Andrew Szajlai

  • Good morning,

    This week we looked at controlling connectivity from other network devices via configuration files under /etc.  These files allow us to define which services and what computer (by IP address and […]

  • Good afternoon,

    This week we talked about firewall rules and the differences between the configurations on Windows and that of Unix/Linux.  The concepts were the same between both styles of operating systems; […]

  • Very nice summary and connection to the class.

  • Good afternoon,

    We had a very interesting set of questions and conversations at the ITACS Panel last Thursday.  I would like to get a couple of bullet points from each of you that attended.  I would like to g […]

    • I didn’t attend the ITACS Panel but I did look up the information about Linux patching. Not sure if it’s the right one but I looked on Lynda, the knowledge database we have access to and typed in Kali. I found an article that takes you through different things we can do in Kali and one was updating it. https://www.lynda.com/Linux-tutorials/Introduction-Kali-Linux/455715-2.html. It is a lengthy process so it requires a lot of time.

    • Very nice summary and connection to the class.

    • Windows users might want to turn off their computers this weekend, warns security researcher who’s only being ‘somewhat glib’

      A hacker group by the name of Shadow Brokers has released tools that can ease the process of hacking into Windows computers and other Microsoft products. According to Business Insider’s Julie Bort, the author of this article, “The hacking tools are allegedly part of the arsenal that was said to be stolen from the NSA last summer.” We are starting to experience the ripple effect of what was created for spying purposes. This is the sort of things government agencies, organizations, IT Security professionals and people in general will have to deal with when the right tools fall into the wrong hands. It is odd that an agency created tools to spy; nevertheless, failed to properly protect those tools against spying. Solution? Create tools to defend as strong and effective as those created to attack.

      http://www.businessinsider.com/hackers-release-nsas-secret-hacking-tools-for-windows-2017-4

    • Andres, this is a very good break down of what was discussed at the panel. Reading through this gives summarizes most of the important talking points that were mentioned. My favorite one is the cyber insurance. It will be interesting how certain companies and industries approach this to transfer risks, Can you imagine a company hit with ransomware and insurance is asked to pay the money?

    • Cyber security has an unclear future as we speak. Unclear in the sense of what would be the most effective strategies against the rise of IoTs, AI and so forth. Microsoft’s Angela is right, it is time to start exploring serious ideas of how IoTs should be properly secured before it is too late.

  • Did you run the sha256 check before you ran the installation from the ISO? Remember one of the main reasons for running the CRC check (SHA256) in this case is to make sure that none of the bits get messed-up in the download process. If you still have the old file run it on both to see if the numbers are different.

  • Good Morning,

    We are having a self study this week, due to the ITACS event.

    We talked about Linux baselines and system hardening.  The concepts here we very similar to those we talked about for Windows. […]

  • Andrew Szajlai posted a new activity comment 4 weeks ago

    The questions was will the the Windows 7 computer maintain it’s GPO settings without the DC. The answer is Yes. There is a local cache of the GPO’s that are applied to the computer. It will us those local setting as the computer boots for both the user’s settings and those applied to the computer. If you make any GPO changes, you will need to…[Read more]

  • Wanted to talk a bit more about the VM escape.  This would be something the only logging would have exposed in your enterprise.  This is exposing a zero-day attack.  Something that the vendor has not found as a mi […]

    • Just so you are aware, even after doing this, it still took about 4-5 hours to upload.

      • Thanks!

      • Thanks Loi! But will the Windows 7 we upload still carry our policies we implemented?

        • That’s a question that the professor will probably be more fit to answer. I know that anything that you did on the Windows 7 registry will remain; regedit. Most of our GPO and controlled by the domain controller (Windows Server), which is also used to alter registry files. So I would assume that if you’ve created a GPO and logged in with a workstation, these alterations would take affect on the local machines. But this is just an assumption. I have no experience as a DC or GPO admin.

          Did find a few articles that talked about it, but not clear cut answers:

          Group Policy Settings: How Settings are Stored (Part 1)

          Anybody have any thoughts?

    • Here is an interesting news article I found this week, titled “Is Trump Still Tweeting From His Unsecured Android Phone?” Apparently, President Trump was tweeting from a Samsung Galaxy S3 which he has been attached to and did not want to upgrade. This version of Samsung’s Galaxy line was no longer receiving Android updates and was extremely susceptible to hacking. The article stated, “The device, likely a Samsung Galaxy S3, has such serious security problems that it’s probably “compromised by at least one—probably multiple—hostile foreign intelligence services and is actively being exploited,” More recently, it appears Trump’s tweets have been coming from an iPhone. His security team may have finally realized the security risk of his old Samsung device and forced the President to upgrade.

      Article Link:

      https://www.theatlantic.com/technology/archive/2017/03/trump-android-tweets/520869/?google_editors_picks=true

    • Linux Kali Installation Issue

      When I was installing the Kali into VM, it got frozen during the configuration part. I tried to reinstall it couple times. I keep getting the same problem. Has anyone got into the same issues like me or does anyone know possible solution to this? Thanks!

    • Did it give you any errors? Did you did a hard reboot on the VM when it froze and where was it frozen? Screen shots will probably help, if you can share a couple.

      • Hi Loi,

        I didn’t get any errors. The screen became blue and nothing then happened. I will take a screen shot of it when I get home tonight. Thanks!

      • Hi Loi,

        I re-download the file and reinstall it. And now it is working fine. Thanks for your advise!

        • That’s good to hear. Thanks for the update!

