@shi-yu-dong
Active 4 years, 11 months ago-
Shi Yu Dong commented on the post, ICE 5.1 Telling a Story through Visualization, on the site 6 years, 6 months ago
Great Post! Very Interesting.
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 6 months ago
“Finland’s 3rd Largest Data Breach Exposes 130,000 Users’ Plaintext Passwords”
Finland’s citizens had their credentials compromised in a large data breach. Hackers attacked a new Business Center in Helsinki, […]
-
Shi Yu Dong commented on the post, Week 12 Update, on the site 6 years, 6 months ago
“Finland’s 3rd Largest Data Breach Exposes 130,000 Users’ Plaintext Passwords”
Finland’s citizens had their credentials compromised in a large data breach. Hackers attacked a new Business Center in Helsinki, a company that provides business consulting and planning and stole over 130,000 user’s credentials which were stored website database in…[Read more]
-
Shi Yu Dong commented on the post, Week 11 Update, on the site 6 years, 7 months ago
“Microsoft’s Meltdown Patch Made Windows 7 PCs More Insecure”
Meltdown CPU vulnerability was critical vulnerability of CPUs. Upon patching/fixing the vulnerability, Microsoft somehow made the flaw in the Patch/Fix that made vulnerability even worse on Windows 7 OS allowing any unprivileged, user-level application to read content from and even…[Read more]
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 7 months ago
An interesting read that I found talked about how Memcached servers can be quickly hijacked and compromised by to launch large DDoS attacks. Utilizing IT spoofing and a poorly implemented UDP causes the servers to […]
-
Shi,
Quite an interesting article that talks about how Memcached servers can be hacked using large DDoS attacks. As far as I know, prevention against DDoS is still under research and in fact many organizations still do not have the best practices to prevent such attacks. Such situations can only be avoided by having a centralized monitoring and triggering system to check port status of all devices rather than doing it manually.
-
-
Shi Yu Dong commented on the post, Week 10 Update, on the site 6 years, 7 months ago
An interesting read that I found talked about how Memcached servers can be quickly hijacked and compromised by to launch large DDoS attacks. Utilizing IT spoofing and a poorly implemented UDP causes the servers to be put at risk because attackers will send a packet to the server, which will in turn greatly increase the size and forward the attack…[Read more]
-
Shi Yu Dong commented on the post, Week 09 – Update, on the site 6 years, 7 months ago
Dubbed RottenSys, the malware that disguised as a ‘System Wi-Fi service’ app came pre-installed on millions of brand new smartphones that actually does not provide any WiFi services but rather takes all sensitive Android permissions to enable its malicious activity.
Ref. Link:
https://thehackernews.com/2018/03/android-botnet-malware.html -
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 7 months ago
Fresno State data breach, 15,000 affected!!
This article relates to the data breach of the California State University, Fresno. According to the article, “the personal information of more than 15,000 p […]
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 7 months ago
Massive 1.7Tbps DDoS reflection/amplification attack was conducted against one of its unnamed US-based customer’s website.
Attackers exploited vulnerability of many internet facing “Memcached” servers, open- […]
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 8 months ago
Computer Security Firm “CrowdStrike” performed research and analysis of recent attacks (NotPetya, WannaCry) targeting U.S. organizations that caused million of dollars in losses. Especially, it has been fou […]
-
Shi Yu Dong commented on the post, Week 5 Update, on the site 6 years, 8 months ago
Computer Security Firm “CrowdStrike” performed research and analysis of recent attacks (NotPetya, WannaCry) targeting U.S. organizations that caused million of dollars in losses. Especially, it has been found that U.S. administration as top intelligence group is most vulnerable as they can’t keep up with network security threats.
Next-Gen Firew…[Read more]
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 8 months ago
“Hackers Can Now Steal Data Even From Faraday Cage Air-Gapped Computers”
In Wireless Network Security, given the nature of physics related to Wireless Signal propagation in the air, exposure of Wireless Rad […]
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 8 months ago
Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites
According to this article “Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites”, it describes that a simple but serious app […]
-
Shi,
Nice summary of the article. I am quite surprised that WordPress allows execution of the PHP file at run time by changing the parameters. A similar kind of flaw was witnessed a couple of years back when users can potentially change variable parameters of images in WordPress sites and identify information of websites without security logins. The patch needs to be done as soon as possible before it affects users. I am pretty sure a large percentage of SMBs use WordPress for their business needs.
-
-
Shi Yu Dong commented on the post, Discussion Week 14, on the site 6 years, 10 months ago
Discussion Topic 14.3
I would report my discoveries as required, in any case if the new software engineer is the relative of the VP. The VP can offer whatever he needs however at last, the honesty of myself is more vital than more cash. In the realm of digital security, we would prefer not to energize individuals who infringe upon the law and…[Read more] -
Shi Yu Dong commented on the post, Discussion Week 13, on the site 6 years, 10 months ago
Traffic on a system can be managed by either Rejecting or Denying. Both these choices are utilized broadly in separating activity from clients to a framework or server. Reject is utilized when the objective host needs to dismiss parcels got from source by sending and ICMP Unreachable message. The reason for Reject is to tell the source that the…[Read more]
-
Shi Yu Dong commented on the post, First US Federal CISO Shares Security Lessons Learned, on the site 6 years, 11 months ago
Hi Andres:
Great post! I found very interesting of topic that whether cyber security is a risk management issue or a technology problem, I also found interesting of how to protect our information and data.
-
Shi Yu Dong wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 6 years, 11 months ago
According to this article, it describes that a former National Security Agency employee named Nghia Hoang Pho pleaded guilty on Friday to Illegally talking classified documents home which were later stolen by […]
-
Will follow up this story in April…
-
Shi Yu,
This is an individual action of someone who is either careless or who doesn’t know what he is doing. his action shows there are government policies that need to be changed and obligate employees to be careful with such sensitive files.
This is a very educative article that I am sure it will teach a lesson to so many people the consequences of taking government documents home. -
It is definitely an interesting read. I wonder what was the motivation of the NSA employee to take the classified documents.
-
-
Shi Yu Dong commented on the post, uber hacked, on the site 6 years, 11 months ago
Hi Fred:
Great post. I was very shock that Uber didn’t announced data breach and try to use money to cover up.
-
Shi Yu Dong wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 6 years, 11 months ago
According to the article, an Iranian web developer named Pouya Darabi discovered and reported a critical vulnerability in Facebook systems that could have allowed anyone to delete any photo from the social […]
-
Quick response by Facebook to fix the bug and it’s interesting to see bug bounty hunters.
-
Interresting…..it s good that they fix it.
-
That’s quite an interesting news and I am surprises to see such flaws from world’s largest social networking community. This is pure case of internal system fix and stands a good example for many businesses related to this. It’s good that it was reported on time before any potential violation occurred and extracted personal images.
-
-
Shi Yu Dong commented on the post, Discussion Week 11, on the site 6 years, 11 months ago
It truly relies on the activity of the person. I don’t perceive any reason why an Application Developer or a Database Administrator will expect access to these devices. So it ought to be restricted to them. In any case, in the event that you are a piece of the pen testing or digital security group, you would in all likelihood require access to one…[Read more]
- Load More
Thanks for sharing the article. This is pretty scary and quite concerning too especially because of the problems in the maritime waters. This type of cross-country digital hacks have become quite common now a days where countries are willing to do anything to get data for their own benefit. It is high time that countries have strong defense mechanisms and legal actions for such acts. You right pointed out that the legal rules between China and the US failed here. Such laws need to be scrutinized further