Andrew Szajlai

  • Wanted to talk a bit more about the VM escape.  This would be something the only logging would have exposed in your enterprise.  This is exposing a zero-day attack.  Something that the vendor has not found as a mi […]

  • Wanted to take a little time to remind everyone about the 5 points of extra credit.  A couple have asked and one has completed the work for the extra credit points.

    In the news was an interesting week, but al […]

    • I found an interesting article and thought I should share as it relate to some of the topics we discussed in class.

      An Israeli security researcher, Alexander Korznikov, recently demonstrated that a local privileged user can hijack the session of any logged-in Windows users without a password. The exploitation requires physical access to the machine, but a user can also do it remotely.

      I actually tried it out in our lab environment and it works. The only thing that catches me is that the user doing the hacking also needs local admin privileges to execute the commands in the command prompt. The only thing that I can think that this can be used for is helpdesk people accessing information that they’re are not supposed to.

      I’m pretty sure this violates the Tier structure as local administrator are able to privelged information for people the support.

      http://thehackernews.com/2017/03/hack-windows-user-account.html

    • I forgot to mention that there’s also a demonstration of this being doing attached with the article.

    • Acronym Malware
      http://www.securityweek.com/new-acronym-malware-possibly-linked-potao

      The Acronym malware is supposedly of Russian origin and used to attack high-value targets. It has been around since 2011 but in 2015 it was studied and analyzed seeing how it attacks at the modular level. The way it does this is by connecting to the command and control based on a debugging string and URL, the dropped attacks the wmpnetwk.exe Windows process and replaces it with the malware code. Whenever this process runs, it spreads to the Registry and Task Scheduler where it is constantly running. It can access the system and use the plug-ins in the affected system, take screenshots and taking any information it can from the system it inhabits to send it back to the controllers. When a system is affected with the Acronym malware, IT won’t find DLL files, decoy documents or any process injections.

      • This sounds like a clever and difficult-to-detect method of attack. I may add that the Acronym Malware is dangerous too with the capability to spread straight to the Registry and Task Scheduler. Many companies use the Registry as the basis to control users’ security profiles. Also, others rely on Task Scheduler to run production environment daily. Imagine hackers are controlling the Registry and Task Scheduler of an organization that has no clue of what is going on.

    • This technique has the potential to enhance internal spy. It also proves why a company’s employee should always be considered as the number one threat. Who knows how long this methodology had been in use and linked to recent scandals pertaining to IT security. Interesting article as always Loi.

  • Good Afternoon,

    Wanted to take a couple minutes to re-cap about the main topics from last weeks class.  Firewalls – a way to protect what and who (in terms of computers) can connect to our operating systems. […]

    • Thanks for the video professor. The videos were easy to follow, unfortunately I was unable to figure out a way to get the extra credit… How much time do we have to figure it out?

      On a different note: I found this article on Krebsonsecurity that I thought was interesting. We’ve all heard of ransomware and the emerging ransomware-as-a-service market. Krebs provided a short article along with a marketing video for a RaaS called Philadelphia. Disclosure: Krebs is not marketing or soliciting the use of RaaS, just showing the blatant disregards to laws that these criminals have. No longer do you need to be a hacker or IT expert to become a cyber criminal, all you need is $400 bucks and a user-friendly product.

      Ransomware for Dummies: Anyone Can Do It

    • Mathematicians battle cyber threats of quantum computing
      http://www.homelandsecuritynewswire.com/dr20170307-mathematician-explains-how-to-defend-against-quantum-computing-attacks

      Nathan Hamlin and his colleague, William Webb, created the Generalized Knapsack code in 2015 that goes beyond binary and the 10s computing that computers use today. Because technology is increasingly becoming more advanced and cyber threats will also become advanced. Quantum computing will break through any defenses in a blink of an eye and Hamlin figured by disguising data with number strings, making it harder to break through defenses. It looks like this could be the next tool to learn and adapt in the cyber security world.

      • The Generalized Knapsack code is in fact a very interesting idea in the cybersecurity world. However, the one matter I’m concerned about around this idea is what if hackers start using the same technology to deliver stiffer attacks. Remember you mentioned that, “Quantum computing will break through any defenses in a blink of an eye and Hamlin figured by disguising data with number strings, making it harder to break through defenses.” Therefore, won’t it also be close to impossible to combat them in this case? It is best to perceive this in all possible perspectives. This can be the key to help develop it better. Excellent article Neil.

    • Cisco terminating Intercloud service in 2017

      Source: https://thestack.com/cloud/2016/12/16/cisco-terminating-intercloud-service-2017/

      I found an article about Cisco dropping its cloud service. The subject is not directly related to this week’s topics; however, I though it is a quite big news to share with everyone. Cisco has been tried to compete with two giant cloud service companies: Amazon, AWS, and Microsoft, Azure. They have been investing a ton of money to their cloud services. But Cisco decides that they are not able to continue investing multi-billion dollars to just keep up with the competitors. There are more details in the article. Hope you find the article interesting as well.

    • WikiLeaks: We’ll Work With Software Makers on Zero-Days

      WikiLeaks: We’ll Work With Software Makers on Zero-Days

      Earlier this week Wikileaks published the largest ever dump of confidential CIA data on it’s site. This publication contained details on how the CIA hacks a number of consumer products including iPhones, Android devices etc. A very polarizing subject to say the least, Wikileaks fortunately didn’t publish the technical aspects of the vulnerabilities. Instead they have pledged to give manufactures exclusive access to this information in an effort to fix the them.

    • This is not good news at all for the general consumers. Less competition or market monopoly tends to benefit big players only, Amazon’s AWS and Microsoft’s Azure in this case. It’s unfortunate Cisco doesn’t have financial backup to continue its cloud service. Also, such move will discourage new market entrants. Time for Google, Apple, Dropbox, Box etc. to step up their game in this area. I believe Google can muscle itself in if they ever decide to do so. Thanks for the article.

    • It should be an interesting process “working” with WikiLeaks I presume. I respect the fact that WikiLeaks not only wants to play the whistle blower role, but also trying to be an important part of the solution. This is something I guess that partly defines the authenticity of their claims.

  • Good evening,

    I just wanted to continue with the conversation we started at the start of Thursday nights class.  We talked about the SMB 3.0 vulnerability in Windows 8.1 systems, Windows 10 systems as well as […]

    • Russian security company to compete with Microsoft via new OS

      Kaspersky has launched its own operating system which is built from scratch, designed to offer tight security to Internet of Things devices and industrial control systems.
      KasperskyOS has apparently been some 14 years in the making, and chief executive Eugene Kaspersky elaborated on the platform in a blog post in which he clarified that this effort isn’t based on Linux, but was built completely from the ground up by the security firm itself.He explained that this is an OS which is only capable of doing what it’s instructed to do, and can’t execute anything else – a feat not possible with a ‘traditional’ operating system like Windows or Linux

      http://www.techradar.com/news/russian-security-company-to-compete-with-microsoft-via-new-os

    • Professor,

      Thank you for posting the article from KrebsOnSecurity about the Arby’s data breach. We are constantly seeing Point-of-Sales systems being under attack by hackers. As consumers, whose spending power is typically associated with plastic, I think it is important for us to protect ourselves where these organizations fail. As it has been made abundantly clear, anything stored in a digital format can be compromised. So we need to protect ourselves and limit our attack surface. Some things that I have started to do over the years, which is also written in the article, is used credit cards instead of debit. The better choice is obviously cash, but if you must use plastic than use a credit card. Fraudulent claims are settled quicker on credit cards than debit cards. Setting spending limits and alerts on you cards is also useful. Some even let you set borders on where you can spend. You should take advantage of these features to better protect yourself.

    • What does it mean about “as well as server equivalents of those platforms”?

