ITACS 5211: Introduction to Ethical Hacking

Wade Mackay

Ahmed A. Alkaysi

Putin brings China’s Great Firewall to Russia in cybersecurity pact

by 2 Comments

Russia has been trying to incorporate elements from China’s great Fire Wall. Due to “Yarovaya’s Law”, which requires Russia’s telecom companies to store users’ data for six months and metadata for three years, Russia has been pushed to seek China’s help. Russia wants Chinese technology, as it will provide them with handling vast amount of data, and due to sanctions against Russia, they cannot go to the West for help. China is willing to help them, sending high ranking officials to Russia to discuss this issue. This is a very interesting, as it shows Russia asking for help from one of the most censored countries in the world. Makes you think that Russia might be moving toward this path. I am also surprised that these two countries are working on cyber security related issues, many countries around the world would probably be too paranoid to discuss such matters.

Article: https://www.theguardian.com/world/2016/nov/29/putin-china-internet-great-firewall-russia-cybersecurity-pact

DoS technique lets a single laptop take down an enterprise firewall

by 1 Comment

A single laptop can take down high-bandwidth enterprise firewall by using an attack known as BlackNurse, which uses ICMP type 3 (destination unreachable) code 3 (port unreachable) packets. It would take between 40k-50k per second of these types of packets to overload the firewall. The bandwidth required to generate this type of attack requires only between 15Mbps and 18Mbps.

The attack causes high CPU loads which causes users from the LAN side to be unable to communicate with the internet. This attack was successfully tested using Cisco ASA firewalls in default settings. Firewalls from Palo Alto Networks, SonicWall, and Zyxel Comm. are also impacted, but only if settings are misconfigured.

In order to mitigate an attack like this would need ICMP Type 3 Code 3 on the WAN interface to be disabled. Enabling ICMP Flood in the firewall’s DoS protection profile can also mitigate this type of attack.

Article: http://www.csoonline.com/article/3141299/security/dos-technique-lets-a-single-laptop-take-down-an-enterprise-firewall.html

SQLi, XSS zero-days expose Belkin IoT devices, Android smartphones

by 1 Comment

Security researchers discovered a couple flaws in Belkin home devices and discussed it during last Friday’s Black Hat Europe conference. These were SQL injection and XSS vulnerabilities, the same ones we discussed last class. The SQL injection vulnerability ultimately led to root access being compromised for these devices. The XSS vulnerability allowed personal information, such as pictures of GPS locations, to a remote server. These issues are very concerning. As people start to connect their homes with these devices, this can be a serious safety issue. Belkin has since released firmwares to fix these vulnerabilities, but there needs to be more done in order to mitigate this. There is a lot more information in the article, definitely check it out.

Article: http://www.csoonline.com/article/3138935/security/sqli-xss-zero-days-expose-belkin-iot-devices-android-smartphones.html

Lost thumb drives bedevil US banking agency

by 2 Comments

A US bank regulator, now retired, who downloaded large amount of data on two thumb drives says that he lost them. The Office of the Comptroller of the Currency, which is part of the Department of Treasury, says that this is a “a major information security incident.” The specifics on the data lost hasn’t been disclosed, but it involved “controlled unclassified information, including privacy information.” The agency discovered this loss by conducting a review on all information downloaded to removable media back in September. This issue would have been avoided if there was a policy in place that restricting data to be downloaded to devices, like most companies are doing now.

 

Link to article: http://www.csoonline.com/article/3137005/security/lost-thumb-drives-bedevil-us-banking-agency.html

Twitter, Others Disrupted by DDoS Attack on Dyn DNS Service

by 1 Comment

There has been another recent wide-scale DDoS attack, this time against Dyn DNS service. This company provides DNS service to Twitter, Etsy, GitHub, Souncloud, PagerDuty, Spotify, Shopify, Airbnb, Intercom and Heroku. All the listed sites were affected. It looks like the DDoS attack was launched used IoT devices, which was similar to the attack on the Krebs site a month ago. I wonder if we will start seeing more of these attacks on DNS service providers, instead of specific websites.

Article: http://www.securityweek.com/twitter-others-disrupted-ddos-attack-dyn-dns-service

Aviation Officials Step Up Cybersecurity Checks of Older Messaging System

by 2 Comments

This article discusses the system, Acars, which is a decades old air-traffic messaging system, in need of a possible upgrade. Acars is used by airplanes to provide information on the status of aircraft components during flights. Although the information that is sent using Acars isn’t considered “safety critical”, Government and industry officials, as well as European safety regulators are worried about the possibility of vulnerabilities around this system. There hasn’t been any hacks aimed at the Acars system, but it seems like officials are worried that there might be vulnerabilities due to the lack of safeguards, which are available in newer networks (Acars system built in 1980).

It’s good to see officials take a pro-active step against cyber security, however, it’s also worrying that it doesn’t seem they know the exact vulnerabilities around this system. It looks like they are only trying to upgrade it because it is not “new” and from the 1980s. They need to do a better job at figuring out the vulnerabilities before blindly going in to upgrade to a newer system.

Article: http://www.wsj.com/articles/aviation-officials-step-up-cybersecurity-checks-of-older-messaging-system-1476556582

Spotify Falls Victim to Malvertising Attack

by 3 Comments

This article talks about how users of Spotify’s free service have noticed that many advertisements automatically open their web browser, without them clicking on the advertisement. These websites contain virus and malware, and can contaminate the device without the user taking any action in it. Not only are the users directed to malicious sites, but malware can automatically be downloaded from these sites in attacks known as “drive-by-attacks”. These “malvertising” campaigns are the results of scripts being hidden in advertisements, which does everything automatically. What worries me, a lot of times advertisements are not thoroughly screened before being accepted. It wouldn’t surprise me if we start seeing more of these types of attacks.

Link: http://www.securityweek.com/spotify-falls-victim-malvertising-attack

Cisco Forgets to Remove Testing Interface From Security Appliance

by 2 Comments

Cisco forgot to remove an internal testing interface from software releases for email security appliances. This vulnerability allows the attacker to gain full access to the affected device with root privileges. To remedy this, the user must reboot the device more than once, which would disable the vulnerable interface. Cisco has also released a patch for a couple of the device versions that have this problem.

It goes to show that a hacker doesn’t even need to do a lot of work in order to find vulnerabilities. Sometimes, they just fall into your lap. Reminds me of what the Professor was explaining during ‘scanning for vulnerabilities’ lectures, how sometimes devices have default (factory) user and passwords set so that a simple Nessus scan will display vulnerabilities.

link to the article: http://www.securityweek.com/cisco-forgets-remove-testing-interface-security-appliance