        • Did you run the sha256 check before you ran the installation from the ISO? Remember one of the main reasons for running the CRC check (SHA256) in this case is to make sure that none of the bits get messed-up in the download process. If you still have the old file run it on both to see if the numbers are different.

    • The questions was will the the Windows 7 computer maintain it’s GPO settings without the DC. The answer is Yes. There is a local cache of the GPO’s that are applied to the computer. It will us those local setting as the computer boots for both the user’s settings and those applied to the computer. If you make any GPO changes, you will need to make sure that the computer connects to the DC. There is a share on the DC that the computer reads the GPO’s and downloads them to a local store. There is a possibility for replication errors and delays in a large network, but not something for our lab environment to worry about. That last part was more of an FYI. If anyone has any questions please let me know.

      The other thing to check for are .dmp files on the drive. If your computer has crashed those file contain a memory dump. If there are several with machines that are 2 GB, that can add up fast.

    • Thanks for clearing that up. It makes sense, the article I posted had some details about that as well, but I thought it was only stored on the DC. Again thanks for clearing it up.

    • I think it was a good decision for him to upgrade to more secure phone due to the level of security threat that represented. However, I believe he could have stayed with Android if he wanted because there are secured Android phones out there as well. The list includes Google’s Nexus and Pixel phones, Samsung Galaxy S7, now S8 and S8+. These phones tend to run the latest Android version before all other ones. Also, Google and Samsung rolls out monthly security updates. BlackBerry, a reputable company when it comes to security, now produces good Android devices as well.

    • Thank you Seunghyun for sharing these recommendations with us. I was not aware of such attack going on and I can certainly use these advices to secure my gift cards. Is there anything hackers would not do nowadays simply to steal people’s money? I don’t think so. Perhaps it is time to switch to an alternative form of monetary system because most hacking attacks have one thing in common, the desire to steal money. The world needs a more secure monetary system, maybe.

    • The dilemma of privacy over security or whether the government should spy on average citizens is an ever-ending debate. Yes, people shouldn’t still be surprised by these anymore. Mobile computing and cameras become ubiquitous, so I find the same level of privacy hard to believe. The only thing I wish is to enact a clear law that explains what the government is/can be and isn’t/can’t be done.

  • Wanted to take a little time to remind everyone about the 5 points of extra credit.  A couple have asked and one has completed the work for the extra credit points.

    In the news was an interesting week, but al […]

    • I found an interesting article and thought I should share as it relate to some of the topics we discussed in class.

      An Israeli security researcher, Alexander Korznikov, recently demonstrated that a local privileged user can hijack the session of any logged-in Windows users without a password. The exploitation requires physical access to the machine, but a user can also do it remotely.

      I actually tried it out in our lab environment and it works. The only thing that catches me is that the user doing the hacking also needs local admin privileges to execute the commands in the command prompt. The only thing that I can think that this can be used for is helpdesk people accessing information that they’re are not supposed to.

      I’m pretty sure this violates the Tier structure as local administrator are able to privelged information for people the support.

      http://thehackernews.com/2017/03/hack-windows-user-account.html

    • I forgot to mention that there’s also a demonstration of this being doing attached with the article.

    • Acronym Malware
      http://www.securityweek.com/new-acronym-malware-possibly-linked-potao

      The Acronym malware is supposedly of Russian origin and used to attack high-value targets. It has been around since 2011 but in 2015 it was studied and analyzed seeing how it attacks at the modular level. The way it does this is by connecting to the command and control based on a debugging string and URL, the dropped attacks the wmpnetwk.exe Windows process and replaces it with the malware code. Whenever this process runs, it spreads to the Registry and Task Scheduler where it is constantly running. It can access the system and use the plug-ins in the affected system, take screenshots and taking any information it can from the system it inhabits to send it back to the controllers. When a system is affected with the Acronym malware, IT won’t find DLL files, decoy documents or any process injections.

      • This sounds like a clever and difficult-to-detect method of attack. I may add that the Acronym Malware is dangerous too with the capability to spread straight to the Registry and Task Scheduler. Many companies use the Registry as the basis to control users’ security profiles. Also, others rely on Task Scheduler to run production environment daily. Imagine hackers are controlling the Registry and Task Scheduler of an organization that has no clue of what is going on.

    • This technique has the potential to enhance internal spy. It also proves why a company’s employee should always be considered as the number one threat. Who knows how long this methodology had been in use and linked to recent scandals pertaining to IT security. Interesting article as always Loi.

  • Good Afternoon,

    Wanted to take a couple minutes to re-cap about the main topics from last weeks class.  Firewalls – a way to protect what and who (in terms of computers) can connect to our operating systems. […]

    • Thanks for the video professor. The videos were easy to follow, unfortunately I was unable to figure out a way to get the extra credit… How much time do we have to figure it out?

      On a different note: I found this article on Krebsonsecurity that I thought was interesting. We’ve all heard of ransomware and the emerging ransomware-as-a-service market. Krebs provided a short article along with a marketing video for a RaaS called Philadelphia. Disclosure: Krebs is not marketing or soliciting the use of RaaS, just showing the blatant disregards to laws that these criminals have. No longer do you need to be a hacker or IT expert to become a cyber criminal, all you need is $400 bucks and a user-friendly product.

