• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Week 02: TCP/IP and Network Architecture

Browser Extensions: Are They Worth the Risk

November 26, 2018 by Manogna Alahari Leave a Comment

https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-risk/

I read an article titled – Browser Extensions: Are They Worth the Risk – where the author states, cyber criminals hacked browser extension of a popular file site- Mega.n, for google chrome so that usernames and passwords submitted through the browser were copied and forwarded to some scamp server in Ukraine. To avoid these kind of scenarios, limit the exposure to these attacks by getting rid of extensions that are no longer useful or actively maintained by developers since browser extensions can systematically fall into wrong hands. Browser extensions can be especially handy and useful, but negotiated extensions can give attackers access to all data on your computer and the websites we visit. In this case, the extension gets negotiated when someone with legitimate rights to alter its code gets phished or hacked which can be nightmares for users. If using multiple extensions, adopt a risk-based approach or limiting one’s reliance on third-party browser extensions reduces the risk significantly

Ransomware Attack Takes Down Bristol Airport’s Flight Display Screens

September 18, 2018 by Satwika Balakrishnan Leave a Comment

https://thehackernews.com/2018/09/cyberattack-bristol-airport.html

Bristol Airport was faced with a blackout of flight information screens for two days over the weekend due to a ransomware attack. The attack affected several computers over the network, including its in-house display screens that provided information about flight arrival and departures. The airport staff had to rely on whiteboards to announce check-in, arrival and departure details. The ransomware was not paid in this case and the airport staff took down their systems while they serviced affected computers.

Chrome extension MEGA hacked affecting 1.6 million users.

September 15, 2018 by Brock Donnelly Leave a Comment

https://latesthackingnews.com/2018/09/09/mega-chrome-extension-hacked-affecting-1-6-million-users/

Chrome extension MEGA hacked affecting 1.6 million users.

I am not familiar with MEGA but I am with cryptocurrencies and MEGA is an Chrome extension for business regarding cryptocurrencies. A trojan infected extension for chrome has effected 1.6 million users. They data susceptible extends beyond millions of worth of cryptocurrencies but also account user names and passwords for companies such as Microsoft, Github, Google, and Amazon.

It was swiftly removed from the Chrome Store and an update for MEGA was released. If you use it… better update. I would look into your accounts as well.

What is Metasploit?

September 12, 2018 by Connor Fairman Leave a Comment

Apparently Metasploit is one of the most commonly used penetration tools available. I discovered this after reading about how attackers can use Meterpreter to gain control over a user’s computer/device. Relevant to our class is the fact that the most recent version of Metasploit is in Ruby, which means that your computer must have Ruby installed in order to run this software. Good for those who have macs because I’m pretty sure they already have some version of Ruby installed on them.

The interesting bit about this is not that it’s commonly used or free, but that it seems relatively easy to download to start using. All you need is a machine with Ubuntu and a very minimal understanding of how to use the command line and you’re set. Another interesting thing to consider is that this software, while useful for testing purposes, can be exploited to do some truly alarming deeds, many of which are detailed thoroughly on the null-byte website.

 

https://null-byte.wonderhowto.com/how-to/hack-like-pro-getting-started-with-metasploit-0134442/

How to Hack into Someone’s Laptop Camera

September 12, 2018 by Connor Fairman Leave a Comment

Honestly this is something that I have wondered about for years now ever since the Lower Merion School District’s camera hacking controversy. Apparently it’s not that difficult to control someone’s camera after all. Step one is accidentally allowing someone to install Meterpreter on our computer, via an email attachment or something of the like. Through Meterpreter, the attacker gains access to our command shell aka our terminal. They can even run shell scripts on your computer through Meterpreter, which sends data back to the attacker in a way that doesn’t risk detection. Once meterpreter is installed, the attacker can list our devices’ cameras and access them via the command line. That simple.

