415 resultados para Fatal attacks
Resumo:
This paper presents a vulnerability within the generic object oriented substation event (GOOSE) communication protocol. It describes an exploit of the vulnerability and proposes a number of attack variants. The attacks sends GOOSE frames containing higher status numbers to the receiving intelligent electronic device (IED). This prevents legitimate GOOSE frames from being processed and effectively causes a hijacking of the communication channel, which can be used to implement a denial–of–service (DoS) or manipulate the subscriber (unless a status number roll-over occurs). The authors refer to this attack as a poisoning of the subscriber. A number of GOOSE poisoning attacks are evaluated experimentally on a test bed and demonstrated to be successful.
Resumo:
The Modicon Communication Bus (Modbus) protocol is one of the most commonly used protocols in industrial control systems. Modbus was not designed to provide security. This paper confirms that the Modbus protocol is vulnerable to flooding attacks. These attacks involve injection of commands that result in disrupting the normal operation of the control system. This paper describes a set of experiments that shows that an anomaly-based change detection algorithm and signature-based Snort threshold module are capable of detecting Modbus flooding attacks. In comparing these intrusion detection techniques, we find that the signature-based detection requires a carefully selected threshold value, and that the anomaly-based change detection algorithm may have a short delay before detecting the attacks depending on the parameters used. In addition, we also generate a network traffic dataset of flooding attacks on the Modbus control system protocol.
Resumo:
For decades Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) have used computers to monitor and control physical processes in many critical industries, including electricity generation, gas pipelines, water distribution, waste treatment, communications and transportation. Increasingly these systems are interconnected with corporate networks via the Internet, making them vulnerable and exposed to the same risks as those experiencing cyber-attacks on a conventional network. Very often SCADA networks services are viewed as a specialty subject, more relevant to engineers than standard IT personnel. Educators from two Australian universities have recognised these cultural issues and highlighted the gap between specialists with SCADA systems engineering skills and the specialists in network security with IT background. This paper describes a learning approach designed to help students to bridge this gap, gain theoretical knowledge of SCADA systems' vulnerabilities to cyber-attacks via experiential learning and acquire practical skills through actively participating in hands-on exercises.
Resumo:
Introduction Sleep restriction and missing 1 night’s continuous positive air pressure (CPAP) treatment are scenarios faced by obstructive sleep apnoea (OSA) patients, who must then assess their own fitness to drive. This study aims to assess the impact of this on driving performance. Method 11 CPAP treated participants (50–75 yrs), drove an interactive car simulator under monotonous motorway conditions for 2 hours on 3 afternoons, following;(i)normal night’s sleep (average 8.2 h) with CPAP (ii) sleep restriction (5 h), with CPAP (iii)normal length of sleep, without CPAP. Driving incidents were noted if the car came out of the designated driving lane. EEG was recorded continually and KSS reported every 200 seconds. Results Driving incidents: Incidents were more prevalent following CPAP withdrawal during hour 1, demonstrating a significant condition time interaction [F(6,60) = 3.40, p = 0.006]. KSS: At the start of driving participants felt sleepiest following CPAP withdrawal, by the end of the task KSS levels were similar following CPAP withdrawal and sleep restriction, demonstrating a significant condition, time interaction [F(3.94,39.41) = 3.39, p = 0.018]. EEG: There was a non significant trend for combined alpha and theta activity to be highest throughout the drive following CPAP withdrawal. Discussion CPAP withdrawal impairs driving simulator performance sooner than restricting sleep to 5 h with CPAP. Participants had insight into this increased sleepiness reflected by the higher KSS reported following CPAP withdrawal. In the practical terms of driving any one incident could be fatal. The earlier impairment reported here demonstrates the potential danger of missing CPAP treatment and highlights the benefit of CPAP treatment even when sleep time is short.
Resumo:
Basing signature schemes on strong lattice problems has been a long standing open issue. Today, two families of lattice-based signature schemes are known: the ones based on the hash-and-sign construction of Gentry et al.; and Lyubashevsky’s schemes, which are based on the Fiat-Shamir framework. In this paper we show for the first time how to adapt the schemes of Lyubashevsky to the ring signature setting. In particular we transform the scheme of ASIACRYPT 2009 into a ring signature scheme that provides strong properties of security under the random oracle model. Anonymity is ensured in the sense that signatures of different users are within negligible statistical distance even under full key exposure. In fact, the scheme satisfies a notion which is stronger than the classical full key exposure setting as even if the keypair of the signing user is adversarially chosen, the statistical distance between signatures of different users remains negligible. Considering unforgeability, the best lattice-based ring signature schemes provide either unforgeability against arbitrary chosen subring attacks or insider corruption in log-sized rings. In this paper we present two variants of our scheme. In the basic one, unforgeability is ensured in those two settings. Increasing signature and key sizes by a factor k (typically 80 − 100), we provide a variant in which unforgeability is ensured against insider corruption attacks for arbitrary rings. The technique used is pretty general and can be adapted to other existing schemes.