      Ransomware for Dummies: Anyone Can Do It

    • Mathematicians battle cyber threats of quantum computing
      http://www.homelandsecuritynewswire.com/dr20170307-mathematician-explains-how-to-defend-against-quantum-computing-attacks

      Nathan Hamlin and his colleague, William Webb, created the Generalized Knapsack code in 2015 that goes beyond binary and the 10s computing that computers use today. Because technology is increasingly becoming more advanced and cyber threats will also become advanced. Quantum computing will break through any defenses in a blink of an eye and Hamlin figured by disguising data with number strings, making it harder to break through defenses. It looks like this could be the next tool to learn and adapt in the cyber security world.

      • The Generalized Knapsack code is in fact a very interesting idea in the cybersecurity world. However, the one matter I’m concerned about around this idea is what if hackers start using the same technology to deliver stiffer attacks. Remember you mentioned that, “Quantum computing will break through any defenses in a blink of an eye and Hamlin figured by disguising data with number strings, making it harder to break through defenses.” Therefore, won’t it also be close to impossible to combat them in this case? It is best to perceive this in all possible perspectives. This can be the key to help develop it better. Excellent article Neil.

    • Cisco terminating Intercloud service in 2017

      Source: https://thestack.com/cloud/2016/12/16/cisco-terminating-intercloud-service-2017/

      I found an article about Cisco dropping its cloud service. The subject is not directly related to this week’s topics; however, I though it is a quite big news to share with everyone. Cisco has been tried to compete with two giant cloud service companies: Amazon, AWS, and Microsoft, Azure. They have been investing a ton of money to their cloud services. But Cisco decides that they are not able to continue investing multi-billion dollars to just keep up with the competitors. There are more details in the article. Hope you find the article interesting as well.

    • WikiLeaks: We’ll Work With Software Makers on Zero-Days

      WikiLeaks: We’ll Work With Software Makers on Zero-Days

      Earlier this week Wikileaks published the largest ever dump of confidential CIA data on it’s site. This publication contained details on how the CIA hacks a number of consumer products including iPhones, Android devices etc. A very polarizing subject to say the least, Wikileaks fortunately didn’t publish the technical aspects of the vulnerabilities. Instead they have pledged to give manufactures exclusive access to this information in an effort to fix the them.

    • This is not good news at all for the general consumers. Less competition or market monopoly tends to benefit big players only, Amazon’s AWS and Microsoft’s Azure in this case. It’s unfortunate Cisco doesn’t have financial backup to continue its cloud service. Also, such move will discourage new market entrants. Time for Google, Apple, Dropbox, Box etc. to step up their game in this area. I believe Google can muscle itself in if they ever decide to do so. Thanks for the article.

    • It should be an interesting process “working” with WikiLeaks I presume. I respect the fact that WikiLeaks not only wants to play the whistle blower role, but also trying to be an important part of the solution. This is something I guess that partly defines the authenticity of their claims.

  • Good evening,

    I just wanted to continue with the conversation we started at the start of Thursday nights class.  We talked about the SMB 3.0 vulnerability in Windows 8.1 systems, Windows 10 systems as well as […]

    • Russian security company to compete with Microsoft via new OS

      Kaspersky has launched its own operating system which is built from scratch, designed to offer tight security to Internet of Things devices and industrial control systems.
      KasperskyOS has apparently been some 14 years in the making, and chief executive Eugene Kaspersky elaborated on the platform in a blog post in which he clarified that this effort isn’t based on Linux, but was built completely from the ground up by the security firm itself.He explained that this is an OS which is only capable of doing what it’s instructed to do, and can’t execute anything else – a feat not possible with a ‘traditional’ operating system like Windows or Linux

      http://www.techradar.com/news/russian-security-company-to-compete-with-microsoft-via-new-os

    • Professor,

      Thank you for posting the article from KrebsOnSecurity about the Arby’s data breach. We are constantly seeing Point-of-Sales systems being under attack by hackers. As consumers, whose spending power is typically associated with plastic, I think it is important for us to protect ourselves where these organizations fail. As it has been made abundantly clear, anything stored in a digital format can be compromised. So we need to protect ourselves and limit our attack surface. Some things that I have started to do over the years, which is also written in the article, is used credit cards instead of debit. The better choice is obviously cash, but if you must use plastic than use a credit card. Fraudulent claims are settled quicker on credit cards than debit cards. Setting spending limits and alerts on you cards is also useful. Some even let you set borders on where you can spend. You should take advantage of these features to better protect yourself.

    • What does it mean about “as well as server equivalents of those platforms”?

      Since the initial release of Windows NT, Microsoft has released Windows in workstation & server pairs, ie Windows 8 & Windows Server 2012, Windows 8.1 & Windows Server 2012 R2, Windows 10 & Windows Server 2016, etc. This concurrent release model allows Microsoft to keep a uniform feature set across all Windows systems. If an organization was running their AD with Server 2008 but all their workstations were running Windows 10, they would have a feature mismatch in a number of areas. Most notably, Group Policy.

    • Very interesting article Vaibhav,

      Making a device do only what its suppose to do sounds like a challenge in and of itself, but I won’t quite give it the thumbs up just yet. Well at least not until it is fully tested and “hacked” by people outside of the organization. Anything can be claimed as 100% secure, like Apple IoS, to me it just simply means no exploit has been found yet. But I do like where Kaspersky Lab is going.

    • What does it mean about “as well as server equivalents of those platforms.”?

      Microsoft Windows Server 2008 is a platform as well as operating systems. The code used to build Server 2008 and shared with other Windows operating systems makes it a platform. At Server 2008 time of release, it shared the same platform as Windows Vista. Currently Microsoft has a new platform, which both Windows 10 and Server 2016 share. So in a nutshell depending on the OS being used an equivalent server is one that uses the same code/architecture as the Windows operating system being used on the workstations.

