Place hacking : tales of urban exploration

Garrett, Bradley Lannes

January 2012

Urban exploration is a practice of researching, discovering and physically exploring temporary, obsolete, abandoned, derelict and infrastructural areas within built environments. Through charting the rise to prominence of a London urban exploration crew between 2008 and 2011, of which I became an active member, I posit that urban explorers are one of many groups reacting to increased surveillance and control over urban space by undertaking embodied urban interventions in the city that undermine clean spatio/temporal narratives. The primary research questions stem from my attempts to interrogate the practice from the inside out: Who are urban explorers? What does it involve? Why do they do it? What do they think they will accomplish? While the thesis focuses primarily on 220 explorations undertaken with my primary ethnographic group in London between 2008 and 2011, it also speaks to the urban exploration "scene" that has developed over the past twenty years in cities all over the world. The results that emerge from the research both compliment and complicate recent work within geography around issues of surveillance, resistance, hacking and urban community building and lays out a new account, never before outline in such detail, of the tales of urban exploration taking place in temporary cities across the globe. This visual ethnography is comprised of text (75,000 words), photographs (200) and video (10 shorts). the ethnographic video components can be found on the Place Hacking video channel located at http://vimeo.com/channels/placehacking . I suggest watching all 10 short videos before reading this thesis.

333.77

Transtructures : prototyping transitional practices for the design of postindustrial infrastructures

Davoli, Lorenzo

January 2016

This dissertation is about 'transtructures', a term coined to describe new kinds of infrastructures that are more attentive and responsive to the needs of contemporary society, its emerging economies and technological capabilities. The purpose of this inquiry is to begin to explore the character and possibilities of a design practice that could guide responsibly and ethically the transition of existing industrial infrastructures towards these new configurations: what processes it could follow, and what materials it could include. Through a series of design experiments in the areas of logistics and telecommunications, I started to prototype and develop a programmatic framework for a 'redirective' design practice, which is aimed at engaging publics with infrastructural issues. Design probes and speculative mockups have been employed to express and materialize present and future infrastructural configurations, opening them up to public scrutiny and participation. The premise of this work is fairly simple: if we want to provide more citizen-centered solutions to emerging social demands, we need to explore what changes are possible, and even required, within the industrial systems that currently frame our possibilities for implementing such innovations. Thus, certain design interventions will be necessary to allow people outside these systems to understand and relate to these networks and to identify possibilities for their transformation. The result of this inquiry is the early 'prototype' of what a practice for redirecting and transitioning towards the design of such postindustrial infrastructures could be like. In particular, it exemplifies how design may inquire into the artificial space of industrial infrastructures and explore opportunities for their reconfiguration toward more contextually adaptive forms and functions.

