Leandro H Cinti

Below you´ll find a link to a digital “on-line” attack map.

It´s a data visualization that allows users to explore historical trends in DDoS attacks, and make the connection to related news events on any given day. The data is updated daily, and historical data can be viewed for all countries.

I suggest you glance over this site, it´s ve…[Read more]

Testing comment feature as required !

Coca-Cola in the Dock After Massive Laptop Theft

Coca-Cola could be in trouble after one of its employees filed a class action suit against it following the theft of over 50 staff laptops from a bottling plant.

The lawsuit, which was filed in a Pennsylvania federal court on Wednesday, alleges that the company should be held responsible for…[Read more]

HSBC Turkey Hackers Grab Data from 2.7m Cards

HSBC Turkey has admitted it suffered a major card breach of 2.7 million accounts, but maintained that there was no need to reissue said cards because not enough information was stolen to commit identity fraud.

The bank said in an online FAQ that it discovered the incident over the past week, and…[Read more]

Vacca

Chapter 33:Cyber forensics

Cyber forensics is increasingly found in the courtroom. Judges allow cyber-based evidence as it was no different from “traditional evidence” such as: documents, business books, films, etc. However analogies with more traditional evidential material were beginning to break down.

Chapter 34:Cyber forensics…[Read more]

Hacker Lexicon: What Is a Zero Day ?

Zero day actually refers to two things—a zero-day vulnerability or a zero-day exploit.

Zero-day vulnerability refers to a security hole in software that is yet unknown to the software maker or to antivirus vendors. This means the vulnerability is also not yet publicly known, though it may already be k…[Read more]

DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests

This is the link: http://www.wired.com/2014/11/darkhotel-malware/

American Express to Implement Digital Tokens to Replace Cards

American Express has announced that it will implement payment tokenization for card transactions, which allows shoppers to use their smartphones as payment mechanisms, providing a granular defense to reduce the exposure of live credit and debit card data in vulnerable systems.…[Read more]

Researchers Claim Major Visa Contactless Card Flaw

Researchers from Newcastle University claim that a glitch in Visa’s contactless cards means criminals could covertly steal up to 999,999 in any currency from customer accounts with rogue point-of-sale (POS) machines.

The flaw which the team claims to have discovered effectively bypasses t…[Read more]

The Russian Epicenter of Cybercrime Ramps Up the Sophistication

This article talks about how the Russian high-tech crime market for 2014 is showing ever-increasing sophistication, with criminals creating shadow worlds of illegal activity, exploiting new financial theft techniques and incorporating mobile attacks more often.

The Russian…[Read more]

Readings – Key point

To secure web applications is very important to consider the way data input is handled by the system. Software should be developed using standard frameworks and input validation libraries in order to reduce risk.

In-the-news article

Web Attacks Increasingly Launched from Amazon Infrastructure

Web application…[Read more]

NSA Classification ECI = Exceptionally Controlled Information

This short article mentions that ECI is a classification above Top Secret.

I posted this news because it seemed interesting to me since we have talked about information classification in our classes.

ECI is for things that are so sensitive they’re basically not written down,…[Read more]

Amazon (https://www.amazon.com/gp/css/order-history?ie=UTF8&ref_=nav_youraccount_orders&amp😉

Thumbprint: ‎56 55 ef 6f ac 0a bd 86 d9 d3 09 70 be bc c6 33 e3 4b 05 e5
Thumbprint algorithm: SHA1
Issuer: VeriSign, Inc

Walmart (https://www.walmart.com/cservice/ya_index.do)

Thumbprint: ‎e3 ef c9 26 85 f3 ce ef 97 b5 60 88 ff ce 4b 70 92 17…[Read more]

I found a commercial use of hash functions in Oracle databases.

The article says that when the Oracle kernel architects needed a search algorithm, they had many different options to choose from. Search algorithms can use either an authoritarian approach or a more discussion-based approach. For example, when determining a SQL execution plan, the…[Read more]

NSA May Have Undercover Operatives in Foreign Companies

This article mentions details about the NSA’s work to compromise computer networks and devices.

According to the author, newly-brought-to-light documents leaked by Snowden discuss operations by the NSA working inside China, Germany and South Korea to help physically subvert and c…[Read more]

Putin Supports Project to ‘Secure’ Russia Internet

This New York Times’ article says that President Vladimir Putin has a plan to isolate the Internet in Russia from the rest of the World Wide Web, but he is not considering censoring Internet sites.

The plan was intended to build a backup system to keep websites in the Russian domains (th…[Read more]

Week 6 – Readings (Sniffing)

Switched networks are not immune to sniffing. There are different techniques to eavesdrop traffic such as ARP spoofing or MAC flooding and replication. All of the them are based on the “man-in-the-middle” principle. The best protection against network spoofing is encryption.

In-the-news article…[Read more]

Readings

Key point – Chapter 16

IT Security Management is a process oriented to support the organizational structure for protecting the IT operation and assets. Security policies and procedures are essential for the implementation of the IT Security Management framework, that has to adhere to several regulations such as those of FISMA or…[Read more]

Key point from readings:

Enumeration 1:

Footprinting is a preventive control that, like scanning, should be performed by the Info Sec staff of the enterprise to identify risks and weaknesses before being targeted by a hacker.

Enumeration 2:

If the reconnaissance or scanning outcome is not solid hackers use enumeration techniques to get…[Read more]

Flight MH370 – did cyber attack steal its secret ?

This article says that classified documents relating to the missing Malaysian Airlines Flight MH370 were stolen using a carefully-crafted spear-phishing attack, targeting 30 government officials just one day after the disappearance of the still-missing aircraft.

The attack occurred one day a…[Read more]