    • After reading the article titled “February Updates from Adobe, Microsoft” from this week’s in-the-news, it has become more important that we start moving away from Adobe Flash, and start moving more towards html5 to display website content. Flash player has been the source of many vulnerabilities in recent years that has allowed hackers to crash systems. Adobe recently released a patch to fix 13 flaws in the latest version 24.0.0.221. It is important that if you have flash running on your machine, that you check for updates, and update as soon as possible. There patches generally fix vulnerabilities and performance issues. More and more security firms are recommending moving away from Flash completely and moving toward html5. On an article I found from The Verge, is discusses how Google will remove Flash Players content from Chrome. The article can be found here: http://www.theverge.com/2016/12/9/13903878/google-chrome-block-flash-html5 .

    • Loi has a valuable point. We won’t know how secure this new OS will be until the complete version is released and fully tested. I guess all “records” are made to be broken, aren’t they? We shall see how much of an exception KasperskyOS will be in this case. Claiming this alone will make the challenge tougher for KasperskyOS to live up to expectations. We all dream one day to have an OS as such, but I find this hard to believe that this will become a reality.

    • I don’t think the result of these numbers is alarming. In fact, this should be considered disastrous given the fact how much money is being spent on IT security. Something is either not being consistent or being done wrong. Who knows what is really going on after pen-testers left? Do organizations go back to routine business practices by ignoring recommendations? what about new partnerships being formed, new laws and regulations, how secured are the new/old third parties? A lot of questions will need to be answered to make things better.

    • I started paying close attention to Adobe’s flash technology ever since Steve Jobs took the decision to eliminate it from the Mac OS platform. I was wondering why would Apple take such a drastic decision against flash player. Many years later, it turns out that Steve was right because we’re still talking about the same old flash vulnerabilities, how unsafe it is and should be replaced with Html5. Adobe owes consumers more than releasing patch fixes every now and then to resolve the flash problem.

  • Good Morning,

    Wanted to share some observations from class.  We had a couple of issues while using the switches in-class.

    A couple of students were not able to link to each other systems; we found that […]

    • I ran into a minor issue regarding GPO settings.
      After created my GPOs I realized that i was not linking my GPO’s to a specific OU..silly mistake, but it happened.

    • One of the things my group found out when trying to connect the server and Windows 7 together was that it sometimes took it offline and we had to re-configure the DNS settings whenever we used temple’s wireless network.

      • Neil, I’m not surprised at all. Running or trying to configure things using Temple’s network will cause you to run into unusual issues like this one. If possible, I would suggest you and your group to work on these using either your home network or another secured one. I hope everything works fine for you now.

    • Please stop charging your phone in public ports

      Let me start with Selena Larson’s (a CNN tech reporter) opening idea of this article,
      “I know the feeling: Your battery is low, but you have to keep tweeting. You see a USB port or an outlet in public, plug in your device and feel the sweet relief of your phone charging.”

      It is explained in the article that if a port is compromised, there’s no limit to what information a hacker could steal. Security researchers call “Juice jacking” a method hacker utilized to steal mobile devices’ information such as: email, text messages, photos and so forth via a loaded charging station. I believe this is the case of a lot of people out there, especially when travelling. To a surprise, even I.T. security professionals.

      One of the best ways to avoid being hacked via a public charging station is to use your own portable USB battery pack. Other good suggestions can also be found in the article below.

      http://money.cnn.com/2017/02/15/technology/public-ports-charging-bad-stop/

    • I would say this bill represents a partial win for the American people because no one really knows what it entails in its entirety. What was given up in exchange of passing this bill? To what extent big companies compromised to accept this bill? Was there any requirement to design back doors? I would not call this a win for American consumers yet, but it is no doubt that things have gotten better.

  • Andrew Szajlai posted a new activity comment 2 months, 1 week ago

    Thank you for creating this step-by-step. When I create the video I forgot to rename my server to something I could type. Based on the steps above a good part of the start of the video is how to troubleshoot DNS with a domain controller. I will talk about this in-class to help what the video is showing.

    I was trying to show the steps if you…[Read more]

  • Good Evening,

    Wanted to recap on the conversation about teams.  Can everyone appoint a team captain, this individual will send me the team members and be the one that is uploading the content to their OWLBox […]

    • I found the “Add Workstation to domain.mp4” a little challenging to follow. If you are having trouble following the video, here are some quick tips that I did and was still able to add the Workstation to the domain. Let me know if it helps.

      If you start the video around 11:40, you we see these screenshots.

      1. Record the IPv4 of Windows Server 2008
      2. Open Windows 7 Workstation
      3. Go to Control Panel –> Network and Internet –> Network and Sharing Center
      4. Select Change Adapter Settings (left hand navigation pane)
      5. Right-click on Local Area Connection and Select Properties
      6. Select Internet Protocol Version 4
      7. Click Properties
      8. Select Use the following DNS Server Address
      9. Input Windows Server 2008 IPv4 Address
      10. Go Back to Control Panel –> System and Security –> System
      11. Under Computer name, Domain, and Workgroup Settings –> Select Change Settings
      12. Under Computer name tab, Select Change
      13. Select Domain and type in your domain name.

      This worked without having to add the Inbound Firewall Rules. Don’t know if that is necessary for this class, but you can add it later if you wish.

    • Thank you soooo much!!! I video was very hard to follow…

    • After I following how to create a Group Policy video. I got the following error message after following all the steps.

