Recreational Marijuana Data Integrity Verification

Recreational Marijuana Data Integrity Verification

Paul Andreas Fischer

1/19/2017

 

Recreational Marijuana Data Integrity Verification




The purpose of this effort to maintain cybersecurity will be to identify trends in community activity, usage, and coding on three webpages. This will be measured in a weighted per capita membership inclusive of adjustment for last month marijuana usage according to statistics of diagnoses of marijuana use dependency in the last year sourced through the National Institute of Health, statistical significance testing for key HTML or python coding which may be present on the pages ranging from common use terms such as margin and italic/bold to design oriented coding such as getOptions and fix, and finally using a theoretical W3C validation scheme borrowed from a co-operative effort by employees of Drop-box, Google, and Mozilla.

An effort throughout will be made to avoid redundancies in data and to reduce reliance on contingent terminology in order to establish statistical significance in further analysis. While this will not be used to justify any legal actions or hold significant ramifications for user, community, or legislative individuals or groups due to the hypothetical nature of the theories of security fundamental to the arguments provided, the data may be accessed and used publicly and reproduced. As with all research looking at differences in data, change over time will be critical to determining whether this is an appropriate sequence to validate the integrity of the media distributed. This data is accessed legally under the Digital Millennium Copyright Act as encryption research to enhance secure methods of encryption technologies (section 1201(g)), to measure and protect personal privacy (section 1201(i)), and security testing should readers wish to check their own computer, computer system, or computer network (section 1201(j)).






Data results


Per capita membership or following:




Conservative estimate,

Vermont Community, Vermont Collection, Colorado Community

.085%, .075%, .6%


Keyword search statistical significance test from raw test raw data with high-end tail comparison




“input” – Vermont Community, Vermont Collection, Colorado Community

“_” –  8335, 8933, 8816

“”” – 10,916, 11,181, 10,670

“head” – 48, 49, 49

“fix” – 12, 12, 15

“array” – 108, 110, 108

“marijuana” – 41, 57, 21

“cannabis” – 37, 29, 4

“meta” – 22, 21, 22

“content” – 240, 252, 259

“function” – 2264, 2256, 2264

“getOptions” – 3, 3, 3

“window” – 420, 417, 420

“element” – 125, 125, 125

“null” – 5226, 5489, 4582

“try” – 155, 159, 158

“dump” – 53, 54, 53

“exec” – 51, 51, 51

“recreational“ – 16, 24, 17

“google” – 183, 181, 205

“script” – 79, 75, 79

“true” – 151, 160, 127

“$” – 284, 284, 284


Theoretical Validation Scheme


This scheme has been chosen because it allows authentication of not only the server, which is standard in such attempts, but also the content which has been posted to the respective pages. With a variety of pegged user handles and other contributions involved in the creation and maintenance of a controlled substance which is limited in distribution to those over a certain age, and in some locations can be met with severe legal repercussions, there is an intrinsic value to vetting cyber information.

In order to avoid such misunderstandings, a thorough read through of all source data was initiated and completed with the following results. Rather than sifting through user data or implementing a cryptographic hash system recommended in the theoretical scheme, evaluating the cross-origin data leakage to identify reconnaissance activities by potential or real attackers was initiated (SRI, 5.3). This is both non-intrusive, experimental, and potentially more accurate for the purposes of identification than traditional methods of code evaluation.


Discussion of data, results and conclusions


Cannabis Use Rates and Trends




The growth in Colorado is under 30% in recent years, marking a substantially larger presence than has been found in Vermont. Statistical analysis found ratios of 1:1.25:1.5 from .2% of the total populations of the respective states in the Vermont Collection, Vermont Community, and Colorado Community that were admitted to the hospital for potential marijuana dependent symptoms according to a recent update from the White House which cites data from 2010. Multiplied by a cohort with an average life expectancy of 78 years, this data could encompass almost 60% of current marijuana users. This could also comprise the entirety of the population have used before entering High School, according to a report released by the UN in 2014.

