Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey

Imran Jordan Kharabsheh

Article 11: Microsoft Winds Down Its Bigger Plans for Cortana With Mobile App Shutdown

by Leave a Comment

Microsoft’s personal assistant Cortana will no longer be supported on mobile platforms such as iOS and Android effective January 31st of 2020. This essentially means that Microsoft will be pulling out of the very competitive personal assistant industry, which is primarily dominated by Amazon’s Alexa and Apple’s Siri. This information came to light during Microsoft’s most recent Ignite conference, where they expressed their intent to shift the primary functionality of Cortana to better assist commercial users.

Source: https://slashdot.org/story/19/11/18/1611220/microsoft-winds-down-its-bigger-plans-for-cortana-with-mobile-app-shutdown

Article 10: Microsoft: We’re Changing All Your Cloud Contracts After Privacy Complaints

by Leave a Comment

Due to concerns raised by the European Union’s Privacy Regulators regarding potential violations of the Union’s General Data Protection Regulation, Microsoft has reviewed and changed their Online Service Terms and Conditions for Commercial users. These changes come as a result of collaborative work with the Dutch Ministry of Justice, who first raised the concerns that Microsoft was collecting data that violated the General Data Protection Regulation. In a statement regarding these changes, Microsoft’s Chief Privacy Officer stated how this is a big “positive step forward” in regards to compliance and collaboration with bodies of the European Union to safeguard their users.

Source: https://yro.slashdot.org/story/19/11/18/1735246/microsoft-were-changing-all-your-cloud-contracts-after-privacy-complaints

Article 9: Microsoft Announces Plan To Support DoH In Windows

by Leave a Comment

In a bid to improve end-to-end cyber security and improve privacy controls for all Windows users, Microsoft has begun the planning phase in the implementation of DNS Over HTTPS (DoH). The Microsoft team has already laid out the their standards and guiding principles of this implementation project, which include: Windows DNS needs to be private and functional by default, users (familiar and unfamiliar) are required to set DNS configuration, streamline the process of DNS configuration for all users, and Windows should never fallback to unencrypted DNS without explicit permission from the administrator.

Source: https://yro.slashdot.org/story/19/11/18/1929229/microsoft-announces-plan-to-support-doh-in-windows

Article 8: Google Maps Tests a Social Networking Feature

by Leave a Comment

Google has begun rolling out a pilot program that will allow Google Maps users visiting specific regions to “follow” that region’s top local guides who recommend, review and spread information on businesses and locations they visit. These “top local guides” are users of the community who actively and frequently review local businesses as a part of Google Maps’ new rewards program. The countries that this is rolled out for so far include London, Delhi, Mexico City, New York, San Francisco and Tokyo, with more to come if the trial proves succesful.

Source: https://tech.slashdot.org/story/19/11/18/2123252/google-maps-tests-a-social-networking-feature

Article 7: Study Estimates 50% of WebAssembly Sites Are Using It For Malicious Purposes

by Leave a Comment

A study performed by the Institutes for Application Security and System Security at Technische UniversitÃt Braunschweig in Germany looked at the Alexa top 1 million websites list in order to find how many of them run Webassembly code and of what nature. Of the nearly 1 million websites searched, the study found that 1,950 modules of Webassembly were being run across 1,639 websites. The study went further, investigating just how many of these modules were being used for malicious intent, and of what nature. The results of this analysis found that 55.8% of the webassembly modules being used across these sites were malicious, with 55.6% of it being cryptocurrency mining and the other .2% being obfuscation.

Source: https://it.slashdot.org/story/19/11/03/0044253/study-estimates-50-of-webassembly-sites-are-using-it-for-malicious-purposes

Article 6: Does California Need A More Decentralized Energy System?

by Leave a Comment

This article sheds light on a proposal that is starting to garner attention in California, which ultimately aims to revolutionize California’s electricity system to be cleaner, more reliable, and more resilient. The proposal aims to change the old electricity system, which was a “centralized, top-down, long-distance, one-way” system to a “decentralized, bottom-up, local, networked” electrical system. However, this proposal is still in its infancy and has only recently begun to be studied, but there are scientific ideas and studies that show that certain concepts behind this system are already proving to be effective in other parts of the United States. Among these concepts that are proving to be effective are microgrids made up of many local “solar+storage+smart inverter systems” networked together that help balance out consumption and generation more efficiently during blackouts, while costing just as much as current California grid power in various regions.

