Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey

Christopher James Lukens

Suspect can’t be compelled to reveal “64-character” password, court rules

by Leave a Comment

In a case of child pornography the suspect was not required to turn over his 64 character password. The lower court wanted to use the “forgone conclusion exception” to make him divulge the password. The forgone conclusion exception forced suspects to hand over paper documents and hadn’t been used in the case of a password yet. The PA supreme court ruled that it couldn’t be used because the 5th amendment protection of self-incrimination. Overall a very interesting read and has set an interesting precedent.

https://arstechnica.com/tech-policy/2019/11/police-cant-force-child-porn-suspect-to-reveal-his-password-court-rules/

Utah power utility experiences a Loss of View due to DDoS Attack

by Leave a Comment

Attack on Utah power utility cause a loss of view of remote power station from the main control center.
A DDoS attack was carried out on an unpatched internet facing server on the utilities network that caused a crash leading the company to be unable to monitor the remote station. No further breach occurred but this would be the first step in a full fledged attack on a power utility and could be viewed as a proof of concept attack. This shows how crucial it is for a continuous vulnerability scanning program and patching program to be in place.

https://threatpost.com/solar-wind-power-utility-cyberattack/149816/

U.S. Government Still Uses Suspect Chinese Cameras

by Leave a Comment

The United states banned the use of equipment from certain Chinese vendors but many of the cameras, around 2,700, are still in use. Its been difficult for government agencies to replace due to cost and technical challenges in some cases. This is great example of how tough vulnerability management and remediation can be when its at such a large scale. In some cases IT officials don’t think its a big deal and have been slow to remove cameras from their networks also showing how high level buy in is necessary in a process like remediation. In other cases they haven’t been replaced because they’re the cameras watching a bowling alley and not a nuclear facility so the risks are lower than the cost of replacing the cameras so nothing has been done about it.

https://www.wsj.com/articles/u-s-government-still-uses-suspect-chinese-cameras-11571486400

US Claims Cyber strike on Iran

by Leave a Comment

The US is claiming they launched a cyber attack against Iran’s propaganda infrastructure.One official claimed the attack affected physical hardware but no further details were provided. The attack was in retaliation for Iran’s suspected attack on the Aramco Abqaiq oil refinery a few weeks ago. Iran is denying the cyber attack ever took place. This would be the second Cyber attack the US has claimed against Iran after the US original attacked their computing infrastructure used to plan attacks on tankers in the Persian gulf.

https://arstechnica.com/information-technology/2019/10/us-claims-cyber-strike-on-iran-after-attack-on-saudi-oil-facility/