Infrastructures

transition design

postindustrial design

system design

drones

participation

design practices

automation

hacking

logistic

telecommunications

INFLUENCE OF HISTORIC LANDSCAPES AND CONTEMPORARY SPECIES MANAGEMENT ON CHESAPEAKE BAY BALD EAGLES AND OSPREY

Viverette, Catherine B

01 January 2016

Influence of historic landscapes and contemporary species management on Chesapeake Bay Bald Eagles and Osprey Catherine B. Viverette Co-distributed species with well documented demographic histories can provide good models for testing alternative hypotheses about the impact of evolutionary history, contemporary landscapes, and species management on current distribution and population structure. The Osprey (Pandion haliaetus) and Bald Eagle (Haliaeetus leucocephalus) have been extensively studied, managed and monitored across their North American breeding range, particularly in the Chesapeake Bay. We used a combination of ecological niche modelling, diet reconstruction, and population genetic modeling to understand the role of historic events--both shallow and deep time--on contemporary species distribution. The first objective of this study was to develop contemporary and paleo-distributional models for North American Bald Eagles and Osprey in order to explore the geographic histories of the two species, including the identity of possible Pleistocene refugia. Potential distribution during past (e.g. Last Glacial Maximum, LGM) and possible future climate scenarios were developed with species occurrence records for Osprey (n = 3034) and Bald Eagles (n = 8859) combined with 19 bioclimatic variables representing current conditions using the maximum entropy model (MaxEnt). Paleoclimatic models predict multiple putative refugia that may explain differences in migratory behavior between the two currently co-distributed species, as well as geographically defined sub-populations within each species. We conducted bulk stable isotope analysis of feathers collected from museum specimens and contemporary nests to investigate the influence of historic declines in critical prey species on distribution of Bald Eagles (n = 41 ) and Osprey (n = 45) in the Chesapeake Bay over the past 140 y. Stable Isotope Analysis in R (SIAR) was used to estimate the relative contribution of potential prey items in order to test the hypothesis that migration of estuarine-dependent and anadromous clupeid fishes represents an historically important seasonal subsidy in the form of marine-derived organic matter (MDOM). SIAR results demonstrate that MDOM contributed approximately 50% of the carbon and nutrients to Bald Eagle and Osprey occupying the upper estuary historically but declined to less than 5% of contemporary diets. Declines in anadromous prey in the diet correspond with historic spatial shifts in distribution and population growth of avian predators over the same period. Finally, we tested the hypothesis that conservation efforts, specifically translocation or “hacking” programs, rather than biogeographical history, best explains the current pattern of genetic variation exhibited by Osprey across their North American breeding range. We genotyped 11 microsatellite loci and a 513 base pair sequence of the cyt b region from 433 Osprey samples in order to investigate current population substructure, the genetic consequences of historic demographic bottlenecks, and the influence of hacking programs on contemporary gene flow. We calculated genetic differentiation (Dest) and Isolation-By-Distance (IBD) among regional populations and spatially cohesive genetic clusters identified using the program STRUCTURE. Our results indicate that although Osprey nesting in North America are subdivided into multiple cohesive genetic clusters, genetic differentiation among groups is low and unrelated to geographic variation. The findings of this study are discussed in light of past and present management practices and broader issues salient to species management and conservation of genetic diversity and adaptive response to future environmental change.

Osprey

Bald Eagle

biogeography

stable isotopes

population genetics

hacking

Ecology and Evolutionary Biology

A construção de tipos de pessoas vistas a partir de bancos de dados: o caso da adolescência vulnerável

Lima, Juliana Meirelles de

17 September 2015

Made available in DSpace on 2016-04-29T13:31:19Z (GMT). No. of bitstreams: 1 Juliana Meirelles de Lima.pdf: 1508176 bytes, checksum: 03ce0b2d7b02fe88e224e3ef0b6bef40 (MD5) Previous issue date: 2015-09-17 / Conselho Nacional de Desenvolvimento Científico e Tecnológico / This dissertation aims to investigate the discursive dimension of scientific databases. We understand that these tools are discursive practices and not merely repositories of scientific literature. Whilst the way in which articles are added to databases broadens the access researchers have to information, it also restricts the choice of articles available for access and the order in which they are accessed. Therefore, as search tools, databases have an impact on scientific practice. We have followed the argumentation presented by Hacking (1999; 2001; 2007) in order to investigate how the discursive dimension of scientific databases makes up kinds of people, more specifically, we attempt to ascertain the role databases play in determining the concept of vulnerable adolescents. We studied the history behind the use and crystallization of the notion of vulnerability as an organizing concept in the various areas of knowledge and more specifically in Psychology. To this intent, we gathered quantitative information on periodicals from the CAPES portal through a software developed exclusively for this purpose. Subsequently, we gathered information on publications from the PsycINFO database, analyzing discursively the vulnerability and vulnerable adolescents versions performed in publications from subfields of Psychology. Lastly, we focused on publications from the SciELO and BVS databases indexed by Qualis Psychology, evaluating the association between vulnerability and adolescence in national scientific publications in Brazil / Esta dissertação tem por objetivo investigar a dimensão discursiva dos bancos de dados científicos. Entendemos que tais ferramentas são práticas discursivas e não meros repositórios de publicações científicas. A maneira como as publicações são neles inseridas amplia, por um lado, o acesso dos pesquisadores às informações, mas, por outro, restringe o número de produções acessadas e impõe uma ordem. Portanto, como ferramentas de busca, os bancos produzem efeitos nas práticas científicas. Seguimos a argumentação de Hacking (1999, 2001, 2007) a fim de investigar como essa dimensão discursiva cria tipos de pessoas, mais especificamente, buscamos entender que papel os bancos de dados exercem na construção do conceito de adolescência vulnerável. Percorremos o trajeto histórico do uso e da cristalização da noção de vulnerabilidade como conceito organizador nas diversas áreas do saber e, com maior especificidade, na Psicologia. Para isso, um levantamento quantitativo foi realizado no portal de periódicos da CAPES através de um software desenvolvido especificamente para esse propósito. Posteriormente realizamos um levantamento das publicações na PsycINFO, analisando discursivamente as versões de vulnerabilidade e de adolescência vulnerável performadas nas publicações de subáreas da Psicologia. Por fim, no banco SciELO e BVS, estudamos publicações indexadas no Qualis de Psicologia, estudando a associação entre vulnerabilidade e adolescência em publicações científicas nacionais