A statistically interesting point that is not addressed in this paper is that the trend for admission for marijuana related episodes shows a dramatic variance in those two populations, as the number of marijuana users per capita was about 30-40% higher in Colorado at the time. Potential explanations include the presence of higher potency marijuana in Vermont due to lack of effective regulations during the transition period of decriminalization. Another could be adulterants such as lead which decrease the flashpoint at which a joint or a bowl is lit, increasing the temperature at which smoked material is absorbed or the popularity of edibles which may be more potent than a smoked product, as there are nearly a third more tobacco users in Colorado per capita than Vermont.


Keyword search with statistical significance analysis




A perfect match was reached in four of 22 source code searches, nearly 20% of the total results. Taken as an outlier result, this demonstrates definite significance. Two of three quantitative forms found a perfect match in exactly half of the searches. The natural odds of these events occurring are one over 4.2 times 100,000,000. This determines that there is a high probability of interactivity occurring between these web-based pages.

While there are no prohibitions between communications of two online communities, this can also serve as a template to verify that such communication is not occurring between any of the communities and communities tailored towards those who underage. It is also a possible indicator of a malware presence, which could include a BOTNET, synthetic code injector algorithm, sniffing agents or most likely a combination of all of the above. In order for any confirmed statements to be made with only a statistical analysis, causal proof of intent of harm or defamation and malware cyber-activity must be demonstrated. To accomplish this, an experimental form of subresource integrity is being modified and taken advantage of, referred to above as cross-origin data leakage.


DIV and Cross-Origin Data Leakage




The initial read-through looked great, though there is a major qualification which ought to be addressed present one time only in all three communities that likely represents a violation of amendments to the CFAA in 1984. Due to recent legislation and expansion of that act, these consequences could be quite serious if not administratively addressed and the responsible posts promptly deleted, though no legal responsibilities exist unless the display represents an extension or whole of a small business. Colorado had significantly greater evidence of hash use, but all three communities/collection presented enough to provide a strong sense of security. Cross-origin analysis demonstrated that “content-originated” was indeed activated upon execution of the HTML. No flag presented or evidence of any tampering of any kind.

Further analysis of the entirety of the source code, around 30 solid pages for each community, revealed the presence of a flag which discontinues the cross-origin protections and which could allow a JSON style attack, gaining access to passwords or other confidential credentials. This should allow a violation of the “same-origin” policy and may have been used to determine what content is present within the cross-origin resource. Whether this setting is coded on or off, the threat level is ultimately low.


Valuation of any Potential Threat to the Pages




A discretionary valuation of a low threat level had to be ultimately determined as users accessing the site are still protected by Google security and terms of use, i.e. dedication to privacy outlined above in this document and codified in recent US law for cyberspace, as well as amendment to the Constitution. The presence of an “Anonymous” omission of cross-origin protections is present at one time in the HTML code of all three websites. That does not indicate that the tool has been exploited. Unless there is an experimental lab underway through Google, the only data which should be accessible in the event of a general breach throughout the company would be the user names and profiles of individuals who are on the pages.

However, the possibility that it is a “wait and see” placement should be treated with caution as well as corrective measures should be taken to eliminate the offensive code from the pages. It is worth mentioning, once again, that the only parties which have any liabilities for such a piece of code are those who posted the sequence and any small business owners involved with the pages that may have turned a blind-eye or aided the malware. Possible legal explanations which could indicate that one did not know about updates to the CFAA or if the code had been prepared before 1984 may be possible, but even if it is the case, does not mean that the threat or potential threat should not be snuffed immediately.




References:


Braun, F., Akhawe, D., Weinberger, J., & West, M.. Subresource integrity. W3C working draft. (2014).

The Digital Millennium Copyrights Act. 17 U.S.C. § 512 (1998).

Kesteren, A. van. Cross-Origin Resource Sharing (URL: http://www.w3.org/TR/access-control/). W3C (2014).

United Nations Office on Drugs and Crime (UNODC). Recent statistics and trend analysis of the illicit drug market. (2014).

W3C Recommendation. HTML5, A vocabulary and associated APIs for HTML and XHTML, W3 (2014).

