@david-siegelman
Active 8 years, 8 months ago-
David Siegelman commented on the post, Progress Report for Week Ending, February 9, on the site 9 years, 11 months ago
Article Summary
Beating the IPS
There are may ways to evade a victim’s IPS. These include decoy trees, violating the SMB protocol and wrapping sequence numbers, just to name a few. Many IPSs though strong and can detect and prevent intrusions, there usually is someone who finds a way to fool it into thinking the request is legitimate and…[Read more] -
David Siegelman commented on the post, Progress Report for Week Ending, February 16, on the site 9 years, 12 months ago
News Article
http://www.wired.com/2014/08/will-much-data-blind-data-breach-network/
Will Too Much Data Blind You to a Data Breach on Your Network?
It’s not enough just to track out the possible threats but rather than have an IPS (Intrusion Prevention System) which can examine aggregate, correlate and put together any commonalities in these…[Read more] -
David Siegelman wrote a new post on the site Intro to Ethical Hacking 9 years, 12 months ago
-
David Siegelman commented on the post, Progress Report for Week Ending, February 16, on the site 10 years ago
Web Servuces – key Point
________________________
A WSDL is a very important piece of the development Iid a web service in that contains a contract for the service itself. In this contract, it describes what the input should look like: field size, character type and what the format of the output if accepted by the service. -
David Siegelman wrote a new post on the site Intro to Ethical Hacking 10 years ago
http://online.wsj.com/articles/google-renews-its-cloud-efforts-1415062792
Google Renews Its Cloud Efforts: Company Adapts Offerings as It Tries to Catch Up to Amazon
Though Google is on top when it comes to […]
-
http://www.washingtontimes.com/news/2014/nov/7/indiana-doe-website-back-up-after-2nd-hacking/
https://www.drupal.org/node/2365547Indiana Department of Education website backup up after 2nd hacking
This is a follow up to last weeks articles that identified that there was a vulnerability in the Drupal. The system was hacked on Monday, November 3rd and returned to service. This was followed by another compromise by the same group (Nigeria Cyber Army) on Thursday, November 6th. The group that maintains Drupal.org, has published some next steps to prevent this type of reoccurring compromise, but it appears the the Indiana DOE staff members did not follow the directions in detail.
Did the administrators rush to return the site to service or did they perform appropriate forensics and system hardening.
-
WireLurker – new malware affecting Apple’s iOS devices
http://www.bbc.com/news/technology-29928751
This new malware is in third-party apps which are downloaded to the Mac. From there it waits until a device running iOS is connected by USB cable, and then it infects the new device. It is affecting mostly computers in China, and it is thought to have originated in apps downloaded from a store in China.
It is even sophisticated enough to check for updates for its own code. -
Web Servuces – key Point
________________________
A WSDL is a very important piece of the development Iid a web service in that contains a contract for the service itself. In this contract, it describes what the input should look like: field size, character type and what the format of the output if accepted by the service. -
http://www.scmagazine.com/ig-scolds-noaa-on-security-deficiencies-recommends-fixes/article/363429/
NOAA was hacked recently by what they believe to be Chinese hackers. The Office of the Inspector General say they found significant security deficiencies” amounting to thousands of vulnerabilities threatening its mission critical systems. Its clear just how rapidly security is becoming of major important to every institution as the information age continues.
-
-
David Siegelman wrote a new post on the site Intro to Ethical Hacking 10 years ago
Reading – SQL Injection Tutorial
———————————-
It is very important when creating a website available for public use, to test for vulnerabilities which let users modify the URL in such a way […]-
In news: Pro-democracy Hong Kong sites DDoS’d with Chinese cyber-toolkit: http://www.theregister.co.uk/2014/11/03/hong_kong_hacking_chinese_cyber_spy_link/
-
http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
This article speaks about stuxnet and how it was used to bring down Iranian nuclear progression. This is an excerpt from a book detailing what the virus actually did, how it was engineered, how long it took for each part to activate, as well as how third party’s played a pivotal role in unknowingly introducing stuxnet into the nuclear plants.
-
Researchers Claim Major Visa Contactless Card Flaw
Researchers from Newcastle University claim that a glitch in Visa’s contactless cards means criminals could covertly steal up to 999,999 in any currency from customer accounts with rogue point-of-sale (POS) machines.
The flaw which the team claims to have discovered effectively bypasses the £20 limit normally placed on contactless transactions.
All the checks are carried out on the card rather than the terminal so at the point of transaction, there is nothing to raise suspicions. By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction. In our tests, it took less than a second for the transaction to be approved.
However, the attack scenario has not been tested in the wild, and Visa claims there is no cause for concern.
It said the following in a statement sent to Infosecurity:
“The research does not take into account the multiple safeguards put into place throughout the Visa system, each of which must be met in order to make a transaction possible in the real world. For these reasons we do not believe the findings to be a cause for concern, as it would be very difficult to complete a fraudulent payment of this kind outside a laboratory environment.”
