-
Loi Van Tran posted a new activity comment 7 years, 11 months ago
This is interesting article to show how government’s are taken action to prevent the loss of privacy to their citizens. I’ve seen a lot of new regulations requiring global companies to store data locally, in the host nations where they operate. I think as the law catches up to technology changes and evolving security concerns, we will see more…[Read more]
-
Loi Van Tran posted a new activity comment 7 years, 11 months ago
Data breaches like this is very worrisome. Although the OCC reported that there hasn’t been any impact yet, it doesn’t mean you are safe. The thumb drive was also encrypted but it doesn’t mean that it can’t be cracked. Data is loss and unaccounted for still poses a risk, even if it takes a couple years for it to resurface. We’ve seen this…[Read more]
-
Loi Van Tran wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 11 months ago
A couple of months ago, Symantec and Kaspersky Labs discovered a malware called ProjectSauron or Strider. It was capable of harvesting passwords of entire networks since 2011. It had separate modules designed t […]
-
Loi Van Tran posted a new activity comment 7 years, 11 months ago
IT security professionals should be prepared for pandemic events. Why? The sudden loss of key personnel would adversely affect the business. A pandemic event can disrupt a business in many ways like loss of personnel, absenteeism due to personal illness or family member illness, and contamination of equipment and supplies, if not addressed…[Read more]
-
Loi Van Tran posted a new activity comment 7 years, 11 months ago
I definitely agree with your points regarding SSO. Compromised identity (authentications) can have very adverse impacts on the organization if no access control was implemented. Suppose a DBA’s identity was compromised, and the company’s uses SSO to basically log into all enterprise-wide systems. Would you really consider it access control? I…[Read more]
-
Loi Van Tran posted a new activity comment 7 years, 11 months ago
Synopsis of “City banks plan to hoard bitcoins to help them pay cyber ransoms”
Due to the recent DDoS attack against Dyn, banks and others are becoming concerned with the impact of the growing threats of attacks on their critical IT. Banks are concerned of the impact if their networks were taken down by DDoS and/or ransomware. According to…[Read more]
-
Loi Van Tran posted a new activity comment 7 years, 11 months ago
Great example Paul,
Knowing the difference between identity and access management is critical to the business because it helps prevents fraud within the organization. Like you example, it implements the concept of Segregation of Duties, ensuring that not a single person can complete an entire process without intervention. Aside from internal…[Read more]
-
Loi Van Tran wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 11 months ago
Executive Summary
PowerPoint
Video
-
Loi Van Tran posted a new activity comment 7 years, 12 months ago
Thanks for posting this article:
Complacency is a serious issue when trying to enforce physical security with security guards. The problem with security guards is they are human, they get bored, they get complacent and unless there’s something that makes them “get on their toes,” like pressure from higher management or an actual threat, they…[Read more]
-
Loi Van Tran wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 12 months ago
We’ve talked briefly at MD5 collision in the last class, and some people has some questions about it. The two links provided below; the first is explaining what MD5 collision is and the second will let you […]
-
This is really cool Loi. Although hash collisions are supposed to be statistically unlikely, people are obviously starting to create them like you have. Maybe other hashing methods that are more than the 128 bit that MD5 outputs need to start being used. Will definitely look into testing this experiment out.
-
The article is great and I feel the hash collision can also be created if we convert the hex code into the binary code.
The main vulnerability exploited in MD5 collision is the length extension because of this length-extension behavior, we can append any suffix to both messages and know that the longer messages will also collide. -
Interesting article and a good reason to use SHA-2 (e.g. 512 bit) for hash functions. MD5 could result in the use of fake SSL certificates and files sent with MD5 hash signatures could have their integrity compromised.
-
-
Loi Van Tran posted a new activity comment 7 years, 12 months ago
“Martin Gottesfeld, Anonymous hacktivist, charged over hospital DDoS attacks”
This article was not only interesting because it’s part of this week’s discussion, but also about hactivists and their moral compass.
Martin Gottesfeld, is being charged for computer hacking crimes related to a DDoS attack on Boston Children’s Hospital and Wayside…[Read more]
-
Loi Van Tran posted a new activity comment 7 years, 12 months ago
Good Summary Jianhui,
I think that the “Long range view of average utilization” is probably not the best indication of required network capacity. As we know, average is just a faux number and will not absolute. What I mean by this is; 1) it doesn’t account for capacity utilization during peak hours, 2) it overstates capacity requirements…[Read more]
-
Loi Van Tran posted a new activity comment 7 years, 12 months ago
To know if the organization’s network capacity is adequate, the organization must partake in Capacity planning and Performance Management. Capacity planning is the processes for determining the network resources that is required to prevent a performance or availability impact on business-critical applications. Performance management is the…[Read more]
-
Loi Van Tran posted a new activity comment 8 years ago
Fred, Thanks for you post. I don’t agree that thorough testing for the BCP/DRP is impractical or that it doesn’t make business or financial sense. Like you said, testing is required before anything is set in to production. Some products may even go through hundreds of tests before being approved. So why shouldn’t a BCP/DRP be put through the…[Read more]
-
Loi Van Tran wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
This article talks about how important encryption is in today’s internet-driven economy. Any attempt to circumvent encryption measures will eventually leave systems vulnerable to unwarranted attack by malicious […]
-
Interesting article regarding backdoors. I believe by introducing a backdoor you also weaken a link in the security chain, which defeats the sole purpose of encrypting data. I had agreed with Apples stance when the government wanted Apple to decrypt the terrorist phone. Once the backdoor is created you are now at risk of someone else exploiting it which trickles down to the poor consumer confidence in services you are supposed to provide. The US government wanted the easy way out but there was metadata available to piece things together.
-
-
Loi Van Tran posted a new activity comment 8 years ago
The important thing that you alluded to Ahmed, is the security culture of the organization or a nation. Even in organizations who provide training to their staffs on a quarterly or annual base, like the military, I find that it’s merely a check in the box. Most people do it because they have to and completion of cyber training, doesn’t mean that…[Read more]
-
Loi Van Tran commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years ago
That is very true. It would be hard to upgrade a system, from a security perspective, based on the system being old. If you can’t tell why the system is vulnerable, how it can be exploited, and what are the risks associated with it being compromised, than you really don’t have a case to make the upgrade. I would assume that the ACARS system…[Read more]
-
Loi Van Tran commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years ago
It’s funny that I had the same impression as the author of this article. The topic was indeed brought up during the first presidential debate but both candidates could not answer it with a straight face. There were no strategy to combat or protect the US from cybersecurity attacks. We know that the threat is real, yet neither candidates were…[Read more]
-
Loi Van Tran posted a new activity comment 8 years ago
Quantum Computing Vs. Traditional Computing
Traditional computing does two things really well, store numbers in memory and process the stored numbers with simple mathematical equations. Both processes are done using switches known as transistors. The transistors has two states {on,off} which are stored as binary digits (bits) of 1’s and 0’s.…[Read more]
-
Loi Van Tran posted a new activity comment 8 years ago
Synopsis on “Critics Blast New York’s Proposed Cybersecurity Regulation”
The financial industry has always been a target for hackers. Back in January, New York’s governor, Andrew Cuomo proposed some new cybersecurity requirements on banks. The main components of this proposal required banks to:
– Hire a “qualified” CISO to be…[Read more] - Load More