Week 06: Sniffers

Google+ is shutting down after several years of a failed effort to rival Facebook. However, it is not officially closing down due to failed competition. It is ending services because a vulnerability exposed half a million users’ data. Specifically, the issue lies in the Google+ People API, which had a flaw that exposed usernames, email addresses, gender, DOB, etc. to third party developers. These things are not infrequent. However, one has to wonder if this happened to Facebook, the result wouldn’t be so disastrous. This was likely just the nail in the coffin for Google+. Only 438 developers could have had access to this vulnerability and there apparently is no evidence that any one of them were even aware of this.

https://thehackernews.com/2018/10/google-plus-shutdown.html

Google+ is being shut down after a data breach was recently discovered. Additionally, android is cracking down on what apps can access about their users. From now on, third party apps will not be able to access call logs and SMS data.

Third party apps can still request permission, but users will have to approve each area that the app would like access to, such as the call log, location services, SMS data, etc.

 

https://thehackernews.com/2018/10/android-app-privacy.html

The article introduces about how a company can work with hackers to make sure security. The article includes two examples. The first one is about Facebook. Facebook provided data abuse bounty to reward reports of misuse of data by app developers. The rewards encourage hackers to attack the system for security. The second example is Google. Google provided rewards to the hackers who have techniques that target its abuse and spam programs. Companies need to work with hackers because there are different hackers in the world. They focus on different vulnerabilities. If companies work with them. The vulnerabilities will be discovered. In addition, hackers can also help companies re-test the patched vulnerabilities. After a vulnerability is reported, the company should take actions to fix it and test it again.  It is a good way to communicate with hackers when they attack the patched vulnerabilities.

 

https://www.securitymagazine.com/articles/89469-how-to-work-with-hackers-to-make-your-company-more-secure

The Wi-Fi Alliance group that manages the implementation of WiFi has announced that the next version of WiFi standard will be called WiFi 6 instead of 802.11ax.

They also announced they are changing older versions to this new simplified way as well.

• 802.11b → Wi-Fi 1
• 802.11a → Wi-Fi 2
• 802.11g → Wi-Fi 3
• 802.11n → Wi-Fi 4,
• 802.11ac (current) → Wi-Fi 5

They are also going to have new corresponding icons to go with each one to make it easier for users.

https://thehackernews.com/2018/10/wifi-version-6.html

https://www.investopedia.com/news/china-used-tiny-chip-hack-apple-amazon-bloomberg/

China Used Tiny Chip to Hack Apple, Amazon

Well here is a really strange one… Bloomberg reports that a tiny chip was discovered embedded in their servers back in 2015 from tech giants Apple and Amazon. They suspect the responsible party to be Chinese spies. Bloomberg reports the chips come from a Chinese server company named Super Micro. China’s foreign ministry also issued a statement following the report, saying that “China is a resolute defender of cybersecurity.”

Here is the odd thing, Apple and Amazon are denying Bloombergs claims. Do you suppose that Apple, Amazon and the government were trying to keep this quiet to survey the spies? What are you thoughts about Apple/Amazon denying claims? Do you think Bloomberg’s reporters are lying?

https://capture.fox.temple.edu/Mediasite/Play/0942c11e16784ebfad41d1aef94440ac1d

Intro-to-Ethical-Hacking-Week-6