Data Encryption and Obsoleting the Hash

Data Encryption and Obsoleting the Hash

Paul Andreas Fischer
11/15/2016
Professor Kathleen Hyde
Data Encryption Using AES 128 and 256 Images
  Sometimes AES encryption can be used to protect data against oncoming attackers or simply prying eyes. While this paper will discuss the procedure and benefits of encrypting a simple text document, and display the radical difference between the raw data which is produced without appropriate permissions and the data which is produced with appropriate permissions, it should be noted that this technology can also be used to encrypt programs, pictures, films, or even operating systems and firewalls. Finally, the obsolescence of a hash will be discussed by the use of two-fold encryption, which will be demonstrated in the course of the procedure.

Preparing to Encrypt Your Data
  In my data, the chess sheet, some very embarrassing information about the first attempt to learn to play chess using professional lessons is provided. The first thing to do is to identify the document or documents which need to be encrypted and place them in a folder as seen in figure 1. It is then necessary to open an encryption software, in this case Disk Utility.
The Encryption Process
  The option to create an image from the file will give the capability to encrypt the data as seen in figure 2. In this case blue is used for a lighter encryption while green is used for a heavier encryption, it should be possible to change the file to read/write as well at this point, both actions of which can be seen in figure 3. A .dmg is created as seen in figure 4, and the encryption process has been completed.   The finished products, encrypted at AES-128 and AES-256 can be seen in figure 5.
Figures 6 and 7 serve two purposes. The first is to demonstrate how radically different both forms of encryption are, while the second will be discussed in the section on the hash later. The unsuccessful attempts to access the data using Textedit are followed by a successful authorization process in figures 8 and 9.
  Finally, this embarrassing data can be seen in figure 10. A complete analysis of these first 16 games which precede completion of the lessons has been provided and, given time now that 150 lessons have been completed over the course of a weekend, will be followed by more successful statistics, undoubtedly, which will not require encryption. Double redundancy means that the files will not be lost but also provides another security measure.
Obsolete the Hash
  The purpose of the hash is to not only protect the data from unwanted viewers by producing hash values (Anderson), but ceding that possibility for some batches of data, which became necessary with the popularization of the personal computer, to alert the reader to any manipulations of the data. By using a double redundancy, even if one form of encryption is intercepted and manipulated, or even if both are, the chances that both will be intercepted by the same attacker makes this a secure method of securing information. It can be verified by a third-party partway to delivery, just as with a hash, without access to the actual information by verification of the source, as long as the package identity is confirmed.
References:
Anderson, K. D., & Glover, N. (1995). U.S. Patent No. 5,406,279. Washington, DC: U.S. Patent and Trademark Office.
Figure 1: File Awaiting Encryption
Figure 2: Dropdown tab from Disk Utility

Figure 3: Disk Utility, creating AES encryption

Figure 4: Disk Utility, Encryption Completed

Figure 5: Encrypted .dmg files
Figure 6: Accessing AES-128 Encryption with Textedit, notice difference despite same source from AES-256 Encryption
Figure 7: Accessing AES-256 Encryption with Textedit, notice difference despite same source from AES-128 Encryption
Figures 8 and 9: Access of Chess Gradesheet Using Password
Figure 10: A final decrypted file, the Chess Gradesheet