      Since the initial release of Windows NT, Microsoft has released Windows in workstation & server pairs, ie Windows 8 & Windows Server 2012, Windows 8.1 & Windows Server 2012 R2, Windows 10 & Windows Server 2016, etc. This concurrent release model allows Microsoft to keep a uniform feature set across all Windows systems. If an organization was running their AD with Server 2008 but all their workstations were running Windows 10, they would have a feature mismatch in a number of areas. Most notably, Group Policy.

    • Very interesting article Vaibhav,

      Making a device do only what its suppose to do sounds like a challenge in and of itself, but I won’t quite give it the thumbs up just yet. Well at least not until it is fully tested and “hacked” by people outside of the organization. Anything can be claimed as 100% secure, like Apple IoS, to me it just simply means no exploit has been found yet. But I do like where Kaspersky Lab is going.

    • What does it mean about “as well as server equivalents of those platforms.”?

      Microsoft Windows Server 2008 is a platform as well as operating systems. The code used to build Server 2008 and shared with other Windows operating systems makes it a platform. At Server 2008 time of release, it shared the same platform as Windows Vista. Currently Microsoft has a new platform, which both Windows 10 and Server 2016 share. So in a nutshell depending on the OS being used an equivalent server is one that uses the same code/architecture as the Windows operating system being used on the workstations.

    • After reading the article titled “February Updates from Adobe, Microsoft” from this week’s in-the-news, it has become more important that we start moving away from Adobe Flash, and start moving more towards html5 to display website content. Flash player has been the source of many vulnerabilities in recent years that has allowed hackers to crash systems. Adobe recently released a patch to fix 13 flaws in the latest version 24.0.0.221. It is important that if you have flash running on your machine, that you check for updates, and update as soon as possible. There patches generally fix vulnerabilities and performance issues. More and more security firms are recommending moving away from Flash completely and moving toward html5. On an article I found from The Verge, is discusses how Google will remove Flash Players content from Chrome. The article can be found here: http://www.theverge.com/2016/12/9/13903878/google-chrome-block-flash-html5 .

    • Loi has a valuable point. We won’t know how secure this new OS will be until the complete version is released and fully tested. I guess all “records” are made to be broken, aren’t they? We shall see how much of an exception KasperskyOS will be in this case. Claiming this alone will make the challenge tougher for KasperskyOS to live up to expectations. We all dream one day to have an OS as such, but I find this hard to believe that this will become a reality.

    • I don’t think the result of these numbers is alarming. In fact, this should be considered disastrous given the fact how much money is being spent on IT security. Something is either not being consistent or being done wrong. Who knows what is really going on after pen-testers left? Do organizations go back to routine business practices by ignoring recommendations? what about new partnerships being formed, new laws and regulations, how secured are the new/old third parties? A lot of questions will need to be answered to make things better.

    • I started paying close attention to Adobe’s flash technology ever since Steve Jobs took the decision to eliminate it from the Mac OS platform. I was wondering why would Apple take such a drastic decision against flash player. Many years later, it turns out that Steve was right because we’re still talking about the same old flash vulnerabilities, how unsafe it is and should be replaced with Html5. Adobe owes consumers more than releasing patch fixes every now and then to resolve the flash problem.

  • Good Morning,

    Wanted to share some observations from class.  We had a couple of issues while using the switches in-class.

    A couple of students were not able to link to each other systems; we found that […]

    • I ran into a minor issue regarding GPO settings.
      After created my GPOs I realized that i was not linking my GPO’s to a specific OU..silly mistake, but it happened.

    • One of the things my group found out when trying to connect the server and Windows 7 together was that it sometimes took it offline and we had to re-configure the DNS settings whenever we used temple’s wireless network.

      • Neil, I’m not surprised at all. Running or trying to configure things using Temple’s network will cause you to run into unusual issues like this one. If possible, I would suggest you and your group to work on these using either your home network or another secured one. I hope everything works fine for you now.

    • Please stop charging your phone in public ports

      Let me start with Selena Larson’s (a CNN tech reporter) opening idea of this article,
      “I know the feeling: Your battery is low, but you have to keep tweeting. You see a USB port or an outlet in public, plug in your device and feel the sweet relief of your phone charging.”

      It is explained in the article that if a port is compromised, there’s no limit to what information a hacker could steal. Security researchers call “Juice jacking” a method hacker utilized to steal mobile devices’ information such as: email, text messages, photos and so forth via a loaded charging station. I believe this is the case of a lot of people out there, especially when travelling. To a surprise, even I.T. security professionals.

      One of the best ways to avoid being hacked via a public charging station is to use your own portable USB battery pack. Other good suggestions can also be found in the article below.

      http://money.cnn.com/2017/02/15/technology/public-ports-charging-bad-stop/

    • I would say this bill represents a partial win for the American people because no one really knows what it entails in its entirety. What was given up in exchange of passing this bill? To what extent big companies compromised to accept this bill? Was there any requirement to design back doors? I would not call this a win for American consumers yet, but it is no doubt that things have gotten better.

  • Andrew Szajlai posted a new activity comment 1 month, 1 week ago

    Thank you for creating this step-by-step. When I create the video I forgot to rename my server to something I could type. Based on the steps above a good part of the start of the video is how to troubleshoot DNS with a domain controller. I will talk about this in-class to help what the video is showing.

    I was trying to show the steps if you…[Read more]

  • Good Evening,

    Wanted to recap on the conversation about teams.  Can everyone appoint a team captain, this individual will send me the team members and be the one that is uploading the content to their OWLBox […]

    • I found the “Add Workstation to domain.mp4” a little challenging to follow. If you are having trouble following the video, here are some quick tips that I did and was still able to add the Workstation to the domain. Let me know if it helps.

      If you start the video around 11:40, you we see these screenshots.

      1. Record the IPv4 of Windows Server 2008
      2. Open Windows 7 Workstation
      3. Go to Control Panel –> Network and Internet –> Network and Sharing Center
      4. Select Change Adapter Settings (left hand navigation pane)
      5. Right-click on Local Area Connection and Select Properties
      6. Select Internet Protocol Version 4
      7. Click Properties
      8. Select Use the following DNS Server Address
      9. Input Windows Server 2008 IPv4 Address
      10. Go Back to Control Panel –> System and Security –> System
      11. Under Computer name, Domain, and Workgroup Settings –> Select Change Settings
      12. Under Computer name tab, Select Change
      13. Select Domain and type in your domain name.

      This worked without having to add the Inbound Firewall Rules. Don’t know if that is necessary for this class, but you can add it later if you wish.

    • Thank you soooo much!!! I video was very hard to follow…

    • After I following how to create a Group Policy video. I got the following error message after following all the steps.

      “Resource ‘$(string.Advanced_EnableSSL3Fallback)’ referenced in attribute displayName could not be found. File C:WindowsPolicyDefinitionsinetres.admx, line 795, column 308”

      Has anyone had this error message.
      I am going to go through the video one more time to see if I missed anything.

    • Is anyone still looking for a team? Let me know.

    • Thank you Loi, that is very helpful!!

    • Thank you for creating this step-by-step. When I create the video I forgot to rename my server to something I could type. Based on the steps above a good part of the start of the video is how to troubleshoot DNS with a domain controller. I will talk about this in-class to help what the video is showing.

      I was trying to show the steps if you ran into DNS issues, but I’m guessing most will not see DNS issues. I’ll split the video into two based on what is above. If anyone has any questions please let me know.

    • Hi Sheena,

      Were you able to figure this out?

      • Yes. I’ll Post the procedures in a moment.

      • To correct your GPO editor problems perform the following:

        1. Download and install the windows 8.1/2012 r2 GPO administrative Templates from Microsoft. see below

        https://www.microsoft.com/en-us/download/details.aspx?id=41193

        2. Once you download it to the desktop of your Domain Controller then you need to right click and install it.

        3. Once installed, the new templates are placed in the following folder of the Domain Controller

        C:Program Files (x86)Microsoft Group PolicyWindows 8.1-Windows Server 2012 R2PolicyDefinitions

        4. This folder needs to be copied to your windows folder on the Domain Controller. To do this rename the existing outdated Policy folder to PolicyDefinitions.old

        Therefore the following folder:

        C:WindowsPolicyDefinitions

        on the domain controller becomes …

        C:WindowsPolicyDefinitions.old

        5. Then copy the new PolicyDefinitions folder to C:Windows so that you will now have a new C:WindowsPolicyDefinitions folder

        6. Repeat this process on your Windows 7 workstation as well.

    • Loi,
      Thanks for putting this together. This was extremely helpful for me.

