Week 5: Reading Summary, Question, and InTheNews

McGreevy, J.P.  (2002). “Footprinting: What Is it, Who Should Do It, and Why?”, SANS Institute Information Security Reading Room, Sans Institute.   In planning an attack, the author instructs that “Footprinting” is the first step hackers take in gathering information and building a database about their perspective target “organization’s security posture, profile of their Intranet, remote access capabilities, and intranet/extranet presence.”  McGreevy suggests that to thwart a hacking attack, security specialists should gather the same information about the system they are tasked with protecting to understand its weakness and what an attacker can use against it.  He outlines a high-level four-step foot printing process that includes: (1) Open Source Searching, (2) Network Enumeration, (3) DNS Interrogation, and (3) Network Reconnaissance.  As footprinting an entire organization’s IT infrastructure can be a big and challenging task, McGreevy advises security personnel to focus initially on one department or segment of the network and broaden from their over time.

Owens, K.J. (2003). “Battle for the Internet: The War is On!” SANS Institute Information Security Reading Room, Sans Institute.  Owens places Footprinting in context as first of seven steps conducted by nefarious hackers, each of which must be mastered by security professionals if they are to protect systems from attacks.  He introduces each of the seven steps along with a rich collection of (likely outdated) resources and techniques for different operating system environment to master, sandwiching them all with warnings of legal and ethical consequences of their inappropriate use.

Question for Class: While Owen’s twelve year old article leaves the reader believing the techniques are likely still sound, do you think the Linux tools have more staying power and have outlasted the Windows ones?

InTheNews: The Value of a Hacked Email Account, Krebsonsecurity.com – http://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/   Signing up for any service online almost always requires you to supply your email address.  Almost always, any person in control of your email address can request a password reset email and take controls of your service or accounts. While there are not central exchanges for these accounts, credentials are being offered for resale by underground peddlers. For example: “iTunes accounts for $8, and Fedex.com, Continental.com and United.com accounts for USD $6. Groupon.com accounts fetch $5, while $4 buys hacked credentials at registrar and hosting providerGodaddy.com, as well as wireless providers Att.com, Sprint.com,Verizonwireless.com, and Tmobile.com. Active accounts at Facebook and Twitter retail for just $2.50 apiece.”  Hacked accounts, in contrast, “go for $1 to $3 for active accounts at dell.com, overstock.com,walmart.com, tesco.com, bestbuy.com and target.com.” The keys to unlocking access to files stored in online and cloud file-storage services such as DropBox, Google Drive, and Microsoft Skydrive also lie “in your inbox.”