Skip to content

USW named Cyber University of the Year for second year running – 2020

On 9 September, via livestream, the University of South Wales (USW) Cyber Department picked up an award at the National Cyber Awards 2020, being named as the Cyber University of the Year.

The awards reward those who are committed to cyber innovation, cyber crime reduction and protecting citizens online.

The Education and Learning category acknowledged educational establishments that are leading the way in cyber security education.

Up against University of Oxford, Cardiff University, and Manchester Metropolitan University, USW secured the trophy for our new National Cyber Security Academy (NCSA) and our visible national collaboration.

The pilot NCSA, the first of its kind in Wales and a major UK initiative, is at USW’s Newport Campus, and enrolled its first students in 2016.

Fundamentals of Cryptography – Northeastern University

Click to access cryptography.pdf



Encryption: EU Plans To Use Supercomputers To Break Encryption, using Hashcat


At EU level, Europol is responsible for reading encrypted communications and storage media. The police agency has set up a “decryption platform” for that. According to Europol’s annual report for 2018, a “decryption expert” works there, from whom the competent authorities of the Member States can obtain assistance. The unit is based at the European Centre for Cybercrime (EC3) at Europol in The Hague and received five million euros two years ago for the procurement of appropriate tools.

The Europol group uses the open source password recovery software Hashcat in order to guess passwords used for content and storage media. According to Monroy, the “decryption platform” has managed to obtain passwords for 32 cases out of 91 where it the authorities needed access to an encrypted device or file. A 39% success rate is not too shabby, depending on how strong the passwords were. But the EU wants to do better, and has decided one way to do that is to throw even more number-crunching power at the problem: in the future, supercomputers will be used. Europol is organizing training courses to help investigators gain access to encrypted materials using Hashcat. Another “decryption expert group” has been given the job of coming up with new technical and legal options. Unfortunately, the approaches under consideration are little more than plans to bully Internet companies into doing the dirty work:

Internet service providers such as Google, Facebook and Microsoft are to create opportunities to read end-to-end encrypted communications. If criminal content is found, it should be reported to the relevant law enforcement authorities. To this end, the Commission has initiated an “expert process” with the companies in the framework of the EU Internet Forum, which is to make proposals in a study.

This process could later result in a regulation or directive that would force companies to cooperate.

There’s no way to “create opportunities” to read end-to-end encrypted communications without weakening the latter. If threats from the EU and elsewhere force major Internet services to take this step, people will just start using open source solutions that are not controlled by any company.


Brute Force Password Hacking: How long will it take to Brute Force a password

As we all know, its not a good idea to brute force a password, as its much faster to use password attacks using hashcat.

I found a good graphic on how slow brute force hacking can be, depending on the length and the complexity of the password.  The graph also demonstrates how longer passwords offer, and alphanumeric complexity, can alter the risk vector in your favour.

password breaking time calculator

The game of password hacking is this:

  1. Users reset password every month, ie 30 days
  2. If we can Brute force the password in 15 days, we can use the password for another 15 days.
  3. Brute force attacks, will normally crack the password about half way through the times quote.
  4. An 8 character password, is listed as 84 days, which means it should crack in approximately 41 days (close to a months reset).  How would you protect accounts at this point?  It is recommended to force longer passwords, eg 10-14 characters to protect against brute force attacks, as a pragmatic, rather than guaranteed security. Its possible that a brute force attack could break the security in the first day, however, this would be unlikely.



Encryption: what is an Enveloped Signature

Recently, I’ve had to problem solve an issue with a SAML response being incorrect.  The client response used digital signatures, hashing, RSA public key and base 64 encoding.  Now, each process of the response needed to be worked through, to see where the error occurred.

Enveloped Signature.

  • This means the signature is contained within the XML
  • The transform Algorithm removes the signature












  • The message digest states the hashing used – eg SHA1.
  • The public key is RSA.
  • The Transform Algorithm says this is an enveloped signature.



Compute Message Digest

Remove the Signature element (enveloped means the signature is contained in the XML).

digest value

The SHA-1 digest of this data is (0x)516b984d8ba0d7427593984a7e89f1b6182b011f

or UWuYTYug10J1k5hKfonxthgrAR8= in base64.

Base64 encode or decode online tools are here:

RSA Keys

We used Alice’s RSA key to sign this, with PKCS#8 encrypted private key (password: “password”), and corresponding X.509 certificate.