      Sach

    • sure!!!

      🙂

    • Thanks for sharing this. I’d never heard of Signal prior to this and I’ll give it a try.

    • Thank you a lot. I was not aware of this platform at all. It is full of interesting articles that cater to Cyber Security. This is definitely a must visit platform for all IT security professionals on a weekly basis.

    • I completed these steps and they worked perfectly for me. Thanks again Loi.

  • Good Morning,

    Wanted to recap on the conversation we had this week.  The main topic was on ACL’s (Access Control Lists).  How to use them on what they protect: Files, Shares, Registry, Services, AD O […]

    • For this week’s in-the-news article, I decided to read “ATM ‘Shimmers’ Target Chip-Based Cards”. This article focused on a new cyber-security trend called “shimming”, which focuses on chip-based credit and debit cards. Shimming attacks are not considered new, but are becoming increasingly more popular and chi-based cards are becoming the standard in the United States. Shimming attacks differ from skimming attacks because skimming attacks targeted the magnetic strip on the back of the card, which stored the data in plain text. “A shimmer, on the other hand, is so named because it acts a shim that sits between the chip on the card and the chip reader in the ATM or point-of-sale device — recording the data on the chip as it is read by the underlying machine.” The information from shimming cannot be used to create another chip-based card, but can be used to replicate a magnetic strip on a card. This is useful because not all credit card machines have the chip insert yet. With skimmers and shimmers being so stealthy, there is no real way to know if the ATM you are using is compromised. In reality, the article explains that you have a better chance of getting mugged after withdrawing from an ATM, than actually encountering one of these devices. Some security recommendations to prevent against your PIN and card information being stolen is to cover the PIN pad while you are entering your PIN number. Also, you should use ATMs that are physically installed in a bank, there are more cameras present and a thief is less-likely to hack one of these types of ATMs. The article also recommends, “Be especially vigilant when withdrawing cash on the weekends; thieves tend to install skimming devices on a weekend — when they know the bank won’t be open again for more than 24 hours.” Lastly, the best way to stop fraud, check you statements and dispute unauthorized charges. Similar to logs on a computer, bank statements allow you to see when and where your card was used. If you do not monitor your statements, small increments of cash will be taken out without you noticing, until one day, a big purchase is made, and you will have to prove fraud to get your money back.

      • Shain, good summary.

        The point you end with is perhaps the most important, in my opinion. Fraudulent charges, identity theft, credit rating changes can all be mitigated by regularly checking your financial accounts. One of the more “boring” chores I do for my family is track spending so we can maintain a budget. There’s a certain comfort in tracking every cent that comes in and out of my household, and if something crazy pops up on the credit report, we can take action on it right away.

      • Shain, that was a great post full of excellent recommendations against “shimming.” I was not aware of this sort of cybersecurity trend at all. Yes, I monitored my bank statements and shimming probably explains the reason purchases I did not make applied to my account on several occasions. I recently saw a short documentary online about tricks thieves are using to steal people’s money right from the ATMs. For example, one of them was the thief to cover the area where debit/credit cards are inserted with a mimic shape and color object and sit around, watching people using the ATM in question. Afterwards, the thief pretends to use this same ATM to remove the “look-a-like” object that has been collecting cards’ information every time one was inserted through the machine. That was amazingly sad to watch.

    • Andres Galarza and I are on team, Please let us know if you want to be on our team.

    • Figured it out. Downloaded wrong ISO. Attention to detail 🙁

    • I recently found a interesting news article to share “Windows SMB 0-Day Exposes Systems to Attacks”

      A 0-day memory corruption vulnerability discovered in the SMB (Server Message Block) protocol can be exploited to cause denial of service or potentially execute arbitrary code on a vulnerable system.
      According to the United States Computer Emergency Readiness Team (US-CERT), which has already published an advisory on the matter, the bug resides in the manner in which Windows handles SMB traffic and can be exploited by remote, unauthenticated attackers for nefarious purposes.

      SMB (one of its versions was also known as Common Internet File System, or CIFS), operates as an application-layer network protocol designed to allow machines to access files, printers, serial ports, and miscellaneous communications between nodes on a local network, while also offering an authenticated inter-process communication mechanism.
      According to US-CERT, the Windows platform fails to properly handle a server response containing too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. Thus, when a vulnerable Windows client system connects to a malicious SMB server, it can crash (Black Screen of Death or BSOD) in mrxsmb20.sys.

      The advisory also notes that the vulnerability has been already confirmed as being exploitable in denial of service attacks, but that it’s not clear whether it could be exploited further. By exploiting the vulnerability, an attacker might also be able to execute arbitrary code with Windows kernel privileges, US-CERT warns.With exploit code for the vulnerability already publicly available but no practical solution to this problem known at this time, suggested workarounds include blocking outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN.

      http://www.securityweek.com/windows-smb-0-day-exposes-systems-attacks

    • Vaibhav, this is another good example of what we’re talking about in class: closing ports and services that are not needed in order to harden the system.

    • Found a quirky little article describing what a “sockpuppet” is.

      ‘An Internet sockpuppet, according to Google, is “a false online identity, typically created by a person or group in order to promote their own opinions or views.”’

      I’m always interesting in the vocabulary I see floating around to describe ideas in the field of cybersecurity.

      Noun: Sockpuppet

    • The article references twitter; It’s amazing to scroll through the replies on a famous person’s tweets and see some very obvious sock puppets. Especially if that person is a politician or posting political messages.
      Recently Twitter did alter its algorithm to be less friendly to sock puppets and bots, making their replies less predominate in the conversation,

    • ATM ‘Shimmers’ Target Chip-Based Cards

      This article was really good.
      “Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards.”
      I thought banks moved towards chip-based cards for security reasons?? Why would banks give us these chip-based cards knowing this vulnerability can be exploited??
      I like that the article gives steps on how to minimize the success of shimmer attacks.

      The comments were informative as well. Nice Article.

    • Me and Sach are on a team, we just need 2 more people.

    • I was talking to someone the other day in the industry and they mentioned that this was an issue for their company as well. It caught them off guard so they had to bring in some outside help to make sure they were safe. 0-days are the nightmare of security teams everywhere.

      • Yes, zero day is definitely a nightmare to the entire I.T. security industry. Even experts need a little help every now and then.

    • Card scamming is not a new technique to exploit victims’ information, According to the article ‘ATM ‘Shimmers’ Target Chip-Based Cards,’ the scammers have found the ways to attack the recent changes in credit/debit card security. The attackers utilized the card shimming tactics to take advantage of card holders’ information assets. The card shimming can be considered as similar to an MITM, Man-in-the-Middle Attack. The skimmers install shimming devices in the chip reader of the ATMs/POS system. When a card holder inserts their chip-card into the compromised chip reader, it records the data that flows between the chip and reader.

    • This is the truth that the zero day vulnerabilities are more dangerous as it reveals security hole that is unknown to vendor .But despite the vulnerability known publicly there are no signs of practical solution to it coming down that could be more encouraging for hackers

    • Anyone still looking for a team? Comment below!!

    • Applying group policies to block unused/unnecessary ports can do wonders in terms of enhancing a network security systems. I’m sure doing that will protect a network against vulnerabilities that systems engineers will probably never be aware of. I am curious to learn how Microsoft will successfully address this security concerns. Thank you for the article.