Bancos de dados

Vulnerabilidade

Adolescência

Ian Hacking

Databases

Vulnerability

Adolescence

CNPQ::CIENCIAS HUMANAS::PSICOLOGIA

Är lösenord informationssystemens akilleshäl? En studie av studenter vid Högskolan i Borås lösenord / Passwords : The Achille’s heel of information systems? A study of student Passwords – The Achille’s heel of information systems? A study of student passwords at the University College of Borås

Ahlgren, Martin, Blomberg, Marcus, Davidsson, Per

January 2008

Denna studie berör de lösenord som studenterna vid Högskolan i Borås använder sig av, och omdessa är tillräckligt bra för att skydda den information de vill skydda. Den tar upp de problemsom finns med att använda lösenord som autentiseringslösning, samt de egenskaper som skaparett bra lösenord.Ett bra lösenord innehåller fler än fjorton tecken och är en blandning av bokstäver (gemener ochversaler), siffror och specialtecken, och innehåller inga fraser, välkända uttryck eller ord som ståri en ordlista. Lösenorden krypteras ofta med en så kallad hashfunktion, en envägsfunktion somskapar en kontrollsumma. Om man på ett säkert sätt skall spara lösenorden med denna metod börman använda ett så kallat salt, en textsträng som gör själva lagringen säkrare.För att knäcka lösenord kan man använda sig av flera olika metoder: Så kalladedictionaryattacker, som skapar lösenord utifrån en ordlista; brute forceattacker som används föratt slumpa fram möjliga permutationer och sedan jämföra med lösenordet man vill knäcka; samtrainbow tableattacker, en metod där man använder färdiggenererade tabeller som innehåller allamöjliga permutationer.Vi har genom en enkät fått en bild av hur studenterna vid Högskolan i Borås lösenord ser ut. Vihar genom ett experiment bekräftat att dictionaryattacker kan knäcka 34 % av samtliga lösenord,och detta är endast en av metoderna. Vi har också kommit fram till att en autentiseringslösningmed enbart användarnamn/lösenord inte är en fullgod lösning ur ett IT-säkerhetsperspektiv,samtidigt som den kanske inte stjälper hela informationssystemet. / Uppsatsnivå: C

kryptering

hash

autentisering

hacking

lösenord

it-säkerhet

Engineering and Technology

Teknik och teknologier

A Study of Employee Unauthorized Computer Access Intention ¢w An Integration of Neutralization, Differential Association and Containment Theory

Wang, Yu-ching

17 August 2012

Unauthorized computer access by employees is the most common hacking behavior in every company. Hence, it is necessary to first understand why an employee engages to commit it and then find effective methods of prevention to reduce the crime rate. Many studies on computer hacking has discussed the reasons for the behavior, for example: neutralization theory, differential association theory and containment theory. However, those theories and perspectives were adopted independently in past research. In this study, we combine those perspectives and create an integrated model to explain the employee¡¦s intention to commit unauthorized computer access. Data collected from 351employees in Taiwan confirmed our hypotheses and were tested against the research model. The results support the theoretical model in explaining how neutralization theory and containment theory may affect an employee¡¦s intention to commit unauthorized computer access. Finally, we found that neutralization is the most important factor to take into account when organizations develop and implement security policies or education which can decrease employees¡¦ intentions to commit unauthorized computer access.

