Advanced Penetration Testing

Amazon Changes Stance on Encryption for Fire Tablets

http://www.securityweek.com/amazon-changes-stance-encryption-fire-tablets

Amazon originally said the move to weaken data security on its Fire devices was because customers weren’t using certain features.

“In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using,” an Amazon spokesperson told SecurityWeek on March 4.

Amazon has changed its stance on full disk encryption, and says that it will bring back the data protection measure in the near future, after significant backlash and bad press.

Amazon’s flip-flop on encryption for its Fire devices comes amid avid discussions regarding the security and privacy of smartphones and similar devices after Apple refused to help the FBI unlock the iPhone belonging to the San Bernardino Islamic terrorist.

Amazon FireOS is an Android-based mobile operating system produced by Amazon for its Fire Phone and Kindle Fire range of EReaders, and other content delivery devices like Fire TV; the tablet-version of the Kindle Fire is the Amazon Fire HDX. It is forked from Android. Fire OS primarily centers on content consumption, with a customized user interface and heavy ties to content available from Amazon’s own storefronts and services. https://en.wikipedia.org/wiki/Fire_OS

 

Week 11: Readings, In the News, and Question for Class

Readings:  Microsoft’s Technet Library: How 802.11 Wireless Works, March 28, 2003. Provides a detailed overview of the elements of the IEEE 802.11 protocol architecture and associated technologies.  The article provides a top down view of how the protocol works and delves into the format details of the 802.11 media access control (MAC) sublayer of the data-link layer, and  further detailing the format of the Frame Control field, which contains information on whether or not WEP encryption is used.  This dated article provides an overview of the workings of WEP encryption and decryption and explains the security issues and vulnerabilities of WEP and the need for WPA, but does not cover the more secure WPA2 security protocol which replaces WPA in 2004.

Wikipedia’s IEEE_802.11, provides details, history, and evolution of the IEEE 802.11 specifications for the media access control (MAC) and physical layer (PHY) for implementing wireless local area network communication in a number of frequency bands.

In the News: One in Five Employees Would Sell Work Passwords: Survey, Eduard Kovacs, SecurityWeek March 21. 2016.  SailPoint conducted a market survey of 1,000 people working at large organizations in US, Europe, and Australia and found employees’ poor password security, hygiene and ethics exposing their employers to cybersecurity risks. 65% of respondents admitted to using 1 password for multiple applications, ~33% share passwords with coworkers, ~20% would sell their work passwords to a 3rd party and ~10% would sell their work passwords for less than $1,000.  The respondents cited their decision to bypass IT to streamline their work, and 33% of employees indicated that they purchased SaaS applications without their IT department’s knowledge, and 25% uploaded sensitive information to cloud applications with the specific intent to share the files outside the company.  40% of respondents said they still have access to a variety of corporate accounts from their previous jobs.   While many did not seem concerned with the need to help protect their employer’s data from breaches, 40% indicated they would stop doing business with a firm that suffered such a breach.

http://www.securityweek.com/one-five-employees-would-sell-work-passwords-survey

 

Question for Class: Why do you believe information security hygiene is so poor in so many companies?

Week 11 Summary

Readings:

IEEE 802.11 family standard is a set of Layer 1 and Layer 2 specifications of OSI model for implementing WLANs. Developed by IEEE committee in 1997, 802.11 standard was the first wireless networking standard while 802.11b being accepted more widely, followed by next generations of standards 802.11/g/n/ac. Each standard defines various wireless characteristics and functions, including frequency channels, speed, bandwidth, signal modulation. Architecture of Wireless networking is very complex and requires deep understanding of all logical and physical components of its nature such as components: STA, IBSS, ESS, DS; operation modes, Infrastructure vs. Ad-Hoc, and others. Protocols include EAP, WEP, WPA2 and 802.11x for port-based security. The Wireless technology evolves rapidly given its wire-equivalent capabilities and most likely in the future will replace cabling in most areas. However, security will have to advance in order to provide great protection against malicious attacks.

Question to the Class:

Given Wireless deployment in public areas, such as recent New York wide setup of Wireless Stations for public access, should it be considered as a luxurious opportunity for Hackers to attack more?

In the News:

Malvertising Campaign Hits Top Websites to Spread Ransomware

Once clicked, the malicious Ad redirects the user to a malicious website that hosts Angler Exploit Kit (AEK) to infect visitors by installing malware and ransomware on their computer.
Angler Exploit Kit includes many malicious hacking tools and zero-day exploits that let hackers execute drive-by attacks on visitors’ computers.
In this case, the Angler kit scans for the vulnerable PCs and loads Bedep Trojan and TeslaCrypt Ransomware, opening doors for hackers to further install a variety of malicious programs.

http://thehackernews.com/2016/03/what-is-malvertising.html

Week 11 Takeaways

Assigned Readings:

The Institute of Electrical and Electronics Engineers (IEEE) 802.11 is a set of media access control and physical layer for providing connectivity between wireless technology and wired networking infrastructures (i.e.: 900 MHz and 2.4, 3.6.5, and 60 GHz frequency bands).  The proper implementation of 802.11 protocol and associated technologies, enables the mobile user to travel to various places (i.e.: lobbies, conference rooms, etc.) and still have access to the networked data. The 802.11 logical architecture is composed of a station (STA), wireless access point (AP), independent basic service set (IBSS), basic service set (BSS), distribution system (DS), and extended service set (ESS). The operating modes include infrastructure mode and ad hoc mode. In the infrastructure mod there is at least one wireless AP and one wireless client whereas in the ad hoc mode, wireless clients communicate directly with each other without the use of a wireless AP. Securing the 802.11 can be challenging but it has certainly evolved over the years using various encryption standards where flaws are still present and can allow a remote attack, such as when a remote attacker recovers the WPS PIN.
In the news:
“Seagate Employee Tax Forms Stole in Phishing Attack”

The W-2 tax documents of several thousand current and former employees of data storage company Seagate ended up in the hands of fraudsters after an employee fell victim to a phishing attack. It is predicted that less than 10,000 employee’s information ended up in the wrong hands. In the meantime, Seagate will cover the costs of a two-year Experian ProtectMyID membership for affected employees. It’s not uncommon for such information to be abused by fraudsters. The tax agency reported last month that cybercrooks had used stolen SSNs to generate over 100,000 PINs on the IRS’s Electronic Filing PIN application. Business email compromise (BEC) scams, such as the one targeted at Seagate, are also increasingly common. Aircraft parts manufacturer FACC AG revealed in January that cybercriminals managed to steal $54 million in a scheme targeting the company’s finance department.

Click here for more information about the above article.

Week 11 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

This week we read about “IEEE 802.11 wireless specifications” & “How 802.11 Wireless Works”… important wireless security issues include “many hotspot or free wireless networks frequently allow anyone within range, including passersby outside, to connect to the Internet.”

*NOTE: Test your wireless security knowledge…

searchsecurity.techtarget.com/quiz/Lesson-1-quiz-Risky-business

  1. Question to classmates (facilitates discussion) from assigned reading…

Question: How to best secure your wireless network?

*Answer: Here is my answer… ensure your WiFi router & other network devices have been updated lately, use latest WPA2-based wireless security technologies with AES encryption & EAP-PEAP authentication using Radius server, and always use complex & lengthy passwds on all systems & accounts. Additionally see latest “Protecting Your Wireless Network” from USA-FCC on 2/8/2016…

www.fcc.gov/consumers/guides/protecting-your-wireless-network

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately…

The new Log In? Intel Focuses on Strengthening Authentication on Windows PCs (reported recently within the Redmondmag.com on 2/26/2016)…

redmondmag.com/articles/2016/03/01/the-new-log-in.aspx

“The new technology, called Intel Authenticate, is available in preview for any PC outfitted with the company’s newest 6th Generation Core processor (code-named ‘Skylake’). Intel Authenticate provides hardware-based authentication, meaning the user’s credentials and an organization’s system access policies are stored within the processor’s firmware. By Intel’s own estimates there are 117,000 cyber attacks on corporate systems every day and 750 million PCs are currently vulnerable to credential theft. Intel Authenticate can prevent credential theft in ways traditional passwords, Windows Hello, and other forms of authentication can not provide. It’s hardened multifactor authenticationwhat we’re providing is an even better security capability because it’s rooted in hardware and therefore all the software classes of attack like simple phishing techniques or key-loggers, or screen scrapers, those kind of more traditional attacks will not work with Authenticate, because the credentials themselves are all stored in hardware. The challenge is the upgradeability, the manageability, the serviceability, because you end up with a level that is rarely upgraded by end users.”

*NOTE: What about user credentials still present in volatile memory possibly available to attacks (custom Metasploit-Meterpreter attack scripts)?

 

Cybercrooks bilk men for 3 times as much money as women

Cybercrooks rip men off for three times as much money as they get from women, according to a new report from the City of London Police.

The report reveals who’s getting targeted, where they live, and how they’re getting conned.

Women aren’t losing as much as men, but they’re being pickpocketed like mad when they go shopping online: they’re 6 times more likely to be targeted by online shopping and auction frauds than men, which the City of London Police suggests points to them being targeted in this arena.

For more information, please see article link below:

https://nakedsecurity.sophos.com/2016/03/14/cybercrooks-bilk-men-for-3-times-as-much-money-as-women/

Romanian Hacker “Guccifer” to be Extradited to U.S.

http://www.securityweek.com/romanian-court-approves-extradition-hacker-guccifer-us

Using the online nickname “Guccifer,” Marcel Lazar Lehel is said to have hacked into the email accounts of several people in the United States between December 2012 and January 2014, including members of the Bush family, former Secretary of State Colin Powell, venture capitalist John Doerr, journalists, actors, and military officials. He also targeted at least two Romanian officials.

The hacker said he breached their accounts by guessing the answers to security questions.

Romanian authorities arrested Lazar in January 2014 with the aid of U.S. authorities. In June 2014, he pleaded guilty and was sentenced to seven years in prison for hacking the accounts of Romanian politician Corina Cretu and George Maior, the head of the Romanian Intelligence Service (SRI).

Lazar, known by Romanian authorities as “Little Fume,” had previously received a three-year suspended sentence for hacking into the online accounts of many celebrities in Romania.

 

Week 10 News Article

http://www.martinsvillebulletin.com/news/city-county-schools-awarded-grants-for-cybersecurity-camps/article_75000824-e988-11e5-b3cc-8bc49be61bed.html

Virginia schools sponsor summer cyber camps to encourage students towards cyber security job fields.