    • Sockpuppet represents of the tools unverified sources use to promote “fake news.” I’m glad to see Twitter is doing something about it in an effort to reduce “sockpuppet”‘s effectiveness. Funny name, but full of potentials to cause damaging impacts.

  • Here is a quick video on how to add a linked folder to the guest OS from the Host OS.  If you have any questions please let me know.

    The example adds and removes a new folder, but I already have one linked […]

  • I have posted a new page with a video. I’m thinking it has to do with adding a linked folder. I’ll add that to my review when we start class as well.

  • Andrew Szajlai posted a new activity comment 1 month, 3 weeks ago

    Did you set the execution policy? It also sounds like the linked directory might not have been created. The script is assuming that there is a z: drive, which is the first drive that is created when using linked folders from the VMWare environment. Please let me know if you liked it, but are getting a different drive letter for linked…[Read more]

  • Good Morning,

    I enjoyed our in-class conversations about different devices and how we need to secure them.  I hope the take-away was that “we need to secure our operating system…for the following ________”; w […]

    • The only issue that I really had was Windows 7 was not installing the updates. After some research I found that you had to have license before you can install the updates. Of course I’ve tried to update it without the license, but after reviewing the WindowsUpdate.log, all the download attempts failed. So I used the license provided with the download on Windows 7 and it updated without a hitch.

      Another thing that I tried is cloning the already patched Windows 7 and creating a VM on inside the Window 7 VM that I just created, the performance dramatically decreased. The original setting for the “host” Windows 7 had 4 Core, 4098 memory. The guest Windows 7 had 2 Core, and 2048. I wasn’t running any updates, just normal navigation was very laggy. Any suggestions on the best type of setting to have a more reasonable performance?

    • My main issue was that I thought assignment 1 was the kali linux installation and when I downloaded the files it was already a VM instance set up and not an ISO to install. If anyone has trouble with the ISOs you can use daemon tools lite to mount them (virtual way of putting a virtual disk into a virtual cd/dvd drive). I also goofed because I thought that I wasn’t able to see the windows server files on the download website, but I was only on the “popular” tab and didn’t click all. The Win 7 easy install process was new to me, I had experience with VirtualBox where I was writing a DOS command wrapper for it using PowerShell, but you still would have to go through the whole “typical” windows install procedure; as far as partitioning disk space, etc.

      Unrelated, but to speak on I forget who, but someone’s point during class that it should fall on the developer to secure their software before it ships. And the professor stated something very true that they fall under deadlines where wanted functionality gets skipped. I wanted to add that during undergrad in learning programming we didn’t ever touch on defensive programming. In the United States Temple is 112th in Computer Science, in looking online the top 10 schools such as a Carnegie Melon etc, do actually teach defensive programming during their programming courses. I wanted to note there could be a third layer to this point, that a large population of developers may not actually have had experience creating secure systems.

    • Sorry, this wasn’t suppose to be in reply to your post, but while we’re here. I’ve experienced the same issue as you where Windows Update is disabled if Windows isn’t said to be “genuine.” In my experience back when Win 7 was the main OS, there were several “master” product keys that may have temporarily worked to get around the issue. For you performance issue, I would suggest just trying to allocate more resources, specifically processing cores. What’s the specs of your actual physical computer, compared to the first VM instance you created? If I’m reading it right it looks like you cut resources in half from your first VM instance to it’s clone after you did the updates?

    • Kali is kind of goofy, yes you can run it “Live,” as in run from CD or actually install it from the start up screen. Installing it will allow you in install VMWare tools to enable windows sizing and enhanced keyboard. Without installing it, especially if you have a HiDPI monitor, you will probably run into trouble with configuring display and getting it to fit on your screen. There’s an application called ‘Display’ that would let you resize, but you’ll have to do it every time you restart,

    • While patching the windows & I came across a error with code 8007000E which had a error message”Windows could not search for more updates “.This error will prompt out even on clicking try again and will interrupt your patching completely.After a liitle google search I came across the solution which worked out-
      Steps to resolve
      Manually stop the windows update service
      Download and Install KB3102810 update.
      Start the windows update service
      Resstart the computer.

    • I had a similar issue; My updates stopped and would not continue. Simply restarting the computer and re-opening the update service fixed it and allowed all updates to install.

    • The issue I am having is not being able to install the ISO of Windows 7 and when I try to configure the VMware to save it to my portable hard drive, it says there’s a file missing and the VMware is unable to be installed on my machine as well. I deleted all the files and started from scratch but same issue. Unsure of what to do.

      • Neil,

        You shouldn’t need to transfer the ISO to a portable HD in order to install it on Workstation/Fusion.

        In Workstation, when I began the process of installing an image of Windows 7, I was able to select the ISO file directly from the folder I downloaded it to via the “free software” Temple store we were told to use.

    • Loi
      I feel this lot depends on physical specifications of system
      If in the quad core system the user utilizes the dual core for Guest Operating system lagging may occur,Its like less no of core and more process the energy drawn will be more which will result in lagging.Applications threads run simultaneously in the cores .I feel you can give a try running less application on your host operating system

    • The issue I am having is that I keep getting error when I run the scripts in PowerShell. I followed the steps the professor presented in his video and used the scripts downloaded from our community sites. Does anyone have a similar issue with me or have a solution to address this issue?

      • Yeah, I had the same issue. But since it was another way to do Tail, I didn’t bother trying to troubleshoot. I will probably take another look at it this week. I will provide an update if I come up with anything.

    • Well, I figured out a temporary fix for this:
      1. You need to create a folder in C:/Users/Public/Temple on your Guest VM.

      2. Run the _setup.bat, which basically copies the file from the Windows_Linked folder into the directory you’ve just created. It is intended to create a shortcut of the Tail_windowsupdate.ps1 file onto your desktop.

      3. Navigate to C:/Users/Public/Temple/PS_WU_Setup

      4. Create a shortcut of Tail_Windows_Update.ps1

      5. Move the shortcut to your desktop. If you try to double click it now, you’ll just get a text file with the script.

      6. Right click on the shortcut on your desktop and select “Properties”

      7. Change the target to : powershell.exe -command “& ‘C:UsersPublicTemplePS_WU_SetupTail_WindowsUpdate.ps1′”

      8. This will execute the shortcut in powershell instead of notepad when double-clicked.

      Let me know if this helps.

    • This was meant to be a reply to Seunghyun (Daniel) Min’s problem.

      • Hey Loi,

        Thank you very much. I will try your suggestions today and let you know how it goes.

      • Hi Loi,

        I tried your suggestions but unfortunately, it didn’t work. The issues I was having was:

        1) When I ran the _setup.bat, it creates a shortcut of the Tail_windowsupdate.ps1 right below to the PS_WU_Setup folder, which I downloaded from the community site, instead of creating it on the desktop.

        2) And after I changed the target of the shortcut created, the text file, to the PowerShell command that you told me, when I opened the file, it got closed right away.

    • Hey Vaibhav, thanks for the response. Figured out that I was running a copy of the VM from the host machine instead of copying it into the Windows 7 Machine. What I mean by this is, the files containing VM was shared from my host, instead of it being on the VM that was running another instance of VMware.

    • Ah ok, I will try that and see if it helps. The one issue that is coming up now is the “Workstation does not support downgrades.” Did you get the option to upgrade it as well?

      • I followed your advice Andre and it worked very well. I just have to make sure I can get it to run from my portable hard drive.

    • With reference to article of ransom-ware demanded in the bargain of returning the database files which have been compromised.I have got the firm believe after reading the article that even after paying off the money the organization is not assured to get back the database files.There is no mode to track down if the ransomware has been paid to the right person .There is a preventive solution to avoid such cases is keeping a backup of the database server.

      • As you mentioned above, a disciplinary backup strategy is the fundamental solution against ransom-ware. This is a situation that raises a lot of concerns because not only companies have to worry about ransom-ware, but also must they ensure the money goes to the “appropriate” party. This is escalating to a new different level.

