The ISACA event was a lot of fun for me. I talked to some previous ITACS graduates that have found positions in IT auditing or cyber security immediately after graduating here. I spoke with Fraser who recently started working in a SOC. Then I talked to Michael from GeoBlue, a health insurance company for people on business travel or exchange students. Michael mentioned that his company does yearly audits and that every year the quality of the audit differs, even though they use the same company. He says that due to the “gut feeling” nature of penetration tests and audits, different holes are found. Sometimes one auditor is also more or less thorough. I found this interesting as it indicates a niche in the market for penetration testing, that is to structure the testing so that it does not depend on the tester.
Social Engineering Term Paper
I stumbled upon this paper from three researchers in Portugal. They do a good job defining a lot of terms and definitions which are used in the Social Engineering. Especially helpful is that the paper describes many of these attacks and shows examples in Kali. On the other hand the paper is a little short and pretends to be a research piece when no new information is given. It only really describes the existing state of Social Engineering but draws no new conclusions.
https://www.researchgate.net/publication/315351300_SOCIAL_ENGINEERING_AND_CYBER_SECURITY
Beware of App data collection
https://medium.com/@kahunalu/under-the-hood-airbnb-9aceb8954f8a
Apps such as AirBnB collect a plethora of data, some of which is completely useless to the company itself. For example, the app detects the direction that the device is facing, gathered from the magnetic sensor. This information is then sent server-side. Other information is collected by third party providers through their app integration. Services such as the facebook login option gather this data, whether you use the Facebook login or not.
One way to protect yourself is to block these server’s DNS queries. You can do that by installing a DNS sinkhole in your network. These can be small devices such as a pi-hole (https://pi-hole.net/) or a virtualized option. You then just point your DNS server to the new device.
Cyber Security News Sources
Hello,
I’d like to discuss where everyone Cyber Security news from and find some interesting sources. Feel free to share yours even if in another language. Here are my personal top sources:
https://www.reddit.com/r/netsec/
https://www.bleepingcomputer.com/
Also here is a nice graph of tools for intelligence gathering like we used for our last assignment.
https://i.redd.it/370mx0gln0k01.jpg
Webserver serving swap files – vulnerability
https://webdevetc.com/blog/how-to-get-someones-database-credentials-while-they-are-editing-config-files-on-a-live-server
When editing on a web-server in production with an editor like Vim, that editor will create a swap file which could mistakenly be served to the public. Therefore it is
A) important to restrict the filetype that is being served (you can do this in .htaccess or php config (NodeJS doesn’t have this problem since files are served from the public folder only and html is templated first)).
B) do not edit on a production server, instead use a staging tool like Git.