Alice’s public key in XML format is



Compute Final XML

final xml



Where the whitespace does matter?

The whitespace characters shown as ♦ and line endings  below cannot be changed because they were required in the c14n forms to compute the digest value or signature value.

<Envelope xmlns="">
♦♦♦♦Olá mundo
♦♦<Signature xmlns="">
♦♦♦♦♦♦<CanonicalizationMethod Algorithm="" />
♦♦♦♦♦♦<SignatureMethod Algorithm="" />
♦♦♦♦♦♦<Reference URI="">
♦♦♦♦♦♦♦♦♦♦<Transform Algorithm="" />
♦♦♦♦♦♦♦♦<DigestMethod Algorithm="" />



From xmldsig-core:

Enveloping signature
The signature is over content found within an Object element of the signature itself. The Object (or its content) is identified via a Reference (via a URI fragment identifier or transform).
Enveloped signature
The signature is over the XML content that contains the signature as an element. The content provides the root XML document element. Obviously, enveloped signatures must take care not to include their own value in the calculation of the SignatureValue.


Sorting attributes

The c14n ordering of attributes is as follows.

  1. The default namespace declaration xmlns="...", if any, comes first.
  2. Namespace declarations, sorted by prefix (the part after “xmlns:”). So xmlns:a="" comes before xmlns:b="".
  3. Unqualified attributes, sorted by name. So attr="..." comes before attr2="...".
  4. Qualified attributes, sorted by namespace URI then name. So b:attr="..." comes before a:attr="...", because we read this as"..." comes before"...". And a:attr="..." comes before a:attr2="..."
<e xmlns="" xmlns:a="" xmlns:b="" attr="I'm" attr2="all" b:attr="sorted" a:attr="out" a:attr2="now"></e>

For an excellent explanation of the rules to sort attributes when canonicalizing your data for XML-DSIG, see Keith S. Beattie’s article on attribute ordering KSB’s XML C14N Notes.



Windows 7 Alternative – LinuxLite

“We would like to take this opportunity to welcome all Windows 7 people who have come here to find a simple, fast and free alternative to Windows 7 which has reached its end of life and no longer provides security updates,” said Jerry Bezencon, Linux Lite creator and maintainer.

Linux Lite is a Linux distribution and based on Debian and Ubuntu and created by a team led by Jerry Bezencon. The distribution offers a lightweight desktop experience with a customized Xfce Desktop environment. It includes a set of Lite application to make the life easier for a novice Linux user.


Linux Lite is a ‘gateway operating system.’ It was created to make the transition from Windows to a Linux based operating system as smooth as possible.

Linux Lite makes the transition to a linux based operating system by offering a full, Microsoft compatible Office suite, familiar software like Firefox, Chrome, Teamviewer, VLC as well as full system back up tools, a comprehensive – easy to follow Help Manual to guide you on your journey, Steam so you can keep playing your Windows games and so much more familiar software.


Linux Lite Libre Office

What you can expect from Linux Lite?

A Desktop, taskbar and tray that have a familiar layout.– You get a fully featured FREE Microsoft compatible Office Suite in the form of LibreOffice.– The option to run familiar software such as Steam, DropBox, Kodi, OBS Studio, Skype, Spotify, Teamviewer all from within our Lite Software application.– A Welcome screen that greets you at first boot and makes setting up your Linux Lite install a breeze. Just click and go.– A Hardware Database containing over 30,000 existing pc configurations that is searchable. Herl my hardware run Linux Lite? Look here –– A friendly, welcoming Support Forum that will always do it’s best to find you answers.– A massive, searchable built-in and online Help Manual that covers all aspects of setting up, troubleshooting and working with Linux Lite.– A bundled powerful image editor Gimp that many refer to as a Photoshop competitor FREE in Linux Lite.– Familiar Desktop icons that get you quickly to where you want to go.VirtualBox Support:Out-of-the-box VirtualBox support for YouTube/Online Journalist reviewers and testers has been withdrawn. This was done to remove one more potential boot-up slow down from the list of variables. And there were cases where this has been a PITA for many users.

If you are reviewing or testing, install Linux Lite to the VM then do:Code: [Select]

sudo apt-get install virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11


After a fresh install. You will then have the full experience that VirtualBox provides.


