Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.702 ■ Fall 2020 ■ Wade Mackey

Kyuande Johnson

Week 7: In the news

by Leave a Comment

Illinois Community College Addressing Cybersecurity Breach

Heartland Community College is working with outside consultants to address a security breach in its computer systems. As of now all of the college’s online operations including classes are shut down. The college became aware of the breach on Monday and immediately shut down all of the university online services in efforts to investigate and maintain the security breach. The College is unaware if any student or personal data have been compromised. Reports mentioned the spike of phishing emails since the pandemic. Since the shutdown the college informed students via social media that their instructors would be in touch to reschedule missed classes, tests and assignments. Heartland Community College is working to resume normal online operations as quickly as possible, but it did not provide a timeline. The college has not shared any more information on the nature of the cyberattack.

https://www.wglt.org/post/breach-disrupts-heartland-community-colleges-computer-systems#stream/0

Week 3 in the News

by Leave a Comment

Anglicare Sydney being held to ransom over sensitive data stolen from computer system

Anglicare Sydney is a community service organization that provides foster care and adoption services. As of Yesterday (Sept 20, 2020) Anglicare has confirmed that their sensitive data has been held for ransom. The ongoing investigation reported that 17 Gigabytes worth of sensitive data has been transmitted to a remote location. At this time Anglicare refuses to pay the ransom. Anglicare’s spokesperson hinted that the organization does not want to engage with cyber criminals. People receiving government services were entitled to have their personal identification protected.
Anglicare has to eventually make a decision about resolving this issue. The integrity and security of the stolen data is detrimental. Many children could be at risk.

Week 2: In the News

by Leave a Comment

In the News: 

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.

The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”

Week 2 Reading

by Leave a Comment

Week 2: 

Readings: 

The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network. There are 7 layers in the OSI model 

Application Layer

Presentation Layer 

Session Layer 

Transport Layer 

Network Layer 

Data Link Layer 

Physical Layer 

The Application layer is the top most layer of TCP/IP Model that provides the interface between the applications and network. Application layer is used exchange messages. Some of the devices used in Application layer are,

  • PC’s (Personal Computer), Phones, Servers
  • Gateways and Firewalls

Transport layer is responsible for end-to-end communication (or process-to-process communication). Some of the transport layer devices are, Firewalls and Gateways The network layer is responsible for creating routing table, and based on routing table, forwarding of the input request. Some of the Devices used in Network Layer are, Routers. A router helps you connect multiple devices to the Internet, and connect the devices to each other

 

Data Link layer is responsible to transfer data hop by hop (i.e within the same LAN, from one device to another device) based on the MAC address. Some of the devices used in Data Link layer are, Bridges, Modems and Internet Cards 

Physical layer of TCP/IP model is responsible for physical connectivity of two devices. Some of the devices used in Physical layers are, Cables, Hubs and Repeaters 

………………………………………………………………………………………………………………………………………………………………………………………..

 

 

 

 

 

 

 

 

In the News Week 11

by Leave a Comment

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

 

Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.

The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”

 

Week 7 Reading: Social Engineering

by Leave a Comment

Social engineering is the art of manipulating people so they give up confidential information. There are many social engineering techniques Phishing, Vishing, Watering hole, tailgating, etc. These techniques are attempted by attackers to fool or manipulate humans into giving up access, credentials, banking details, or other sensitive information. There are 3 stages in social engineering research, planning and execution. In the research phase, the attacker performs reconnaissance on the target to gather information. The next stage is planning, where the attacker reviews the information and selects an attack to perform on the target. The last step is the execution phase, the attacker carries out the attack usually by sending messages by email or another online channel.