Powerpoint: burp-suite-presentation-Fecondo
Write-up: burp-suite-report-fecondo
ITACS 5211: Introduction to Ethical Hacking
Wade Mackay
Powerpoint: burp-suite-presentation-Fecondo
Write-up: burp-suite-report-fecondo
Researchers from Invicea Labs recently discovered two zero day vulnerabilities in Belkin’s home automation devices. These vulnerabilities were to SQL injection and cross site scripting. The devices utilize an app to allow users to control various internet of things devices in their home through one interface. However, using SQL injection, hackers can change or insert new rules into the database that the application uses in order to control the devices.
Hacker finds flaw in Gmail allowing anyone to hack any email account
Hacker finds flaw in Gmail allowing anyone to hack any email account
Google offers $20,000 bounties for any security vulnerabilities in its applications. The most recent cash-in of this program was to Ahmed Mehtab. Mehtab discovered that Google’s feature that allows users to link multiple email addresses together can expose the accounts to hijacking. If a user tries to link an account, but that account is deactivated, SMTP of the recipient is offline, the recipient email is invalid, or the recipient has blocked the sender, then Google’s verification email will fail and be sent to the sender. Now the user has wrongfully been granted a verification code and the email can be linked. Google has since paid Mehtab and addressed the issue, but its interesting to see that such a significant vulnerability slipped pass Google.
https://community.mis.temple.edu/itacs5211fall16/2016/11/05/3909/
paper: scanning-assignment
video: Video
Read article here
Increased social media usage means personal information is more exposed than ever before. Fraudsters can leverage this to enable better social engineering attacks. However, employees can protect themselves. First, if employees use strong passwords on their social media sites, the threat of social engineering attacks is reduced. Additionally, 60% of employee social media profiles are completely public meaning anyone can see their content. If employees make their accounts private the threat of social engineering is reduced even further. Other approaches that can help are making sure that employees are well educated about the risk of making their information private and the threat of social engineering. Finally, in order to provide employees with a safety net, companies should implement safeguards so that if employees do fall prey to social engineering it doesn’t lead to an organization wide data breach.
Socat, a more feature-rich version of netcat has a serious security flaw. The program uses the Diffie-Hellman method to establish a key, but it uses a non-prime parameter when it should use a prime. This flaw coupled with the relatively short nature of socat cryptography keys makes the encryption suspiciously easy to crack. There are theories that the non-prime was deliberately built in as a backdoor. The primary suspect is a guy named Zhigang Wang. The article also mentions a backdoor in NetScreen Firewalls that allowed the coders who made the program to be able to access data encrypted by VPN.
Both of these stories drive home the ‘nothing is ever really secure’ argument. Also, the idea of back doors is something to consider. If the programmers who make your privacy applications have nefarious intentions, your data is not safe. However, the flaw being identified so quickly drives home a point that we were learning about in 5209 which was that open source is better than proprietary programs when it comes to encryption because weaknesses are often found more quickly due to the variety of eyes scrutinizing the code.
Read the article here
The article is about Tor not being as anonymous as many think. Tor users can be identified through Tor’s use of DNS or by deploying a Tor sniffer at ‘internet scale.’ The article gets more in depth about how DNS requests aren’t encrypted. Defec Tor are attacks that exploit the DNS requests lack of encryption. If these attacks monitor egress and ingress traffic, then the attack can easily map the user’s DNS traffic. If the DNS traffic map is used in conjunction with website fingerprinting it becomes even more potent. The article mentions a few suggestions to help mitigate this problem which you can see at: http://www.theregister.co.uk/2016/10/04/domain_name_resolution_is_a_tor_attack_vector_but_dont_worry/
I stumbled upon this article while I was looking for sniffer related news articles. While this article isn’t explicitly about sniffers I found it interesting because, while I don’t know much about Tor, I understand its supposed to provide anonymous web browsing. The article makes me wonder if its really possible to be 100% anonymous on the web. I know you can utilize VPNs, Proxys, etc to help with anonymity, but how secure are they, what vulnerabilities do they have?
This article was focused on the financial repercussions for failing to meet cyber-security requirements in the EU. Currently, failing to meet legal requirements for cyber-security results in a fine of 500,000 pounds. The author cites a recent study that showed 7 out of 10 board members believed this punishment to be too lenient. However, by 2018 new data protection rules will increase penalties up to 20 million pounds.
This article illustrates the growing recognition of the importance of proper cyber security practices among executive management. The high number of directors that are calling for heftier punishments and stricter standards shows that these directors recognize the threat posed by a lack of cyber security and the immediate need for proper cyber security precautions.
Article: http://www.telegraph.co.uk/technology/2016/09/26/punish-companies-for-cyber-security-failures-directors-say/
The link to my written analysis: aramark-recon
The link to my presentation slides: recon-presentation
The link to my presentation recording: https://youtu.be/K2B2VxsBJTg
The article I read was title Vulnerability Management Technique: Managing Asset Exclusion to Avoid Blind Spots. The article can be viewed at:
The author opens the article by discussing recent advances in the maturity of vulnerability management programs, but suggests that one area that needs further development is avoiding asset risk blind spots. One way to do this is to manage excluded assets better. Some assets are excluded from vulnerability scan for various reasons (an example being, the asset has a known vulnerability and vulnerability scanning will cause damage to the system) and as a result, organizations neglect to manage the risks associated with these assets. In fact, many times organizations will put an asset on an exclusion list and practice ‘set it and forget it.’ However, vulnerability management is meant to be a cyclical process. In order to eliminate the blind spot associated with forgotten excluded assets, the author suggests a four step process:
1. Assessment – identify assets to be excluded
2. Reporting – run periodic reports on excluded assets
3. Remediation/mitigation – Try to find a solution to the problem that prompted an asset to be excluded.
4. Verification – Reassess assets to determine if they still need to be excluded
I found this article interesting as it explores an important niche of vulnerability scanning. While programs/sites that need to be excluded from vulnerability scanning are the minority, it is still important to have a means of managing those assets rather than taking the set it and forget it approach. Moreover, the cyclical process the author suggests doesn’t just accept that an asset has to be excluded from vulnerability scanning, but rather attempts to find a solution to the root problem necessitating the exclusion. Even if a solution can’t be found, the author’s process will revisit the asset in case new technology or a new approach can lead to a solution. This article takes a valuable approach to vulnerability scanning by advocating the development of the process to be adaptive and as inclusive as possible.