Amazon Ring – A video of why you should not install Ring

Here’s a video, of why you should not install the Amazon Ring.  The Ring invades the privacy of your friends and neighbours, in addition to your family.


Home security company Ring and its parent corporation Amazon were hit with a lawsuit in federal court Thursday alleging that their cameras have been hacked on numerous occasions due to inadequate protections, confirming privacy advocates’ fears about the devices.

John Baker Orange of Alabama, the plaintiff in the case, said in the lawsuit (pdf) that his Ring security camera was recently hacked while his children were playing basketball outside of his home.

“Mr. Orange’s children were playing basketball when a voice came on through the camera’s two-way speaker system,” reads the lawsuit, which was filed in the U.S. District Court for the Central District of California. “An unknown person engaged with Mr. Orange’s children, commenting on their basketball play and encouraging them to get closer to the camera. Once Mr. Orange learned of the incident, he changed the password on the Ring camera and enabled two-factor authentication.”

“Ring does not fulfill its core promise of providing privacy and security for its customers, as its camera systems are fatally flawed,” the lawsuit states.

The lawsuit also cites the alarming breach of a Ring security camera in DeSoto County, Mississippi, where a hacker gained access to a device installed in an 8-year-old girl’s bedroom and began speaking to her.

“I’m your best friend,” the hacker said. “I’m Santa Claus.”

Privacy advocates and digital rights groups have long been sounding the alarm about the gaping security flaws in Ring devices.


Amazon should warn parents NOT to install this in an area where children will dress/undress, play etc.  This device is a paedophile’s dream – they can talk to children and watch them day and night.  Its a bad world out there… and the risks are being ignored.  If a parent can see their child in a bedroom – so can the rest of the world. For goodness sake, don’t buy these products.


Single Sign On Thesis 2016

Single sign on Thesis – 2016

SSO – AWS – Lightsail with Drupal and SimpleSAML Single Sign on

Step 1 -AWS Lightsail

AWS offer Lightsail, with Drupal.  SimpleSAML can be configured to offer Single Sign On with the website.  Select your AWS region eg Ireland or UK.

Select Linux > Drupal

Lightsail SSO step 1



Next, download SSH Keypairs

Step 1.1 – Download the keypair so that you can connect using SSH & Putty.

lightsail ssh key pair step 1.pngSelect “Enable Automatic Snapshots” if you want a daily backup image taken.

For Linux-based instances, Lightsail uses Secure SHell (SSH) to connect to your instance (a virtual private server). SSH uses a key pair (a public key and a private key) to match the remote server to an authorized user.

Lightsail creates a default key pair in each AWS Region where you create an instance. Choose Download to download the default private key if you also want to connect to your Lightsail instance using an SSH client such as PuTTY.

Step 1.2 – Select AWS Plan – Free

There is a one month free plan on AWS. Use this for testing.

lightsail free plan step 1.png

It’s important to both Name and TAG the instance.  Then select the bright orange button “Create Instance”.

lightsail name tag the instance step 1


Note that it will be in a “pending” state.  Allow a few minutes for the status to change to “running“.

Instance created pending step 1

If you take the public IP listed – and paste this into a Chrome web browser, the Drupal web page will appear.

lightsail paste public ip into chrome to see Drupal site


Once the status is running, select the 3 dots on the top right hand side.  A drop down list for connect and manage appears.

lightsail three dots to get connect manage drop down list

Select 3 dots > manage > connect via SSH

lightsail manage connect using ssh step 1

Now, AWS doesn’t make using Putty to connect to SSH easy.  There’s some additional config required, which isn’t needed for Windows (Remote desktop) connections.

You’ll need both the SSH key pair you downloaded earlier, putty and putty generator in order to connect using SSH.

Step 3: Configure PuTTYgen with your Lightsail private key

Now that you have a copy of your .pem key file, you can set up PuTTY using the PuTTY Key Generator (PuTTYgen).

  1. Start PuTTYgen (for example, from the Start menu, choose All ProgramsPuTTYPuTTYgen).

lightsail puttygen for SSH keys.png

  1. Choose Load.

    puttygen load.png

  2. By default, PuTTYgen displays only files with the .ppk extension. To locate your .pem file, select the option to display files of all types.
  3. Choose lightsailDefaultKey.pem, and then press Open.

