Paul V. Ihlenfeld

IT Specialist, Wordsmith, Resource Conservationist & DigitalArtist

Week 13 recent Cyber Security News…

In the Cyber Security News lately

Malware detected in Martel’s cameras used by police department (as reported back on 11/17/2015 via ehackingnews.com)…

www.ehackingnews.com/2015/11/malware-detected-in-martels-cameras.html

“iPower Technologies, a U.S security company and network integrator, has discovered a copies of Conficker malware in the Martel Frontline Camera with GPS, one of the largest manufacturers of police in-car video systems in America, whose product is being sold and marketed as a body camera for official police department. When the camera was connected to a computer, iPower’s antivirus software immediately caught the virus and quarantined it.  However, if the computer did not have antivirus actively protecting the computer it would automatically run and start propagating itself through the network and Internet, iPower said in a post. In the iPower virtual lab environment, packet captures were also run on the infected PC to view the viruses’ network activity using Wireshark. The virus, classified as a worm virus, immediately started to attempt to spread to other machines on the iPower lab network, and also attempted several phone home calls to Internet sites.”

Week 12 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

Aircrack-ng.org published an online tutorial regarding the setup of Aircrack-ng (mostly Linux-based wireless networking suite of digital tools [packet sniffer & injector, WEP & WPA/WPA2-PSK cracker & analysis apps] for ethical hacking purposes on one’s owned networks [not other’s networks.])

  1. Question to classmates (facilitates discussion) from assigned reading…

Question: During the Aircrack-ng setup, did you confirm that your computer’s networking card can inject packets via the Injector Test?

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

     In the Cyber Security News lately…

Temple University’s on-going digital battle with Phishing email scams with linked Malware & vigilant solutions (example info from recent email attacks on 3/21/2016 at Temple University)…

—————————————————————————————————————

From: NoReply Delivery Notification [mailto:notification-delivery@xxxxxmail.com]

Sent: Monday, March 21, 2016 8:32 PM

To: XXXXX XXXXX <xxxxx@temple.edu>

Subject: Delivery Tracking Information and ETA – see attached invoice (order # 1562648774)

Attached: USPS_DELIVERY_TRACKING_AND_ETA.doc

USPS.com Order #: 1562648774

Hello,

Thank you for your order.
See the attached invoice for package tracking information and estimated time of arrival.

Order #: 1562648774, Placed on: March 18, 2015 9:30:00 AM, Status: Order Placed, Ship to: See attached invoice

—————————————————————————————————————————————————————-

*NOTE: Computer users just had to open the file attachment within this email example, and next a Trojan.Dropper began an install process on client’s Windows PC!

**NOTE: Some of the vigilant solutions examples at Temple University, Computer Services (TUCS) included the following:

  1. notification-delivery@xxxxxmail.com was blocked in Temple-Firewall, etc.
  2. Symantec Endpoint Protection (SEP12.1.6.x Enterprise) with latest SEP definitions did detect & quarantine Trojan.Dropper malware (USPS_DELIVERY_TRACKING_AND_ETA.doc)
  3. TUCS-Client Services then further checked & removed any further Trojan.Dropper malware via SEP12.1.6.x, Malwarebytes in Windows-SafeMode, etc. on reported infected Windows client PCs.
  4. TUCS continued to educate it’s networked computer users via official Temple University email regarding latest & future Phishing email scams, etc.

 

Week 11 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

This week we read about “IEEE 802.11 wireless specifications” & “How 802.11 Wireless Works”… important wireless security issues include “many hotspot or free wireless networks frequently allow anyone within range, including passersby outside, to connect to the Internet.”

*NOTE: Test your wireless security knowledge…

searchsecurity.techtarget.com/quiz/Lesson-1-quiz-Risky-business

  1. Question to classmates (facilitates discussion) from assigned reading…

Question: How to best secure your wireless network?

*Answer: Here is my answer… ensure your WiFi router & other network devices have been updated lately, use latest WPA2-based wireless security technologies with AES encryption & EAP-PEAP authentication using Radius server, and always use complex & lengthy passwds on all systems & accounts. Additionally see latest “Protecting Your Wireless Network” from USA-FCC on 2/8/2016…

www.fcc.gov/consumers/guides/protecting-your-wireless-network

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately…

The new Log In? Intel Focuses on Strengthening Authentication on Windows PCs (reported recently within the Redmondmag.com on 2/26/2016)…

redmondmag.com/articles/2016/03/01/the-new-log-in.aspx

“The new technology, called Intel Authenticate, is available in preview for any PC outfitted with the company’s newest 6th Generation Core processor (code-named ‘Skylake’). Intel Authenticate provides hardware-based authentication, meaning the user’s credentials and an organization’s system access policies are stored within the processor’s firmware. By Intel’s own estimates there are 117,000 cyber attacks on corporate systems every day and 750 million PCs are currently vulnerable to credential theft. Intel Authenticate can prevent credential theft in ways traditional passwords, Windows Hello, and other forms of authentication can not provide. It’s hardened multifactor authenticationwhat we’re providing is an even better security capability because it’s rooted in hardware and therefore all the software classes of attack like simple phishing techniques or key-loggers, or screen scrapers, those kind of more traditional attacks will not work with Authenticate, because the credentials themselves are all stored in hardware. The challenge is the upgradeability, the manageability, the serviceability, because you end up with a level that is rarely upgraded by end users.”

