@loi-van-tran
Active 6 years, 11 months ago-
Loi Van Tran posted a new activity comment 8 years ago
Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) are two different concepts. BCP is the organizational strategy involved with ensuring the continuous operation of core business functions during and after a disaster. DRP is a subset of the overall BCP and are more specific. DRPs may be developed for specific groups within the…[Read more]
-
Loi Van Tran commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years, 1 month ago
I believe that this is a real concern. Strong passwords are extremely difficult to keep track of and cyber threats are continuing to grow at an exponential rate. Even for the most security aware professional, keeping up with security can be tiring.
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Thanks for the post Scott,
Your last statement make it very clear, don’t digitized anything that you don’t want nobody to see. For consumers using digital applications, they have to make the choice between their privacy and their convenience. It is a decision that should not be taken lightly, but more often than not, people download and…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Hi Wayne, thanks for the post.
In this day and age “Hack-proof” code seems like an illusion. I agree that making things simpler also makes it easier to secure, but compartmentalization doesn’t actually make the system “hack-proof” as the article indicated, it just it makes it harder.
-
Loi Van Tran commented on the post, U.S. formally accuses Russian hackers of political cyber attacks, on the site 8 years, 1 month ago
I couldn’t agree more, but after watching the presidential debate the other night where cybersecurity was not even brought up, it concerns me that our government is not doing enough to protect its nation or citizens from cyber attacks. Yes, President Obama has made some strives in budgeting to increase the US Cybersecurity posture, but I don’t…[Read more]
-
Loi Van Tran commented on the post, Spotify Falls Victim to Malvertising Attack, on the site 8 years, 1 month ago
This is an extremely interesting article. If think outside the bounds of just Spotify, a lot of freemium apps provide ads in exchange for their service, e.g., Facebook, games, etc. If these companies do not properly screen the ads that they add into their network they are making hundreds, thousands, or even billions of people vulnerable to…[Read more]
-
Loi Van Tran wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Tech Support scams is a combination of social engineering and malware. Once the user’s computer is infected with the initial malware that typically alerts the user that computer is infected with a virus. It u […]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
The influx of technology creates a high demand for security professional to help protect organizations from attacks. According to a research conducted by Frost & Sullivan and the International Information Systems Security Certification Consortium (ISC)2 worldwide shortfall of security professionals will be 1.5 million workers by…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Synopsis of “2016 Emerging Cyber Threats Report” from Georgia Tech Institute for information Security and Privacy.
This report came out of the security summit in 2015. It speaks of cyber threats in broader terms and addresses these four areas:
Consumers continue to lose their privacy as companies seek to collect more data:
As…[Read more] -
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Ruslan,
Thanks for your post and examples. It really helped me understand Kerckhoff’s second principle: cryptosystem should be secure even if everything about the system, except the key, is public knowledge. If I understood correctly, then the importance in any cryptosystem is the “private” key and not the algorithms or protocols r…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Although EMP is not as common as cyber threats posed on a organizations information infrastructure, it should not be a threat that is taken lightly. A massive EMP, either naturally or man-made, can have devastating consequences to any organization. When deciding how a company should protect itself from this risk, I believe it should also come…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
When considering the natural disasters in physical security, the organization should choose Denver, Co.
According to the Disaster Hot Zones of the World (http://io9.gizmodo.com/5698758/a-map-of-the-world-that-shows-natural-disaster-hot-zones), the other choices seems more riskier than Denver.
Miami, FL: Is located in a hurricane path which…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
PHYSBITS is Physical Security Bridge to Information Security. It is the collaboration between physical security and information security, where as links information system are used to control physical access to facilities, information infrastructure and resources. PHYSBITS focuses on the human aspect of physical security by integrating…[Read more]
-
Loi Van Tran commented on the post, Wells Fargo Reconnaissance Analysis, on the site 8 years, 1 month ago
Attackers might first try to obtain a list of usernames through social engineering. They can pose as new Wells Fargo employee, that has a Temple degree, and reach out to other Temple-grad employees. Attackers may be able determine how usernames/emails are structured through this contact. They can derive a list of possible usernames by using…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
I do not think it’s okay for Apple to share your personal data. Legal and privacy should you hand in hand. Unfortunately, many people fail to realize that what Apple is doing with your data is legal. Below is and excerpt from Apple’s User’s Agreement :
“b. Consent to Use of Data: You agree that Application Provider may collect and use…[Read more]
-
Loi Van Tran commented on the post, In new email phishing scam, hackers pose as IRS officials sending ACA tax bills, on the site 8 years, 1 month ago
Like you Jason, public awareness is one of the method to prevent these scams. Unfortunately, these scams are uses highly sophisticated social engineering techniques that can make people feel overwhelmed and obliged to comply. Some of the things that I tell people is never to provide payment information or Social security number over the phone,…[Read more]
-
Loi Van Tran commented on the post, Today's Cybersecurity Management Requires A New Approach, on the site 8 years, 1 month ago
I agree that white listing is a more secure approach, but it is inherently more expensive to manage, especially for larger organizations whose number of applications seems to grow over time. You would also require a group of staff to manage, review, and test the isolated applications, thus creating more overhead. Overtime your whitelist will…[Read more]
-
Loi Van Tran wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Cybercrime as a Service (CaaS) is an emerging concern for the European Police. Although it has not been affected by it yet, it has the potential to disrupt critical IT for European government agencies and law […]
-
This is a very concerning trend. The number of inherent threats and vulnerabilities that exist today alone is concerning, however usually the individuals with the skills to exploit vulnerabilities is limited. These individuals usually have specific motives (e.g. hacktivism, nation state, etc.),
Cybercrime as a Service gives attackers one motive – generating revenue. It opens the door for individuals without any hacking skills to target an individual, company, or government for their own motives. I can see this resulting in more organized crime as a result of cyber attacks.
-
-
Loi Van Tran commented on the post, Cisco Forgets to Remove Testing Interface From Security Appliance, on the site 8 years, 1 month ago
This goes back to some of the things we discussed in class regarding pen testers and ethical hackers leaving in back doors after they’ve completed the test. This is worst because attackers don’t even need to authenticate themselves to get root access. For a big company like CISCO to be so negligent in this respect is definitely not good for business.
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Often times when we discuss topics regarding IT and what is the right way to do something, the answer often boils down to “it depends.” In this case I believe that there might be a best practice approach if we look at the basic architecture of a client-server model. I believe that servers are better suited for white listing and clients for…[Read more]
- Load More
Loi,
This is an interesting article. When I used to do technical support for students I used to see this type of malware all the time. Students would install this fakeware, or fake-antivirus because they received a pop-up stating their computer was infected with a virus. Sometimes, you had to purchase the scanner to “remove” the malware, and it was only payable by bitcoin or moneypak. These are very sophisticated, authentic looking malware attacks. I was surprised to see $1.5 billion was the expense of this malware.
These attacks are so common because they work. People tend to trust what their computer is asking of them and may not look at whether the popup is from Microsoft or a malicious program. Sometimes they even have phone lines that you can call and they will continue to try to take money from you. I think users should know what their official channels for repair are when they buy a computer.