This is the link:
http://www.infosecurity-magazine.com/news/researchers-claim-visa-contactless/
-
-
David Siegelman commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 10 years ago
Key Point From Readings
It is very important to cleanse input data of unwanted characters like those that can escape anticipated input whereby commands can be added to the data which may let the hacker be able to communicate with the database and very possibly cause serious data integrity issues. A programmer may want to check for non…[Read more] -
David Siegelman commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 10 years ago
Apple’s iCloud targeted in man-in-the-middle attack in China
http://www.pcworld.com/article/2835995/apples-icloud-targeted-in-maninthemiddle-attack-in-china.html
Following launch of the IPhone 6 in China, their ICloud service began facing a
man-in-the-middle attack in the country. According to a watch dog group it was reported
that there…[Read more] -
David Siegelman commented on the post, Integrating the Internet of Things, on the site 10 years ago
What is Malware
———————-
Anyone can be a potential Malware creator not just the usual amateur hackers. there are professionals out there who make it their livelihood to bring havoc to anyone anywhere. Reasons include but not limited to: disgruntled employee, data for ransom, stealing from competition’s data for financial.…[Read more] -
David Siegelman commented on the post, ICE 5.1 Telling a Story through Visualization, on the site 10 years ago
In 2011, Facebook began requiring an SSL certificate for domains when viewing Facebook Page Application Tab or Canvas Page. An SSL certificate is now required on all sites in order to create interactive pages. Once an SSL certificate is obtained and put into play, the application can be viewed and interacted with within the Facebook framework…[Read more]
-
David Siegelman wrote a new post on the site Intro to Ethical Hacking 10 years, 1 month ago
This weeks posted article “Social Engineering: A means to violate a computer system” talks about how people can be a weakness in to a system for hackers. Such individuals without knowledge and training can be a target because they can be coaxed into revealing confidential information to someone if they think that someone is possibly an employee and/or upper level manager. Such information may include but not limited to logins, passwords and datacenter administrator personal information. Hackers can also use emails as a form of Social Engineering to spread viruses, malware and worms in the form of scams, chain mail and other hoaxes. Employees not educated in the effects of opening non-authorized email or even visiting unauthorized websites can be crucial to any system, due to the damage these emails and sites can have especially if they contain attachments which can allow the hacker(s) into the network and possibly get something to spread to other systems. Employees need to know exactly what Social Engineering is and how people from the outside (sometimes making their way to the inside) can use the weakness of people to infiltrate a system simply because an employee is unaware that such activity is being used in today’s day and age and the means of how it’s done.
———————————————————————————————–
This article titled “Social engineering audits on the rise: means CIO and CSO’s” discusses importance of having regular “social engineering audits” in place in the same way physical IT systems need regular audits (depending on the type of business – of course). A company needs to know how strong their employees are and if they are following the designated policies and procedures in place which should explain the what they should and should not do as well as how to “be on the look” for suspicious activity like social engineering. Regular automated tests can be put into place to test the behavior of these employees and if they are following the proper protocol.
-
The important part of SANS article that I got it is the ‘cycle of social engineering’ and how it’s the most common way of ‘hacking’ into the systems. I agree that now more than ever, skill application of Social Engineering is a security threat to an organization. For a Security professional, it is important to know the value of information that is stored by the organization so it can gauge what to protect and what not to worry about. The other part is the importance of educating the employees about phishing.
Article: The human OS: Overdue for a social engineering patch: http://www.csoonline.com/article/2824563/social-engineering/the-human-os-overdue-for-a-social-engineering-patch.html
Also in news: Don’t Listen to Snapchat’s Excuses. Security Is Its Job: http://www.wired.com/2014/10/the-snappening-is-not-your-fault/
-
-
David Siegelman commented on the post, Progress Report for Week Ending, September 29, on the site 10 years, 1 month ago
Addition to my post:
Both articles, have one important subject in common, the need for privacy. The P2P BitTorrent article seems more of protecting the personal privacy side of things and the St. Louis article, a more physical protection whereby eavesdroppers find out a location, notifying other parties and possibly putting the situation in more…[Read more] -
David Siegelman commented on the post, Progress Report for Week Ending, September 29, on the site 10 years, 1 month ago
This article “BitTorrent’s Encrypted P2P Chat App Bleep Opens To The Public, Adds Mac, Android Clients” ( http://techcrunch.com/2014/09/17/bittorrents-encrypted-p2p-chat-app-bleep-open-to-the-public-adds-mac-android-clients/ ) discusses a Peer-to-Peer (P2P) file distribution service called BitTorrent is announcing the availability of Bleep, an en…[Read more]
-
David Siegelman commented on the post, ICE 5.1 Telling a Story through Visualization, on the site 10 years, 1 month ago
Packet Sniffing In a Switched Environment:
It seems no matter how sophisticated a system is, someone always seems to find the smallest flaw in the infrastructure and expose it for all to see as well as doing considerable amounts of damage. Packet sniffing is just one of these methods which allows a hacker to intrude unnoticed. A hacker has the…[Read more] -
David Siegelman commented on the post, Progress Report for Week Ending, September 22, on the site 10 years, 1 month ago
Actually this link at the bottom of my page is not working the way it did yesterday.
