I am not sure if anyone else watch congresses questioning of Mark Zukerberg, but I did. It was streamed live on Bloomberg nation and CNBC. While I was watching and listening, I was shocked at how uneducated our government leaders are on technology. I actually found a youtube video explaining what I mean. Here are a few questions our leaders, who are supposed to sign laws, asked. It is shocking. I actually remember some of these questions and couldn’t believe they were being asked.
Multi-Factor Bio-Metric Authentication for home security
This report covers Lighthouse AI, a startup hoping to install facial and voice recognition devices in homes. The program is similar to the access software in cellphones, but can do much more. You can set up multi-factor to include voice.
The technology uses 3D sensors to identify, not only human faces, but pets as well.
How about your door opens automatically as you approach it… Until someone “Steals your face right off your head”. He’s gone. RIP Jerry.
https://www.reuters.com/article/us-computer-vision/wait-i-know-you-home-security-startup-taps-face-recognition-tech-idUSKCN1G627I
VPN Leaks Data
This report identified three vulnerabilities with VPN services leaking sensitive IP Address and location information. Virtual Private Networks are used for several different reasons, but in this case it is used to connect privately to an internal network. The VPN service will encrypt your data and hide your true IP address for security reasons.
Vulnerabilities were found at PureVPN, HotSpot Shield, and Zenmate.
It was also noted that these vulnerabilities were with the Chrome plug-in. Not the desktop or smartphone version. The other vulnerabilities were not disclosed because no patch has been created.
https://thehackernews.com/2018/03/vpn-leak-ip-address.html
Kali Update – 404 error when using update && upgrade
I was getting the 404 with several tools when apt-get update && apt-get upgrade. This command worked.
wget -q -O – archive.kali.org/archive-key.asc | apt-key add
You can read more up on repositories on below but the sources.list file should look like this
deb http://http.kali.org/kali kali-rolling main contrib non-free
# For source package access, uncomment the following line
deb-src http://http.kali.org/kali kali-rolling main contrib non-free
I assume this is the case if you just downloaded and install, but may not be the case for older versions of kali. EXAMPLE… Last semester!
You may also have the “#” in front of yours. Notice the “#” is gone before the one above. You will need to remove the “#” if you want to use source packages when “playing” certain tools included with kali.
Valentine’s Day Scams
Are you in the mood for love, but forgotten what love is?
Valentine’s Day is a day when people of all ages express their “love” towards people very close to them. Elementary schools are engaging in Valentine’s day activities, and some of us even go to the lengths of wearing as much red as possible. The feeling of love, need, and affection is a wonderful emotion to have, but those of us who may not have that special someone may fall victim to a not-so-special someone.
CNBC reports that Valentine’s Day and the days leading up to the holiday are ripe for online scams. The type of scams that run rapid are what some people may know as “Catfishing”. This is when you develop an online relationship with someone who is pretending to be another person, or duping you into believing something that is not true. Like money troubles.
These types of scams are difficult to identify because many virtual or semi-virtual (face-to-face only 1 or 2 times) relationships revolve around trust. The person being scammed may not even know they are being scammed. For instance: A person met someone online. Met this person at a coffee shop or bar 1 or 2 times. Gives a story about how they moved out of the area, but really had a great time and want to keep in touch. They continue a virtual relationship with several emotional, but non-sexual exchanges remotely. Then, they start the probing to determine if you will start paying their bills by elaborating on personal troubles and exaggerating hardships to encourage financial support, as well as the dozen flowers you sent on Valentines’s day!
Fake websites selling Valentine’s day gifts are also popular right now. These sites may be on the top of search engines, or a banner on reputable site. They redirect you to another site for you to enter your credit card information. Webroot found a 220% increase in malicious URL’s before Valentine’s day last year.
Romance fraud exceed $230 million in 2016, and represents most financial losses of all internet crimes. This was reported by the FBI.
As cyber security professionals, sometime we don’t think about “catfishing” as a potential problem. Is it in our scope of work to identify if the CFO just got divorced and is using a dating website that may be filled with these scammers? If we were to use FIPS 199 on our employee assets, and conducted a risk assessment on our human resources, would the CFO be a “HIGH” and would the risk assessment include his divorce and/or dating website involvement? These are rhetorical questions, but the point is that we should be conscious of the largest internet scam in 2016.
https://www.cnbc.com/2018/02/09/watch-out-for-these-valentines-day-scams.html