ITACS 5211: Introduction to Ethical Hacking

Wade Mackay

Ioannis S. Haviaras

What Trump Can Do About Cybersecurity

by 3 Comments

When Trump begins his presendency on January 20th he will be leading a country that has the highest number of ransomware controlled computers in the world. Three areas in which cyber security is critical to our daily lives is energy, telecommunications and finance. These three essential services need to be managed properly to prevent cyber attacks in the future. In Ukraine more then 250,000 people expereicned a black out when hackers infected the power grid with malware. Even though it is in a less economically powerful country such as the United States it goes to show that hackers can infiltrate electrical grids. There is already malware that is present on our power grid that can be used to perform sserious interruptions. Trump needs to take these things into account when his administration hits the ground running on January 20th not only for the safety of our country but also the safety of the globe.

Article: https://www.bloomberg.com/view/articles/2016-11-30/what-trump-can-do-about-cybersecurity

What Trump’s Win Means for Cybersecurity

by 4 Comments

With Donald Trump’s win this past week cybersecurity could have a new face in the White House, Rudy Giuliani. Giuliani has been head of several cyber security investigations in a law firm he works for and is one of the candidates for attorney general of the United States. This means that Giuliani could be leading the effort to force manufacturers such as Apple to provide backdoors to their encryption. This should be interesting to see how Trump will also head the NSA which has come under turmoil during Obama’s administration due to the Snowden leaks. Needless to say this should be an interesting four years for cyber security in America and the world.

Article: https://www.wired.com/2016/11/security-news-week-trumps-win-means-cybersecurity/

China’s new cybersecurity bill alarms human rights experts

by 6 Comments

Chinese courts have signed into law an agreement that will make it more difficult for companies to house data on servers inside the country. The data that is housed in the country must now be censored even though the company may not be in China. This changes the landscape of freedom of speech on the internet. Since China is the biggest internet market in the world with over 700 million users (double the population of the United States) it could have serious implications on censorship throughout the world. State run press in the country states that this censorship will help with fraud in the country. Hopefully companies doing business in China can find elsewhere to house their data to avoid censorship of the internet.

Article: https://www.cnet.com/news/chinas-new-cyberlaws-have-many-scared/

U.S. Department of Transportation wants carmakers to focus on cyber security

by 2 Comments

The NHSTA (National Highway Traffic Safety Administration) has recommended that a set of guidelines titled “Cybersecurity Best Practices for Modern Vehicles” be followed by every automaker. Even though it is not mandatory many people in Washington believe that this should be a mandatory guideline. Since vehicles are becoming more autonomous and the technology inside vehicles are becoming more sophisticated these guidelines should be followed to prevent any unwanted individuals from obtaining sensitive information. These guidelines provide recommendations on wireless interfaces, internal vehicle communications, network ports, protocols, and access to firmware. BMW and Tesla have reported security issues in the past and have been striving to make their cars as safe as possible. Information such as someone’s location, driving habits and even PII can be compromised from a vehicle.

Article: http://www.digitaltrends.com/cars/nhtsa-auto-cyber-security-guidelines/

Today’s Brutal DDoS Attack Is the Beginning of a Bleak Future

by 1 Comment

The DDoS attack on 10/21/16 that took down Dyn wreaked havoc throughout the internet. Many websites like Spotify, Twitter, Paypal and many other sites were down for a significant amount of time. This goes to show that taking down a major DNS supplier can essentially take down a big portion of the internet. If hackers can do this at their own will how can we know for certain that this won’t happen again in the future even worse.

Article: http://gizmodo.com/todays-brutal-ddos-attack-is-the-beginning-of-a-bleak-f-1788071976

To The Next President: Get A National Cybersecurity Strategy

by 2 Comments

In the upcoming election on November 8th neither Hillary Clinton or Donald Trump have presented their cybersecurity initiative for their administration. When asked during the first debate regarding cybersecurity the candidates shifted blame to Russia and China and that they were responsible for the most recent attacks. Shifting blame to other countries and not addressing the real issues behind cybersecurity can effect the overall security of our country. Attacks on election systems can effect how the next presidential election will be played out. Russian hackers have already been found to hack into power grids in Ukraine disabling power to over 1.4 million people for over 6 hours. This is a concern for our critical infrastructure in the US. With our GDP relying almost 100% on information technology the next president needs to have policies in place to prevent catastrophic hacks from happening in the future.

Article: http://www.forbes.com/sites/ciocentral/2016/10/09/to-the-next-president-get-a-aational-cybersecurity-strategy/#370477096a0f

Hack warnings prompt cyber ‘security fatigue’

by 2 Comments

It seems like everyday more and more cyber attacks to organizations are being found however many consumers are reluctant to change their online habits. A study performed by Mary Theofanos found that people are sick and tired of remembering more and more passwords, making people use the same password for multiple sites. In this study people believed that since they did not work for a government agency or finance company. Many users are also frustrated with the extra steps required for this security on other websites. If people are frustrated with using multiple passwords they need to start using password managers and other alternatives to make sure that their information is secure, or else many people will be susceptible to attacks.

Article: http://www.bbc.com/news/technology-37573795

Today’s Cybersecurity Management Requires A New Approach

by 3 Comments

In this article Samuel Visner & Beth Musumeci discuss that the management of cyber security in organizations today are not able to keep up with zero-day vulnerabilities that can cripple them. With the increase of devices on the internet today more of an organization’s customer information is available to hackers to infiltrate. Over the past six years cyber terrorism has increased with hacks that included organizations like JPMorgan Chase, Adobe, Target and Walgreens. According to Gartner research “44% of reference customers for endpoint protection solutions have been successfully compromised.” This shows that even though security is present on an organization that new vulnerabilities play a major role. Visner & Musumeci propose that a new approach is the only way to prevent these vulnerabilities. They propose that white-listing certain “known good” applications is the only way to effectively protect against malware. Any untrusted or unknown applications are put in an isolated container away from the network and tested before being allowed on the network. A new model like this needs to be proposed among organizations to prevent such attacks from happening in the future.

Article: http://www.darkreading.com/vulnerabilities—threats/todays-cybersecurity-management-requires-a-new-approach/a/d-id/1327011