Loi Van Tran

Project Shield Has Krebs on Security’s Back

Last month a Distributed Denial of Service (DD0S) hit Brian’s Krebs (krebsonsecurity.com) website and was dubbed Marai, one the largest DDoS attach in history. It delivered over 620 gigabytes of “junk” data, making the site unresponsive and had to be taken down until Krebs was able to move his site…[Read more]

As you’ve state, the article does bring up a very important point about biometrics data. Although biometrics is considered the most secure way to authenticate and individual, it also has it weaknesses. Unlike other authentications methods like username, passwords, and physical tokens, biometrics identity cannot be replaced, Although the banks…[Read more]

Thanks for the article Scott. You’re absolutely right about the information that we put on the internet is no longer ours and we are depending on the companies to protect it. As we seen over the years, attacks on corporate systems has plagued every industries. We’re talking about script kiddies to state-sponsored attacks. It is important to…[Read more]

There are some real flaws with Wells Fargo corporate culture and values. Their CEO John Stumpf created a culture where employees were obligated and pressured cross sale new accounts to existing customers, even if they don’t need. This in turns increase the stock price of the company. The average accounts held by other banks are 3 per customers.…[Read more]

The company that I work for has a very strict policies on BYOD. First no personal laptops, jump drives or any sort of storage devices are permitted on premises. Secondly, we provide a separate WIFI connection for guests and employees personal devices. The user cannot directly connect to the Wifi unless it is approved by the security team, in…[Read more]

Synopsis of “Swift Reports Summer Cyber Attacks on Three Banks”

Since this week’s case study was online banking, I thought this article was interesting because it points out that not only online banking is vulnerable to cyber attacks.

Swift is a company that provides a financial messaging network to business, banks, and other financial…[Read more]

Ruslan, this is a very tough act to follow and you’ve provided a great number details for both OS. I have always been a Windows user and have only venture into Linux in the recent year. I still find Linux a little confusing, but am hoping to become better at it. At this juncture, I would prefer the GUI of the Windows OS, mainly due to my…[Read more]

Said, Thanks for the post. You’ve summarized the challenges of online banking very well. I agree with you that the people are the weakest link in any information security program. Aside from the people using a bank’s online resources, you have the people internal to the bank that may be subject to, intentional or unintentional, fraudulent…[Read more]

Hi Paul,

This is a very good summary on the case. Thank you for sharing. Aside from being expensive, having onsite server’s also requires additional physical security controls. Some other cons, as mentioned in the case, is scalability and idle capacity. For a growing online customer base, HDFC would need to ensure that the new onsite…[Read more]

The ubiquity of the internet and banking reforms in India has made HDFC Bank one of India’s leading private banks with deposits over $15 billion in 2007. Along with the internet, the demand for online banking steadily increased and was considered to be the “banking of the future.” As Chief Information Security Officer for HDFC Bank, Vishal Salvi…[Read more]

Here are some questions that I had and responded to from another student:

With step 2 and 3. I’m getting errors. Questions:
-When we edit vsftpd do we follow the blog post instructions to the t, or we just need to comment local enable=yes.
The only thing you need to do is make sure that there is no “#” in front of local_enable=yes
To sav…[Read more]

Great point Scott. The response is clearly not black and white. NSO was simply creating a product that people wanted. Businesses exists to make profit, otherwise they will not exist. Whether if it was in their own interest or public interest, they walked away with a substantial sum of money.

The problem exists after the sell of the…[Read more]

I’m not sure what the Cybersecurity posture was for the 200 firms that DFS interviewed, but it seems that the “Proposed Regulation” is trying to catch up to current industry standard and practices. Financial institutions have always been and is the largest target for cyber crimes. Instead of implementing they should be refining their security…[Read more]

I was reading this article earlier this week and thanks for providing the link to the case. I too disagree with the FBI stance on withholding such a critical vulnerability to the iPhone. Just like Apple has stated in it’s argument prior to the FBI obtaining access to the iPhone, the FBI now has a tool that would be able to access over 100…[Read more]

“cyber-breach of government data is often regarded as fair game.”

This statement made me boil a bit. They should say that to the 22 million previous, current, and prospective federal employees who have ALL of their information compromised (financial records, fingerprints, SSN, medical records). Basically their whole life were in the data that…[Read more]

Paul,

This is a good explanation of acceptable risk level. Organizations will sometimes have to make the decision on how much controls will be needed to reduce their risk to an acceptable level. Like an example given in class, the chances of a thermal-nuclear war is very low, but if it happens then the impact would be devastating. There’s…[Read more]

As we have learned in class and probably more from working experience, SSO provides great advantages to any organizations that has a suite of applications and software that typically requires login credentials. SSO provides the organization the flexibility to centrally manage their user accounts and provide users access to the resources that they…[Read more]

Synopsis of “Microsoft Patches Zero-Day Flaw Used by Malvertising Gangs”

The software giant, Microsoft, has once again found itself in the news about it’s software vulnerabilities and delayed response to patching up the vulnerabilities in its software, like IE versions 9 to 11, Office, Exchange Server and more.

The article specifically talk…[Read more]