      “Resource ‘$(string.Advanced_EnableSSL3Fallback)’ referenced in attribute displayName could not be found. File C:WindowsPolicyDefinitionsinetres.admx, line 795, column 308”

      Has anyone had this error message.
      I am going to go through the video one more time to see if I missed anything.

    • Is anyone still looking for a team? Let me know.

    • Thank you Loi, that is very helpful!!

    • Thank you for creating this step-by-step. When I create the video I forgot to rename my server to something I could type. Based on the steps above a good part of the start of the video is how to troubleshoot DNS with a domain controller. I will talk about this in-class to help what the video is showing.

      I was trying to show the steps if you ran into DNS issues, but I’m guessing most will not see DNS issues. I’ll split the video into two based on what is above. If anyone has any questions please let me know.

    • Hi Sheena,

      Were you able to figure this out?

      • Yes. I’ll Post the procedures in a moment.

      • To correct your GPO editor problems perform the following:

        1. Download and install the windows 8.1/2012 r2 GPO administrative Templates from Microsoft. see below

        https://www.microsoft.com/en-us/download/details.aspx?id=41193

        2. Once you download it to the desktop of your Domain Controller then you need to right click and install it.

        3. Once installed, the new templates are placed in the following folder of the Domain Controller

        C:Program Files (x86)Microsoft Group PolicyWindows 8.1-Windows Server 2012 R2PolicyDefinitions

        4. This folder needs to be copied to your windows folder on the Domain Controller. To do this rename the existing outdated Policy folder to PolicyDefinitions.old

        Therefore the following folder:

        C:WindowsPolicyDefinitions

        on the domain controller becomes …

        C:WindowsPolicyDefinitions.old

        5. Then copy the new PolicyDefinitions folder to C:Windows so that you will now have a new C:WindowsPolicyDefinitions folder

        6. Repeat this process on your Windows 7 workstation as well.

    • Loi,
      Thanks for putting this together. This was extremely helpful for me.

      Sach

    • sure!!!

      🙂

    • Thanks for sharing this. I’d never heard of Signal prior to this and I’ll give it a try.

    • Thank you a lot. I was not aware of this platform at all. It is full of interesting articles that cater to Cyber Security. This is definitely a must visit platform for all IT security professionals on a weekly basis.

    • I completed these steps and they worked perfectly for me. Thanks again Loi.

  • Good Morning,

    Wanted to recap on the conversation we had this week.  The main topic was on ACL’s (Access Control Lists).  How to use them on what they protect: Files, Shares, Registry, Services, AD O […]

    • For this week’s in-the-news article, I decided to read “ATM ‘Shimmers’ Target Chip-Based Cards”. This article focused on a new cyber-security trend called “shimming”, which focuses on chip-based credit and debit cards. Shimming attacks are not considered new, but are becoming increasingly more popular and chi-based cards are becoming the standard in the United States. Shimming attacks differ from skimming attacks because skimming attacks targeted the magnetic strip on the back of the card, which stored the data in plain text. “A shimmer, on the other hand, is so named because it acts a shim that sits between the chip on the card and the chip reader in the ATM or point-of-sale device — recording the data on the chip as it is read by the underlying machine.” The information from shimming cannot be used to create another chip-based card, but can be used to replicate a magnetic strip on a card. This is useful because not all credit card machines have the chip insert yet. With skimmers and shimmers being so stealthy, there is no real way to know if the ATM you are using is compromised. In reality, the article explains that you have a better chance of getting mugged after withdrawing from an ATM, than actually encountering one of these devices. Some security recommendations to prevent against your PIN and card information being stolen is to cover the PIN pad while you are entering your PIN number. Also, you should use ATMs that are physically installed in a bank, there are more cameras present and a thief is less-likely to hack one of these types of ATMs. The article also recommends, “Be especially vigilant when withdrawing cash on the weekends; thieves tend to install skimming devices on a weekend — when they know the bank won’t be open again for more than 24 hours.” Lastly, the best way to stop fraud, check you statements and dispute unauthorized charges. Similar to logs on a computer, bank statements allow you to see when and where your card was used. If you do not monitor your statements, small increments of cash will be taken out without you noticing, until one day, a big purchase is made, and you will have to prove fraud to get your money back.

      • Shain, good summary.

        The point you end with is perhaps the most important, in my opinion. Fraudulent charges, identity theft, credit rating changes can all be mitigated by regularly checking your financial accounts. One of the more “boring” chores I do for my family is track spending so we can maintain a budget. There’s a certain comfort in tracking every cent that comes in and out of my household, and if something crazy pops up on the credit report, we can take action on it right away.

      • Shain, that was a great post full of excellent recommendations against “shimming.” I was not aware of this sort of cybersecurity trend at all. Yes, I monitored my bank statements and shimming probably explains the reason purchases I did not make applied to my account on several occasions. I recently saw a short documentary online about tricks thieves are using to steal people’s money right from the ATMs. For example, one of them was the thief to cover the area where debit/credit cards are inserted with a mimic shape and color object and sit around, watching people using the ATM in question. Afterwards, the thief pretends to use this same ATM to remove the “look-a-like” object that has been collecting cards’ information every time one was inserted through the machine. That was amazingly sad to watch.

    • Andres Galarza and I are on team, Please let us know if you want to be on our team.