*NOTE: What about user credentials still present in volatile memory possibly available to attacks (custom Metasploit-Meterpreter attack scripts)?

 

Week 10 recent Cyber Security News…

In the Cyber Security News lately

DROWN attack risks millions of popular websites (as reported recently within the eHackingNews.com on 3/3/16 theHackerNews site on 3/1/2016)…
“An international team of researchers warned that more than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a new, low-cost attack that decrypts sensitive communications in few hours. The DROWN attack works against TLS-protected communications that rely on the RSA cryptosystem when the key is exposed even indirectly through short for secure sockets layer version 2 (SSLv2). The vulnerability allows everyone on the internet to browse the web, use e-mail, shop online and send instant messages without third-parties being able to read the communication.  It allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Though a fix has been issued but it will take time for many of the website administrators to protect their systems. The researchers have released a tool that identifies websites that appear to be vulnerable.”

Week 9 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

According to tech from wireshark.org web site, “Wireshark is an open source network packet analyzer (capture live network packets & displays packet data for further analysis.)  Network administrators can use it to troubleshoot network problems, network security engineers can use it to examine security problems, etc.  However Wireshark isn’t an intrusion detection system, and can not manipulate things on the network.”  Additionally after one installs Wireshark on their computer, then chapter #3 from wireshark.org web site covered detailed info regarding the Wireshark user interface to aid the user with easy UI navigation.

  1. Question to classmates (facilitates discussion) from assigned reading…

Question: How would one setup Wireshark to receive all network packets?

*Answer: Here is my answer… when setting up Wireshark, select the check box “Capture all packets in promiscuous mode.”

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately

Apple fights FBI’s iPhone demand as ‘oppressive’ (as reported recently within the Philly.com on 2/26/2016 originally from the Washington Post)…

www.philly.com/philly/news/20160226_Apple_fights_FBI_s_iPhone_demand_as__oppressive_.html

“This is not a case about one isolated iPhone (arguing that the order imposed an ‘unprecedented & oppressive’ burden on the tech company), Apple wrote in its motion,… the FBI has insisted that it is not asking for a back door or a master key, and instead argues that its requests are narrow and limited to this case (supposedly did not ask Apple to break the phone’s encryption, but rather to disable the feature that deletes the data on the phone after 10 incorrect tries at entering a password. That way, the government can try to crack the password using “brute force”)… While the debate centers on a locked iPhone 5C from the San Bernardino attackers, it has far-reaching consequences about the way a digital society balances privacy with law enforcement.”

… here is some more related & updated news info…

Apple backed by more online giants in FBI iPhone unlock battle (as reported very recently within BBC.com on 3/4/2016)…

www.bbc.com/news/business-35722996

Amicus Briefs in Support of Apple…

www.apple.com/pr/library/2016/03/03Amicus-Briefs-in-Support-of-Apple.html

…, and what do you think should happen with smartphone encryption technologies in all (government, corporations, individuals) our future together?

Week 7 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

SQL injection is a type of code injection technique that exploits a security vulnerability occurring in the DB layer of an application (user input incorrectly filtered… then possibly passed into the DB via manipulated SQL statements.) To help prevent SQL injections do the following: user input must be carefully escaped/filtered, and also audit one’s web site & SQL databases with a good web vulnerability scanner [WebCruiser, etc.])

  1. Question to classmates (facilitates discussion) from assigned reading…

Question: What would be some other SQL database vulnerabilities, and also how to fix quickly?

*Answer: Here is my answer… known SQL flaws within the DB server itself, and here one would install the latest software updates ASAP to make the overall system more secure! How about your answer…

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately

2016 Marching Orders – Encrypt End-to-End While You can (as reported recently within the RedmondMag.com on 1/11/2016)…

“Data breaches remain a critical threat to organizations and there’s concern that one of the best defenses, end-to-end encryption technology, may not be around forever… Hillary Clinton said in a Brookings Institute speech. ‘And this is complicated. You’re going to hear all of the usual complaints, you know, freedom of speech, etc. But if we truly are in a war against terrorism and we are truly looking for ways to shut off their funding, shut off the flow of foreign fighters, then we’ve got to shut off their means of communicating. It’s more complicated with some of what they do on encrypted apps’… Expect to keep hearing demands from the stump for encryption technology that keeps corporate and personal data safe, but is completely accessible to law enforcement and intelligence agencies whenever they need it… Meanwhile, the technology keeps moving forward. One element to keep an eye on in 2016 is quantum computing, which could make a lot of current encryption technology irrelevant… over the next 15 years will necessitate the migration of all our existing public-key cryptosystems to new quantum-resistant algorithms and a quantum-resistant TLS (used for every HTTPS secure Web connection) is the first step.”

