-
Jason A Lindsley commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years, 1 month ago
Wow. Thanks for sharing Vaibhav. This is a very low-tech scheme that could cause a lot of trouble for users that think this is just a new security feature. I can see a lot of folks falling for this type of scam and how it can create a lot of hassle for them. There is such a strong need for cyber awareness and education to the general public.
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
It took them 15 months to create the report on this. I wonder how long it will take them to remediate all the security findings. The other day a colleague was talking about how the OPM breach was much more than government employee information. I can see now how the SF-86 form could also provide personal and confidential information of employee’s…[Read more]
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
News of another cyber attack on a nuclear power plant surfaced this week, as explained by Yukiya Amano, the director of the International Atomic Energy Agency’s (IAEA). Amano explained that the attack happened th […]
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Hi everyone,
I found a few helpful courses on Lynda.com if you wanted to get more training on some of the tools we are using and I wanted to share:
Introduction to Kali Linux – […]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
I think the following comment in the article is interesting:
“Nevertheless, hacking an election would be far from easy, he added. For example, there’s no central authority when it comes to ballot counting or voter registration. Instead, management of U.S. elections is spread out across 50 different states, and then to thousands of…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
Nice article Scott. 22% of the top 140,000 sites use 1024-bit keys despite the fact that NIST has been recommending 2048-bit keys since 2010. That’s quite astonishing!
The SSL pulse survey referenced in this article appears to aggregate the information and does not provide specific sites that are weak. I think the vulnerable sites will be…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
I agree with Loi Van – these companies should be required to do more due diligence and vulnerability testing for their advertisers to protect their customers.
In the meantime, I’ll be happy to pay my Spotify bill this month knowing that I’m not vulnerable to this threat. Can’t really complain with the $5 per month student rate for this service!
-
Jason A Lindsley commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years, 1 month ago
Critical infrastructure protection (or lack there of) really requires some drastic improvements across the globe. Many of the power plants across the globe (including US) are run by antiquated SCADA systems that were not built with security in mind. They are non-current, End-of-Life/End-of-Support and cannot be patched for security…[Read more]
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Last week, Noah posted about an here about a DDoS attack that was triggered by a botnet that compromised enough Internet of Things devices to generate 600 Gigabits per second of bogus internet traffic.
Fast fo […]
-
The motivations behind selling or releasing a hack are very different. We’ve seen users try to auction off tools for bitcoins in order to profit. Releasing a hack seems like a sign of anger and wanting to see how much damage the hack can do. Hopefully the next step is reverse-engineering and finding a way to patch the vulnerabilities. I think this will be very hard to stop the botnets themselves as a lot of people won’t even know that their DVRs and security cameras are pinging a website over and over. Also, the poster mentioned the DDoS Industry and that they’re already retiring after making their money, which confirms that there is a lot of money in illegal activities.
-
Also, releasing the source code once the Feds are on to you ensures that the source code is in many different places which makes it harder for the authorities to pinpoint. So far I haven’t experienced any symptoms, but I definitely feel that access to the source code is a good way to see how these DDoS attacks work.
-
-
Jason A Lindsley commented on the post, Quiz this Week, on the site 8 years, 1 month ago
I also did not see a quiz posted in blackboard.
-
Jason A Lindsley commented on the post, Cybercrime as a Service on the Darknet Has Europol Concerned, on the site 8 years, 1 month ago
This is a very concerning trend. The number of inherent threats and vulnerabilities that exist today alone is concerning, however usually the individuals with the skills to exploit vulnerabilities is limited. These individuals usually have specific motives (e.g. hacktivism, nation state, etc.),
Cybercrime as a Service gives attackers one…[Read more]
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
This is an interesting concept that is taking biometrics to the next level. This article describes an authentication mechanism that uses fingerprint sensors to generate signals that travel through the users’ […]
-
Jason A Lindsley commented on the post, Google Chrome To Flag Non-HTTPS Logins, Credit Card Info 'Not Secure', on the site 8 years, 1 month ago
I think this is a smart move by Google. Admittedly, I don’t always check to see if HTTPS is used when processing a payment. I usually will if it is a site I’ve never used before, but I like the idea of this added Chrome functionality that will warn me. I also think they should warn users if older, non-secure versions of SSL/TLS are being used…[Read more]
-
Jason A Lindsley commented on the post, In new email phishing scam, hackers pose as IRS officials sending ACA tax bills, on the site 8 years, 1 month ago
Thanks for sharing Vaibhav. The greatest way to prevent these scams from being successful is public awareness. Unfortunately, the victims of these scams probably are novice users of the Internet and are not aware of these types of scams. There was a post last week about a crackdown on one of the payment processors for these types of scammers…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
I’m glad this vulnerability was discovered. While I don’t typically backup my iPhone to iTunes, there have been times I’ve done this either as a precaution or because my iCloud account was full. We typically don’t think to delete these backup files, so there was a risk that data backed up during this period could be stored indefinitely without a…[Read more]
-
Jason A Lindsley commented on the post, 97% of Top 1,000 Orgs Suffer Credential Compromise, on the site 8 years, 1 month ago
These password breaches are not just a risk to internal employee credentials, but also a risk to companies that have customer facing websites. With the hacks referenced in these articles, many companies are seeing a rise in brute force password attacks on their sites with hackers attempting to use the same or similar passwords associated with…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
We also have a very strong BYOD policy at our work. We utilize a Mobile Data Management (MDM) solution with a containerized environment for mail, calendar, and contacts. We’ve locked down our webmail so that it cannot be accessed via native applications on the device.
If a device is lost or compromised, it can be remotely wiped from the admin…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
I have a Yahoo account that I rarely use, but it still contains PII that I would not like leaked. Fortunately, I was using Yahoo’s one time password feature. It’s similar to two-factor authentication (i.e. password + SMS one time code), but you do not enter a password at all. Each time you try to login, you are e-mailed an 8 character one time…[Read more]
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Link: http://www.businessinsider.com/student-legally-hacks-united-airline-earns-frequent-flyer-miles-ryan-pickren-2016-9
This is an interesting short video/article on a Georgia Tech student that has been […]
-
Jason,
This is an interesting article/short video. It would have been nice if they would have described how he was able to find bugs in the systems, and what improvements they have made to patch these bugs. What United is doing is a good way to do penetration testing. Tell people to try and hack your system, and you will reward them. -
Jason, thank you for posting this new. I think the story behind the student is very interesting. I know many organizations started to use bounty program to encourage people to help them find vulnerabilities in their systems. Few weeks ago, Yelp offered up to 15K award for people who find fatal vulnerabilities.
-
hello Jason- this is a great article and one more example for all of us to follow. Many companies are dedicating and allocating rewards to those that can find the zero-day vulnerabilities in software, and the pay is quite attractive.
I wish I could be more proficient and daring so I could win some money from my skill set.
-
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
I performed my Reconnaissance exercise on Beneficial Bank in Philadelphia, PA. They operate 57 branches across PA and NJ and hold ~$5 billion in assets.
Please see video, executive summary, and PowerPoint […]
- Load More