Will be teaching remotely from a hotel room in Washington DC. So thought it prudent to post ahead of time.
Uncategorized
Researchers Demonstrated How NSA Broke Trillions of Encrypted Connections
Article Link: Click Here
This article explains how researchers from the University of Pennsylvania, INRIA, CNRS and Universite de Lorraine have proven how the NSA broke the Diffie-Hellman key exchange algorithm.
The algorithm uses keys generated with large prime numbers, that is theorized that it would take hundreds or thousands of years to decrypt with today’s technology. According this article states that it took the researchers only two months, and 3,000 CPU’s to break a 1,024-bit key.
This was accomplished by “backdooring” the prime numbers used to compute the algorithm by randomly selecting very large primes from a pre-defined set which made it 10,000 times easier to solve the problem.
This article is very interesting. Most encryption is based on algorithms. While many are deemed to be secure, there are hundreds, or thousands, if not millions of people out there looking for ways to break the code. New discoveries are being made in mathematics that could possibly render some algorithms useless. the encryption is man made, and whatever can be engineered by man, can one day be un-engineered.
Update on Mirai (Krebs DDOS)
Last week, Noah posted about an here about a DDoS attack that was triggered by a botnet that compromised enough Internet of Things devices to generate 600 Gigabits per second of bogus internet traffic.
Fast forward one week and the code for this DDoS is now publicly available, has a catchy name (Mirai), and has compromised devices in as many as 177 countries. It is very simple code that targets insecure routers and devices with simple default passwords.
I was at a Cybersecurity panel discussion last week and one of the presenters said that he discovered that one of his zwave devices was recently compromised and was hogging all of the bandwidth on his network. It made me think of this story and start to wonder about my own network. So far things seem normal on my network, but has anyone else experienced any of the Mirai symptoms?
IAEA chief: Nuclear power plant was disrupted by cyber attack
There are three publicly known attacks against nuclear plants:
- Monju NPP (Japan 2014)
- Korea Hydro and Nuclear Power plant (S.Korea 2014)
- Gundremmingen NPP (Germany 2016).
According to the head of the United Nations nuclear watchdog, the International Atomic Energy Agency (IAEA) Director Yukiya Amano, a nuclear power plant in Germany was hit by a “disruptive” cyber attack two to three years ago.Fortunately, the damages caused by the cyber attack on the German nuclear plant did not force the operators to shut down its processes but urged the adoption of additional precautionary measures
.
http://www.telegraph.co.uk/news/2016/04/27/cyber-attackers-hack-german-nuclear-plant/
Tech Support Scams Put UK Users at Risk
Tech Support scams is a combination of social engineering and malware. Once the user’s computer is infected with the initial malware that typically alerts the user that computer is infected with a virus. It urges the user to either install a anti-virus software, which of course is another malware, or to contact a tech support hotline – a number that charges by the minute. According the report, Microsoft claimed that victims has lost over $15 Billion to these scammers.
Ways to protect yourself:
- Keep your computer patched up and up-to-date
- Use anti-virus/malware software
- Contact with Tech support should go through official channels
Article : http://www.infosecurity-magazine.com/news/tech-support-scams-put-uk-users-at/
Hacked voter registration systems: a recipe for election chaos
Hackers are looking to disrupt the upcoming U.S. election in November by hacking voter registration databases. A few disappearing names here and there wouldn’t make a difference, but if millions of people showed up to the polls and weren’t registered to vote, that would make a huge difference. Voters can still vote with provisional ballots, but they usually do not carry many at each polling location and it can cause chaos at the polls. If certain areas, such as L.A. county are hacked, that’s 4.8 million people that could be affected.
Link: http://www.csoonline.com/article/3128034/security/hacked-voter-registration-systems-a-recipe-for-election-chaos.html?google_editors_picks=true
Yahoo Built a Secret Tool to Scan Your eMail Content for US Spy Agency
Article Link: Click for Article
This article is about Yahoo building a software program that would secretly scan users emails, and this was done at the request of a US intelligence officials. This was done in 2015 via a secret court order and the information is reported to have gone to the NSA or FBI.
Many top Yahoo officials were unaware of this and the Chief Information Security Officer resigned from the company, expressing regret that he was left out of this information.
It’s pretty scary how open our lives have become. I assume, if there was a court order, there was a legitimate concern. But it just goes to reinforce the fact that you should not put anything into any digital medium that you would not want being read by another person! There is no privacy. Be it hackers or the government, the information can be obtained!
N.S.A. Contractor steals confidential information.
This is the 2nd time in the last three years that a contractor from Booze Allen Hamilton has managed to steal highly classified information from the N.S.A. The Obama Administration has been victims to classified information being leaked to the public multiple times.
QUBES OS: A Reasonably Secure Operating System
Weblink: Qubes OS
So, the Hacker news reported that Qubes OS 3.2 has been released. So, I have never heard of Qubes OS, so I figure I better take a peek and see. Basically Qubes OS is an operating system that attempts to provide security through isolation.
In essence, the Qubes OS is a virtual machine manager and applications are run within their own virtual machine. Qubes makes a common desktop environment that manages all of these virtual settings.
I find this idea enticing. In a way, many of us do this already. I know I do. With the ease and availability of Virtualization, many tech savvy users work to segregate their work. I for instance, have several different VM machines that I employ. I ahve a VM that I use specifically for personal email and web browsing. This way, if I get some virus, etc, it won’t effect my work system.
Some good info can be found on Wikipedia: Click
Who knows, maybe isolationism is the best defense for the future. We can’t stop it, we can only hope to contain it and limit it’s impact!
And I downloaded the ISO and plan to give this a test. FYI – can’t install on a virtual machine, so it’s designed for bare metal install. I’ll let you all know what I find when I get around to tinkering with it!