Steps to Secure and Map a Network

Steps to Secure and Map a Network

Paul Fischer
10/30/2016 revised: 11/11/2016
Kathleen Hyde
Steps to Secure and Map a Network
Jerry’s … Locked
Jerrys.media … Locked
MyCharterWiFi13-2G … Locked
MyCharterWiFiaa-2G … Locked and Inconsistent
MyCharterWiFiaa-5G … Locked
MyCharterWificb-2G … Locked
NETGEAR07 … Locked
NETGEAR47 … Locked
NETGEAR83 … Locked
NETGEAR83-5G … Locked
These networks are all locked. They have been mapped in this manner pursuant to a legal ruling by the Supreme Court of the United States of America in 2014 which allowed the google Fi program to map all wireless networks in the country. It is apparent that several are standardized while at least two appear to be commercial and bear the name of a local establishment. The transconnection groupings within similar names may be part of family contracts with wireless companies, which often allow multiple modems, or devices concurrent and component to the original registered device.
There do not appear to be any communications between these networks but evidence is not provided as to the nature of the networks. There may be a reference to the data communication extant in the devices, and the speed and coverage of the networks which have been connected. The average speed of the networks surveyed came to3G while the average speed of constant (not fluctuating) networks was found to be 3.5G, and these calculations also exclude the commercial connection.
To double check the results of this report, a search of the local region using google Fi reveals that the connection guaranteed for wireless devices is 4G. Speculation may commence thatanother high speed device exists without detection, that the sample is not large enough to provide a random group of devices or to determine the connection type possibilities of other local devices.
Steps a Security Firm Can Take to Protect Businesses From Cyber Attack
Security firms can be asked to help businesses with a number of different programs. Methods which can be taken to fight cybercrime in the financial sector include the use of honey nets, defensive programs, or other system structural changes. A list of such programs (Montcalm, 6) will follow along with a comprehensive step-by-step guide to preventing the ability of a Botnet program to enter into a system.
Airmagnet
SnifferWireless
Airopeeks
The Wireless Security Auditor
Netstumbler
Kismet
Methods of Intrusion
In order to understand the needs of security it is first necessary to outline the means of infection (Gibbs, 3-4). Firstly, wormlike replication indicates an evasion of intrusion detection systems by scanning a subnet using bots; malware can then be selectively inserted and replicated into unprotected networks while avoiding those with protection. Secondly, infected media such as thumbdrives and CD/DVDs can be used in the event of a physical breach. Finally, watering holes are used to instigate drive-by downloads in which undeclared downloads containing malware can insert code into a system.
While the first two are exceptionally useful in use against systems vulnerable to a physical breach or direct access, the last would be a concern only in companies with a high number of employees active on such “watering holes” that might allow a critical mass of localized traffic to obtain objective information either through a general attempt or in conjunction with wormlike replication software. It is important to remember that none of the three main methods of infection are mutually exclusive, and the presence of one likely indicates that various forms of the others are either en route or already have ben attempted.
IDPS systems of prevention
IDPS systems of prevention are recommended by the government, which will be outlined in the following section (Scarfone, 23-26). In the same way that infection techniques can build upon one another, nearly all protection services which are recommended by a government guide to intrusion detection and prevention systems are sensors. There are multiple typical components be aware of, which include appliance, software only, inline, and passive sensor systems.
Ironically enough, passive sensor systems are indeed the most effective of the systems in protection against a botnet intrusion. As was mentioned earlier, one way that aggressive attacks can enter through system protection services is by use of a reconnaissance program. Detection of these programs can be seen to be of paramount importance. An effective honey net will use information from mining techniques that have been collected into a crossplane correlation report  that allows both the types of machines and the types of activities, such as “spamming or scanning” to be used in creation of the architecture of a honeynet with individualized pots to catch the onflow of attacking programs (Gibbs, 17-24).
Steps which can be recommended to secure a wireless network in a business setting:
Detection: Set up multiple forms of detection, not just one
-Mining-based Detection
-C-plane Monitoring
-DNS based detection
-Anomaly-based detection approaches
-Network based signature
This final list is an indication that the defense mechanisms outlined thus far are limited to a reaction to a detected scanning or spamming attempt to gain command and control servers which can pose a serious threat to computer resources. There is an intrinsic flow between botnet and vulnerable threat targets which also must be addressed to deactivate an attacker, and even after some command and control servers have been accessed, it may be necessary to include logging systems which can provide a critical director towards the one way flow of code which indicates the presence of a Botnet Master. It does absolutely no good, and only distributes company information and security resources to chase these attempts at taking down vulnerable threats, marked by a number of systems, so signature-based approaches allow low rates of false positives and decrease the chances that an alert or protective service will alert intruders.
References:
Gibbs, Peter. (2014), Botnet Tracking Tools. https://www.sans.org/reading-room/whitepapers/detection/botnet-tracking-tools-35347
Montcalm, Erik. (2003), How to Avoid Ethical and Legal Issues in Wireless Network Discovery. https://www.sans.org/reading-room/whitepapers/wireless/avoid-legal-issues-wireless-network-discovery-176
Scarfone, Peter (2012), Guide to Intrusion Detection and Prevention Systems.http://csrc.nist.gov/publications/drafts/800-94-rev1/draft_sp800-94-rev1.pdf
Skip to toolbar