-
Wade Mackey commented on the post, Progress Report for Week Ending, March 22, on the site 8 years, 1 month ago
I was hoping someone would post one of these articles. The question I would like all of you to consider is where do you draw the line. Some level of surveillance is necessary, but at some point it goes to far. This is a conversation that still needs to take place in our society..
-
Wade Mackey commented on the post, Progress Report for Week Ending, March 22, on the site 8 years, 1 month ago
Some of this stuff goes back forty plus years. If you look up “tempest” you will see the military was worried about leakage from electronic systems for a very long time.
-
Wade Mackey commented on the post, Progress Report for Week Ending, March 15, on the site 8 years, 1 month ago
One of the things I hope all of you will come to understand as we go through the semester is that there is no such thing as a “secure” system. All any of us can hope is to harden are systems to make it more difficult. If an attacker is determined, they will get in.
-
Wade Mackey commented on the post, Progress Report for Week Ending, March 15, on the site 8 years, 1 month ago
Changing of passwords is an issue of some controversy. If you have to change regularly, people tend to come up with simpler passwords, or some kind of formula or system so they can keep track.
-
Wade Mackey commented on the post, Progress Report for Week Ending, March 15, on the site 8 years, 1 month ago
The other thing to keep in mind is that SWIFT is not the only system for moving money. I know some firms are taking the lessons from SWIFT and looking at their other systems to apply the same higher controls.
-
Wade Mackey commented on the post, Progress Report for Week Ending, March 15, on the site 8 years, 1 month ago
The finger print scanners have their own issues. There are known techniques for tricking the scanners with copies of prints. Also, there have been some studies indicating familial similarities. Finally, until recently, IOS let you add additional people to your phone without resetting access to applications. This leads to people having…[Read more]
-
Wade Mackey wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Behind the scenes, SWIFT is upping the ante for financial institutions. If you do not upgrade your systems and put robust processes in place you find your institution disconnect from SWIFT. This is effectively a […]
-
Wade Mackey wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
It sounds old fashioned, but I tell students that the may person you cheat is yourself. Much like this course, if you just want to get through with a score. it is not difficult. If you want to learn and be p […]
-
I like what you have done with the student who broke into the teacher’s account and showed how good he was, Scott. In the article, students hired hackers to help them to change their grades which sounded fashion to me. In my mind, cheating is just copying others’ work, asking people to take exam for you and etc. I also agree with Wade that even you can cheat to get 4.0 GPA, but you can not go to work with the dark web. They can’t do you job for you or earn money for you.
-
-
Wade Mackey wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
This is an area where internal threats may be even greater. Admins of these systems have the ability to “adjust” vote counts. This means processes will need to be put in place to ensure this does not happen or i […]
-
Wade Mackey wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
One thing to keep in mind is that firms that process PII or other sensitive data may restrict staff that access these systems from working remotely. In particular, financial firms often have sophisticated […]
-
Although organizations typically provide things such as 3M privacy screens for employees that tends to travel or work out of the office, it is also good to mention that the employees also have the responsibilities to protect the information that they access. Good companies should have policies surrounding to what type of information can be access from a public domain (Starbucks) or a private domain (home office) when connecting to company’s network remotely. It is also good practice to not access information that is considered “sensitive,” like customer data or employee information, when you’re working in a public area.
-
Wade,
I agree with that to a certain extent. I am sure most of these type of companies would restrict remote employees to do so; however, a good portion of them would simply give you a VPN access and advise to be careful the WiFi network you are is using. -
It seems like there is a rule that when things become easier, it also comes with more risk. Allowing people to work remotely helped some employees who had special situation and retained valuable employees. However, it comes with some risk of information leak. It will be better if organizations reminds employees not to work in public. Starbucks is not a good place for working though, people who work remotely should at least stay at a private room like hotel room or their own room.
-
-
Wade Mackey wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
One thing to keep in mind is that password keepers and the browser function to remember passwords have their own vulnerabilities that can resut in an attacker taking advantage of these.