Differential Association Theory

Neutralization Theory

Unauthorized Computer Access

Containment Theory

Computer Hacking

We are Legion: Hacktivism as a Product of Deindividuation, Power, and Social Injustice

January 2015

abstract: The current study examines the role that context plays in hackers' perceptions of the risks and payoffs characterizing a hacktivist attack. Hacktivism (i.e., hacking to convey a moral, ethical, or social justice message) is examined through a general game theoretic framework as a product of costs and benefits, as well as the contextual cues that may sway hackers' estimations of each. In two pilot studies, a bottom-up approach is utilized to identify the key motives underlying (1) past attacks affiliated with a major hacktivist group, Anonymous, and (2) popular slogans utilized by Anonymous in its communication with members, targets, and broader society. Three themes emerge from these analyses, namely: (1) the prevalence of first-person plural pronouns (i.e., we, our) in Anonymous slogans; (2) the prevalence of language inducing status or power; and (3) the importance of social injustice in triggering Anonymous activity. The present research therefore examines whether these three contextual factors activate participants' (1) sense of deindividuation, or the loss of an individual's personal self in the context of a group or collective; and (2) motive for self-serving power or society-serving social justice. Results suggest that participants' estimations of attack likelihood stemmed solely from expected payoffs, rather than their interplay with subjective risks. As expected, the use of we language led to a decrease in subjective risks, possibly due to primed effects of deindividuation. In line with game theory, the joint appearance of both power and justice motives resulted in (1) lower subjective risks, (2) higher payoffs, and (3) higher attack likelihood overall. Implications for policymakers and the understanding and prevention of hacktivism are discussed, as are the possible ramifications of deindividuation and power for the broader population of Internet users around the world. / Dissertation/Thesis / Masters Thesis Psychology 2015

Social psychology

Information science

Communication

decision-making

deindividuation

hacking

hacktivism

justice motives

power motives

Penetration testing for the inexperienced ethical hacker : A baseline methodology for detecting and mitigating web application vulnerabilities / Penetrationstestning för den oerfarne etiska hackaren : En gedigen grundmetodologi för detektering och mitigering av sårbarheter i webbapplikationer

Ottosson, Henrik, Lindquist, Per

January 2018

Having a proper method of defense against attacks is crucial for web applications to ensure the safety of both the application itself and its users. Penetration testing (or ethical hacking) has long been one of the primary methods to detect vulnerabilities against such attacks, but is costly and requires considerable ability and knowledge. As this expertise remains largely individual and undocumented, the industry remains based on expertise. A lack of comprehensive methodologies at levels that are accessible to inexperienced ethical hackers is clearly observable. While attempts at automating the process have yielded some results, automated tools are often specific to certain types of flaws, and lack contextual flexibility. A clear, simple and comprehensive methodology using automatic vulnerability scanners complemented by manual methods is therefore necessary to get a basic level of security across the entirety of a web application. This master's thesis describes the construction of such a methodology. In order to define the requirements of the methodology, a literature study was performed to identify the types of vulnerabilities most critical to web applications, and the applicability of automated tools for each of them. These tools were tested against various existing applications, both intentionally vulnerable ones, and ones that were intended to be secure. The methodology was constructed as a four-step process: Manual Review, Testing, Risk Analysis, and Reporting. Further, the testing step was defined as an iterative process in three parts: Tool/Method Selection, Vulnerability Testing, and Verification. In order to verify the sufficiency of the methodology, it was subject to Peer-review and Field experiments. / Att ha en gedigen metodologi för att försvara mot attacker är avgörande för att upprätthålla säkerheten i webbapplikationer, både vad gäller applikationen själv och dess användare. Penetrationstestning (eller etisk hacking) har länge varit en av de främsta metoderna för att upptäcka sårbarheter mot sådana attacker, men det är kostsamt och kräver stor personlig förmåga och kunskap. Eftersom denna expertis förblir i stor utsträckning individuell och odokumenterad, fortsätter industrin vara baserad på expertis. En brist på omfattande metodiker på nivåer som är tillgängliga för oerfarna etiska hackare är tydligt observerbar. Även om försök att automatisera processen har givit visst resultat är automatiserade verktyg ofta specifika för vissa typer av sårbarheter och lider av bristande flexibilitet. En tydlig, enkel och övergripande metodik som använder sig av automatiska sårbarhetsverktyg och kompletterande manuella metoder är därför nödvändig för att få till en grundläggande och heltäckande säkerhetsnivå. Denna masteruppsats beskriver konstruktionen av en sådan metodik. För att definiera metodologin genomfördes en litteraturstudie för att identifiera de typer av sårbarheter som är mest kritiska för webbapplikationer, samt tillämpligheten av automatiserade verktyg för var och en av dessa sårbarhetstyper. Verktygen i fråga testades mot olika befintliga applikationer, både mot avsiktligt sårbara, och sådana som var utvecklade med syfte att vara säkra. Metodiken konstruerades som en fyrstegsprocess: manuell granskning, sårbarhetstestning, riskanalys och rapportering. Vidare definierades sårbarhetstestningen som en iterativ process i tre delar: val av verkyg och metoder, sårbarhetsprovning och sårbarhetsverifiering. För att verifiera metodens tillräcklighet användes metoder såsom peer-review och fältexperiment.

