Wenatchee Valley College - CTS Discussion Board

You are not logged in. Would you like to login or register?



11/05/2018 10:32 am  #1


Security Discussion Article #4 - Due November 12th

Post your new articles here

This one is on Kali Linux and specifically using it to test WEP security.  WEP is outdated, but as the article mentions it is a good place to start with basic Pen Testing using either Kali or Parrot.

https://www.wirelesshack.org/step-by-step-kali-linux-and-wireless-hacking-basics-wep-hacking-part-3.html

 

11/08/2018 11:21 am  #2


Re: Security Discussion Article #4 - Due November 12th

A google security group offers a program to select users to counteract against spear phishing, phishing and other malicious attacks. The team was put together after the fiasco of certain politicians emails being hacked. The program though not named is counted as the highest form of personal account security that google offers. Such attacks that are counted against are emails that are sent to campaign subscribers from the alleged politician designed to gain personal information.
-Daniel dagg
https://hackercombat.com/how-google-engineers-protect-politicians-during-the-election/

 

11/09/2018 11:37 am  #3


Re: Security Discussion Article #4 - Due November 12th

Widespread use of open source code used in popular Android apps has shown to be a large security risk. Critical vulnerabilities were found in very common apps including banking, ticket purchasing, sports and travel apps. 32 percent or 105 out 330 apps tested among 16 different categories averaged 19 vulnerabilities per app. According to ACI, there were 40,000 known open source vulnerabilities in the last 17 years, and one-third of them came from last year. This is a major concern given 90 percent of all software today contains open source software components.

https://www.technewsworld.com/story/85563.html

~Seth Sampson


 

 

11/09/2018 11:39 am  #4


Re: Security Discussion Article #4 - Due November 12th

(Charles Barrett) A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by=14.4px identity thieves and other fraudsters unless the USPS beefed up security. they didn't listen and now 7 people were arrested for doing it and causing nearly $400,000 in unauthorized charges on credit cards they ordered in the names of residents.   https://krebsonsecurity.com/2018/11/u-s-secret-service-warns-id-thieves-are-abusing-uspss-mail-scanning-service/

Last edited by Cbarrett17 (11/09/2018 11:39 am)

 

11/09/2018 11:57 am  #5


Re: Security Discussion Article #4 - Due November 12th

China back to spying on and stealing from American businesses amid raging trade war


https://cyware.com/news/china-back-to-spying-on-and-stealing-from-american-businesses-amid-raging-trade-war-1b00c22e/




 

Last edited by BlaineP16 (11/09/2018 11:58 am)

 

11/12/2018 1:37 pm  #6


Re: Security Discussion Article #4 - Due November 12th

It  appears the newest build for Windows 10 might soon support WPA3. Although Microsoft  has not officially stated that it will some insiders are saying that the newest Windows 10 preview build 18272 is showing that Microsoft is actively working toward that soon. https://thehackernews.com/2018/11/windows-10-wpa3-wifi-security.html

Last edited by MichaelNees (11/13/2018 10:57 am)

 

11/13/2018 10:52 am  #7


Re: Security Discussion Article #4 - Due November 12th

Several vulnerabilities found in hardware encryption implementations. This affects Crucial MX devices, Samsung EVO devices, and others. The vulnerable encryption implementations are ATA security and TCG Opal. Multiple vulnerabilities are discussed in the article, but to summarize:

Researchers with phyiscal access could modify the password validation process  in RAM through the JTAG debugging interface, causing it to accept any password and decrypt the device

Crucial MX300 has a master password for decryption, which by default is an empty string

The Samsung 840 EVO has a "wear leveling" feature for preserving the longevity of the SSD that involves moving data to different locations on the SSD, but old data is preserved until overwritten. This means that if you have unprotected data and add a password, the wear leveling feature will preserve the unprotected data until overwritten

Bitlocker defaults to hardware encryption if available before using it's own software encryption, so Bitlocker doesn't protect against these hardware vulnerabilities

Crucial has patched all their devices, Samsung has patched some of their devices.

https://thehackernews.com/2018/11/self-encrypting-ssd-hacking.html

-Skyler

 

11/19/2018 11:02 am  #8


Re: Security Discussion Article #4 - Due November 12th

Instagram just had a encryption security breach on there "download your data" aspect. Peoples passwords were being leaked. In august there was also a sever flaw in its API that hackers exploited to gain access to phone numbers and email addresses for high profile users. https://thehackernews.com/2018/11/instagram-password-hack.html

 

 

Board footera

 

Powered by Boardhost. Create a Free Forum