Week 03: Reconnaisance

This article speaks in regards to the beginning of a federal investigation into an attempted hack of an app that is still under development that would allow US citizens who are active military or registered for the right to vote abroad to place their votes through their phones. While the preliminary investigation by the organization and the federal prosecutors states that “no intrusion” had occurred and that the “integrity of the votes” were safe, they are executing an in-depth federal investigation. West Virginia Secretary of State Mac Warner also noted how this is partially a threat that any attempt to compromise an election will face thorough federal investigation and serious prosecution. Among the more interesting things discussed in the article regarding this app is how it’s developed to use blockchain technology as a means of ensuring the integrity of votes casted through the app. The article does note however that if the mobile device itself isn’t secure, then the app can be manipulated anyways.

Source: https://politics.slashdot.org/story/19/10/02/1922206/fbi-investigating-alleged-hacking-attempt-into-mobile-voting-app-during-2018-midterms

You may recall that I told the class to be clear on what is or is not included in your scoping document.  Here is an example of what can go wrong when this is not clear.

https://yro.slashdot.org/story/19/09/14/0322248/two-penetration-testers-arrested-for-attempted-burglary

At the end of class, we did some work building VMs in both VirtualBox and VMWare and experienced some difficulties.

You can avoid this if you scroll to the bottom of the list and directly grab the already built VMs for either VMWare or VirtualBox.

https://www.kali.org/downloads/

I misspoke in class about nslookup.  It is not deprecated.

Here’s a link with more info:

https://docstore.mik.ua/orelly/networking_2ndEd/dns/ch12_01.htm

Intro-to-Ethical-Hacking-Week-3

https://capture.fox.temple.edu/Mediasite/Play/57fdca16a5d74b71ac48cff0076fd7ab1d

The reason why I post this article is that I am a Foxit PDF software user with an account. From the article, we know that  unknown third-parties gained unauthorized access to Foxit’s data systems recently and accessed its registered users’ data, including user’s email addresses, passwords, users’ names, phone numbers, company names, and IP addresses. I use my Wechat account to access the Foxit, so I take this event very serious. However, I found that the Foxit annouce that users in China will not affect by this data breach because Chinese users do not use the same register path with users from other country. It is interesting that Foxit did not send any email or any kind of message to its Chinese users, at least I did not receive any. In addition, I do not know whether Chinese users is really safe in this event, so if you have any professional opinion about this event, welcome to share it on comments.

 

https://thehackernews.com/2019/08/foxit-pdf-reader-data-breach.html