ITACS 5211: Introduction to Ethical Hacking
Wade Mackey
Article, courtesy of Hacker News
The article this week is about the dangers of posting too much information online. A gentleman shared a picture of his boarding pass for an upcoming trip. A friend of his was able to use the information posted on the pass to view/modify details like a passport number and travel dates.
http://www.military.com/daily-news/2017/09/17/navys-most-advanced-subs-will-soon-use-xbox-controllers.html
For anyone who hasn’t worked in or with the military, the government acquisition and stock systems are constantly derided for the huge amount of time and expense added to any purchase. In an effort to combat this, the USS John Warner is going to use the XBOX 360 controllers for periscope controls. The obvious win here is that the Navy now has a cheap supply of replacement parts for when these parts are broken rather than needing to order an entirely new $38k controller.
The dangers to the navy are that 1) The Navy is advertising a specific product they’re using, which means that 2) An adversary could use a bug in the controller driver to compromise Navy machines or 3) an adversary could produce a similar controller with a USB Rubber Ducky or other compromising software inside, and find a way to provide the controller to the ships (either by selling them in stores near the port, or by doing the controller equivalent of dropping a USB flash drive in the parking lot)
I know this article is not about recent cyber-attacks, but I did find it quite intriguing. In general, I am not a super fan of any celebrity, so my search history does not usually include any known actors, actresses, etc. And I am not one to look for an instant download of my favorite artist’s new, released song. However, it was a good read to see the other methods cybercriminals are utilizing.
McAfee released its annual report regarding the riskiest celebrities to search for online. Avril Lavigne was top on the list. These search results can potentially expose fans to malicious websites. Other top celebrities were Amy Schumer, Emma Watson, Carly Rae Jepsen, Zayn Malik and Celine Dion. Cybercriminals are using peoples’ obsessions with celebrities to direct users to malicious websites which can install malware, steal personal information or passwords. Today, people want the latest music, movies, etc. and they want it instantly. Sadly, people tend to choose convenience over security by clicking on unfamiliar links that has the latest content they are searching for.
Also, I was not aware that McAfee released this type of report.