 

https://null-byte.wonderhowto.com/how-to/hack-like-pro-secretly-hack-into-switch-on-watch-anyones-webcam-remotely-0142514/

 

https://null-byte.wonderhowto.com/how-to/hack-like-pro-hacking-samba-ubuntu-and-installing-meterpreter-0135162/

British Airways Hacked – 380,000 Payment Cards Compromised

September 12, 2018 by Nishit Darade 1 Comment

British Airways, who describes itself as “The World’s Favorite Airline,” has confirmed a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks.

The airline advised customers who made bookings during that 15 days period and believe they may have been affected by this incident to “contact their banks or credit card providers and follow their recommended advice.”

The company also said that saved cards on its website and mobile app are not compromised in the breach. Only cards that have been used by users to make booking payments during the affected period are stolen.

https://thehackernews.com/2018/09/british-airways-data-breach.html

Webserver serving swap files – vulnerability

September 11, 2018 by Frederic D Rohrer 2 Comments

https://webdevetc.com/blog/how-to-get-someones-database-credentials-while-they-are-editing-config-files-on-a-live-server

 

When editing on a web-server in production with an editor like Vim, that editor will create a swap file which could mistakenly be served to the public. Therefore it is

A) important to restrict the filetype that is being served (you can do this in .htaccess or php config (NodeJS doesn’t have this problem since files are served from the public folder only and html is templated first)).

B) do not edit on a production server, instead use a staging tool like Git.

Network Architecture:Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers

September 10, 2018 by Ruby(Qianru) Yang Leave a Comment

A critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software that could allow a local attacker to elevate privileges to root and take full control of a system. The vulnerability (CVE-2018-0141) is due to a hard-coded password for Secure Shell (SSH), which could be exploited by a local attacker to connect to the PCP’s Linux operating system and gain low-level privileges.

This vulnerability has been fixed in Cisco Secure ACS 5.8.0.32.9 Cumulative Patch. The company is strongly encouraging users to update their software to the latest versions as soon as possible, as there are no workarounds to patch these vulnerabilities.

 

https://thehackernews.com/2018/03/cisco-pcp-security.html

IoT – Threat in Network attack surface

September 10, 2018 by Jayapreethi Selvaraju 5 Comments

Since last week was TCP/IP, I decided to post something on IoT. It is little old article but it has a snippet of code that can be used to control the coffee machine in your home using desktop computer instead of using the android phone app of the coffee machine. It is interesting. Take a look at

https://qz.com/901823/the-easy-way-your-smart-coffee-machine-could-get-hacked-and-ruin-your-life/

 

6 Ways to Fight Election Hacking and Voter Fraud, According to an Expert Panel

September 9, 2018 by Xinteng Chen 2 Comments

In this article, the author introduces about 6 ways to fight election hacking and voter fraud.

  1. Use paper ballots to establish a backup record of each vote. Using this way because even though devices and computers do not connect to internet, it is still hard to protect them from cyber threats. Therefore, each computer should generate paper records for votes.
  2. Outlaw any kind of internet voting – from now. Some states allow people to vote online, or vote by sending emails. It is not secure for data. Hacker could intercept these information and make changes. Therefore, internet voting should be terminated.
  3. Verify election results. All elective results should be audited publicly and transparently to make sure the results are accurately. Risk limiting audits should be conduct to double check the vote validation.
  4. Crosscheck voter registrations nationwide to weed out duplicates. All states should compare the registration database to make sure there is no duplicated vote in different states.
  5. Make voting by mail more secure. Mailing voting is securer than internet voting. Even though that has a risk of theft, the government has a system for people to verify their mails have been delivered.
  6. Spend more to make elections trustworthy. The government should spend more money on United States Election Assistance Commission. People can use that money to improve management and securer technologies.

Link: https://www.nytimes.com/2018/09/06/us/election-security-expert-panel.html?rref=collection%2Ftimestopic%2FComputer%20Security%20(Cybersecurity)&action=click&contentCollection=timestopics&region=stream&module=stream_unit&version=latest&contentPlacement=1&pgtype=collection

  • Page 1
  • Page 2
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in