Week 2 Reading Summary, Question, and recent Cyber Security News…

1. Summarize one key point from each assigned reading…

The Metasploit Framework (MSF) included within the Kali Linux setup for security professionals features a wide array of commercial grade exploits & an extensive exploit development environment for following cyber security activities: recon, vulnerability scanning, exploit development, attacks, info gathering, etc. Initially here we looked at the following MSF items: fundamentals, setup within VM, msfconsole interface with available commands, MS db setup, different exploit & attack developments, etc.

2. Question to classmates (facilitates discussion) from assigned reading…

Using everything within the MSF for ethical cyber exploits & attacks with detailed reports, what is the most stream-lined & quick way to perform these tasks? Also it appears to me that MSF within Kali Linux is a “work-in-progress”…, and does anyone else agree?

*Answer: Probably depends on the cyber victim attack goals; furthermore, most likely we will optimize our MSF-based cyber attacks during our research in the next upcoming weeks. If anyone has more helpful quick info, please respond back with your ideas & concepts…

3. Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately…

Hello headaches: Barbie of the Internet age has even more security flaws (reported on 12/4/2015 by c/net)…

www.cnet.com/news/hello-headaches-barbie-of-the-internet-age-has-even-more-security-flaws/?ftag=CAD090e536&bhid=24556750370481986524809036644946

… “the $75 Internet-connected doll from Mattel & software maker ToyTalk… children talk with Barbie,… then she talks back. Behind the scenes, the doll wirelessly communicates with a companion app and ToyTalk’s service on the Internet (she records conversations and/or sends recordings to the cloud)… cyber-security researchers found the application and the cloud server that connect the doll to the Internet would allow attackers to cut through security protections and access recordings of children’s conversations with Barbie… also they discovered a flaw that would potentially allow hackers to pinpoint home addresses of doll owners… moreover hackers could ‘potentially take the voice recordings and … reconstruct it as the child recorded it’… Mattel & ToyTalk are racing to patch the security problems with the doll…. ToyTalk has fixed some of the flaws in the software it built for Hello Barbie and is working its way through the others. It also set up a “bug bounty” program weeks ago to streamline reporting from any other researchers looking into the doll’s software… despite the recent flurry of software patches for Hello Barbie, ToyTalk executive Martin Reddy said the company built in security features from the very beginning, and had a cyber security company audit the toy before taking it to market… according to security researchers, the good news is that the flaws are easy to fix, and so far there aren’t indications that hackers have actually used the bugs to intrude on real-life children at play.”