Wenatchee Valley College - CTS Discussion Board

You are not logged in. Would you like to login or register?



11/13/2018 11:34 am  #1


Security Class Article #5 - Due 11/19/18

https://www.theverge.com/2014/12/28/7458159/encryption-standards-the-nsa-cant-crack-pgp-tor-otr-snowden

Article on programs that have not been cracked.  TrueCrypt is on the list, but the article is a few years old.

 

11/15/2018 9:25 am  #2


Re: Security Class Article #5 - Due 11/19/18

Austin Thompson has pleaded guilty to attacking several well known gaming servers back in 2013-2014. The attacks caused at least $95000 in damages. Thompson used his Twitter account to brag about his attack by providing screenshots of servers being unavailable after his DDoS attack.
 https://thehackernews.com/2018/11/gaming-server-ddos-attack.html

 

11/16/2018 9:58 am  #3


Re: Security Class Article #5 - Due 11/19/18

Rosa Perez    https://thehackernews.com/2018/11/mobile-hacking-exploits.html

White hat hackers competition held Nov 13-14 in Tokyo found that Iphone X with IOS 12.1, Samsung Galaxy 9, Xiaomi Mi6 running the latest version of software from popular smartphone manufacturers can be hacked. A team of two researchers, Richard Zhu and Amat Cama, who named themselves Fluoroacetate, discovered and managed to exploit a pair of vulnerabilities in a fully patched Apple Iphone X over WiFi. For their target they chose to retrieve a photo that had recently been deleted from the Iphone. They also hacked in the Samsung Galaxy S9 by exploiting a memory heap overflow vulnerability in the phone's baseband component and obtaining code execution. Xiaomi Mi6 handset via NFC(near-field communications) which is using the touch-to-connect feature, they forced the phone to open the web browser and navigate to their specially crafted webpage. With the highest of 45 points and a total of $215,000 prize money, Fluoroacetate researchers Cama and Zhu earned the title "Master of Pwn, logging five out of six successful demonstrations of exploits against Iphone X, Galaxy S9, & Xiaomi Mi6. The vulnerabilities will be available in 90 days and they will remain open until the affected vendors issue security patches to address them.

 

 

11/16/2018 11:29 am  #4


Re: Security Class Article #5 - Due 11/19/18

Due to what was "almost certainly an error", BGP mishap routes google's traffic through Chinese and Russian networks, brings down google temporarily.

What happened:
A small ISP in Nigeria, MainOne Cable Company improperly updated tables in the internet's global routing system advertising one of it's routes as the correct route to reach IP addresses owned by Google

A Chinese carrier, China Telecom, improperly accepted the route that was advertised by MainOne and advertised it world wide

This caused a major Russian carrier, Transtelecom, as well as other ISPs to begin using this route.

This redirected some of google's most sensitive traffic through networks they were not intended for. The event lasted 74 minutes.

While it has been claimed by all parties to be an accident, this event is being heavily scrutinized. 

https://arstechnica.com/information-technology/2018/11/major-bgp-mishap-takes-down-google-as-traffic-improperly-travels-to-china/

-Skyler

 

11/16/2018 11:38 am  #5


Re: Security Class Article #5 - Due 11/19/18

[url]https://www.tomsguide.com/us/atm-hack-attack,news-28531.html[/url] The article explains how easy it is to hack into a ATM machine using various methods. they where able to hack into 22 out of 24 ATMs machines with relative ease.

 

11/16/2018 11:48 pm  #6


Re: Security Class Article #5 - Due 11/19/18

Let the trade war commence! Servers deployed by major companies in the United States have been bugged with micro spy chips from China. China is most likely trying to gather data from U.S companies to see how buisnesses here operate, so they can learn and gain an edge. China's already on track to surpass the United States GDP (Gross Domestic Product) in the next few years. These micro spy chips could help China get there even faster.

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=2ahUKEwiM49Tv89reAhUGm-AKHQnfDOoQFjAAegQIAhAB&url=https%3A%2F%2Fwww.cnbc.com%2F2018%2F10%2F05%2Fchinas-cyber-spying-keeps-a-lot-of-us-tech-ceos-up-at-night.html&usg=AOvVaw2BIiHsNOogb-CW-7Z7YyFQ

Last edited by BlaineP16 (11/18/2018 8:18 pm)

 

11/17/2018 1:56 pm  #7


Re: Security Class Article #5 - Due 11/19/18

NYU researchers have been using machine learning methods to create fake fingerprints to fool fingerprint sensors used by smartphones. Since most sensors on a smartphone use only a portion of a fingerprint the researchers made fake Master prints from similarities from multiple fingerprints. The idea is that someone could use a a collection of these master prints sort of like a password dictionary attack. They only used the prints they made in simulated computer programs not on actual sensors yet. The article also said that by using this information manufacturers could make the sensors more sensitive to help secure the devices
https://www.wired.com/story/deepmasterprints-fake-fingerprints-machine-learning/

 

11/18/2018 8:46 pm  #8


Re: Security Class Article #5 - Due 11/19/18

Researchers at the New York University have used machine learning to create synthetic "Masterprints" that have the ability to easily trick mobile finger prints scanners to even more secure fingerprints scanning systems like VeriFinger used by government entities. These synthetic prints combine use  common finger print traits and capitalize on the fact the most sensors only use a snippet of the actual finger print. The NYU researchers are very keen to clarify that they did  not make print out or other replicas of these master prints, but to raise awareness in the biometrics industry to the importance of defending against sythentic readings.

James Ramsey
https://www.wired.com/story/deepmasterprints-fake-fingerprints-machine-learning/

 

11/19/2018 9:00 am  #9


Re: Security Class Article #5 - Due 11/19/18

https://threatpost.com/cryptojacking-attack-targets-make-a-wish-foundation-website/139194/

Make a wish foundation website had been intruded. Hackers added a JavaScript-based code to the website, that took advantage of users' computers in order to mine cryptocurrency. 

~Seth Sampson

 

11/19/2018 9:12 am  #10


Re: Security Class Article #5 - Due 11/19/18

Japan's Cyber Security minister admits that he has never personally used a computer, calling into question his ability to protect their national cyber infrastructure.  

https://www.bbc.com/news/technology-46222026?intlink_from_url=https://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-story

Bonus article:

https://kimatv.com/news/local/card-skimmer-discovered-at-local-business-deputies-investigating

Posted by Phil Bentz

Last edited by HawkLegion (11/19/2018 11:23 am)

 

Board footera

 

Powered by Boardhost. Create a Free Forum