    • Did you set the execution policy? It also sounds like the linked directory might not have been created. The script is assuming that there is a z: drive, which is the first drive that is created when using linked folders from the VMWare environment. Please let me know if you liked it, but are getting a different drive letter for linked directories. On Fusion that is what I am getting.

    • Yes, I did set the execution policy. I don’t think I have created a z: drive. Is it possible you can show me how to do it before the class tomorrow? Thanks!

      • I have posted a new page with a video. I’m thinking it has to do with adding a linked folder. I’ll add that to my review when we start class as well.

        • Thank you for the video! It worked now! Creating a z: drive was the key to resolving the issue.

          For PC users, make sure you check the ‘Map as a network drive in Windows guests’ when you creating a shared folder. If you don’t check it, it doesn’t map your shared folder as a z; drive.

    • I am trying to do the installation on my work laptop that I am allowed to use for this class but seems to have issues in terms of downloading the .bat file. I think I am having the same issue that Neil had.

    • As far as completing the installation of Windows 7, I used VM Fusion on my Macbook. I did not have any problems installing the software or completing the Windows updates that followed. Since I am using a 256GB SSD on my host, I did run out of storage when applying the updates, so I had to clear storage from my host machine. The updates took several hours to complete. Upon completion, I took a snapshot of the machine in its current state with all of the updates. With Kali, I also had no issues with the setup. Since I did not have much to talk about with the first assignment, I looked at an in-the-news article for this week.

      For this week’s in-the-news article I decided to read “Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed”. This article discusses how tens of thousands of personal and proprietary databases were wiped from the internet, and replaced with ransom notes that demanded a payment for the return of the files. Unlike other ransomware, which encrypts data until the ransom is paid, these files were not even visible. The worst part about this ransomware was people who paid the ransom did not get their stuff back. Fraudsters were replacing each other’s ransom notes and people who paid, might have not paid to the correct person who had their files.
      This ransom attack occurred on an online database platform called MongoDB. Thousands of organizations use this database, but it apparently was easy to misconfigure and many databases were exposed online. If the DB was installed with default settings, MongoDB allows anyone to browse, download, write over, or even delete databases. KrebsonSecurity has featured several stories over the years about how companies are misconfiguring their MongoDB instances and leaving their DBs openly accessible. Currently, a site Shodan shows that there are over 52,000 publicly accessible MongoDB databases.
      Overall, it is not safe for organizations to be using MongoDB. There are new vulnerabilities discovered about MonogoDB weekly. Another important piece of information to take from this article is to never run a default configuration when configuring a database, especially if it contains valuable organizational information. Another discovery from this article is that MongoDB should do a better job of informing customers that doing a standard configuration puts your database at risk. With all of these organizations going with standard configurations, I can’t imagine there is much warning coming from MongoDB’s end. Companies that are running a DB on MongoDB clearly do not follow best IT practices. A security assessment should be done prior to configuring any live DB on a third-party host. Second, back-ups of the DB should be made daily in the event their data is deleted or over-written. Lastly, organization should have a DRP in place, in the event something happened to the site, etc., that they could get their data back up and running. Many more faults can most likely be found from organization’s practices, but these are just a few critical ones I discovered from reading this article.

    • My problem is I was unable to see the command that professor was using in the 2nd video, so I could not update my windows 7. I tried cd xwindirx which I thought was correct. It tells me the system cannot find the path specified. Can anyone help me with the code here? Thanks!

    • Hi Loi,
      I had the same issues as well…but I thought I installed the Product Key when I initially installed the Windows 7. Now i went activate windows and entered the product key and they are saying product key will not work with this edition of windows. I am using the same product key I was given. smh…

    • Top 10 companies hiring cybersecurity professionals

      I was browsing top cybersecurity news for this week and I came across this article that I believe could be meaningful for a lot of you. Especially for those who are about to graduate this coming August. Alison DeNisco, a Tech Republic writer, conducted a research to reveal the top-rated organizations currently hiring cybersecurity professionals.

      Among the group are Apple, Lockheed Martin, Intel and surprisingly several more interesting ones. Alison shared an important statistic revealing that “The US faces a 33% skills shortage for crucial security roles…” Conversely, this gab is shrinking as job seekers in cybersecurity roles rose from 60% in 2014 to 67% today. Let’s hope the trend keep gearing up as these are important positions the U.S. and several other countries need more than ever.

      You may access the full article via the link below.
      http://www.techrepublic.com/article/top-10-companies-hiring-cybersecurity-professionals/

    • Thank you Loi. I came across a similar issue and your step-by-step process enabled me to resolve it.

  • Group,

    I have updated the weekly schedule to include the links to the reading.  I thought that the PDF also allowed for the Hot-Links to work, but it does not.  You can find the reading links for each f […]

  • Andrew Szajlai‘s profile was updated 2 months ago

  • Please review the the items from slide 12 “In The News” and post thoughts from the overview we have talked about on Thursday.  Take one of the three items from the news and think about how you would use one item […]

    • I read the DDoS attack that happened to Dyn on 10/21/2016. The attack occurred by hackers breaking into the unsecured devices such as routers, surveillance cameras and other devices connected to the internet. They clogged the internet by sending huge amount of fake traffic data to servers which that were directed at Dyn and other services. Dyn hosted many big sites such as Twitter, Spotify, PayPal, etc and users were unable to access it because of all the bogus traffic directed at the Dyn servers. There are a few things that were discussed in class that could help with securing: Logging, Limiting Services and System Hardening.

      Logging: Logs are important part of applying security to networks and for any businesses. Home network might not find it important unless it’s a home business but some businesses have devices that use default settings. When a hack occurs and is used to attack servers such as Dyn’s, they can’t track what was being attacked, where it came from and when it occurred.

      Limiting Services: A home router or any device connected to the internet has default settings. These are users of the internet every day and may not know or care to change any settings. The hackers were able to utilize the vulnerability by creating codes to search for such devices and send malicious code to send bogus traffic to Dyn’s servers. If the owners of these devices were given some education to help them securing it, they can change some settings. They can allow their devices to allow certain traffic, prevent and/or detect when unauthorized access is trying to access the network and as the article suggests – disabling universal plug and play on the routers. Customizing the devices means a user can limit unauthorized use of the device(s) by an outside party such as hackers.

      System Hardening: Dyn’s servers were attacked by hackers using devices of all types to send bogus traffic to it. If the encryption on these devices were set to be stronger or had implemented some form of secured IoT devices, they could have prevented themselves of being used as botnets. Dyn’s servers attackers were in form of botnets from unaware everyday users of the internet and their devices; by hardening how the routers or surveillance cameras or any other device interacted over the web, it would have probably delayed the attack on Dyn’s servers. Also if the targeted servers had a way to detect botnets (not saying they probably didn’t but just guessing here), the target themselves could have prevented and possibly stopped the attack from taking down sites that a large amount of people utilize on a daily basis.

    • Good analysis Andre, your thoughts about patching makes sense. I didn’t think of patching for the devices. But very good catch on that.

    • Avi Rubin Recordings
      In Rubin’s recordings, he iterates the importance of including security from the beginning phases of system designs. System developers need to take security into account from the beginning and that anything that has software in it can be comprised and/or have bugs. Many of the devices adopted today lack these considerations and hackers had exploited them to use in DDoS attack, like the one we seen with Dyn last year.
      In case of the FitBits and blood pressure monitor, from Rubin’s video, these devices usually come tethered to a smart phone that allows the user to control the actual device. Vulnerabilities are often exploited from the smart phone. In this case patching and keeping the smart phones up to date would limit the exposure. There are millions of apps that available for the smart phones; some more vulnerable than others, all can be used to gain access and control to the device. System hardening could also be considered; limiting the number of apps downloaded or running on your phone can also limit the attack service for hackers.

    • Great post Neil,

      As you and Andres eluded to in your discussion of securing target OS, the best solution to prevent a DDoS attack is to secure computers from being hijacked in the first place. That’s where limiting services, system hardening and patching all comes together to make our computers more secured. By securing our computers, we are preventing the problem before it manifests. Sadly, this is a global effort between businesses, governments, and citizens of the internet.

