhouseCoopers LLP (PwC), said:“Essentially, what the scientists have come up with is a very effective and simple way of exploiting weaknesses in the system. However, it is important to bear in mind that the fraud requires a very specific scenario to become effective. “A simple process change by the retailer of asking for the card holder to hand over the card would break the circuit, although this isn’t always possible as sometimes the card reader is fixed to a point on the other side of the counter. “At present, the customer is accountable for the fraud as banks argue that PIN verified transactions are secure. Given this attack demonstrates a clear method of bypassing the PIN system, this assertion by the banks stands on shakier ground.” With the original comment came a caveat, which as you would normally expect, was not quoted by the media, this caveat was that the process change suggested brought with it the opportunity for cards to be skimmed, which was in fact one of the original reasons behind the Chip & Pin changes. In fact, the change works in the favour of the retailer rather than the consumer, however, before you hang me, allow me to demonstrate the rationale behind this. Consider first that Chip & Pin is in fact “two factor” authentication, which anyone in the security business will explain is more secure than “one factor” authentication. The first factor is the card itself or the “chip” in this instance, the second factor is the “Pin” which in this context operates as a pass code. Given both elements are authenticators in their own right, both are required, and as such any attack must include them both. The attack designed by Prof Ross Anderson targets the Pin aspect of the authentication, and relies on the original card accessed through a series of technology components that have to be connected together in some way. The method shown in this attack makes use of concealment to hide these components on the person of the attacker, and relies on a custom built “attack” card with wires hidden up the sleeve of the attacker, back to the other components involved. The obvious way to therefore detect and prevent this attack at the retailer is by separating the card from the attacker, thus showing the wires and revealing the ruse. The cloning of cards must be treated separately as the current methods of cloning (that I am aware of at this point in time) only create “yes cards” which would not work in this attack scenario as they are not true copies and would be detected by the PoS equipment as fraudulent. As I understand it, there is no economically viable way of cloning Chip & PIN Cards effectively at this time. Any cloning would still focus on the magnetic stripe data, which can be easily cloned, but is not accepted by the retailers (usually) when a Chip & PIN card is presented. This of course is at the discretion of the retailer and out of the control of the consumer or the banks. This brings us to the counter argument, specifically in relation to the increased risk of your card getting skimmed/cloned by the retailer when you hand it over. Een if it were viable to clone the chip cards, given that a card skimmed by a retailer would typically not get the pin as well (this of course is not always the case), using the now cloned card would have to make use of Prof Ross Anderson’s attack method, which if the aforementioned process change was implemented, would not work, so in effect increasing the risk of cloning, but decreasing the risk of a successful attack using the cloned card and “breaking the circuit”. This of course relies on the premise that the use of the cards magnetic strip is in fact not viable, and therefore if anything, reinforces the use of Chip & PIN ironically. Of course in real life the Magstrip is regularly used, but that, again is outside the scope of this discussion and considered irrelevant in the face of the specific discussion around Prof Andersons attack. There is always of course the argument for using a small form factor wireless transmission device to remove the need for wires, but given the form factor of a credit card and the inability to alter this form factor without raising suspicion, I am personally unsure that significant enough range for a TX/RX comms loop could be achieved given the power that could be implemented into a credit card sized device. Again, in my original comments to the press I clearly stated that the system needed to be fixed, and that the attack was effective, so this is not me suggesting that we should brush this under the carpet, in fact it is simply looking at what we can potentially do NOW to protect the system, while its eventual upgrade is debated and planned. Don’t forget, in this context I am just as much of a concerned consumer as you. Related Images: [...]
InfoSecSunday Times – 17th January 2010 – Dark Pools / Hacking Related Images: [...]
Alfa 159Once the car was pepped and ready it was onto the enclosure build. This was a combination of trial and error mixed with some loose  calculations and estimations around box size. I had worked out utilising box design software that  for my sub, a 0.6 cuft sealed enclosure was going to give me good responsive SQ and enough power. This also suited my limited boot incursion requirements so was ideal. I also wanted the amp to be located as part of the enclosure and with the heat-sink visible to aid in cooling. The end result was to have something that looked as close to built by designed as I could achieve without a lot of fibreglass and pain! ” order_by=”sortorder” order_direction=”ASC” returns=”included” maximum_entity_count=”500″]   Related Images: [...]
InfoSecThis is a brief interview about my role and the assessment process designed for the challengers playing the UK Cyber Security Challenge while at the Cyber Camp 2012: Related Images: [...]
LiveMixesIn honour of the crew @ B-Sides 2013 and @Dantiumpro for developing a cool cipher challenge for the UK Cyber Security Challengers  to mess with, I have come out of retirement, fresh for 2013 (all be it a bit rusty!) more to come!Track Listing: 1 Wild One Two (Original Mix) – Jack Back feat. David Guetta, Nicky Romero & Sia 2 Icarus (Original Mix) – Madeon 3 Breakn’ A Sweat (Zedd Remix) – Skrillex & The Doors 4 Quasar (Original Mix) – Hard Rock Sofa 5 Don’t Hold Back (Original Mix) – Starkillers & Dmitry Ko 6 Lightspeed (Original Mix) – Datsik & Kill The Noise 7 Damaged (Main Mix) – Antillas feat. Fiora 8 That’s What She Said (Original Mix) – Joe Garston 9 Let’s Party (Instrumental Mix) – Mat’s Mattara feat Rockman 10 All By Myself (Original Mix) – Dubvision 11 French Rules (Muzzaik Remix) – Sebastien Drums, Niles Mason 12 Mono (Mat’s Mattara, Peruz Mix) – Peruz, Mat’s Mattara 13 Cascade (Original Mix) – Tommy Trash 14 Slash (Original Mix) – Nari & Milani vs. Maurizio Gubellini 15 Toulouse (Original Mix) – Nicky Romero 16 Concrete Angel (Original Mix) – Gareth Emery feat. Christina Novelli 17 Paradise (Fedde Le Grand Remix) – Coldplay 18 Spaceman (Original Version) – Hardwell 19 Flashing Lights (Kid Massive Remix) – Roger Sanchez, Sidney Samson   https://jabawoki.com/wp-content/mp3/Jabawoki_BSides_2013.mp3 Podcast: Play in new window | Download Related Images: [...]
LiveMixeshttps://dev.jabawoki.com/mp3/Jabawok_Tranceitions.mp3 Podcast: Play in new window | Download Related Images: [...]
InfoSecThis is a short video explanation of how the UK Cyber Security Challenge’s launch cipher was put together, and subsequently how to break it! C4Odla8I0Hs Related Images: [...]

Related Images:

Related Images: