Andres Galarza

I’m going to reference the definition for hacking you brought up in class:

“A hacker explores the difference between how something is supposed to work and how it really works.”

The scammer exploited a lack of, or weak, controls surrounding the vendor payment process. The threat was there (scammer). The vulnerability was there (weak…[Read more]

I think we need to define three things when answering this question. These come courtesy of Google or Wikipedia.

1. Ethics: moral principles that govern a person’s behavior or the conducting of an activity

2. Justice: understandings of justice differ in every culture, as cultures are usually dependent upon a shared history, mythology and/or…[Read more]

“How to make 60,000 printers print whatever you want”

This is a cool article on how to exploit a lesser-known and often unsecured port that allows you to own networked printers.

How to make 60,000 printers print whatever you want

I’ve heard it said by more than a few people that many c-suite and board members in certain businesses simply no longer use email for anything other than rote clerical and scheduling function. The fact is that anything sensitive or incriminating written in a email can be reconstructed/leaked or stolen. When this risk is catastrophic to an…[Read more]

Elizabeth, it’s definitely a huge and intricate problem to solve. I guess we can be a little heartened by looking at how international relations and diplomacy work now. Economic sanctions seem to be the preferred weapon of choice for the United States, but there hasn’t been a “cyber” Peal Harbor or something similar that has impacted us directly.…[Read more]

I can hear the cries of “Free market! free market! free market!” but I agree. There needs to be some teeth in the consequences on not taking quick action to address vulnerabilities such as the one Elizabeth highlights.

Makes sense. This is a good example of the “path of least resistance”. Small fish are much more likely to have much less resiliency than a larger corporation and the extortion prices are “affordable’ if something is at risk of losing all their media.

I think, in addition to Vaibhav is saying, you have to question who can really apply pain/pressure/”justice” to Russia. They have a permanent seat on the UN Security Council, and the International Criminal Court (ICC) doesn’t seem to carry much weight. I looked at their primer on “how the ICC works” and it doesn’t inspire confidence that Russia…[Read more]

I wonder how often and under what circumstances violations of the laws you quoted are prosecuted. I’ve worked around government computers for more than half a decade and was unaware of those laws!

Organizational forensics is the application of forensics (most typically digital forensics) to the intersection of an organization’s information systems, ethical policies and legal compliance.

I spent a fair amount of time coming to grips with the fact that a lot of “stuff” can fall under the label of “organizational forensics”. I broke it…[Read more]

Darin,

The point you raise about medical staff being informed and aware is key. Some element of common sense has to be appropriate in the example that Shain gave. As long as the decision is well-informed and properly documented/communicated, I don’t see an issue with it.

Ruslan,

Good examples for both questions. In particular, I’ve encountered MDM when I worked for a company that used G Suite (Gmail) for company correspondence. I toyed around with the idea of adding my company email to my personal Android device, but quickly dropped that idea when I realized I would be forced to accept that the company was then…[Read more]

https://blog.appcanary.com/2016/mirai-botnet-security-broken.html

A bit of a re-calibration on what we, as security practitioners, should be focusing on.

It was a really small section of Chapter 27, “Intrusion Prevention and Detection Systems” called Honeypots/Honeynets.

It wasn’t the first time I’d heard the term(s), and I really enjoy the concept. I suppose it appeals to the gamer in me to deliberately set out traps for bad actors.

I agree with others here that your example is sound. These concepts (IM versus AM) make me think about Single Sign-On on the risks associated with that service. I imagine that access management in an enterprise system or organization that uses single-sign on must be carefully management.

Vaibhav,

I think your example makes clear the ways in which spam can take down a network and computer systems. I think the question being asked this week is “double-dipping” in a way.

For spam phishing the example you gave makes it clear that overloading a network or system can bring it down.

However, spear phishing could also bring…[Read more]