MIS 5212-Advanced Penetration Testing

MIS 5212 - Section 001 - Wade Mackey

Fox School of Business

Archives for March 19, 2018

Warning – 3 Popular VPN Services Are Leaking Your IP Address

by Leave a Comment

Warning – 3 Popular VPN Services Are Leaking Your IP Address

https://thehackernews.com/2018/03/vpn-leak-ip-address.html

 

 

A team of security researchers discovered vulnerable flaws with three VPN service providers that could compromise user privacy. The three service providers; HotSpot Shield, PureVPN, and Zenmate   have millions of customers worldwide.  One of the providers, PureVPN had previously been caught lying about not logging its customers traffic when it was reveiled that they had provided the FBI with logs that lead to the arrest of a man in a cyberstalking case.

The research team discovered after running a series of privacy tests that all three VPN services were leaking their user’s real IP address.

The exact issues in ZenMate and PureVPN were not disclosed because they have not been patched yet.

Three separate vulnerabilities were discovered:

CVE-2018-7879 Hijack all traffic:      Allows remote hackers to potentially hijack and redirect victim web traffic to a malicious site.

CVE-2018-7878, DNS Leak:    Exposes the users original IP address to the DNS server, allowing ISP’s to monitor and record user activities.

CVE-2018-7880 Real IP Address Leak:      Allows hackers to track the users real location

Researchers believe that most other VPN services also suffer from similar issues.

Fresno State data breach, 15,000 affected!!

by Leave a Comment

Fresno State data breach, 15,000 affected!!

This article relates to the data breach of the California State University, Fresno. According to the article, “the personal information of more than 15,000 people” have been compromised. The information includes, “names, addresses, phone numbers, dates of birth, full or last four digits of Social Security numbers, credit-card numbers, driver’s license numbers, passport numbers, user names and passwords, health-insurance numbers, and personal health information.” The cause of the data beach is due to the stolen external hard drive. The university believes that the hard drive was stolen during the winter break.
Further, another article suggested, ‘School officials began contacting affected individuals on Tuesday. Free credit monitoring for one year will be offered to people whose Social Security number, financial account information or driver’s license number was exposed.”

https://www.scmagazine.com/fresno-state-data-breach-15000-affected/article/749459/
http://sanfrancisco.cbslocal.com/2018/03/06/fresno-state-university-data-breach-stolen-hard-drive/

​Memcached UDP Reflections Set New Record

by Leave a Comment

Massive 1.7Tbps DDoS reflection/amplification attack was conducted against one of its unnamed US-based customer’s website.

Attackers exploited vulnerability of many internet facing “Memcached” servers, open-source memory caching system, by sending a forged request to the targeted Memcached server on port 11211 using a spoofed IP address that matches the victim’s IP. Requests sent to memcached servers triggered tens of thousands of times bigger response against the targeted IP address, resulting in a powerful DDoS attack.

Read more at:
https://thehackernews.com/2018/03/ddos-attack-memcached.html