Web Applications

Vulnerabilitiy Scanning

Automation

Ethical Hacking

Penetration Testing

Information Security

Computer Sciences

Datavetenskap (datalogi)

The Effectiveness of Social Engineering as a Cyber - Attacking Vector : People Do Use Unknown USB Drive, They Find

Ferguson, Isaac Yaw

January 2017

Information security importance is rising. Information security awareness' is spreading, and this gives a clear picture of the growing demand for information security. Information security does not only consist of essential information but also the customer. An information system could be either a system user or a device. Protecting vital information is one of the security issues facing our modern technology, but also protecting system users. System users are the weakest link in information security chain due to wrong prioritizing of information security.Standardization of information security must not differ across organizations. Although every organization has a prioritized level of protection, managing information security should not be completely different from one organization over the other. However, this is not the case. The standards of information security across multiple organizations differ. The gap between organizations concerning information security is enormous. The difference between organizations is due to how organizations value their information access. One of the main security issues confronting information security is the end-user security. System users are still the weakest link in the information security chain. An organization's security cannot depend only on the implemented system, but also, the security level of the system users. The end-users within an organization are essential in cultivating better information security practices. Neglecting end users' importance in information security makes it easier for cyber-attacks and end-users manipulations.The inability to protect end-users as a physical system exposes the possibilities of manipulating end-users through various Social Engineering techniques to elicit essential information. Social Engineering is the term used to influence a person without their knowledge to give out sensitive information. Social Engineering comprises of different factors; psychology and computer science. Social Engineering acquires vital information by manipulating the weakest link in information security chains, the system user.Social Engineering proves that end-users are still the weakest link in the information security chain. This experiment demonstrates that people do use unknown USB drive they find. The consequences of this act, in general, could be harmful. Moreover, that, there are possibilities through Social Engineering, to expose organizations' systems infrastructures to cyber-attacks.The result from this project visualizes that, the most valuable assets an organization has are the people within the organization. An organization employee could expose a well-secured system to cyber-attacks without knowing about it.

Social engineering

IT security

USB hacking

Information Systems

Honeypots in network security

Akkaya, Deniz, Thalgott, Fabien

January 2010

Day by day, more and more people are using internet all over the world. It is becoming apart of everyone’s life. People are checking their e-mails, surfing over internet, purchasinggoods, playing online games, paying bills on the internet etc. However, while performingall these things, how many people know about security? Do they know the risk of beingattacked, infecting by malicious software? Even some of the malicious software arespreading over network to create more threats by users. How many users are aware of thattheir computer may be used as zombie computers to target other victim systems? Astechnology is growing rapidly, newer attacks are appearing. Security is a key point to getover all these problems. In this thesis, we will make a real life scenario, using honeypots.Honeypot is a well designed system that attracts hackers into it. By luring the hackerinto the system, it is possible to monitor the processes that are started and running on thesystem by hacker. In other words, honeypot is a trap machine which looks like a realsystem in order to attract the attacker. The aim of the honeypot is analyzing, understanding,watching and tracking hacker’s behaviours in order to create more secure systems.Honeypot is great way to improve network security administrators’ knowledge and learnhow to get information from a victim system using forensic tools. Honeypot is also veryuseful for future threats to keep track of new technology attacks.

Honeypot

hacking

security

forensic analysis of honeypots

network

Computer Sciences

Datavetenskap (datalogi)