Wade
-
Thanks Loi for posting this interesting article. Passwords are made to protect our information, but it also becomes a problem for some people. Usually, people like using same password for everything because it is easy to remember and use. However, we always have a time that we need other people to enter the password for us. In this way, other people can be aware of your password. Then they can try it on your banking account. You recommenced several software for managing our password, but it is still a issue when we don’t have our computer with us. I think using finger print like iPhone is really a good way to help us to solve the problem. It is easy and hard to be stolen.
-
Between accessing different apps at work and various accounts/websites at home, managing all these passwords has been a pain. I am guilty of not being very creative when it comes to password creation. It’s just so hard to manage all of them, and I don’t trust any app to manage them for me. At work, I ended up creating a notepad with the list of my passwords with asterisks in them. I would just, for example, have 2 or 3 characters out of 10 that are not asterisks. This would help me remember what the pw was, if I ever forgot. With the advent of Samsung’s S7 Iris scanner, I am hoping it will catapult biometric scanning to become mainstream.
-
The finger print scanners have their own issues. There are known techniques for tricking the scanners with copies of prints. Also, there have been some studies indicating familial similarities. Finally, until recently, IOS let you add additional people to your phone without resetting access to applications. This leads to people having unintended access.
-
-
Wade Mackey wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Here is the presentation from Week 1
Intro to Ethical Hacking
-
Wade Mackey wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 2 months ago
Welcome to Ethical Hacking
-
Wade Mackey wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 2 months ago
Welcome to Ethical Hacking
-
Wade Mackey wrote a new post on the site Wade Mackey 8 years, 2 months ago
Wade Mackey
Adjunct Professor
Department of Management Information Systems
Fox School of Business, Temple University
209C Speakman Hall
1810 North 13th Street
Philadelphia, PA 19122-6083
Phone: […] -
Wade Mackey wrote a new post on the site Advanced Penetration Testing 8 years, 6 months ago
Advanced Penetration Testing -Week-13
Presentation Details:
Title: =MIS 5212.001_4/4/2016
Date: Monday, April 4, 2016
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: […] -
Wade Mackey wrote a new post on the site Advanced Penetration Testing 8 years, 6 months ago
Advanced Penetration Testing -Week-12
You have been invited to attend a Mediasite presentation.
Presentation Details:
Title: =MIS 5212.001_3/28/2016
Date: Monday, March 28, 2016
Time: 5:30 PM (UTC-05:00) […] -
Wade Mackey wrote a new post on the site Advanced Penetration Testing 8 years, 6 months ago
Capture
Caution. This is a big file (48 mb) Only grab it if you want something to run aircrack against.
-
Wade Mackey wrote a new post on the site Advanced Penetration Testing 8 years, 7 months ago
Advanced Penetration Testing -Week-11
Presentation Details:
Title: =MIS 5212.001_3/21/2016
Date: Monday, March 21, 2016
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: […] -
Wade Mackey wrote a new post on the site Advanced Penetration Testing 8 years, 7 months ago
Advanced Penetration Testing -Week-10
Presentation Details:
Title: =MIS 5212.001_3/14/2016
Date: Monday, March 14, 2016
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: […] - Load More
This article is very interesting and shows how even with such sensitive data organizations are reluctant to keep their systems up-to-date and secure. This is also present even among everyday consumers who do not update their mobile phones or operating systems which can cause serious security risks allowing hackers to get access to PII. A hacker’s ultimate goal is for monetary so making sure all of your systems are secure, especially in a financial institution is a must.
The financial institution that I work for is taking this SWIFT attack very seriously. Although many North American banks do not have the security deficiencies that are described for Bangladesh Bank, nobody wants their dirty laundry aired with the regulators, customers and shareholders (as SWIFT has threatened to do).
Many banks are looking at both their IT general controls (e.g. logical access) and process controls related to SWIFT wire transfers to assess their overall control environment and whether they are susceptible to the attacks that were experienced earlier this year.
I agree that it would be impossible to survive in this industry if you could not use the SWIFT network for transferring funds.
The other thing to keep in mind is that SWIFT is not the only system for moving money. I know some firms are taking the lessons from SWIFT and looking at their other systems to apply the same higher controls.