    • Figured it out. Downloaded wrong ISO. Attention to detail 🙁

    • I recently found a interesting news article to share “Windows SMB 0-Day Exposes Systems to Attacks”

      A 0-day memory corruption vulnerability discovered in the SMB (Server Message Block) protocol can be exploited to cause denial of service or potentially execute arbitrary code on a vulnerable system.
      According to the United States Computer Emergency Readiness Team (US-CERT), which has already published an advisory on the matter, the bug resides in the manner in which Windows handles SMB traffic and can be exploited by remote, unauthenticated attackers for nefarious purposes.

      SMB (one of its versions was also known as Common Internet File System, or CIFS), operates as an application-layer network protocol designed to allow machines to access files, printers, serial ports, and miscellaneous communications between nodes on a local network, while also offering an authenticated inter-process communication mechanism.
      According to US-CERT, the Windows platform fails to properly handle a server response containing too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. Thus, when a vulnerable Windows client system connects to a malicious SMB server, it can crash (Black Screen of Death or BSOD) in mrxsmb20.sys.

      The advisory also notes that the vulnerability has been already confirmed as being exploitable in denial of service attacks, but that it’s not clear whether it could be exploited further. By exploiting the vulnerability, an attacker might also be able to execute arbitrary code with Windows kernel privileges, US-CERT warns.With exploit code for the vulnerability already publicly available but no practical solution to this problem known at this time, suggested workarounds include blocking outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN.

      http://www.securityweek.com/windows-smb-0-day-exposes-systems-attacks

    • Vaibhav, this is another good example of what we’re talking about in class: closing ports and services that are not needed in order to harden the system.

    • Found a quirky little article describing what a “sockpuppet” is.

      ‘An Internet sockpuppet, according to Google, is “a false online identity, typically created by a person or group in order to promote their own opinions or views.”’

      I’m always interesting in the vocabulary I see floating around to describe ideas in the field of cybersecurity.

      Noun: Sockpuppet

    • The article references twitter; It’s amazing to scroll through the replies on a famous person’s tweets and see some very obvious sock puppets. Especially if that person is a politician or posting political messages.
      Recently Twitter did alter its algorithm to be less friendly to sock puppets and bots, making their replies less predominate in the conversation,

    • ATM ‘Shimmers’ Target Chip-Based Cards

      This article was really good.
      “Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards.”
      I thought banks moved towards chip-based cards for security reasons?? Why would banks give us these chip-based cards knowing this vulnerability can be exploited??
      I like that the article gives steps on how to minimize the success of shimmer attacks.

      The comments were informative as well. Nice Article.

    • Me and Sach are on a team, we just need 2 more people.

    • I was talking to someone the other day in the industry and they mentioned that this was an issue for their company as well. It caught them off guard so they had to bring in some outside help to make sure they were safe. 0-days are the nightmare of security teams everywhere.

    • Card scamming is not a new technique to exploit victims’ information, According to the article ‘ATM ‘Shimmers’ Target Chip-Based Cards,’ the scammers have found the ways to attack the recent changes in credit/debit card security. The attackers utilized the card shimming tactics to take advantage of card holders’ information assets. The card shimming can be considered as similar to an MITM, Man-in-the-Middle Attack. The skimmers install shimming devices in the chip reader of the ATMs/POS system. When a card holder inserts their chip-card into the compromised chip reader, it records the data that flows between the chip and reader.

    • This is the truth that the zero day vulnerabilities are more dangerous as it reveals security hole that is unknown to vendor .But despite the vulnerability known publicly there are no signs of practical solution to it coming down that could be more encouraging for hackers

    • Anyone still looking for a team? Comment below!!

    • Applying group policies to block unused/unnecessary ports can do wonders in terms of enhancing a network security systems. I’m sure doing that will protect a network against vulnerabilities that systems engineers will probably never be aware of. I am curious to learn how Microsoft will successfully address this security concerns. Thank you for the article.

    • Sockpuppet represents of the tools unverified sources use to promote “fake news.” I’m glad to see Twitter is doing something about it in an effort to reduce “sockpuppet”‘s effectiveness. Funny name, but full of potentials to cause damaging impacts.

  • Here is a quick video on how to add a linked folder to the guest OS from the Host OS.  If you have any questions please let me know.

    The example adds and removes a new folder, but I already have one linked […]

  • I have posted a new page with a video. I’m thinking it has to do with adding a linked folder. I’ll add that to my review when we start class as well.

  • Andrew Szajlai posted a new activity comment 2 months, 3 weeks ago

    Did you set the execution policy? It also sounds like the linked directory might not have been created. The script is assuming that there is a z: drive, which is the first drive that is created when using linked folders from the VMWare environment. Please let me know if you liked it, but are getting a different drive letter for linked…[Read more]

  • Good Morning,

    I enjoyed our in-class conversations about different devices and how we need to secure them.  I hope the take-away was that “we need to secure our operating system…for the following ________”; w […]

    • The only issue that I really had was Windows 7 was not installing the updates. After some research I found that you had to have license before you can install the updates. Of course I’ve tried to update it without the license, but after reviewing the WindowsUpdate.log, all the download attempts failed. So I used the license provided with the download on Windows 7 and it updated without a hitch.

      Another thing that I tried is cloning the already patched Windows 7 and creating a VM on inside the Window 7 VM that I just created, the performance dramatically decreased. The original setting for the “host” Windows 7 had 4 Core, 4098 memory. The guest Windows 7 had 2 Core, and 2048. I wasn’t running any updates, just normal navigation was very laggy. Any suggestions on the best type of setting to have a more reasonable performance?

