Week 3 Readings and Current Events

>> Reading Summary –

Business Partner Vulnerability Assessment:
Business/organizations depends on the network to communicate, buy/sell, and perform all sorts of transactions. Securing organization’s nodes along the way is an illusive objective and has challenged people and their organizations alike. Today’s connections are not physical, but rather virtual; there are virtual connection between customers and suppliers requires; due diligence in today’s connected world can yield better financial results. Every connected system is directly accessible from any other connected system (Schneier, 2000), thus increasing the attack surface. Even when you are secure, you should ensure that your law firm or marketing consultant for example is also protected.

The Art of Reconnaissance:
Begin by understanding basic demographics about the entity, then conduct basic DNS, IP address and tracing victim’s node; once basic data gathering is obtained and rules of engagement (formal/written permissions) has been ascertained, ping sweeps, fingerprinting and port scanning should acquired and analyzed.

Question:
Should LinkedIn promote end user education to ensure their users are NOT posting confidential, proprietary and other pertinent information to the public that could harm their organizations?

>> Current Events –
How KeyRaider Malware Hacked 225K Apple Accounts
http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/

Turla APT malware threat uses satellites to avoid detection
http://m.v3.co.uk/v3-uk/news/2425237/turla-apt-malware-threat-uses-satellites-to-avoid-detection