ITACS 5211: Introduction to Ethical Hacking

Wade Mackay

Uncategorized

How Spy Tech Firms Let Governments See Everything on a Smartphone

by 5 Comments

This article is interesting because it shows how Cyber-Security firms, or Spy-Tech firms are using their technology and marketing their products to governments around the world.  This particular Spy-Tech company mentioned in the article, NSO, is based out of Israel.  Israel is the second-largest exporter in the world of cyber-security products, next to the United States.  NSO, has developed spying software that can see all of the activity on a target’s iPhone.  NSO argues spying is important to prevent terrorist attacks, and the firm’s motto is to “Make the World a Safe Place.”  With a price of $650,000, plus a $500,000 set-up fee to track 10 iPhone devices, the company’s software is not-exactly for the “everyday user.”  NSO’s software has been more in-demand in recent years because companies such as Facebook, Apple, and Google are making it harder for governments to access their data because they are using more-strict encryption.  NSO has developed a tracking software called Pegasus, which Apple recently released a security-update to patch all of it’s devices.  Do you believe this software is ethical, and should the government really need to know everything a person is doing on their phones in order to keep people safe? There has been recent cases in the United States, such as the San Bernardino shootings in California, where the government was unable to unlock the shooter’s iPhone.  Apple stuck to its guns, and did not provide the U.S. government with technology capable of unlocking the device.  The U.S. government had to resort to a third-party Spy-Tech firm to unlock the device.

 

http://www.nytimes.com/2016/09/03/technology/nso-group-how-spy-tech-firms-let-governments-see-everything-on-a-smartphone.html?_r=0

Hacking Air – Gapped Networks

by 4 Comments

“Hacking Air – Gapped Networks”, this article blew my mind. The level at which these researchers and ethical hackers used to exfiltrate data from pc’s isolated from the internet is unbelievable. They were able to collect data using acoustic sounds, electromagnetic waves, sound waves and even heat emissions generated by the pc’s. The sole purpose of implementing an air gap network is to ensure your network is secure and out of reach from an unsecure network. I would have never imagine using the above methods to capture information such as encryption keys, usernames and password in such a manner.

This article was really an eye opener and just made this class even more exciting/interesting to be in.

http://resources.infosecinstitute.com/hacking-air-gapped-networks/

DropBox hack reveals 68 million user passwords

by 5 Comments

This article is about the release of account info for about 68 million DropBox users. The breach occurred in 2012 but now, 4 years later, the raw passwords are being released on the web. There are a few things I find interesting about the article. First, it mentions that what allowed the breach to take place back in 2012 was that one of its employees passwords was obtained by hackers. It is safe to assume that the hackers used a form of social engineering to obtain this password. What I also found interesting were the encryption methods used to encrypt the actual passwords- the SHA-1 algortihm and the Bcrypt hashing function. The SHA-1 hashing algorithm, it appears, is all but extinct as the time and effort it takes to break this encryption method have grown much smaller. What I think is most interesting here is that, in 2012, SHA-1 was a respectable encryption method. The use of Bcrypt enforced the hashing of the passwords but hackers  were still able to spend four years breaking the encryption. It becomes very clear from this example that, once data is obtained by hackers, all bets are off. The means by which data is encrypted today is sure to become extinct in years to come. I think the biggest takeaway here is that strengthening perimeter defenses-making it extremely difficult for hackers to gain entrance to systems at all-is the most important aspect of cyber defense.

Article: http://thehackernews.com/2016/08/dropbox-data-breach.html

A Password for my Password

by

Is it me or does it seem like we are accumulating more and more passwords everyday.  From work to school to our personal life, we are constantly creating new accounts and passwords that we have to remember.  The world is online and with it a requirement to create an account with every site you visit.  We have accounts for basically everything we need; online banking, shopping, gaming, social networks, educations, mobile apps, loans, mortgages, and privileged account for systems at work.  How do we remember it all? As a student in the ITACS program, we know better than to write it down or even worst, put it on a sticky note under our laptop.   Fortunately for us, some systems may have Single-Sign on, like mobile apps where you can sign on using your Facebook account, or Two-Factor Authentication where we have to carry a physical device. At the end of the day we still have to remember some passwords and of course we do not want to use the same passwords for every account.  To add on to this problem, passwords requirements are becoming more complex.  Rules such as 1 upper case, 1 lower case, special characters, and no dictionary words makes it even more difficult to remember passwords.

There are programs out there like Secure Password Manager, or Keeper that allows you to store your passwords with another password which doesn’t seem to solve our issue.  What happen if these service providers get hacked, now all of our accounts are at risk.  I’ve recently read an article that made REMEMBERING password a little easier.  It basically said to think of a sentence and use that sentence to help create a password that you can remember while meeting password criteria.  For example: I bought my daughter first dog for 200 dollar .  My password would be “Ibmd1stdf200$”  By using the first letter of each word and replacing first with “1st,”  I am able to create a password that meets all the password criteria.  It’s a simple tip, but I never thought about it until I read this article.

Please see the article for more details: http://www.businessinsider.com/hacker-strong-pass-2016-5?pundits_only=0&get_all_comments=1&no_reply_filter=1

Protect yourself from one of the easiest ways people can steal your personal data in public

by

It becomes a common approach for many large organizations to allow people to work remotely. In fact, companies from industries such as: IT Health Care, Manufacturing, Finance etc. have adopted this method to give certain people the freedom to work conveniently. It is nice for an organization to provide freedom for its workforce; however, security represents a major con to that strategy. This is when it becomes crucial to teach those particular workers the best ways to protect PII or PHI while in public. Most security people are so focused on sophisticated ways to protect software and application programs that they often times neglect about physical protection for laptops. Physical protection is the area of focus of this article as it explains in details the benefits and side benefits to ensure privacy and data protection while working on the road.

 

The article can be accessed via this link below:

http://www.businessinsider.com/protect-yourself-from-one-of-the-easiest-ways-people-can-steal-your-personal-data-in-public-2016-9