ITACS 5211: Introduction to Ethical Hacking

Wade Mackay

Jason A Lindsley

Mystery device could let criminals get in your car in seconds

by 2 Comments

If you still do your shopping in stores, there is reason to be cautious this holiday shopping season when parking your car.  A device has surfaced that intercepts clones the signal sent from a key fab and allows an individual to gain access to your automobile.  In some cases, it also allows the thief to start the car and drive away!

I’ve always wondered how high the risk was to intercepting signals from key fabs.  Personally, I’m not very concerned because I’ve transferred the risk of loss to my insurance company.  Also, I don’t drive the most desirable vehicle.  Still, it’s important that we all be aware of our surroundings and these security vulnerabilities, even when we aren’t online.

http://www.today.com/money/mystery-device-could-let-criminals-get-your-car-seconds-t105627

Blockchain Revolution & Coursera Link

by Leave a Comment

Hey everyone,

Here’s a link to the book I was referring to in class.  I’m in the middle of it and really enjoying it.

https://www.amazon.com/Blockchain-Revolution-Technology-Changing-Business/dp/1101980133/ref=sr_1_1?ie=UTF8&qid=1480548425&sr=8-1&keywords=blockchain+revolution+tapscott

Also, there is a new course on Coursera that was recently released by Princeton University.  I’ve only started the first video, but it’s much more technical than the book (so far):

https://www.coursera.org/learn/cryptocurrency

Thank you,

Jason

 

Ransomware Crooks Demand $70,000 After Hacking San Francisco Transport System

by 4 Comments

Hackers successfully encrypted over 2,000 servers and PCs that are used to run San Francisco’s Light Rail Transit system.  The hackers demanded 100 bitcoin (~ $73,000 USD) for the key to decrypt the data.  The attack mainly impacted e-mail and payroll systems, but agency shutdown their ticket vending machine as a precaution and allowed traveler to ride for free on the light rail system for most of the day Friday and all day Saturday.  This was one of the biggest travel days of the season.

The attack was conducted using malware called HDDCryptor.  It does not appear the the attackers were targeting the agency.  They cast a wide net and found success in the vulnerable environment.

Although it may have taken the agency more time to get the systems back up and running and they probably lost more than $73,000 in ticket sales, I think it was the right move to resolve the issue without paying the ransom.  They probably learned a lot about weaknesses in their environment and sent a strong message that they will not submit to the demands of these criminals.

 

link – http://www.forbes.com/sites/thomasbrewster/2016/11/28/san-francisco-muni-hacked-ransomware/#158b80fe54dd

http://www.wsj.com/articles/after-ransomware-san-francisco-offers-free-light-rail-rides-1480366454

This $5 Device Can Take Over a Computer—Even If It’s Locked

by 1 Comment

This article explains a pretty nasty device.  It can take over your computer using remote code execution even it is locked.  The author recommends putting your device to sleep when you walk away from it, but I can imagine that someone could just turn the device back on and plug this thing in.

The other suggestion is to cement the USB port so that it is unusable.  I think that is the most secure thing to do, but it’s not always practical and USB ports can serve critical business needs.  I think its more strategic to implement end point security that would block malicious devices and alert on abnormal activity.

http://gizmodo.com/this-5-device-can-takeover-a-computer-even-if-its-loc-1789062061

 

Bank halts online transactions after money stolen from 20,000 accounts

by Leave a Comment

This is a bank’s worst nightmare and I’ll be following this story closely.  The financial, reputational, and regulatory damage that an event like this causes is very significant.  Although, 20,000 accounts is a very small percentage of the 8 million total Tesco Bank accounts, this is very poor customer experience that will likely result in a loss of customers.

It is very important that this bank quickly perform root cause analysis and remediation activities to restore service to normal operations.  Then damage control will likely ensue, which will include efforts to appease customers and regulators, refund customer losses, and assure the public that they have fully addressed the vulnerability(ies) that were exploited.  I’m very curious to find out the root cause on this one.

http://arstechnica.com/security/2016/11/tesco-bank-online-fraudsters-attack-40000-current-accounts/

Dirty COW

by 1 Comment

It’s gonna be busy the next few weeks for IT Security Professionals and Linux administrators. A vulnerability that uses the copy-on-write function to perform privilege escalation can potentially allow any installed application, or malicious code, to gain root-level access and completely hijack the device.

There is also a exploit already available in the wild that makes this vulnerability even more concerning.

The fix for this is simple and can be easily addressed with two lines of code that are installed with an apt-get command.  However, many organizations will need to update this in non-production environments to test before moving to production. In addition, organizations will also want to reach out to all of their suppliers to confirm that they are doing the same. Similar efforts were required for the BASH, Poodle, and Heartbleed vulnerabilities.

Lastly, make sure you update those IoT devices!  Linux is a common operating system for connected home devices. They will also be vulnerable if they are not patched.

Link – http://www.theregister.co.uk/2016/10/21/linux_privilege_escalation_hole/

 

IAEA chief: Nuclear power plant was disrupted by cyber attack

by 1 Comment

News of another cyber attack on a nuclear power plant surfaced this week, as explained by Yukiya Amano, the director of the International Atomic Energy Agency’s (IAEA).  Amano explained that the attack happened three years ago and was disruptive, however it was not serious because it did not shut down operations.  The article discusses how serious this risk is and the need to take more precautionary measures to improve security in industrial systems.

I used to perform IT Audits of a utilities company, including their antiquated SCADA systems.  Securing these systems is very complex and challenging.  They are built to be available and have a very specific purpose to manage the energy grid.  This often makes patching and currency a major issue and introduces vulnerabilities within the environment that are ripe for exploitation, as we see in this article.

I agree with the director that we need to improve security to our critical infrastructure.  Hopefully, the industry heeds these early warning signs and begins to take significant action to improve security before it’s too late.

http://mobile.reuters.com/article/idUSKCN12A1OC

Introduction to Kali Linux and Other Lynda.com Courses

by Leave a Comment

Hi everyone,

I found a few helpful courses on Lynda.com if you wanted to get more training on some of the tools we are using and I wanted to share:

Introduction to Kali Linux – https://www.lynda.com/Linux-tutorials/Introduction-Kali-Linux/455715-2.html?org=temple.edu

Practical Cybersecurity (covers Nessus, Wireshark, nmap, and ncat) – https://www.lynda.com/N-Stalker-tutorials/Practical-Cybersecurity/164982-2.html?org=temple.edu

Troubleshooting Your Network with Wireshark – https://www.lynda.com/Wireshark-tutorials/Troubleshooting-Your-Network-Wireshark/366447-2.html?org=temple.edu

Has anyone else found any helpful Lynda.com courses or additional training resources for the tools we’re using?

© Temple Community Platform, Patent Pending.

Skip to toolbar