    • So many different IoT devices are evolving left and right. Look at our lives. We are now fully equipped with the I0T devices like Smartphones, high-tech automobiles, and wireless medical devices to run our lives. Ari Rubin, a professor of computer science and director of the Health and Medical Security Lab at Johns Hopkins University, well presented about the vulnerabilities of IoT in the series of his TEDx talks: 1) All your devices can be hacked and 2) Hacking our watches, fridges, guns and more.

      First of all, so what is the definition of the IoT? TechTarget defines it as “The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.” From that definition, I would like to point out two things which are IoT is a system and it can transfer our data.

      IoT = System: Internet of Things is a computer which has its firmware and software in some cases, which can be hacked and compromised by malware. And it has evolved from the convergence of wireless connection. The wireless connection consists of many different types of connecting methods such as Wi-fi, Radio signals, Bluetooth and so on. The threat can be assuming attackers attack those IoT device systems over long-range wireless.

      Transfer Data: For example, a person who has a heart issue can get a wireless heart diagnostic device from a hospital. The individual carries that device and it sends the patient’s information to the hospital’s main database so as for a doctor to check the patient’s heart condition in real-time. What if the device got hacked and sent malware to the database? The impact will not only stay in the single device but it will be spread throughout the whole database system.

      Those many IoT devices are no doubt beneficial to our lives by gathering all kinds of data to make things much efficient and effective. However, Ari said, ” Our network of connected technology, puts us at increased risk for cyber attacks.” The reasons are included:

      1) Technology is often adopted without considering security consequences.
      2) Attackers may not adhere to your threat model.
      3) Adversaries are rising in power and sophistication.

      I would highlight several OS security concepts we discussed in class with respect to those IoT threats.

      1) Patching & Antivirus: Service providers release necessary patches with regard to any vulnerability findings of their software/program/system. Updating your IoT devices with latest patches will definitely help you prevent possible threats of attacks. In addition, having Antivirus tools in your smart devices such as smartphones and Ipad is always a smart move to keep your devices from viruses and malware.

      2) Limit services: From Ari’s talks, one thing that really blew my mind was hijacking the smart/driverless cars. The attackers could hack into the car system through a wireless connection and change settings or disable some of the car functions like braking. I believe those kinds of features must be highly limited to be modified.

      3) System hardening & Logging: As technology advances, the level of sophistication of attackers has also evolved significantly. In the sense of preventive controls, system hardening could help IoT devices come with right encrypted and secured features. On the other hand, we could always utilize logging as our detective control to find threats and implement solutions as soon as possible.

      Ari’s last comment was indelible.
      “Just because you can connect something to the internet, does not mean you should”
      Think once more before you actually go ahead to connect your new sweet gadget to your wireless connection.

    • Andre,

      Great analysis on the 10/21 DDoS Attack. As also Neil mentioned, patching is one of the critical things that system users should be aware of. No systems are perfect. The main reason is because new technology is constantly evolving. Patching would be the key steps to reduce the vulnerabilities in your system and eventually prevent any possible external attacks.

    • Great post Andres,

      I think your section with system hardening is very important. Default username and password always pose a threat to any information system and even a bigger threat to the organizations who employs them. A single device can leave the entire network exposed. However, I believe that this is fixable if developers pursue a more security-centered development methodology and that they should. Consumers are not well equipped to be able secure their own devices and I think the responsibility falls with the developers.

    • Two defense tactics that can protect the OS from Denial of Service attacks are Intrusion Protection systems and Firewalls. Intrusion protection systems can scan network traffic flows to detect and avert vulnerability exploits. Firewalls can monitor and control the incoming and outgoing network traffic based on the rules the network administrator configures for the network.

    • You are absolutely right Loi, it is a global effort and it will take quite a while before everyone gets on the same page. Computer security is a hot topic because of incidents like this and we need to prevent them before they occur or at least the minimize the risks and/or damage.

    • In my opinion, I think you hit right on the nail Loi – smartphones are the new link to hackers and exhibit many weaknesses that we are unaware of. Patching and keeping apps up to date will minimize the risks as well as system hardening since the less amounts of apps will definitely limit the damage from hackers. I think having antivirus or some form of app to monitor your network traffic is important too.

      • Is there really anything useful out there as far as mobile device antivirus? I always assumed those apps were traps or a waste of time/money.

        • Yeah a lot though available in market are waste of money as they mostly have anti-theft features in abundance than antivirus features and furthermore most of the apps available are for android platform .I have been using AVG antivirus since few months which i feel is somewhat worth of bucks spent

    • This is an interesting spot to wonder if legislation mandating requirements that allow internet-enabled devices to disable/change default credentials is needed. Does anything like that already exist?

    • I am amazed how refrigerators can be hacked, it’s funny that they are becoming equipped with apps and now exposed to security threats, That quote fits perfectly with fridges, no point in having an appliance like a fridge connect to the internet haha

      • Neil,

        I agree with your point. It is very interesting to see how refrigerators can connect the internet itself with the embedded computer. However, as Ari mentioned in the video when Samsung was making the smart fridges, they had to consider a security personnel to examine any possible vulnerabilities in regard to the fridges. I love to use smart appliances, but samrt and SECURE appliances.

    • As we’re learning in other classes, logs are also important because they play an important role in forensics and being able to prove a series of events happened for the purposes of building a legal case.

      • Andres,

        Rightly said. in the detective control standpoint, logs are considered to be the main components to be reviewed. The logs could be compared to a black box. It has all the necessary information that needs to be tracked of. In my church, we recently installed the access control systems in entrances. One of my job there is checking accessing logs every Sunday to see if there are any unnormal activities.

    • The car vulnerabilities are really shocking to me as well. I mentioned something like this in a reply to above, but I can’t help but think that there will come a time when the government steps in to legislate requirements to mitigate these risks. I don’t believe we’re seeing enough evidence that a myriad set of industries will self-regulate the risks associated with their internet-connected systems.

    • Loi,

      Great point. To be honest not everyone knows even those routers and internet-enabled devices have a default setting to access into. So I also believe service providers, not program developers, have a critical role in educating end users when installing such devices. That way the users can be aware of disabling/changing the default credentials in their system.

      • Although I agree that it would be nice for service providers to educate the users, assuming that the service providers is the company that makes the products, businesses are in business to make money. They are pushing products to market at a rapid rate and in many cases forgone required testing to beat competitors. Look at Samsung for example, they were trying to beat Apple with their Note 7 by getting it to market a year before Apple release their new iPhone. It resulted in a recall that cost millions. Although this recall was not security related, it definitely had life-threatening consequences. If something like this can get passed through testing, then I think that cybersecurity in somewhere in the back burners for these providers. Along with the additional cost that would incur in trying to educate their customer base.

    • I really like the Avin Ruby recordings and the mention of how the hacking of car could be a high risk and dangerous .It even reminded me of an article published in washington post about the experiment where white hackers were able to hack an SUV
      The hackers took complete control over the car and as mentioned , the vents blasted cold air at the maximum setting, Radio switched to the local hip hop station and blared at full volume. The windshield wipers turned on, and wiper fluid blurred the glass.The hackers took control over the steering and the accelerator.The experiment by white hackers proved that the automobile industry are vulnerable to hacking and even made automobile industry to gear up the IT security.

    • I’d like to discuss the news about the history of the Dirty COW bug. This is a long-persisting issue in Linux that had gone unfixed for multiple major version releases. This has since been patched but there may still be machines out there that are vulnerable. This issue was discovered by Peter Oester. It is however unknown if any attackers ever used this in the wild.

