Ryan P Boyce

First ever SHA-1 collision

February 26, 2017 by Ryan P Boyce Leave a Comment

Researchers from CWI Amsterdam and from Google proved for the first time it is possible to have two different documents with the same SHA-1 value. The teams were able to do this with two different PDFs.The SHA-1 hashing algorithm is outdated but many applications still support it including Github. What this means essentially is that you can take a secret document, Document A, and alter its data (bits) to effectively create a new document, Document B. You could hash both documents with SHA-1 and get the same hashed value (BHGUYU^%$&^$*^&!). Let’s say someone was sending Document A across the Internet but while en route, the document was altered to create Document B. The recipient, expecting to receive Document A, would not know the difference based on the hashed value. If you are encrypting your data based on SHA-1, don’t be too scared right at this moment, however. It took the team 9,223,372,036,854,775,808 SHA-1 computations, 6,500 years of CPU time, and 110 years of GPU time to create the matching hashed values. Most people aren’t able to do this in their basement…..yet.

https://www.theregister.co.uk/2017/02/23/google_first_sha1_collision/

Top Cyber Security Certifications for 2017

February 20, 2017 by Ryan P Boyce Leave a Comment

Certifications are big business in many industries but especially in the Information Technology sector. In speaking with seasoned IT professionals, I’ve found that popular certifications one year tend to lose their value the next. One such IT professional told me recently that Microsoft Certifications were extremely valuable ten, fifteen years ago. In 2017, I, personally, do not know one person seeking a Microsoft certification. I do, however, know many people seeking some form of cyber security certification and since the ITACS course is designed to prep for the CISA or CISSP, it is good to see those two certifications at the top of this list. While these certifications could lose their popularity in the not so distant future (like a Microsoft Specialist Certification), it’s good to see that for now they are highly reputable.

http://www.itcareerfinder.com/brain-food/blog/entry/10-hot-cyber-security-certifications-for-2017.html

Metasploit Exploit Project

February 20, 2017 by Ryan P Boyce Leave a Comment

Slides

Executive Summary

“Best Cyber Military doesn’t belong to Russia….”

February 19, 2017 by Ryan P Boyce Leave a Comment

Written in August of last year, this article from Reuters discusses the hacking of the Democratic National Committee’s computers. It essentially uses this event to show that the history of one country spying on and exploiting another country has been going on for a long, long time. Since the 1950s or after the second world war in general, the world’s super powers have been launching programs designed to undermine the goals of their adversaries. The Campaign of Truth was launched by Harry S Truman to expose to the Russian people the “lies” of their government. The article references several US campaigns focused on Latin American countries as well. Led by the NSA and now Cyber Command, the United States has the best cyber military in the world. What’s truly fascinating, however, is how cyber warfare is growing and the US is at the forefront of this change. According to the article, this new arena of warfare will feature a traditional approach with a Cyber Army, Cyber Navy, Cyber Air Force, and Cyber Marine Corps. “The idea is to turn the Internet from a worldwide web of information into a global battlefield for war. ‘The next major conflict will start in cyberspace,” says one of the secret NSA documents. One key phrase within Cyber Command documents is ‘Information Dominance.””

http://www.reuters.com/article/us-election-intelligence-commentary-idUSKCN10F1H5

Israel prepares youth for cyber security

February 5, 2017 by Ryan P Boyce 4 Comments

This article is about the initiatives in Israel to educate youth on cyber technologies and cyber security. According to the article, the country announced a national center for cyber education. Children of all ages, even those in kindergarten, are being taught some form of cyber techniques including coding. A member if the philanthropic group running the center says, “we are building the next level of knowledge-how to code”.

http://triblive.com/usworld/world/11895689-74/israel-cyber-cybersecurity

Washington DC CCTV cameras hacked during Trump inauguration

January 29, 2017 by Ryan P Boyce Leave a Comment

According to the Washington Post in this article by Gizmodo, as may as 123 of 187 cctv cameras were infected with malware during the inauguration in DC. The article does not suggest as to whom is or even could be responsible for the attack. The article does point out though that the use of malware usually signifies a ransom. Hackers will often times corrupt a system with malware and demand money be handed over for the malware to be removed. This slightly eases fears as it hopefully suggests the attackers were seeking finances and not to undermine the cameras for more malicious activities.

http://gizmodo.com/report-cctv-system-in-washington-dc-was-hacked-before-1791734583

Metasploit services start

January 18, 2017 by Ryan P Boyce Leave a Comment

If Metasploit does not start/cannot connect to the DB, in a separate terminal run:

>sudo service postgresql start

>sudo service metasploit start

This should work. Thanks.