    PuTTYgen confirms that you successfully imported the key, and then you can choose OK.

    Choose Save private key, and then confirm you don’t want to save it with a passphrase.

puttygen save private key

If you choose to create a passphrase as an extra measure of security, remember you will need to enter it every time you connect to your instance using PuTTY.

Specify a name and a location to save your private key, and then choose Save.

Close PuTTYgen.


Test your connection.

Open Putty.  Enter Public IP of Lightsail server and browse to the AUTH directory.  Browse to where you saved the Puttygen Private File.

ssh how to load putty private key for lightsail

Lightsail issues a PEM file by default.  Don’t load this.

Browse to the PPK file.  This is the private file that SSH needs to load.

SSH uses PPK private key file


Use putty to login with SSH using the PPK file.ssh login to lightsail server

User = bitnami

How do I get my bitnami password?


cat ./bitnami_credentials

bitnami user name and password

cat $HOME/bitnami_application_password

bitnami password use cat command to get password

Browse to Chrome, enter in public ip of server, user = user and password as from credentials.

Login as user

Notice the Shortcuts and edit tabs

bitnami user login

bitnami shortcuts and edit menu


Create a new Admin account.  Add user Button.

Enter user Id.  Role = Admin.

drupal add admin user


Next, use the new Admin account to install the SimpleSAML SP module

Browse to drupal site to locate latest SimpleSAML SP version

Download (green button).

drupal install saml sp 8


Extend Menu > URL or File Upload (of the new downloaded file).

drupal install simple saml via file upload

Extend > Install the new module/file


drupal SAML SP module Extend

Press Install button > Get confirmation screen

drupal 2 modules installed using Extend


Error Message

I got an error message on the simplsamlphp install module.


Download Externalauth module

Extend > module > upload ExternalAuth > follow the onscreem prompts

external authentication enabled.png

Next we have to configure the SP

The SP is configured by an entry in config/authsources.php.  The SimpleSAML Quickstart Guide is here:

This is a minimal authsources.php for a SP:

$config = [

    /* This is the name of this authentication source, and will be used to access it later. */
    'default-sp' => [

Use the locate command to find the authsources.php directories.  This command will become very useful when dealing with Bitnami directories, as they are different from default install directories.

sp configured in authsources.php

config/authsources.php – contains SP required attributes, LDAP Config

authsources php sp config file contains requred attributes oid

Bitnami does not use default directories, which is a shame.  It gets VERY messy here, simply because the default directories for simplesaml do not apply.

The installation process will create several sub-directories under the directory:


  • Servers and related tools: apache2/mysql/postgresql/apache-tomcat/, etc.
  • Languages: php/python/ruby/tcl/, etc.
  • Application files: apps/phpMyAdmin/apps/drupal/apps/joomla/apps/redmine/, etc.
  • Common libraries: common/
  • Licenses of the components included in the stack: licenses/

bitnami directories opt bitnami

Drupal Directories

cd /opt/bitnami/apps/drupal/conf

bitnami directories drupal.png

README.txt states:

The rest of this guide assumes that you installed Bitnami Drupal
Stack in /home/user/drupal-8.7.5-0 on Linux or C:\Program Files\Bitnami Drup$
on Windows or /Applications/drupal-8.7.5-0 on OS X and that you use port
8080 for Apache on Linux and port 80 on Windows and 3306 for MySQL.

Starting & stopping a service.

To start/stop/restart application on Linux you can use the included utility, as shown below:

bitnami@ip-172-26-15-231:/$ locate **

./ (start|stop|restart)
./ (start|stop|restart) mysql
./ (start|stop|restart) apache

start – start the service(s)
stop – stop the service(s)
restart – restart or start the service(s)

sudo su –

root@ip-172-26-15-231:/opt/bitnami# ./ status apache
apache already running

root@ip-172-26-15-231:/opt/bitnami# ./ restart apache

The installation process will create several subfolders under the main
installation directory:

apache2/: Apache Web server.
php/: PHP Scripting Language.
mysql/: MySQL Database.
drupal/: Drupal application folder
conf/: Drupal Apache configuration files
htdocs/: Drupal PHP application files
phpMyAdmin/: phpMyAdmin application folder (optional)

As the Bitnami documents are weak regarding simplesaml, I switched to this site.—-configuring-the-authentication-source