Please see link below.
http://thehackerspost.com/2014/09/massachusetts-institute-technologymit-hacked-sahoo.html -
David Siegelman commented on the post, Progress Report for Week Ending, September 29, on the site 10 years, 1 month ago
Footprinting:
Before many hackers perform threatening attacks, they research their victims by either gathering information, usually available to the public and easy to obtain, or simply appearing to be a simple user. Such tools such as “WhoIs” and NsLookup which are fairly easy to use.Battle for the Internet: The War is On:
By putting…[Read more] -
David Siegelman's profile was updated 10 years, 1 month ago
-
David Siegelman commented on the post, Progress Report for Week Ending, September 22, on the site 10 years, 1 month ago
1. Key points taken from the reading.
Scanning: Many individuals are unaware of how vulnerable their systems are and simply having good “password etiquette” is simply enough to prevent outsiders from hacking into their systems and doing any considerable damage. Also, new viruses and hacks are being developed every day and if one isn’t on top of…[Read more] -
David Siegelman commented on the post, Progress Report for Week Ending, September 22, on the site 10 years, 2 months ago
Hello,
1. One key point you took from each assigned reading.
a) The Art of Reconnaissance
The author of this article shows the basics on how to find weaknesses when gathing
information about a particular possibly before an attack like ping sweeps, fingerpring and port scanning. This in turn
can detect if the remote machine is “up”,…[Read more] -
David Siegelman commented on the post, Discussion Question: Key Points, on the site 2014 Spring – Data Analytics for IT Auditors 10 years, 6 months ago
Key Points:
IT Auditing, as much many of us want to believe is not an exact science in that what may work for one organization at a given point in time
may not necessarily work for another. An IT system can be […] - Load More
News Article
http://www.wired.com/2014/08/will-much-data-blind-data-breach-network/
Will Too Much Data Blind You to a Data Breach on Your Network?
It’s not enough just to track out the possible threats but rather than have an IPS (Intrusion Prevention System) which can examine aggregate, correlate and put together any commonalities in these threats because threats can be disguised as non or low priority threats but such threats can be small files that when completely loading as a whole can act as a very serious threat.
Article Summary
Beating the IPS
There are may ways to evade a victim’s IPS. These include decoy trees, violating the SMB protocol and wrapping sequence numbers, just to name a few. Many IPSs though strong and can detect and prevent intrusions, there usually is someone who finds a way to fool it into thinking the request is legitimate and non-threatening and/or mimicking it into “thinking” it’s similar to many other requests which come through on a regular basis. Sometimes if one type of evasion is not successful, combining 2 or more evasions may be successful. The main purpose of this reading is to show that no IPS is truly “bulletproof” and do not rely on the default settings from an IPS.
http://www.darkreading.com/attacks-breaches/bashlite-malware-leverages-shellshock-in-busybox-attack/d/d-id/1317508?
Bashlite has been modified to take advantage of shellshock. This variant confirms that it can make a telnet connection over port 23 and then attempts to login with anyone of a few standard username password combinations. Once logged in, it downloads and executes a file on the remote machine to gain full control of the machine.
How common is it that administrators fail to disable or change the name of the default administrator account? This is something simple to prevent easy identification of and account that may be called simply “admin.”
Coca-Cola in the Dock After Massive Laptop Theft
Coca-Cola could be in trouble after one of its employees filed a class action suit against it following the theft of over 50 staff laptops from a bottling plant.
The lawsuit, which was filed in a Pennsylvania federal court on Wednesday, alleges that the company should be held responsible for the theft as it didn’t adequately secure the data, which included personally identifiable information.
A total of 55 laptops were reportedly stolen from Coca-Cola’s largest bottling plant in Poconos, and at its headquarters in Atlanta.
“The company that guards perhaps the best-kept secret in America, the Coke formula, failed to reasonably protect its employees from identify theft,” Enslin’s lawyer Donald Haviland told Law360.
“This breach is likely to have ramifications for Coca-Cola’s reputation and throw its security strategy into the limelight. As consumers become more aware of the risk of their data being compromised in the hands of trusted brands, they’re likely to become more cautious about what data they share and demand more transparency from the companies they buy from,” he added.
The link: http://www.infosecurity-magazine.com/news/coca-cola-in-the-dock-laptop-theft/
Accuvant has just published a white paper titled “Six Forces of Security Strategy”, authored by several of their CISOs.
Although somewhat general in nature, it does give a good outline of the current forces which impact cyber security practice, and therefore a good framework for formulating a cyber security policy.
The six forces are:
1) Business Strategy
2) Information Technology Organization, Systems and Infrastructure
3) Organizational Culture
4) Adversaries and Threats
5) Government and Industry Regulations
6) Global Social and Political Forces
Since I cannot attach a document to this post, if anyone would like a copy, email me and I will send you the pdf.