    • My main issue was that I thought assignment 1 was the kali linux installation and when I downloaded the files it was already a VM instance set up and not an ISO to install. If anyone has trouble with the ISOs you can use daemon tools lite to mount them (virtual way of putting a virtual disk into a virtual cd/dvd drive). I also goofed because I thought that I wasn’t able to see the windows server files on the download website, but I was only on the “popular” tab and didn’t click all. The Win 7 easy install process was new to me, I had experience with VirtualBox where I was writing a DOS command wrapper for it using PowerShell, but you still would have to go through the whole “typical” windows install procedure; as far as partitioning disk space, etc.

      Unrelated, but to speak on I forget who, but someone’s point during class that it should fall on the developer to secure their software before it ships. And the professor stated something very true that they fall under deadlines where wanted functionality gets skipped. I wanted to add that during undergrad in learning programming we didn’t ever touch on defensive programming. In the United States Temple is 112th in Computer Science, in looking online the top 10 schools such as a Carnegie Melon etc, do actually teach defensive programming during their programming courses. I wanted to note there could be a third layer to this point, that a large population of developers may not actually have had experience creating secure systems.

    • Sorry, this wasn’t suppose to be in reply to your post, but while we’re here. I’ve experienced the same issue as you where Windows Update is disabled if Windows isn’t said to be “genuine.” In my experience back when Win 7 was the main OS, there were several “master” product keys that may have temporarily worked to get around the issue. For you performance issue, I would suggest just trying to allocate more resources, specifically processing cores. What’s the specs of your actual physical computer, compared to the first VM instance you created? If I’m reading it right it looks like you cut resources in half from your first VM instance to it’s clone after you did the updates?

    • Kali is kind of goofy, yes you can run it “Live,” as in run from CD or actually install it from the start up screen. Installing it will allow you in install VMWare tools to enable windows sizing and enhanced keyboard. Without installing it, especially if you have a HiDPI monitor, you will probably run into trouble with configuring display and getting it to fit on your screen. There’s an application called ‘Display’ that would let you resize, but you’ll have to do it every time you restart,

    • While patching the windows & I came across a error with code 8007000E which had a error message”Windows could not search for more updates “.This error will prompt out even on clicking try again and will interrupt your patching completely.After a liitle google search I came across the solution which worked out-
      Steps to resolve
      Manually stop the windows update service
      Download and Install KB3102810 update.
      Start the windows update service
      Resstart the computer.

    • I had a similar issue; My updates stopped and would not continue. Simply restarting the computer and re-opening the update service fixed it and allowed all updates to install.

    • The issue I am having is not being able to install the ISO of Windows 7 and when I try to configure the VMware to save it to my portable hard drive, it says there’s a file missing and the VMware is unable to be installed on my machine as well. I deleted all the files and started from scratch but same issue. Unsure of what to do.

      • Neil,

        You shouldn’t need to transfer the ISO to a portable HD in order to install it on Workstation/Fusion.

        In Workstation, when I began the process of installing an image of Windows 7, I was able to select the ISO file directly from the folder I downloaded it to via the “free software” Temple store we were told to use.

    • Loi
      I feel this lot depends on physical specifications of system
      If in the quad core system the user utilizes the dual core for Guest Operating system lagging may occur,Its like less no of core and more process the energy drawn will be more which will result in lagging.Applications threads run simultaneously in the cores .I feel you can give a try running less application on your host operating system

    • The issue I am having is that I keep getting error when I run the scripts in PowerShell. I followed the steps the professor presented in his video and used the scripts downloaded from our community sites. Does anyone have a similar issue with me or have a solution to address this issue?

      • Yeah, I had the same issue. But since it was another way to do Tail, I didn’t bother trying to troubleshoot. I will probably take another look at it this week. I will provide an update if I come up with anything.

    • Well, I figured out a temporary fix for this:
      1. You need to create a folder in C:/Users/Public/Temple on your Guest VM.

      2. Run the _setup.bat, which basically copies the file from the Windows_Linked folder into the directory you’ve just created. It is intended to create a shortcut of the Tail_windowsupdate.ps1 file onto your desktop.

      3. Navigate to C:/Users/Public/Temple/PS_WU_Setup

      4. Create a shortcut of Tail_Windows_Update.ps1

      5. Move the shortcut to your desktop. If you try to double click it now, you’ll just get a text file with the script.

      6. Right click on the shortcut on your desktop and select “Properties”

      7. Change the target to : powershell.exe -command “& ‘C:UsersPublicTemplePS_WU_SetupTail_WindowsUpdate.ps1′”

      8. This will execute the shortcut in powershell instead of notepad when double-clicked.

      Let me know if this helps.

    • This was meant to be a reply to Seunghyun (Daniel) Min’s problem.

      • Hey Loi,

        Thank you very much. I will try your suggestions today and let you know how it goes.

      • Hi Loi,

        I tried your suggestions but unfortunately, it didn’t work. The issues I was having was:

        1) When I ran the _setup.bat, it creates a shortcut of the Tail_windowsupdate.ps1 right below to the PS_WU_Setup folder, which I downloaded from the community site, instead of creating it on the desktop.

        2) And after I changed the target of the shortcut created, the text file, to the PowerShell command that you told me, when I opened the file, it got closed right away.

    • Hey Vaibhav, thanks for the response. Figured out that I was running a copy of the VM from the host machine instead of copying it into the Windows 7 Machine. What I mean by this is, the files containing VM was shared from my host, instead of it being on the VM that was running another instance of VMware.