      The mechanism for Dirty COW is a bit complicated so I need to explain a few pieces. There are certain files that are “non-write” where a user cannot change these files. These often include OS system files and functions as well as anything the root user has access to when you are not the root user. Let’s take the ping binary as an example; it is owned by root but any user can user it but not modify it. To use it, the OS makes a copy into its memory, knowing its location for further use with a map. You can also make a private mapping copy of it which is a section of memory where you can copy-on-write to this section.
      From here there needs to be a race condition made, which here means running two commands to the OS at once. The two threads are constantly requesting the underlying file and the other constantly writing to the memory space. The race condition means that there is a chance that these two threads happen out of sequence and end up writing to the underlying file.
      If you are able to write to a file you aren’t supposed to, there are several ways to exploit that. You could have any code run when that file is called to use in addition to the original function so that it seems as if no changes were made to the end user.
      I think patching is the way to fix this bug. A rule should be added that the thread that is able to write should wait for everything else to finish and then prevent anything from running while it is working. Only then can something else be done. This will prevent the race condition from being possible.

      Additional source: https://dirtycow.ninja/

    • Andres,

      Patching is the key to make it hard to hack any device. 100 percent agreed

    • Brent,
      I do believe the same thing, on the top of the operating system patching, good firewalls have to be installed to filter all the incoming and outcoming network traffic. Most of hackers use the wireless technologies such as Bluetooth or radio waves to access these devices.

    • Loi Van Tran,
      You are absolutely right. anything that has software in it can be comprised and/or have bugs. I believe that OS patching the key to limit the access to any device. By updating and fixing all the bugs, it will be very hard for any hacker to be successful in his goal.

    • Thanks Vaibhav. I know that is how apple products are in terms of antivirus. There are lots of products yet ther performance is questionable at best. I am planning to switch to an Android phone and if I do I will look into this AVG software that I know is popular for desktop computers.

    • I am writing about Avi Ruben presentation via the youtube video on hacking fridges, watches, etc. I watched some of Avi Ruben’s presentations in my class last semester and he is quite an expert on security and hacking. His presentation style bring awareness and even draws interest from those that are not tech savvy.

      This presentation was informative as we all know hackers attack anything online or connected. Yet with the hacking done on the scanners done at the point of manufacturing in China really blew my mind. In business everyone rather work directly with the manufacturer instead of going through a distributor. In this case the hackers infiltrated the firmware on the scanners at point of production. This is both brilliant and scary.

      The other two points that caught my attention is how hackers and security flaws can cause physical harm. The cases of the blood pressure monitor squeezing excessively hard, or fitness band leaving bruises, and how hackers can go into the sniper riffles or controlled skateboards. These are all different levels of physical injury, yet they all need to be accounted for. The last point is how the Samsung fridge forgot to put SSL encryption on the fridges, to me that is a huge miss. I am unsure how that was not caught in development or testing.

    • For this week in-the-news, I read the article that focused on the Distributed Denial of Service attacks from Friday, October 21, that caused disruption of internet service across many areas of the United States. These attacks targeted the DNS and made many normal online activities such as shopping, listening to music, etc., unavailable for several hours in some cases. The 10/21 attacks were possible due to a large number of unsecured internet-connected devices, otherwise known as the IOTs. Thousands of these devices were infected with malicious code and formed a botnet, which was used to direct an enormous amount of traffic to servers that belonged to Dyn. Dyn is a major provider of DNS services to companies such as Twitter, Pinterest, Reddit, PayPal, Verizon, etc. IOTs were able to get infected because the use of default passwords on these devices. Since these devices are used around the world, these passwords are widely available. People who did not change the default passwords on things such as routers, enabled the attack to happen.
      Nowadays, the average household can have at least 10 devices connected to a router at one time. Between cell phones, laptops, tablets, gaming consoles, streaming devices, appliances, the list goes on and on. Many devices are just connected to the internet, such as streaming devices, and many users are unaware that there is a default password set on these devices. To prevent attacks such as the one that occurred on 10/21, one of the most important things to do is ensure default passwords are changed and updated with a strong password. A strong password generally is at least 8 characters long, and includes a capital letter, a number, and a symbol. This makes it almost impossible to use a brute force or dictionary attack. Also, prior to connecting an IOT device, do research on the device and understand how the device is secured and if it is capable of being hacked. Another possible security tip would be restricting access to your router based on MAC addresses. This way, only certain MAC addresses can connect to your network. Although, if the default password on the router is not changed, a hacker can access the router and add appropriate access to get on the network.
      Patching and logging are also important in preventing IOTs attacks, similar to the one on Dyn. As soon as an IOT device releases a patch, it is important to update and patch these devices. Patches generally address vulnerabilities in these devices and eliminate the exploit. Logging is important because it shows what was attacked and where it was accessed from. In the case of the attack on 10/21, most people do not know whether or not one of their devices was used in the attack.

    • Andres,
      Great summary and strategies to prevent these attacks on IOTs from happening again. I definitely agree with patching these devices. Many of these devices require users to manually accept and install a download for patches. Companies should push these patches to the device automatically, as long as it is connected to the internet, it should automatically download and install patches. For example, my FiOS digital receiver automatically updated the other day while I was at work. I got home and there was an all new Video OnDemand menu. Patches fix exploits, but relying on users to apply patches, especially in IOT devices is not always the best approach from companies.

    • The news story that caught my interest is the TED Radio piece by Avi Rubin, on “What Happens When Hackers Hijack Our Smart Devices”. Avi Rubin walked you through various technologies used today and showed how they are all susceptible to hacking. First scenario showed implanted devices placed inside humans like pacemakers, which use wireless technology to transmit data. The second scenario highlighted automobiles, which has various types of computers in it controlling car features such as the braking system, heating and cooling, start and stop and the list goes on. Last scenario showed a two-way radio device (P25) used by law enforcement and government agencies for secure communication. In all three scenarios, if hackers hijacked any of those devices it could lead to the loss of life for one or many individuals.

      In the development of these devices, security has to be the number one priority over being first to the market with the technology. Technology changes and these devices need to be able to adapt with the change in technology, by software updates, firmware updates and patching. Also do not have features or technologies enabled that are not needed. Harden the OS; close open ports and logs activities because all device can be hacked. Our ability to react to an attack is just as important as preventing it.

    • The Dirty COW vulnerability (CVE-2016-5195) affects essentially all versions of Linux and had been around 9 years prior to the vulnerability actually being discovered. The greatest concern over this vulnerability is that it exists in the Linux kernel. When exploited malware can root level access to the machine. The main takeaway from this is that it’s extremely important to patch your machines. When researchers present these kinds of vulnerabilities to either the Linux community or Microsoft or Apple and they subsequently release a patch, it’s imperative to apply those patches to safeguard your data.

    • I am writing about the DDOS attack that took place on October 21st. During this attack, DNS distributer DYN was DDoS’d by a botnet consisting of thousands of IoT devices and an open source malicious code called Mirai. The source of these attacks were unsecured internet enabled devices across the world. Using the malware, attackers were able to hijack the devices and use them to sent massive amounts of traffic to DYN.

      This type of attack is preventable. It is important to properly set up network passwords and firewall rules that prevent as little outside influence as possible. Also, may devices can be given passcodes and security features as well. It is important to watch your traffic and scan your network for malware and unauthorized access.
      Finally, it is important to watch for software and firmware updates from the manufacturer, as these often patch vulnerabilities. .

    • I found the Avi Rubin videos very interesting. As a Security Analyst I never even thought about refrigerators or car devices being hacked. But in reality any devices can be hacked due to insecure software, backdoors, unpatched devices and/or software, etc.

      Will we ever have secure devices since they point to the Internet? We live in a period were hackers are not just hacking for fun, they want to sell our data for profit. Who would of ever thought about hacking into a car to stop someone breaks from working or prevent their windows from coming down???

      the following items below can be a baseline for securing software.

      Application vulnerability assessments should be conducted before the release of any software .
      Changing of Default Admin Password
      Encryption at rest and in transit (where necessary)
      Regular patching schedule
      disable ports, protocols or services that are not needed

      Ultimately, I think software developers should be held liable for not hardening their software/applications.