Resumo:
Aim/Background: Transfusion-related acute lung injury (TRALI) is a potentially fatal adverse transfusion reaction. It is hypothesised to occur via a two-insult mechanism: the recipient’s underlying co-morbidity in addition to the transfusion of blood products activate neutrophils in the lung resulting in damaged endothelium and capillary leakage. Neutrophil activation may occur by antibody or non-antibody related mechanisms, with the length of storage of cellular blood products implicated in the latter. This study investigated non-antibody mediated priming and/or activation of neutrophil oxidative burst. Methods: A cytochrome C reduction assay was used to assess priming and activation of neutrophil oxidative burst by pooled supernatant (SN) from day 1 (D1; n=75) and day 42 (D42; n=113) packed red blood cells (PRBC). Pooled PRBC-SN were assessed in parallel with PAF (priming), fMLP (activating), PAF + fMLP (priming + activating) and buffer only (negative) controls. Cytochrome C reduction was measured over 30min at 37oC (inclusive of 10min priming). Neutrophil activation by PRBC-SN was assessed cf. buffer only and neutrophil priming by PRBC-SN was assessed by co-incubation with fMLP cf. fMLP alone. One-way ANOVA; Newman-Keuls post-test; p<0.05; n=10 independent assays. Results: Neither D1- nor D42- PRBC-SN alone activated neutrophil oxidative burst. In addition, D1-PRBC-SN did not prime fMLP-activated neutrophil oxidative burst. D42-PRBC-SN did, however, prime neutrophils for subsequent activation of oxidative burst by fMLP, the magnitude of response being similar to PAF (a known neutrophil priming agonist). Conclusion: These findings are consistent with the two-insult mechanism of TRALI. Factors released into the SN during PRBC storage contributed to neutrophil priming synergistically with other neutrophil stimulating agonists. This implicates PRBC storage duration as a key factor contributing to non-immune neutrophil activation in the development of TRALI in patients with pre-disposing inflammatory conditions.
Resumo:
Fusion techniques can be used in biometrics to achieve higher accuracy. When biometric systems are in operation and the threat level changes, controlling the trade-off between detection error rates can reduce the impact of an attack. In a fused system, varying a single threshold does not allow this to be achieved, but systematic adjustment of a set of parameters does. In this paper, fused decisions from a multi-part, multi-sample sequential architecture are investigated for that purpose in an iris recognition system. A specific implementation of the multi-part architecture is proposed and the effect of the number of parts and samples in the resultant detection error rate is analysed. The effectiveness of the proposed architecture is then evaluated under two specific cases of obfuscation attack: miosis and mydriasis. Results show that robustness to such obfuscation attacks is achieved, since lower error rates than in the case of the non-fused base system are obtained.
Resumo:
This chapter discusses fictional texts set in New York City soon after Septem- ber 11, 2001 (9/11), or whose characters are affected by the attacks on the World Trade Center. Whereas these texts may not have been directly marketed at young adults, they all address ‘youth issues’. Each of the books discussed here contain or are focalized through the eyes of adolescent protagonists. They are all coming-of-age narratives in that the crises within them are usually a result of a catastrophe, taking the characters on journeys of self-discovery, which, once fulfilled, lead them back home.1 As Jerry Griswold (1992) has suggested, coming-of-age stories are especially well suited to the American psyche, and are already familiar to readers of literature based in New York City (the most familiar work being J.D. Salinger’s The Catcher in the Rye). As with other clas- sic American young adult (YA) literature, the journey and homecoming com- monly associated with coming-of-age are often employed in fiction about 9/11. With the key elements of loss and suffering, self-awareness, introspection, and growth, the coming-of-age novel also fulfils agendas common to both litera- ture and politics: the literary journey becomes the nation’s journey.
Resumo:
Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.
Resumo:
While social engineering represents a real and ominous threat to many organizations, companies, governments, and individuals, social networking sites (SNSs), have been identified as among the most common means of social engineering attacks. Owing to factors that reduce the ability of users to detect social engineering tricks and increase the ability of attackers to launch them, SNSs seem to be perfect breeding ground for exploiting the vulnerabilities of people, and the weakest link in security. This work will contribute to the knowledge of social engineering by identifying different entities and subentities that affect social engineering based attacks in SNSs. Moreover, this paper includes an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.
