-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Project Shield Has Krebs on Security’s Back
Last month a Distributed Denial of Service (DD0S) hit Brian’s Krebs (krebsonsecurity.com) website and was dubbed Marai, one the largest DDoS attach in history. It delivered over 620 gigabytes of “junk” data, making the site unresponsive and had to be taken down until Krebs was able to move his site…[Read more]
-
Loi Van Tran commented on the post, Biometric Skimmers Pose Emerging Threat To ATMs, on the site 8 years, 1 month ago
As you’ve state, the article does bring up a very important point about biometrics data. Although biometrics is considered the most secure way to authenticate and individual, it also has it weaknesses. Unlike other authentications methods like username, passwords, and physical tokens, biometrics identity cannot be replaced, Although the banks…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Thanks for the article Scott. You’re absolutely right about the information that we put on the internet is no longer ours and we are depending on the companies to protect it. As we seen over the years, attacks on corporate systems has plagued every industries. We’re talking about script kiddies to state-sponsored attacks. It is important to…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
There are some real flaws with Wells Fargo corporate culture and values. Their CEO John Stumpf created a culture where employees were obligated and pressured cross sale new accounts to existing customers, even if they don’t need. This in turns increase the stock price of the company. The average accounts held by other banks are 3 per customers.…[Read more]
-
Loi Van Tran commented on the post, Your Biggest Cybersecurity Weakness Is Your Phone, on the site 8 years, 1 month ago
The company that I work for has a very strict policies on BYOD. First no personal laptops, jump drives or any sort of storage devices are permitted on premises. Secondly, we provide a separate WIFI connection for guests and employees personal devices. The user cannot directly connect to the Wifi unless it is approved by the security team, in…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Synopsis of “Swift Reports Summer Cyber Attacks on Three Banks”
Since this week’s case study was online banking, I thought this article was interesting because it points out that not only online banking is vulnerable to cyber attacks.
Swift is a company that provides a financial messaging network to business, banks, and other financial…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Ruslan, this is a very tough act to follow and you’ve provided a great number details for both OS. I have always been a Windows user and have only venture into Linux in the recent year. I still find Linux a little confusing, but am hoping to become better at it. At this juncture, I would prefer the GUI of the Windows OS, mainly due to my…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Said, Thanks for the post. You’ve summarized the challenges of online banking very well. I agree with you that the people are the weakest link in any information security program. Aside from the people using a bank’s online resources, you have the people internal to the bank that may be subject to, intentional or unintentional, fraudulent…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
Hi Paul,
This is a very good summary on the case. Thank you for sharing. Aside from being expensive, having onsite server’s also requires additional physical security controls. Some other cons, as mentioned in the case, is scalability and idle capacity. For a growing online customer base, HDFC would need to ensure that the new onsite…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 1 month ago
The ubiquity of the internet and banking reforms in India has made HDFC Bank one of India’s leading private banks with deposits over $15 billion in 2007. Along with the internet, the demand for online banking steadily increased and was considered to be the “banking of the future.” As Chief Information Security Officer for HDFC Bank, Vishal Salvi…[Read more]
-
Loi Van Tran wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Team Members: Loi Tran and Noah Berson
Wells Fargo Presentation
Wells Fargo Executive Summary
Wells Fargo Slide Deck
-
Loi Van Tran posted a new activity comment 8 years, 2 months ago
Here are some questions that I had and responded to from another student:
With step 2 and 3. I’m getting errors. Questions:
-When we edit vsftpd do we follow the blog post instructions to the t, or we just need to comment local enable=yes.
The only thing you need to do is make sure that there is no “#” in front of local_enable=yes
To sav…[Read more] -
Loi Van Tran wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 2 months ago
A recent research provided from Imperva explained that one in every fifty employees is a malicious insider. This reaffirms Gartner’s research that the insider is not just disgruntled employees leaving the […]
-
Interesting article. At my company we deal with PII data. Employees aren’t allowed to bring any storage devices such as USB or external hard drives, The flow of information into and out of the company networks are being regularly monitored and we can’t send any attachments externally through email. If there is any PII data being sent in attachment in an email, it has to be thru SecureZip and a person needs to be able to login to view it.
-
-
Loi Van Tran posted a new activity comment 8 years, 2 months ago
Great point Scott. The response is clearly not black and white. NSO was simply creating a product that people wanted. Businesses exists to make profit, otherwise they will not exist. Whether if it was in their own interest or public interest, they walked away with a substantial sum of money.
The problem exists after the sell of the…[Read more]
-
Loi Van Tran commented on the post, Cyber-Security regulations issues by Newyork state department of financial services, on the site 8 years, 2 months ago
I’m not sure what the Cybersecurity posture was for the 200 firms that DFS interviewed, but it seems that the “Proposed Regulation” is trying to catch up to current industry standard and practices. Financial institutions have always been and is the largest target for cyber crimes. Instead of implementing they should be refining their security…[Read more]
-
Loi Van Tran commented on the post, How did FBI hack terrorist's iPhone? News groups sue to find out, on the site 8 years, 2 months ago
I was reading this article earlier this week and thanks for providing the link to the case. I too disagree with the FBI stance on withholding such a critical vulnerability to the iPhone. Just like Apple has stated in it’s argument prior to the FBI obtaining access to the iPhone, the FBI now has a tool that would be able to access over 100…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 2 months ago
“cyber-breach of government data is often regarded as fair game.”
This statement made me boil a bit. They should say that to the 22 million previous, current, and prospective federal employees who have ALL of their information compromised (financial records, fingerprints, SSN, medical records). Basically their whole life were in the data that…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 2 months ago
Paul,
This is a good explanation of acceptable risk level. Organizations will sometimes have to make the decision on how much controls will be needed to reduce their risk to an acceptable level. Like an example given in class, the chances of a thermal-nuclear war is very low, but if it happens then the impact would be devastating. There’s…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 2 months ago
As we have learned in class and probably more from working experience, SSO provides great advantages to any organizations that has a suite of applications and software that typically requires login credentials. SSO provides the organization the flexibility to centrally manage their user accounts and provide users access to the resources that they…[Read more]
-
Loi Van Tran posted a new activity comment 8 years, 2 months ago
Synopsis of “Microsoft Patches Zero-Day Flaw Used by Malvertising Gangs”
The software giant, Microsoft, has once again found itself in the news about it’s software vulnerabilities and delayed response to patching up the vulnerabilities in its software, like IE versions 9 to 11, Office, Exchange Server and more.
The article specifically talk…[Read more]
- Load More
Nice work. Any thoughts about what an attacker might do with the 401k login?
Attackers might first try to obtain a list of usernames through social engineering. They can pose as new Wells Fargo employee, that has a Temple degree, and reach out to other Temple-grad employees. Attackers may be able determine how usernames/emails are structured through this contact. They can derive a list of possible usernames by using LinkedIn and try to brute force the password.