Week 07: NetCat and HellCat

The article introduces about the Internet hacking become worse now, because computers are being embedded into physical devices and will affect lives, not just our data. The first reason internet is insecure is the buyers are not willing to pay money, time, or markets for security of their devices. Buyers do not have enough security awareness for that, because sometimes accepting the bad things are cheaper than fixing them. Users should be aware with that the computer is everywhere currently, such as cars and refrigerator. Attackers may attack the devices with computers. In order to deal with the problem, there should be a standard to make sure insecure products will not harm users. The minimum acceptable security should be included in the standard.

 

https://www.nytimes.com/2018/10/11/opinion/internet-hacking-cybersecurity-iot.html?rref=collection%2Ftimestopic%2FComputer%20Security%20(Cybersecurity)&action=click&contentCollection=timestopics&region=stream&module=stream_unit&version=latest&contentPlacement=4&pgtype=collection

Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020

https://thehackernews.com/2018/10/web-browser-tls-support.html

Major companies announce they are killing TLS 1.0 and TLS 1.1 in 2020. We should already be aware of the reason behind the murder of previous TLS version but I found their statistics on TLS 1.0 and 1.1 traffic to be enlightening. I really didn’t expect such low numbers.

Today 94 percent of sites already support TLS 1.2, while only less than one percent of daily connections in Microsoft Edge are using TLS 1.0 or 1.1.

Apple also says TLS 1.2 is the standard on its platforms and represents 99.6 percent of TLS connections made from Safari, while TLS 1.0 and 1.1 account for less than 0.36 percent of all connections.

Google says that today only 0.5 percent of HTTPS connections made by Chrome use TLS 1.0 or 1.1.

You can also manually disable older TLS versions on Google Chrome by opening Settings → Advanced Settings → Open Proxy Settings → Click ‘Advanced’ Tab → Under ‘Security’ section uncheck TLS 1.0 and 1.1 and then save.

Those are some pretty small percentages.

The US Government Accountability Office found that theDoD won’t admit that their systems are vulnerable!  “Specifically, the report concludes that almost all weapons that the DOD tested between 2012 and 2017 have “mission critical” cyber vulnerabilities.”  They believe, just like in all other industries, these systems were built without cybersecurity in mind.  The found things like poor password hygiene and lack of encryption just to name a few.   While testing, they were even able to take control of some of these weapon systems!  Kind of scary!

 

https://www.wired.com/story/us-weapons-systems-easy-cyberattack-targets/

Week 7 video link below.  Please note, there were some recording issues on only the last part of class was captured.  Review slide deck and ask me if there are any questions.

https://capture.fox.temple.edu/Mediasite/Play/26fdfd957cbe451f93aa7c7a92847ea11d

Intro-to-Ethical-Hacking-Week-7 f2018