• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Week 08: Social Engineering, Encoding and Encryption

Why It’s So Hard to Punish Companies for Data Breaches

October 24, 2018 by Xinteng Chen 4 Comments

In the article, the author introduces about the reason why it is hard to punish the companies for data breaches. Sometimes the companies did everything right. Data breaches are because of unlucky, so it is unfair and unproductive to punish them. The hardest part is to determine where the line is between companies that do their due diligence and those that are negligent. Companies do not spend much money on protecting their data. For the companies have data breaches, they should face a combination of consequences that included both fines and corrective security measures. The fines would need to be hefty enough to motivate greater investment in data security and cover their customers’ losses. That makes them understand it is time-consuming and money-consuming if they do not protect data well.

 

https://www.nytimes.com/2018/10/16/opinion/facebook-data-breach-regulation.html?rref=collection%2Ftimestopic%2FComputer%20Security%20(Cybersecurity)&action=click&contentCollection=timestopics&region=stream&module=stream_unit&version=latest&contentPlacement=3&pgtype=collection

Social Engineering Term Paper

October 23, 2018 by Frederic D Rohrer 1 Comment

I stumbled upon this paper from three researchers in Portugal. They do a good job defining a lot of terms and definitions which are used in the Social Engineering. Especially helpful is that the paper describes many of these attacks and shows examples in Kali. On the other hand the paper is a little short and pretends to be a research piece when no new information is given. It only really describes the existing state of Social Engineering but draws no new conclusions.

https://www.researchgate.net/publication/315351300_SOCIAL_ENGINEERING_AND_CYBER_SECURITY

 

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

October 23, 2018 by Ruby(Qianru) Yang 3 Comments

Interesting news about a security researcher has discovered several critical vulnerabilities in Amazon FreeRTOS, a embedded real-time operating systems, and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. RTOS has specifically been designed to carefully run applications with very precise timing and a high degree of reliability, every time.

The security researcher discovered a total of 13 vulnerabilities in FreeRTOS’s TCP/IP stack that also affect its variants maintained by Amazon and WHIS, as shown below:
freeRTOS. The vulnerabilities could allow attackers to crash the target device, leak information from its memory, and the most worrisome, remotely execute malicious code on it, thus taking complete control over the target device.

 

https://thehackernews.com/2018/10/amazon-freertos-iot-os.html

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

October 23, 2018 by Brock Donnelly Leave a Comment

https://thehackernews.com/2018/10/amazon-freertos-iot-os.html

Looks like Amazon’s FreeRTOS a leading open source real-time operating system has several critical vulnerabilities. A researcher has found the the embedded systems that have been ported to over 40 microcontrollers, which are being used in IoT, aerospace, medical, automotive industries, have vulnerabilities could allow attackers to crash the target device, leak information from its memory, and the most worrisome, remotely execute malicious code on it, thus taking complete control over the target device. Amazon has since deployed security patches. Looks like the risk for IoT is still prevalent, even from our major vendors.

Stealing a Telsa Car by Hacking the Key Fob

October 22, 2018 by Sev Shirozian 3 Comments

Looks like a Telsa owner caught on camera some thieves that tried to steal his Telsa Model S car by hacking the passive entry system.  Telsa has some preventative controls developed to prevent this however the guy had not implemented them.  For example, there’s a way to make the user put in a PIN number to activate the car to drive.  Or there’s a way to use a “Faraday pouch” to store the fob, which would have prevented the thieves from nabbing the signals that he didn’t use either.

It comes down to if you lock the doors to your house but leave the windows open you will still be vulnerable to a thief.  Telsa has come up with ways to lock your doors, your windows and every other entry point but the car owners need to implement them or this can happen.

https://www.engadget.com/2018/10/22/tesla-model-s-theft-keyfob-hack/

Facebook looking to buy a cyber security company!

October 22, 2018 by Sev Shirozian 4 Comments

Looks like Facebook’s answer to it’s hack that exposed millions of people’s information is to buy a cyber security company.  Must be nice to be able to just throw money at a problem for it to go away!  I wonder what other high profile company’s will use this tactic to battle their security issues that might come up in the future!

https://www.engadget.com/2018/10/21/facebook-may-buy-large-cybersecurity-company/

 

 

Facebook hack victims will not get ID theft protection

October 22, 2018 by Nishit Darade 1 Comment

Facebook hack victims will not get ID theft protection
– Dave Lee

On Friday it revealed 14 million users had highly personal information stolen by hackers. It included search history, location data and information about relationships, religion and more. This information can be used by cyber criminals to create social engineering based theft programs on the 14 million affected users.

Typically, companies affected by large data breaches – such as Target, in 2013 – provide access to credit protection agencies and other methods to lower the risk of identity theft. But a Facebook spokeswoman told the BBC it would not be taking this step “at this time”. Users would instead be directed to the website’s help section. The spokesperson would not say if the help pages in question had been updated since the company discovered the recent breach.

Reference: https://www.bbc.com/news/technology-45845431?intlink_from_url=https://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-correspondent

As Social Engineering is topical…

October 19, 2018 by Steve Pote 2 Comments

This event is (practically) next door…free, good networking, refreshments (chips and soda) …great speakers and topic.

https://sites.temple.edu/care/files/2018/08/GuestSpeakerFlyer_YinYang.pdf

SSH Authentication Bypass

October 19, 2018 by Steve Pote Leave a Comment

This is a scary place to have things broken.

The number of systems actually effected is relatively small with fairly specific conditions needed but it is still just passing a server something it doesn’t expect…

…like the Jedi mind trick…this user IS SUCCESSFULLY authorized…

https://www.tenable.com/blog/libssh-vulnerable-to-authentication-bypass-cve-2018-10933

More on the lib itself…

libssh 0.8.4 and 0.7.6 security and bugfix release

 

Week 8 Video Link

October 18, 2018 by Wade Mackey Leave a Comment

https://capture.fox.temple.edu/Mediasite/Play/6ca67198932c49e6b626a3d51cb3dc3d1d

  • « Go to Previous Page
  • Page 1
  • Page 2
  • Page 3
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in