Source: https://hardware.slashdot.org/story/19/11/03/0210245/does-california-need-a-more-decentralized-energy-system

Article 5: Chrome Tries APIs That Allow Changing A User’s Files, Receiving SMS Verification Texts

by Leave a Comment

Previously, websites could only access files and services of your computer through the use of Java or ActiveX plugins. However, thanks to the new Native File System API update included in Chrome 78, websites can simply open a file picker dialog, allowing them to open, upload and make changes to files on our computers without the need for plugins. Thankfully, Google thought of many controls to implement prior to implementing this update. These include: Limiting access to files by requiring permission to be granted by an admin account for every file to be opened, requiring permission for every change to be made, and an indicator in the address bar that shows if you have given a site file permissions.

Source: https://tech.slashdot.org/story/19/11/02/2323246/chrome-tries-apis-that-allow-changing-a-users-files-receiving-sms-verification-texts

Article 4: Motorola, Known For Cellphones, is Fast Becoming a Major Player in Government Surveillance

by Leave a Comment

Now having invested over $1.7 billion dollars in acquisitions since 2017, tech giant Motorola Solutions has acquired a large chunk of the surveillance market, who the primary buyer is the government, under a single roof. Among the technologies they have acquired and been developing include police body cameras, smart train cameras that can identify faces and distinguish suspicious behavior, and smart camera networks that can track car movements by their license plates. What many civil liberties groups find frightful about this information is that Motorola may be selling most of their developed and acquired surveillance technology as a single product or as packages, arguing that your privacy is safer when “information about you is scattered among agencies and entities”. I looked personally to see if Motorola Solutions had issued a response or a statement regarding their recent acquisitions of surveillance tech companies, however I could not seem to find anything regarding the matter.

Source: https://yro.slashdot.org/story/19/10/02/2134249/motorola-known-for-cellphones-is-fast-becoming-a-major-player-in-government-surveillance

Article 3: FBI Investigating Alleged Hacking Attempt Into Mobile Voting App During 2018 Midterms

by Leave a Comment

This article speaks in regards to the beginning of a federal investigation into an attempted hack of an app that is still under development that would allow US citizens who are active military or registered for the right to vote abroad to place their votes through their phones. While the preliminary investigation by the organization and the federal prosecutors states that “no intrusion” had occurred and that the “integrity of the votes” were safe, they are executing an in-depth federal investigation. West Virginia Secretary of State Mac Warner also noted how this is partially a threat that any attempt to compromise an election will face thorough federal investigation and serious prosecution. Among the more interesting things discussed in the article regarding this app is how it’s developed to use blockchain technology as a means of ensuring the integrity of votes casted through the app. The article does note however that if the mobile device itself isn’t secure, then the app can be manipulated anyways.

Source: https://politics.slashdot.org/story/19/10/02/1922206/fbi-investigating-alleged-hacking-attempt-into-mobile-voting-app-during-2018-midterms

Article 2: IOS 13 Lock Screen Lets Anyone See Your Address Book

by Leave a Comment

This article, originally posted by the British publication The Register, highlights a vulnerability that was recently made public by a researcher that would allow an unauthorized user to gain access to the address book of any device using the iOS operating system. The publication and video that is included demonstrate how this exploit is replicated, albeit in a surprisingly simple way. All it requires is that someone calls the iOS device and opts to reply with a text message, thereby bypassing the lock screen and bringing you directly into the device’s address book. While the respond with a text feature can be disabled by delving through long list of sometimes complicated settings, this exploitable feature is always enabled automatically on all iOS devices. Being the owner of not one, but three apple products that use Apple’s iOS operating system, I am less than thrilled at the discovery of such a surface level GUI vulnerability. Thankfully, the article follows up by notifying people of a fix coming within the next two weeks that would remove this particular vulnerability permanently.

 

Source: https://apple.slashdot.org/story/19/09/15/004237/ios-13-lock-screen-lets-anyone-see-your-address-book