Resumo:
There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.
Resumo:
The advances made within the aviation industry over the past several decades have significantly improved the availability, affordability and convenience of air travel and have been greatly beneficial in both social and economic terms. Air transport has developed into an irreplaceable service being relied on by millions of people each day and as such airports have become critical elements of national infrastructure to facilitate the movement of people and goods. As components of critical infrastructure (CI), airports are integral parts of a national economy supporting regional as well as national trade, commercial activity and employment. Therefore, any disruption or crisis which impacts the continuity of operations at airports can have significant negative consequences for the airport as a business, for the local economy and other nodes of transport infrastructure as well as for society. Due to the highly dynamic and volatile environment in which airports operate in, the aviation industry has faced many different challenges over the years ranging from terrorist attacks such as September 11, to health crises such as the SARS epidemic to system breakdowns such as the recent computer system outage at Virgin Blue Airlines in Australia. All these events have highlighted the vulnerability of airport systems to a range of disturbances as well as the gravity and widespread impact of any kind of discontinuity in airport functions. Such incidents thus emphasise the need for increasing resilience and reliability of airports and ensuring business continuity in the event of a crisis...
Resumo:
This research identifies roadway, traffic, and environmental factors that influence the injury severity of road traffic crashes in Dhaka. Dhaka provides a rather unusual driving risk environment to study, since virtually anyone can obtain a drivers’ license and very little traffic enforcement and fines are given when drivers violate traffic rules. To examine this city with presumed heightened crash severity risk, police reported crash data from 2007 to 2011 containing about 2714 road traffic crashes were collected. The injury severity of traffic crashes—recorded as either fatal, serious injury, or property damage only—were modeled using an ordered Probit model. Significant factors increasing the probability of fatal injuries include crashes along highways (65%), absence of a road divider (80%), crashes during night time (54%), and vehicle-pedestrian collisions (367%); whereas two-way traffic configuration (21%), and traffic police controlled schemes (41%) decrease the probability of fatalities. Both similarities and differences of the findings between crash risk in Dhaka and developed countries are discussed in policy relevant terms.
Resumo:
Since mass immigration recruitments of the post-war period, ‘othered’ immigrants to both the UK and Australia have faced ‘mainstream’ cultural expectations to assimilate, and various forms of state management of their integration. Perceived failure or refusal to integrate has historically been constructed as deviant, though in certain policy phases this tendency has been mitigated by cultural pluralism and official multiculturalism. At critical times, hegemonic racialisation of immigrant minorities has entailed their criminalisation, especially that of their young men. In the UK following the ‘Rushdie Affair’ of 1989, and in both Britain and Australia following these states’ involvement in the 1990-91 Gulf War, the ‘Muslim Other’ was increasingly targeted in cycles of racialised moral panic. This has intensified dramatically since the 9/11 terrorist attacks and the ensuing ‘War on Terror’. The young men of Muslim immigrant communities in both these nations have, over the subsequent period, been the subject of heightened popular and state Islamophobia in relation to: perceived ‘ethnic gangs’; alleged deviant, predatory masculinity including so-called ‘ethnic gang rape’; and paranoia about Islamist ‘radicalisation’ and its supposed bolstering of terrorism. In this context, the earlier, more genuinely social-democratic and egalitarian, aspects of state approaches to ‘integration’ have been supplanted, briefly glossed by a rhetoric of ‘social inclusion’, by reversion to increasingly oppressive assimilationist and socially controlling forms of integrationism. This article presents some preliminary findings from fieldwork in Greater Manchester over 2012, showing how mainly British-born Muslims of immigrant background have experienced these processes.
Resumo:
The three-volume Final Report of the Wood inquiry into NSW Police (Royal Commission Into the New South Wales Police Service, 'Final Report, Vol I: Corruption; Vol II: Reform; Vol III: Appendices', May 1997) was publicly released on 15 May 1997, to much media fanfare. The Sydney Morning Herald (SMH) devoted an 8-page special report on I May to the pending release of the Inquiry Report, headed The Police Purge. On the day of the public release of the Report, the SMH five-page 'Special Report' under the banner The Police Verdict was headlined Wood, Carr Split on Drugs. The Australian led with Call for Drug Law Revamp, Force Overhaul to Fight Corruption, Wood Attacks Culture of Greed, and the Daily Telegraph front page 'Final Verdict' was True Blue Strategy for an Honest Police Force...