https://redmondmag.com/articles/2016/01/01/2016-marching-orders.aspx

Week 6 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

This week we begin our focus on web application security from the Burp Suite included with Kali2-Linux (tools to perform security testing [Burp Proxy, Spider, Intruder, Decoder, etc.]) and on web application injection vulnerabilities (client-side submission of unexpected unputs in order to exploit system vulnerabilities [vulnerabilies known, but still not fixed by many web site developers/owners over the last 10 yrs.]) Best practices for web app security would be to have managers & developers design & maintain web apps with security always a part of the overall process (definitely minimize user input validation issues, etc.)

  1. Question to classmates (facilitates discussion) from assigned reading…

Question: Using Burp Proxy (intercept web traffic) & Burp Intruder (automate custom web app attacks), which would be your choice of Burp Intruder “payload”?

*Answer: My choice would be to use the “Pitch-fork” attack (for a SQL injection web app attack [custom username & passwd payloads.])

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately

Microsoft’s New Security Approach (as reported within the RedmondMag.com on 1/5/2016)…

https://redmondmag.com/articles/2016/01/01/a-new-security-approach.aspx

Back in 2002 Microsoft began their “Trustworthy Computing” security initiatives (improve security on products such as Windows OS, Office suite, etc.), and now fast forward to 2015 (massive global security threats against almost all Internet connected organizations) with Microsoft’s evolved security focus much more on “operations” (new security initiatives such as their Cyber Defense Operations Center [24×7 rapid response from many diverse security experts], Azure Security Center [cloud services for IT admins to monitor Microsoft client’s security cloud environment], etc.)… definitely an excellent direction for Microsoft, but let’s see how it all goes in near future for Microsoft and it’s cloud partners (security breach frequency & response times, transparency, etc.)

Week 4 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

The Metasploit Framework (MSF) included within the Kali Linux setup for security professionals features an additional array of commercial grade exploits & an extensive exploit development environment for following additional cyber security activities: recon, MSF extended usage (Karmetasploit [for beginning wireless attacks], MSF vs OS X [Mac HW camera exploit & info gathering via photos]), and Metasploit GUI environment (Armitage GUI front-end to the Metasploit Framework [simplified GUI for MSF vs MSF terminal interface]), etc.

  1. Question to classmates (facilitates discussion) from assigned reading…

Question: Regarding the additional Metasploit GUI vs MSF terminal interface, which user interface do you think would be more widely used?

*Answer: My answer… Maybe for Metasploit beginners, the MSF GUI would be much more used. How about your answer…?

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately

Companies look beyond firewalls in cyber battle with hackers (as reported by Reuters 1/26/2016)…

“With firewalls no longer seen as enough of a defense against security breaches, companies are looking at new tools to foil hackers trying to enter a computer network.  U.S. and Israeli startups are leading the way, with new approaches such as ‘honeytraps’ that lure a hacker to fake data or ‘polymorphic’ deception technology that constantly changes the structure of applications running on a computer”…

www.reuters.com/article/us-israel-tech-cyber-idUSKCN0V422D

*NOTE: In order to continue to avoid detection by advanced systems, MSFvenon with “Shikata Ga Nai” encoder (creates unique obfuscated payloads) from within Metasploit Framework could be employed too.

Week 3 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

The Metasploit Framework (MSF) included within the Kali Linux setup for security professionals features an additional array of commercial grade exploits & an extensive exploit development environment for following cyber security activities: recon, MSF post exploitation, Meterpreter scripting (additional scripts added to MSF for exploiting a target), maintaining access (“once you have gained access to one system, you can gain access to systems that share the same subnet… then pivoting from one system to another, one can gain information about users activities by monitoring their keystrokes, and impersonating users”), etc.

  1. Question to classmates (facilitates discussion) from assigned reading…

Question: After securing & maintaining access to victim’s PCs , what would be some preferred ways to continue gathering more info using Meterpreter?

*Answer: How about key-logging (keystroke logger script with Meterpreter)…, and what would others use here to gather more info?

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately

Will Cyber Security Companies shift their Headquarters out of US?

http://www.ehackingnews.com/2015/05/will-cyber-security-companies-shift.html

The U.S. Bureau of Industry & Security (BIS), involving national security & high technology commerce, is proposing to classify cyber security tools (Metasploit Pro, etc) as weapons of War in an attempt to control the distribution. If it becomes law, then other nation-states would take advantage of this cyber security restriction on security researchers and companies in the U.S.

*NOTE: Reported by eHackingNews back on 5/27/2015.

**NOTE: After I just checked the Federal Register web site on 1/21/2016 for latest info on “Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items”, it appears this proposal has not become law in USA so far…

https://federalregister.gov/a/2015-11642