@jason-a-lindsley
Active 5 years, 10 months ago-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
Good articles Mauchel. Ransomeware is one of the top and emerging risks at our organization as well.
I recently read the article below from Krebs on Security. Not only is the frequency of ransomeware increasing, but the financial demands of the attackers are also increasing. This article also supports the position that ransomeware attacks…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
I agree with the position of the Carbonite CEO. This quote from the article really sums up how I feel about this topic:
“I respect the motivation of Senators Burr and Feinstein to protect national security. I agree that national governments should boost their efforts to curb cybercriminal activity. However, I fear the Burr-Feinstein proposal…[Read more]
-
Jason A Lindsley commented on the post, Cyberattacks on Athletes May Be Russian Distraction Tactic, on the site 8 years, 1 month ago
I found it interesting that the article seems to imply that Russian cyber attacks are occurring to divert media attention away from media negativity surrounding Donald Trump. That seems like a strange motive to me, especially for this attack on athletes. I would agree that the attacks on the DNC e-mails and other recent leaks about Hillary…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
Interesting article Ahmed. I am curious as to how much of Cymotive services and solutions will be used/shared across the automobile industry or whether they will exclusively support Volkswagen. It’s apparent that there is a lot of investment in securing autonomous vehicles across the industry, however I wonder how much of this investment is…[Read more]
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
When the government was able to unlock the San Bernardino shooter’s iPhone, they backed off of their demands that Apple assist with the breaking into the device. They did not, however, provide Apple with de […]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
Wow. This is a classic example of how too much or too little security can impact availability of systems. If they implemented all of the blacklisting and dropped callers that are compromised by bots, they could end up dropping callers that are in legitimate need. On the other hand, if you do not defend against the attack, you could be putting…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
Software as a Service (SaaS), Platform as a Service (PaaS), and now Hacking as a Service (HaaS)! I’m also glad they caught these criminals, but I agree there are still many services like this out there. I read an article a few months ago that said you could pay a hacker service to obtain an e-mail password. The going rate for that was about…[Read more]
-
Jason A Lindsley commented on the post, Question for this week, on the site 8 years, 1 month ago
Good point Scott. In the case of Mr. X, I probably would be supportive of law enforcement or our government using this phone hack with the appropriate warrant. I still don’ t think I would be supportive of my own security company developing this because of the vulnerability threatens the privacy of all users of that phone model.. You really…[Read more]
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
A federal judge ruled that hacking someone’s computer, for purposes of an investigation, constitutes a fourth amendment search. Therefore, law enforcement and the FBI would require a warrant to hack and search […]
-
I agree with the Judge’s ruling that if the FBI or other government agency hack a computer for investigative purposes, they should obtain a search warrant from a local magistrate. If an agency has the ability to access a computer’s file system, and have the ability to look at history, etc., they should have to go through the same process as if a laptop was confiscated as evidence. Monitoring of IPs, and internet traffic is still an issue that needs to be discussed, should agencies be allowed to monitor your internet traffic and see what websites you are going to without your permission? Also Jason, I agree that anything you do on the internet has the potential to become public.
-
I agree that a search warrant should be in place for this type of thing to happen. Unfortunately, living in the technology age, the rules and regulations are always going to be playing catch up. There is will always be that first time some uses technology in a way that no one ever thought, and courts will have to rule on how it should be handled.
I also find it humorous that the judge, while ruling they need a search warrant, still declined the defenses request to dismiss the evidence they found because of it. Isn’t that a contradiction?
-
I know how straight forward an answer this seems, but the legal system is always a bit slow to adapting to new technology. The slowness has to do with how even simple terms like “search” need to have a specific definition that has multiple tests that would hold up in a court. Another debate in law that is similar is if smell is enough for probable cause for a vehicle search. The legal question they are answering here is if your computer has malware on it, do you still have a reasonable expectation of privacy. The FBI is still going to continue to fight for their right to hack though.
-
I really appreciate the judge ruling that in order hack a computer for investigative purposes FBI should obtain a search warrant from a local magistrate.When a person is in the list of investigation then he is just one of the source of investigation and investigation can lead to many sources its like licensing the FBI to hack any person data in the name of investigation.
The FBI or agencies has now have to justify the hacking of data and in what sense it gonna help them to the magistrate in order to obtain the warrant -
It is difficult to have an absolutist view on this Privacy vs Security controversy. I believe this is something that must be done in a way that is fair for all parties involved. Should companies like Google, Samsung or Apple create a back door specifically for law enforcement? Probably yes, probably no. If they do, then hackers will figure out a way to exploit the system. On the other hand, this raises home land security risks concerns. Maybe the best solution is for Federal agencies to develop with their own tools and make it illegal for the general public to use.