    • Ah ok, I will try that and see if it helps. The one issue that is coming up now is the “Workstation does not support downgrades.” Did you get the option to upgrade it as well?

    • With reference to article of ransom-ware demanded in the bargain of returning the database files which have been compromised.I have got the firm believe after reading the article that even after paying off the money the organization is not assured to get back the database files.There is no mode to track down if the ransomware has been paid to the right person .There is a preventive solution to avoid such cases is keeping a backup of the database server.

      • As you mentioned above, a disciplinary backup strategy is the fundamental solution against ransom-ware. This is a situation that raises a lot of concerns because not only companies have to worry about ransom-ware, but also must they ensure the money goes to the “appropriate” party. This is escalating to a new different level.

    • Did you set the execution policy? It also sounds like the linked directory might not have been created. The script is assuming that there is a z: drive, which is the first drive that is created when using linked folders from the VMWare environment. Please let me know if you liked it, but are getting a different drive letter for linked directories. On Fusion that is what I am getting.

    • Yes, I did set the execution policy. I don’t think I have created a z: drive. Is it possible you can show me how to do it before the class tomorrow? Thanks!

      • I have posted a new page with a video. I’m thinking it has to do with adding a linked folder. I’ll add that to my review when we start class as well.

        • Thank you for the video! It worked now! Creating a z: drive was the key to resolving the issue.

          For PC users, make sure you check the ‘Map as a network drive in Windows guests’ when you creating a shared folder. If you don’t check it, it doesn’t map your shared folder as a z; drive.

    • I am trying to do the installation on my work laptop that I am allowed to use for this class but seems to have issues in terms of downloading the .bat file. I think I am having the same issue that Neil had.

    • As far as completing the installation of Windows 7, I used VM Fusion on my Macbook. I did not have any problems installing the software or completing the Windows updates that followed. Since I am using a 256GB SSD on my host, I did run out of storage when applying the updates, so I had to clear storage from my host machine. The updates took several hours to complete. Upon completion, I took a snapshot of the machine in its current state with all of the updates. With Kali, I also had no issues with the setup. Since I did not have much to talk about with the first assignment, I looked at an in-the-news article for this week.

      For this week’s in-the-news article I decided to read “Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed”. This article discusses how tens of thousands of personal and proprietary databases were wiped from the internet, and replaced with ransom notes that demanded a payment for the return of the files. Unlike other ransomware, which encrypts data until the ransom is paid, these files were not even visible. The worst part about this ransomware was people who paid the ransom did not get their stuff back. Fraudsters were replacing each other’s ransom notes and people who paid, might have not paid to the correct person who had their files.
      This ransom attack occurred on an online database platform called MongoDB. Thousands of organizations use this database, but it apparently was easy to misconfigure and many databases were exposed online. If the DB was installed with default settings, MongoDB allows anyone to browse, download, write over, or even delete databases. KrebsonSecurity has featured several stories over the years about how companies are misconfiguring their MongoDB instances and leaving their DBs openly accessible. Currently, a site Shodan shows that there are over 52,000 publicly accessible MongoDB databases.
      Overall, it is not safe for organizations to be using MongoDB. There are new vulnerabilities discovered about MonogoDB weekly. Another important piece of information to take from this article is to never run a default configuration when configuring a database, especially if it contains valuable organizational information. Another discovery from this article is that MongoDB should do a better job of informing customers that doing a standard configuration puts your database at risk. With all of these organizations going with standard configurations, I can’t imagine there is much warning coming from MongoDB’s end. Companies that are running a DB on MongoDB clearly do not follow best IT practices. A security assessment should be done prior to configuring any live DB on a third-party host. Second, back-ups of the DB should be made daily in the event their data is deleted or over-written. Lastly, organization should have a DRP in place, in the event something happened to the site, etc., that they could get their data back up and running. Many more faults can most likely be found from organization’s practices, but these are just a few critical ones I discovered from reading this article.

    • My problem is I was unable to see the command that professor was using in the 2nd video, so I could not update my windows 7. I tried cd xwindirx which I thought was correct. It tells me the system cannot find the path specified. Can anyone help me with the code here? Thanks!

    • Hi Loi,
      I had the same issues as well…but I thought I installed the Product Key when I initially installed the Windows 7. Now i went activate windows and entered the product key and they are saying product key will not work with this edition of windows. I am using the same product key I was given. smh…

    • Top 10 companies hiring cybersecurity professionals

      I was browsing top cybersecurity news for this week and I came across this article that I believe could be meaningful for a lot of you. Especially for those who are about to graduate this coming August. Alison DeNisco, a Tech Republic writer, conducted a research to reveal the top-rated organizations currently hiring cybersecurity professionals.

      Among the group are Apple, Lockheed Martin, Intel and surprisingly several more interesting ones. Alison shared an important statistic revealing that “The US faces a 33% skills shortage for crucial security roles…” Conversely, this gab is shrinking as job seekers in cybersecurity roles rose from 60% in 2014 to 67% today. Let’s hope the trend keep gearing up as these are important positions the U.S. and several other countries need more than ever.

      You may access the full article via the link below.
      http://www.techrepublic.com/article/top-10-companies-hiring-cybersecurity-professionals/

    • Thank you Loi. I came across a similar issue and your step-by-step process enabled me to resolve it.

  • Group,

    I have updated the weekly schedule to include the links to the reading.  I thought that the PDF also allowed for the Hot-Links to work, but it does not.  You can find the reading links for each f […]

  • Load More
Skip to toolbar