    • Loi,
      Great analysis of the Rubin recordings. One of the easiest ways to prevents attacks is to apply patches. iOS releases updates frequently and most of them are to patch security exploits in the OS. Another thing I’ve read on the IOT device attacks was that many people keep old apps installed on their phones, even if they are no longer using them. This is risky because it adds one more application that can be susceptible to an attack. If you are not using applications, they should be deleted from your device. Developers often times do not know about a vulnerability until several months after the fact, and its already being exploited, this is why it is crucial to delete apps.

    • Kevin,
      I agree that strong passwords are necessary to prevent attacks. I was reading from the article that many of these devices were hacked and infected with malware because they were using the default password that comes with the device. For example, most routers by default have a username of admin and the password is password. You can go online and look up the default username and password for devices, since they are widely used, this information is available. Strong passwords with 8-15 characters, symbols, and numbers can be the first line of defense from preventing IOTs devices from being hacked. I also agree that firewall rules can prevent an attack. Users must also update and patch software as soon as it is available. These updates generally address vulnerabilities in the software.

    • The mention about the cardiac devices is really Interesting as most of the healthcare industries are concentrating more on the protection and securing PHI.This video really mentions down the importance of now also securing the medical devices from the hacking.Probably any of the devices now on the network are now vulnerable

    • The mention about the logging is very good.The most recommended step by the auditors is to maintain the audit logs.Most of the time the server logs being generated are on the same system as the compromised or attacked PC as a result the logs can also be altered so it is preferred to maintain logs in a different system

    • I think that botnets are immune to firewalls and certain load balancing techniques because you can’t identify “good” IP addresses from “bad” IP addresses until after it already has requested your webpage. You can’t attempt to block all web traffic, but imagine if you are an e-commerce website like Amazon, you’re going to end up losing potential customers. Good post though.

    • Good post, I think patching was an important aspect to touch on because a lot of device manufacturers are very hands off in supporting their technologies after a move to market. Especially when certain operating systems become “obsolete” such as Windows 7, but then there’s a large part of the population who haven’t upgraded leaving them wide open. The only issue I foresee is if a company has direct access to every child device, that connection could be somehow hijacked.

    • DDOS Attack:

      I chose this article because I was actually affected by this event, I was attempting to go to twitter and I couldn’t reach the DNS. I tried on several different devices, after which I went over to Google and read about half of the internet being down because of the massive botnet’s interference. I know that a lot of devices connected to the internet have very common password schemes that hacker and cypher through in a matter of seconds from “password” to “default” etc. I’ve even seen webcrawlers that search through for example Netgear firmware pages to harvest default passwords. The best way to secure these kind of devices is to simply change the default password to have over 12 characters, with upper and lower case textual characters plus numerical characters and lastly some numerical characters. At a higher level individuals need to secure their home networks so that these devices cannot be accessed. WPA2 encrypt is suppose to be sufficient if the password isn’t something generic that one could write a program to read to a dictionary of common words and brute force.

    • I did a project in undergrad on a IOT refrigerator device, its funny you brought that up because security was an afterthought. In reality it makes sense that any device that can operating on the HTTP protocol can be manipulated into any of it’s methods such as a request or GET/PUSH etc. But, great post you explained everything very thoroughly.

    • Sorry, double post, I didn’t know how to edit the previous one, pressed enter.

      DDOS Attack:

      I chose this article because I was actually affected by this event, I was attempting to go to twitter and I couldn’t reach the DNS. I tried on several different devices, after which I went over to Google and read about half of the internet being down because of the massive botnet’s interference. I know that a lot of devices connected to the internet have very common password schemes that hackers can cypher through in a matter of seconds from “password” to “default” etc. I’ve even seen webcrawlers that search through for example Netgear firmware pages to harvest default passwords. The best way to secure these kind of devices is to simply change the default password to have over 12 characters, with upper and lower case textual characters plus numerical characters. At a higher level individuals need to secure their home networks so that these devices cannot be accessed. WPA2 encryption is supposed to be sufficient if the password isn’t something generic that one could write a program to read to a dictionary of common words and use brute force. To defend against the brute force scheme, the login for these devices need some sort of time-out scheme, similar to how a phone locks out after a certain amount of attempts.

    • When I was watching the video, I felt scary because everything connected with Wi-Fi can be hacked. He was joking that there was a fake news within all the stories, in my mind, most of those stories are impossible. Like how can you touching a computer to encrypt it? Every time, when I check my Wi-Fi connections, if there are some unknown devices connect to my Wi-Fi, I become sensitive because I don’t know how they do it and I don’t know how to prevent it either. I change my Wi-Fi passwords regularly, I still feel unsafe about Wi-Fi. After watching the Ted Talk, it is great but I feel more insecure about my Wi-fi now.

      Since computers become more and more familiar to people, hacking becomes easier. But most technologies are connecting to internet to work, I guess the only way to prevent hackers is creating perfect fences on devices to protect our information. Also, developers need to be more careful before they publish devices or software, human errors could be more dangerous than hackers.

      • Hi Mengxue, you made some excellent points and I agree with you that developers need to do more and new methods need to be developed to improve WiFi security. On the other hand, I’m not sure perfect fences exist to protect WiFi and smart devices. I believe one of the best ways to increase online security is to develop the culture or habit to uncover vulnerabilities before hackers do, remain up-to-date and informed about what reliable tools or technologies are to implement.

    • Russia Spread Fake News And Disinformation In Sweden, Report Finds

      Fake News has been a major topic during the 2017 post-American Presidential election season due of its potential roles in the voting outcomes. This is an area that Facebook, Google and other major technology companies decide to tackle because of the negative impact Fake News plagues to their reputations. Fake News emerges as a new form of manipulation to control elections, vehiculate propagandas, and so forth.

      In the wake of combating Fake News, Russia seems to show signs as one of the government systems to take full advantage of Fake News. In the line of this idea, Huffington Post’s Willa Frej writes “Russia Spread Fake News And Disinformation In Sweden, Report Finds.” In the Article, the reporter elaborates that experts determined that a series of forged letters, Fake News items tactics have peppered the Swedish information landscape started three years ago, after the Russian annexation of Crimea from Ukraine.

      You may access the full article via the link below.
      http://www.huffingtonpost.com/entry/russia-sway-public-opinion-sweden_us_58753219e4b02b5f858b8f0d?utm_hp_ref=cyber-security

    • Hello Marquis, yes, the Twitter DDoS attack was a major incident that caught a lot of people’s attention during the past election season. Researchers have uncovered this attack was a result of Internet of Things (IOTs) that were not properly secured. I was not aware of WPA2 as a relive method to protect against hacking password. Also, I agree with you that changing the default password to have over 12 characters, with upper and lower case textual characters plus numerical characters and lastly some numerical characters are a good way to improve smart devices security.

    • Andres, that’s very good analysis and I enjoyed reading your assessment regarding the recent DDoS attack. I agree that changing default credentials would have made hijacking the devices more difficult. A solution to address this problem would be for manufacturers to build/designs systems requiring admins and other users to update credentials after a certain period or after the first use periodically. This concept can be emulated similarly from a system promoting users to update passwords after creating a user profile. That way millions of devices would be more secure by the first use.

    • The incident you described above sounds scary and alarming. Innovation is good, but is must be done the correct way. Especially nowadays, it is imperative that IT security is at the center of all innovative efforts. Otherwise, organizations and consumers will face scary scenarios that sometimes could cost people’s lives.

  • Good evening,

    I’m glad to have met everyone on Thursday night.  I really enjoy our first class.

    I have updated week 1’s schedule page with the slide deck.  The link to the page is: htt […]

  • Welcome to  MIS5170 – Operating Systems Security.
    Great to have you all!

    I hope you are as excited to get started as I am.  We will begin on Thursday January 19th when we will go through the structure of th […]

Skip to toolbar