-
-
Jason A Lindsley posted a new activity comment 8 years, 1 month ago
Scott,
I also saw an article on this and I’m glad you posted. I hadn’t seen the video, but I though it was kind of funny and scary at the same time Even with the sketchy shield, I wouldn’t plug one of those in my computer!I imagine that companies will begin to make hardware changes to address this threat, but many devices might be…[Read more]
-
Jason A Lindsley commented on the post, Obama signs two executive orders on cybersecurity, on the site 8 years, 1 month ago
Although an executive order to modernize our systems to increase their security is a step in the right direction, this is way overdue. In 2015 the Office of Personnel Management leaked 21.5 million government employee records containing personal information. In the private sector, this would be unacceptable and organizations would be faced with…[Read more]
-
Jason A Lindsley commented on the post, Question for this week, on the site 8 years, 1 month ago
I feel that the NSO Group is crossing the line from an ethical standpoint. I personally don’t believe that the Pegasus software that they created and attempted to use for the UAE aligns to NSO Group’s mission is “to make the world a safer place by providing authorized governments with technology that helps them combat terror and crime.” To me…[Read more]
-
Jason A Lindsley wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 2 months ago
This article is about an ethical hacker that is fighting fire with fire. Florian Lukavsky is working with police using a technique called “whaling” to obtain criminal identities and credentials. These cr […]
-
One thing to keep in mind is that the attackers a frequently not in the country of the victim. So even if you catch them, can be difficult to prosecute. Last year it was Israeli criminals attacking frecnh companies. For some reason the Israelis seemed to be particularly effective against the French.
-
-
Jason A Lindsley posted a new activity comment 8 years, 2 months ago
Nice article Mengqi! I attended the IANS conference last year in Philadelphia shortly after the Jeep hack was made public. There was an expert in automobile security speaking and he explained that the Jeep hack gained the automobile industry’s attention. He explained that he had been engaged by many automobile manufactures recently to sit in on…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 2 months ago
Thanks for sharing Wayne. I liked the youtube video that was referenced in the article (and some of the comments from the youtube). A lot of folks felt that the BitWhisper proof of concept was impractical because it assumes that the attacker gained physical access, installed software on both computers, knowledge of thermal properties,…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 2 months ago
Thanks for sharing Jon. Nice articles. I thought the most interesting part of the Krebs article was when he highlighted “The most important layer in that security defense? You!” When I think back to all the times that I had issues troubleshooting viruses (with anti-virus software), it was usually because of the user’s behavior. Peer-to-peer…[Read more]
-
Jason A Lindsley posted a new activity comment 8 years, 2 months ago
The financial institution that I work for is taking this SWIFT attack very seriously. Although many North American banks do not have the security deficiencies that are described for Bangladesh Bank, nobody wants their dirty laundry aired with the regulators, customers and shareholders (as SWIFT has threatened to do).
Many banks are looking at…[Read more]
-
Jason A Lindsley changed their profile picture 9 years, 2 months ago
-
Jason A Lindsley's profile was updated 9 years, 2 months ago
I was reading this article earlier this week and thanks for providing the link to the case. I too disagree with the FBI stance on withholding such a critical vulnerability to the iPhone. Just like Apple has stated in it’s argument prior to the FBI obtaining access to the iPhone, the FBI now has a tool that would be able to access over 100 million IPhone users by circumventing legal processes. The security and privacy of it’s users is no compromised, even if the intention of the third-party was in public interest.
Hi Jason,
It’s a shame really that the FBI refuse to cooperate and share details of the flaw with Apple. This is a disservice to the millions of iPhone users. I wonder if they had to sign some sort of disclosure not to provide details to Apple if they agreed to use this hack. Whatever the case might be, refusing to share this information does nothing but potentially hurt the millions of innocent people that use the iPhone.
We talked about this in last years class for quite a while. It is my recollection that the FBI paid for a service, and was claiming that they did not have the technique themselves. It is a little slight of hand, but probably gives them enough of an excuse to not disclose what they do not “know”.
Wade
Hello class- I agree with all of you and I think that our government agencies should disclaim all the tools available to them and make things transparent to the public.
Some of the other tools available to them, like Black Widow, and RedSeal are so dangerous in the wrong hands, but who polices those who use tools for the wrong purpose in those government agencies?