Wenatchee Valley College - CTS Discussion Board

You are not logged in. Would you like to login or register?



11/07/2019 10:08 am  #1


Security Class Article #6 Due Wednesday November 13th.

Post your latest article here. If you have a cryptic user name, please post your name along with your summary.

Thank you Lehi for getting the posts going this week!  These are due by Tuesday.  Reminder, no school on Monday....

Dave

Last edited by Admin (11/08/2019 9:42 am)


Ỵ̵͝'̸̰̋a̴̟̿l̴̘̓l̶̖̊ ̶̮̀g̷̬̈o̶̯͂t̴̺̚ ̷̢̌a̸͚̅ṋ̶̂y̶̙͝ ̴̙̾q̶̛͇u̶̢̔ï̵̳c̵͉̈́ķ̶̐ ̷͓͝b̶̡̚i̸̹͆t̴̠̀ṣ̷͝?̴̼̄
 

11/07/2019 10:33 am  #2


Re: Security Class Article #6 Due Wednesday November 13th.

In this article from the New York Times, https://www.nytimes.com/2019/11/04/technology/digital-assistant-laser-hack.html It has been discovered that any digital assistant can be hacked with a device as simple as a laser. The laser can be used to issue commands to the device via the microphone. Though it is not explicitly stated in the article, it would seem likely that the pulses of light would have to be modulated just like sound waves to accomplish this. Although light doesn't emit sound, it can have sufficient energy to move the microphone diaphragm enough to issue commands to the smart device. In one test, the scientists behind this discovery were able to issue a command that opened a garage door, and later said that it would be possible to control any system connected to a digital assistant, like lights, locks, thermostats, or even your car. It is expected that many of these devices will need a redesign of their microphone assemblies to mitigate this issue entirely. According to the researchers, there hasn't yet been any record of this attack outside of a laboratory environment. There are however a few things the end user of these digital assistants can do, like setting up a pin for shopping requests, muting the microphone manually, or even just moving the device away from windows.


Ỵ̵͝'̸̰̋a̴̟̿l̴̘̓l̶̖̊ ̶̮̀g̷̬̈o̶̯͂t̴̺̚ ̷̢̌a̸͚̅ṋ̶̂y̶̙͝ ̴̙̾q̶̛͇u̶̢̔ï̵̳c̵͉̈́ķ̶̐ ̷͓͝b̶̡̚i̸̹͆t̴̠̀ṣ̷͝?̴̼̄
     Thread Starter
 

11/08/2019 9:48 am  #3


Re: Security Class Article #6 Due Wednesday November 13th.

A superior court judge in Georgia has been charged with computer trespass.  A judge thought that the DA had hacked her computer so she hired an "expert" who installed Wireshark on her computer.  It gets better.... The "expert" was charged with being a child molester so his computer equipment was seized.  He did say he thought her (the judge's) computer was in fact hacked.   The article is a little confusing due to the cast of characters, but it a good read. 

So, the question is:  How much legal right did the Judge have to investigate "her" own computer?  

http://www.abajournal.com/news/article/judge-said-to-believe-da-hacked-her-computer-is-charged-with-computer-trespassing

 

Last edited by Admin (11/08/2019 9:53 am)

 

11/11/2019 8:46 am  #4


Re: Security Class Article #6 Due Wednesday November 13th.

The Biggest Cybersecurity Crises of 2019 So Far
The article I found talks about several different incidents in regards to cyber-security.  The one that caught my attention was a breach of US Customs and Border Protection surveillance photos.  Apparently attackers managed to steal photos of travelers and license plates of nearly 100,000 people.  This is concerning, especially if border security hardware is configured to use facial-recognition, which has been a topic of discussion for some time, just think what hackers could do if they were able to get their hands on that type of technology.

Jesse Kilthau

https://www.wired.com/story/biggest-cybersecurity-crises-2019-so-far/

Last edited by jkilthau2856 (11/11/2019 8:48 am)

 

11/11/2019 1:05 pm  #5


Re: Security Class Article #6 Due Wednesday November 13th.

A browser bug was enough to hack an Amazon Echo
So any who has Amazon should pay attention to their device a lot.
So Two top security hackers managed to find that the device a old version of chromium.Which caused a bug to take full control of the device if connected to malicious wifi.What is very suprising its the newest amazon echo out their .

link:https://www.msn.com/en-us/news/technology/a-browser-bug-was-enough-to-hack-an-amazon-echo/ar-BBWvV2p?li=AA4Zoy

 

11/12/2019 10:06 am  #6


Re: Security Class Article #6 Due Wednesday November 13th.

This article says that there was a module made to help interact with stream data in NodeJS, and this project was handed off to an individual that ended up creating a separate dependency module that would use to hack crypto-currency wallets. This user's name was "Right9ctrl" and has sense gone rogue, the version of Event-Stream 3.3.6 has been removed from npm however that was after roughly 8 million applications installed this module into their project.
A CS student at CSU known as FallingSnow noticed the malicious dependency and posted the issue to github: https://github.com/dominictarr/event-stream/issues/116

https://thehackernews.com/2018/11/nodejs-event-stream-module.html


Hello, I am Devin Baughman.
There is a discord server with links to online PDF's of course textbooks, there are general chats for each course and nerd-banter, please come in and talk computers! Invite: https://discord.gg/H65RH2g
 

11/12/2019 2:45 pm  #7


Re: Security Class Article #6 Due Wednesday November 13th.

Seriously declining in our participation on security articles....try to find a good one by tomorrow...

 

11/12/2019 2:50 pm  #8


Re: Security Class Article #6 Due Wednesday November 13th.

Veracrypt vs. Trucrypt - we will be exploring encryption options soon.  One option is Trucrypt which is still available and its successor Veracrypt.  Why did they stop developing Trucrypt?  It is open source and they paid to have its code verified that there were no back doors etc.  This article goes over some of the differences and you can decide which one you want to use.  Bitlocker is included with Windows 10 Pro.  Creating an encrypted USB is maybe easier with Bitlocker, but on a hard drive I think you have to encrypt the entire drive.  Veracrypt allows you to create an encrypted folder which is mounted as a drive letter.

https://medium.com/asecuritysite-when-bob-met-alice/the-fall-of-truecrypt-and-rise-of-veracrypt-44f910ed5162

 

 

11/12/2019 6:25 pm  #9


Re: Security Class Article #6 Due Wednesday November 13th.

Average ransom payment paid out by compromised victims has increased 14 percent up to $41,000 over the last few months. Amount of downtime organizations suffered also increased from averaging 9.6 days the previous quarter to now 12.1 days. Experts believe the increase in downtime has to do with the increase in volume of successful attacks to larger enterprises which have more complex networks to restore. Security researchers say these attacks will continue unless these organizations bulk up their IT security budgets and head count.
-Zach Howard
https://www.scmagazine.com/home/security-news/ransomware/ransom-payments-averaging-41000-per-incident/

 

11/13/2019 10:27 am  #10


Re: Security Class Article #6 Due Wednesday November 13th.

In this article they are talking about how cars may be subjected to cyber criminals as vehicle technology advances. they have discovered easy to find online shops that sell car hacking tools on the clear web.Experts say that hackers can use traditional computer hacking tactics such as phishing which they can hold the car ransom. The most common types of attacks target car's controller area network protocol- which allows access to vehicle functions. Hackers also use devices known as code grabbers to copy or intercept signals to remotely open or start a vehicle. 
-Jose Gamino
https://www.upi.com/Top_News/US/2019/11/12/As-auto-technology-advances-so-does-risk-for-hacking/1891572926178/

 

Board footera

 

Powered by Boardhost. Create a Free Forum