• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Matt Roberts

Unsecured Network-Enabled Car Components Could Cause Widespread Deaths

November 20, 2017 by Matt Roberts 2 Comments

Some experts have been warning that with the increased use of electronic and network-capable systems in cars produced over the last decade, security concerns could become life-threatening on a massive scale within few years. If not adequately secured, the vehicles’ internal networks could potentially be compromised, affecting brakes, locks, or power steering. While this would clearly be catastrophic, others have said it may not be as dire a situation as some describe, asserting that billions are being invested industry-wide to secure these electronic and digital components. The truth of it may lie somewhere in the middle, but only time will tell.

http://www.business-standard.com/article/international/hackers-can-kill-millions-if-cars-are-compromised-warns-expert-117112001110_1.html

Commenting plugin Disqus hacked

October 9, 2017 by Matt Roberts Leave a Comment

A few days ago, it was revealed that a popular commenting system used by many websites called Disqus was breached in 2012, compromising the information of over 17.5 million users. Apparently, it went unnoticed for 5 years until this past Thursday when the incident was discovered by an independent security researcher. It is likely that the information obtained (including SHA-1 hashed passwords) could be used in social engineering attacks on certain users. Disqus has made several security upgrades in the years since, including switching to a more secure password hashing algorithm, but this story is still developing as their investigation into the incident continues.

https://thehackernews.com/2017/10/disqus-comment-system-hacked.html

VPN provider assists FBI in arrest

October 9, 2017 by Matt Roberts 1 Comment

Recently, a Hong Kong-based VPN provider named PureVPN assisted the FBI in the arrest of a cyberstalker by releasing logs of his activity while using their service. The arrest is obviously good news, but the interesting thing is that while PureVPN explicitly states that they “do not monitor activity or keep logs,” this is clearly not the case. Most VPN providers make similar claims, but this is hard to verify from the outside. This should make VPN users take a closer look at the service they use, and be mindful that they may not be as secure as they claim.

https://thehackernews.com/2017/10/no-logs-vpn-service-security_8.html

Damages Awarded in Phone-Hacking Case Against the Mirror Publishing Group

October 3, 2017 by Matt Roberts Leave a Comment

http://www.bbc.com/news/uk-41481307

This story concerns something that happened several years ago, but was just recently resolved and I think is still very much relevant. Back in 2011, it was revealed that MPG (Mirror Publishing Group), a group of daily British newspapers, had been hacking into the phones of celebrities and prominent figures to gain personal information for stories. The original case was a broad investigation known as the Leveson Inquiry, which was closed in 2012. In October 2016, comedian Steve Coogan, among many others, brought a case of his own against the company, citing personal attacks on him by newspapers following his testimony in the Leveson case. Coogan has recently settled the case for an unspecified six-figure sum after MPG admitted to running stories on him using personal information illegally obtained by hacking into his mobile voicemail accounts. While this is not a strictly technical article, it does highlight the growing needs and concerns about mobile device security. As more and more aspects of our lives are run from our phones and mobile devices, it has become painfully clear that strong, layered protections are needed to secure our personal information, as even the smallest gap or vulnerability can be exploited.

 

Massive Data Breach in India, 6000 Businesses Compromised

October 3, 2017 by Matt Roberts 1 Comment

http://economictimes.indiatimes.com/tech/internet/hacker-puts-info-of-over-6000-indian-businesses-up-for-sale-in-massive-data-breach/articleshow/60925964.cms

Recently, Seqrite Labs and seQtree Infoservices in India tracked a DarkWeb advertisement for the sale of stolen data from over 6000 Indian organizations, including government agencies, private companies, and ISPs. In addition to selling information, the attacker claims to be able to take out the network of any of these breached companies, for a price. Allegedly, they can corrupt the IP allocation pool, rendering the system unable to function. If true, this is very disturbing news for all these organizations, but most of all for the Asia Pacific Network Information Center (APNIC), which investigators are all but certain has been compromised by these attacks. They have ascertained this by posing as a potential buyer online and obtaining sample e-mail lists. As for the identity of the attacker, it seems the persona being used was just created recently, a more and more common tactic used by cyber criminals. If a network damaging attack were to be performed on IRINN, an ISP identified as being breached, it could have catastrophic effects on IP allocation and therefore internet access in India.

RouteX Malware Found Exploiting Netgear Routers

September 24, 2017 by Matt Roberts 1 Comment

https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/routex-malware-found-exploiting-remote-access-vulnerability-in-netgear-routers

Recently, a vulnerability was discovered in the remote command and execution function of Netgear routers. Malware known as RouteX has been found to be exploiting these devices to turn them into a socket secure or SOCKS proxy server which allows the attacker to anonymously launch attacks on intended targets.

RouteX is different from similar past examples of this kind of attack in that once it has compromised the device, it sets firewall rules and access restrictions to prevent other attacks from exploiting the same vulnerability and gaining control. This is indicative of the growing risks posed by unsecured machines such as routers and IoT devices.

Primary Sidebar

Weekly Discussions

  • Uncategorized (33)
  • Week 01: Overview (2)
  • Week 02: TCP/IP and Network Architecture (2)
  • Week 03: Reconnaisance (11)
  • Week 04: Vulnerability Scanning (14)
  • Week 05: System and User Enumeration (13)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (17)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (13)
  • Week 12: Web Services (18)
  • Week 13: Evasion Techniques (13)
  • Week 14: Review of all topics (11)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in