-
Jason A Lindsley posted a new activity comment 7 years, 11 months ago
I agree that Tesla should continue to improve their application security, but I believe that the weakest link in this scenario (and most) is the user. It is difficult for app developers to develop apps that are secure enough to protect a completely compromised device.
-
Jason A Lindsley posted a new activity comment 7 years, 11 months ago
It’s really disappointing that Facebook and LinkedIn could be vulnerable to such a common form of malware, putting millions and millions of users potentially at risk. I could be more sympathetic to a zero day vulnerability, but Locky is a very common form of malware that should be recognized by these social media giants.
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 11 months ago
Hackers successfully encrypted over 2,000 servers and PCs that are used to run San Francisco’s Light Rail Transit system. The hackers demanded 100 bitcoin (~ $73,000 USD) for the key to decrypt the data. The a […]
-
Jason A Lindsley posted a new activity comment 8 years ago
This product sounds promising. I think it is only a matter of time until we are no longer relying on passwords and we are primarily leveraging biometrics and tokens. Someday I imagine our kids or grandkids will say “What’s a password?”
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
This article explains a pretty nasty device. It can take over your computer using remote code execution even it is locked. The author recommends putting your device to sleep when you walk away from it, but I c […]
-
Jason A Lindsley posted a new activity comment 8 years ago
It will be especially interesting how Trump handles cybersecurity when it comes to regulating private industry. Trump has said he will make it a priority to deregulate private industry, however there are proposals on the table to further regulate cybersecurity associated with US critical infrastructure (e.g. financial and energy industries). I…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years ago
The OverSight security product sounds really interesting. I think I’ll check it out.
I agree that it is invasive that the app is recording you even when you haven’t prompted it to. Thankfully this data was not transferring the data anywhere. I use SoundHound. Hopefully they are not recording me!
-
Jason A Lindsley posted a new activity comment 8 years ago
Wow – this team walked away with half of a million dollars just to ethically hack systems. It sounds like we are in the right field!
It also amazes me that Google and Microsoft rolled out these products that were hacked so easily. I wouldn’t be surprised if they try to hire some of these experts internally.
-
Jason A Lindsley posted a new activity comment 8 years ago
Interesting article Ahmed. It amazes me that anyone on the network could gain control of these IoT devices. Authentication should have been a core requirement in the preliminary design and architecture of the system. What is even more concerning is that these are well know brands. I’m glad they have addressed these flaws through firmware…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years ago
Well at least China’s “state-run press agency” thinks this is a good idea. Of course they publish that these laws will protect the information of Chinese internet users and reduce fraud.
-
Jason A Lindsley posted a new activity comment 8 years ago
Our company does the same thing Ahmed and it is very effective. We have seen the click rates on these phishing simulations decline significantly over the past several rounds of these exercises. We also have effective phishing take down capabilities that help to identify fake sites impersonating our company and trying to trick our customers.…[Read more]
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
This is a bank’s worst nightmare and I’ll be following this story closely. The financial, reputational, and regulatory damage that an event like this causes is very significant. Although, 20,000 accounts is a v […]
-
Jason A Lindsley posted a new activity comment 8 years ago
Interesting articles Bilaal. It’s very concerning that so many security products are becoming subject to these vulnerabilities and exploits, especially when we find out that they’ve been exploited for many years. It really shows the importance of secure product development (on the vendor side) and due diligence in software selection (on the…[Read more]
-
Jason A Lindsley commented on the post, Create Your Own MD5 Collision, on the site 8 years ago
Interesting article and a good reason to use SHA-2 (e.g. 512 bit) for hash functions. MD5 could result in the use of fake SSL certificates and files sent with MD5 hash signatures could have their integrity compromised.
-
Jason A Lindsley posted a new activity comment 8 years ago
Thanks for sharing this Brent. Let’s sign this student up for the ITACS program!
Hopefully this student’s efforts and the recent attacks on campus are a good reminder of the importance of strong physical security measures on campus.
-
Jason A Lindsley posted a new activity comment 8 years ago
The article says that “Mirai basically searches for telnet protocol availability,” I was curious what tests I could perform to determine if my environment was vulnerable. One resource I found was ShieldsUP! Have any of you used this to scan your ports and security?
-
Jason A Lindsley commented on the post, Warning! Your iPhone Can Get Hacked Just by Opening a JPEG Image, PDF or Font File, on the site 8 years ago
Thanks for sharing Scott. I updated to iOS 10.1 yesterday. Glad to see that this was addressed in that update. It’s interesting that mobile malware following the same trajectory of desktop malware and is starting to mature. I think a lot of this is due to nation state actor investments in these activities and subsequently leaking their efforts…[Read more]
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
Video
Presentation – Jason Lindsley Scanning Exercise PowerPoint
Executive Summary – Jason Lindsley Scanning Exercise – Executive Summary
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
It’s gonna be busy the next few weeks for IT Security Professionals and Linux administrators. A vulnerability that uses the copy-on-write function to perform privilege escalation can potentially allow any […]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
Cool follow-up post Bilaal. I am amazed at how easy it is to
I do see one silver-lining out of this whole ordeal – ISPs are cleaning-up how they monitor traffic (e.g. an IP camera has no business sending traffic to a blog!).
I’m actually in the middle of watching an interesting Youtube video by Eli the Computer guy on IoT security in the…[Read more]
- Load More