Install SimpleSAML to /var/simplesamlphp



tar zxf download?latest

Find the current version

ls simplesamplphp* – note down the version eg 18.3

Now, copy the contents of the directory to /var/simplesamlphp using the cp command. Be sure to replace the version number with the version you have:

sudo cp -a simplesamlphp-1.x.y/.   /var/simplesamlphp/

The -a switch ensures that the file permissions are copied along with the files and folders. The dot at the end of the source file ensures everything in the source directory including hidden files gets copied to the destination directory.


sudo apt-get update


sudo apt-get install php-xml php-mbstring php-curl php-memcache php-ldap memcached


Software check

php -m | grep ‘date\|dom\|hash\|json\|mbstring\|openssl\|pcre\|SPL\|zlib’

php check software installed

sudo systemctl restart apache2 (remember the bitnami directorys use the ./

cd /opt/bitnami/./ restart apache


Next, we need to make several changes to the core SimpleSAMLphp configuration located at /var/simplesamlphp/config/config.php.

simplesaml config directory

Finally!  We can see the config.php.


nano /var/simplesamphp/config/config.php

Set the administrator password by locating the 'auth.adminpassword' line and replacing the default value of 123 with a more secure password. This password lets you access some of the pages in your SimpleSAMLphp installation web interface.  If you keep the default password of 123, it will error.


. . .
'auth.adminpassword'        => 'your_admin_password',
. . .
'timezone' => null,

UK timezone = ‘Europe/London’

Full list of timezones =

Database change to SQL

simplesaml database change to sql

Save and close the file. You should now be able to access the site in your browser by visiting https://your_domain/simplesaml.


Apache file

Next the Apache file needs to be edited to include your server DNS or IP.

The Bitnami main config file for Apache is


apached main config is opt bitnami apache2 conf httpd conf file


Enter both public IP and private IP for server, with port 80, as shown.

Add an alias to the httpd.conf.

Alias /simplesaml /var/simplesamlphp/www

Add the directory and access rights

<Directory /var/simplesamlphp/www/>

    Require all granted



To display the main SimpleSAML home page in a web browser:


The Configuration Tab runs diagnostics checks on the SimpleSAML php setup.

simplesam main page configuration tab

The Federation Tab is where we will upload the IDP metadata and format the metadata, after we have created the AWS SSO IDP metadata.


Access your AWS free tier service.  Enter in SSO on the service.

The next step is to create an AWS SSO login, generate the metadata for this IDP, and upload this to simplesaml.




Once the AWS SSO IDP is created, we need to tell the simplesaml config, about this IDP.  The file that holds the metadata for a remote IDP is called “saml20-idp-remote.php”.

cd /var/simplesamlphp-1.18.3/config/metadata/saml20-idp-remote.php

remote idp metadata

Default config looks like this.  At this point, you enter in the AWS SSO account you created earlier.

$metadata[''] = [
    'SingleSignOnService'  => '',
    'SingleLogoutService'  => '',
    'certificate'          => 'example.pem',


Your Aws metadata in the saml idp remote config file will look like this (apologies for the artwork)

aws sso metadata into saml idp remote php file.png












SAML: On Breaking SAML: Be Whoever You Want to Be

The XML Signature standard [14] defines the syntax and processing rules for creating, representing, and verifying XML-based digital signatures.

It is possible to sign a whole XML tree or only specific elements.

One XML Signature can cover several local or global resources.

A signature placed within the signed content is called an enveloped signature.

If the signature surrounds the signed parts, it is an enveloping signature.

A detached signature is neither inside nor a parent of the signed data.

Signatures are two-pass signatures: the hash value of the resource (DigestValue) along with the used hash algorithm (DigestMethod) and the URI reference to the resource are stored in a Reference element. Additionally, the Transforms element specifies the processing steps which are applied prior to digesting of the resource. Each signed resource is represented by a Reference element in the SignedInfo element. Therefore, SignedInfo is a collection of hash values and URIs. The SignedInfo itself is protected by the signature. The CanonicalizationMethod and the SignatureMethod element specify the algorithms used for canonicalization and signature creation, and are also embedded in SignedInfo. The Base64-encoded value of the computed signature is deposited in the SignatureValue element. In addition, the KeyInfo element facilitates the transport of signature relevant key management information. The Object is an optional element that may contain any data.


%d bloggers like this: