As this class concludes, it’s time to go back through the past weeks and evaluate all the different stories I have covered for the security assessment each week. While there were a lot of unique topics that I covered, there was one theme that seemed to pop up a few too many times, and that is stories about breaches. And not just any kind of breach, but breaches against large companies who should have security measures in place to prevent these sorts of attacks from happening. It shows us that if the giants of the world are susceptible to breaches, then the small companies are just as much in danger. As I parsed through all the different stories again, I did notice a common theme that I would bring up time and time again, and that was that most of these attacks and breaches could have been prevented or at least lessened should proper security measures been employed from the start. It is not enough to simply respond to problems as they appear, we should be actively looking to safeguard systems and constantly running checks and tests to make sure no one ever gains access to a system.
With an analysis of my work’s subject matter done, I can move on to analyzing the sources of all my material. When I went about finding stories for I utilized the website “Internet Storm Center” that showed a collection of the latest stories. I liked utilizing this website because the types of stories that were coming in were varied and ranged in lots of different topics. Another plus side from this is that the sites who were hosting the stories were varied as well, lending to a wide breadth of information. While this method of finding a story worked, there was one week in which I bucked this trend and did something different. On my article regarding the Panera website breach, I had the article forwarded to me by my wife who was astonished at the account. We both briefly discussed the article and how ridiculous it was and noting that it feels like your information is not even safe at a fast food chain. Overall, I really enjoyed that week’s post, and I wish I had approached more articles like that.
Lastly, we’ll discuss my opinions on this blog as to whether it would be useful, and some helpful hints to the next group of students. First, I think these types of blogs are excellent sources of information for security professionals and they should actively seek out this information as much as possible. Not only does it condense the article down to it’s points, it can offer helpful information from a variety of sources as to what could have been done and what people should do to prevent it. While I agree that these posts are great for security professionals, I think that they might also serve a great use for everyone. Most of the time these stories do not make national headlines, and sometimes don’t get the attention they need. There is plenty of information that is extremely relevant to the everyday person and they should look to incorporate these types of posts in their daily internet reads. Lastly, my greatest lesson for the next group of students is to look for the stories that really speak to you. The most fun I had while creating these posts were ones that really stuck out to me, or ones that I was somehow invested in. With articles like the Panera Breach and the WebLogic hacks, these were articles that directly affected my life in some way, and I feel like I made much better articles because of it. Give yourself some time and monitor topics over several days. Too often I wanted to get an article written on that day, and the articles weren’t all that interesting, and thus I feel like I had to stretch to make them work.
Good luck!
Wednesday, May 9, 2018
Wednesday, May 2, 2018
Week 8 - Security Assessment - Inadequate Patching
For this week’s security assessment, I decided to choose the article entitled “Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch” by bleepingcomputer.com. The article explains that shortly after Oracle released a quarterly patch entitled “Critical Patch Update” (Cimpanu, 2018), hackers began scanning the web for any WebLogic servers that could be outward facing to the Internet. The patch that Oracle was trying to deploy scored a “9.8 out of 10” (Cimpanu, 2018) in severity and the problem it was fixing allowed “attacks to execute code on remote WebLogic servers without needing to authenticate” (Cimpanu, 2018). As you might have guessed, this problem that Oracle was trying to fix was a major one and needed to have an immediate response. While the response from Oracle in attempting to fix this major problem is admirable, the solution the company settled on was not complete, meaning that instead of securing the problem, they potentially made it worse.
The way that Oracle went about fixing the problem was to “blacklist the commands” (Cimpanu, 2018) that hackers were utilizing to execute the remote commands and take over the WebLogic server, instead of fixing the underlying problem that was allowing them to even do this. This meant the problem was still actually out there, and that hackers just needed to find another way to access it again, and it didn’t take very long. While Oracle blacklisted a lot of the commands that hackers were utilizing to gain access to the server, they forgot several commands, leaving the door wide open. This response from Oracle feels like the patch process was rushed out to make sure the vulnerability was quickly closed, and not enough testing was put into place to verify that the fix actually did what it was supposed to, and that the fix was complete. Instead, we are left with still vulnerable systems even after the patch.
The reason I decided to write on this story this week is for a few different reasons. The first of these is that in the past, I have worked on several WebLogic servers for projects. Most of these servers were giant hulking monstrosities that no one wished to touch as no one quite understood how it exactly worked. Worse yet, these machines rarely received patches and would stay at the same update version from the time it was installed. We need to be diligent on making sure that patches are frequent to make sure that when major issues like this one are located and fixed, that our software is updated alongside it.
However, with all of that, I think this article really illustrates that companies whose job it is to keep software up to date need to make sure that their fixes are properly vetted and don’t simply ‘paint over’ the issue. Fixes for problems should be fixing the core issue, if it is possible, and the fixes should be checked thoroughly to make sure the vulnerability is completely gone. While the quick fix might have been just disabling the commands, as we have seen, if you miss a command, hackers gain access back to the server again.
Sources Cited:
Cimpanu, C. (2018, April 30). Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch. Retrieved May 2, 2018, from https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/
The way that Oracle went about fixing the problem was to “blacklist the commands” (Cimpanu, 2018) that hackers were utilizing to execute the remote commands and take over the WebLogic server, instead of fixing the underlying problem that was allowing them to even do this. This meant the problem was still actually out there, and that hackers just needed to find another way to access it again, and it didn’t take very long. While Oracle blacklisted a lot of the commands that hackers were utilizing to gain access to the server, they forgot several commands, leaving the door wide open. This response from Oracle feels like the patch process was rushed out to make sure the vulnerability was quickly closed, and not enough testing was put into place to verify that the fix actually did what it was supposed to, and that the fix was complete. Instead, we are left with still vulnerable systems even after the patch.
The reason I decided to write on this story this week is for a few different reasons. The first of these is that in the past, I have worked on several WebLogic servers for projects. Most of these servers were giant hulking monstrosities that no one wished to touch as no one quite understood how it exactly worked. Worse yet, these machines rarely received patches and would stay at the same update version from the time it was installed. We need to be diligent on making sure that patches are frequent to make sure that when major issues like this one are located and fixed, that our software is updated alongside it.
However, with all of that, I think this article really illustrates that companies whose job it is to keep software up to date need to make sure that their fixes are properly vetted and don’t simply ‘paint over’ the issue. Fixes for problems should be fixing the core issue, if it is possible, and the fixes should be checked thoroughly to make sure the vulnerability is completely gone. While the quick fix might have been just disabling the commands, as we have seen, if you miss a command, hackers gain access back to the server again.
Sources Cited:
Cimpanu, C. (2018, April 30). Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch. Retrieved May 2, 2018, from https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/
Tuesday, April 24, 2018
Week 7 - Security Assessment - Tech Support Scams
For this weeks’ security assessment report, I decided to talk about zdnet’s article on “Windows Warning: Tech-Support scammers are ramping up attacks, says Microsoft.” I decided on this article this week because I have personally received several of these calls myself in the recent past and have noticed an increase in these types of attacks. Not only have I received many of these attacks on my personal phone number, I have received many on my work phone number as well.
Going into the article, zdnet notes that the amount of these fake tech support calls has risen by “24 percent” (Tung, 2018) since the last year, and that reports of these calls are coming from over “183 countries” (Tung, 2018). This is an alarming trend as I had wondered in years past if these fake tech support calls would eventually die off as all the calls I have dealt with have been so painfully obvious that they were fakes. The one statistic given in the article that really surprised me was when they noted that a FBI report estimates the loses of people falling to these attacks at “$15 million” (Tung, 2018). While I could have guessed that there was a considerable amount of money lost during these scams, I would have never guessed that there was that much money being stolen. This statistic should be a warning to anyone and everyone who receives these random tech support messages to take care and not give payment information randomly.
I think the take away from this article is to be careful dealing with online tech support. While there are legitimate services out there, great care should be taken to verify that you are dealing with a qualified and actual individual and not falling to some sort of scam. One of the easiest ways to do this is to reject any calls or messages from tech support services that come out of the blue. The safest bet when dealing with these types of services is to assume that they are fake. Next, you should not install random software that the tech support company tells you to install to help you out. Most of the time these are remote control software suites that allow the scammers to gain complete and total access to your machine. Once they have control, they can hold your computer for ransom or steal important files or documents. Lastly, we should take immediate action against any tech support who requires payment in gift cards or other similar payment methods. These scammers want you to purchase these gift cards and provide them with the numbers as there is no easy way to cancel the money being removed or used. With credit cards, most of the time the company or person the card is associated to will cancel it before any major damage is done, preventing the money from getting to the scammers.
Overall, this report from Microsoft is troubling and we should take care when dealing with anyone calling themselves tech support, especially if their services come randomly to you.
Sources Cited:
Tung, L. (2018, April 23). Windows warning: Tech-support scammers are ramping up attacks, says Microsoft. Retrieved April 23, 2018, from https://www.zdnet.com/article/windows-warning-tech-support-scammers-are-ramping-up-attacks-says-microsoft/#ftag=RSSbaffb68
Going into the article, zdnet notes that the amount of these fake tech support calls has risen by “24 percent” (Tung, 2018) since the last year, and that reports of these calls are coming from over “183 countries” (Tung, 2018). This is an alarming trend as I had wondered in years past if these fake tech support calls would eventually die off as all the calls I have dealt with have been so painfully obvious that they were fakes. The one statistic given in the article that really surprised me was when they noted that a FBI report estimates the loses of people falling to these attacks at “$15 million” (Tung, 2018). While I could have guessed that there was a considerable amount of money lost during these scams, I would have never guessed that there was that much money being stolen. This statistic should be a warning to anyone and everyone who receives these random tech support messages to take care and not give payment information randomly.
I think the take away from this article is to be careful dealing with online tech support. While there are legitimate services out there, great care should be taken to verify that you are dealing with a qualified and actual individual and not falling to some sort of scam. One of the easiest ways to do this is to reject any calls or messages from tech support services that come out of the blue. The safest bet when dealing with these types of services is to assume that they are fake. Next, you should not install random software that the tech support company tells you to install to help you out. Most of the time these are remote control software suites that allow the scammers to gain complete and total access to your machine. Once they have control, they can hold your computer for ransom or steal important files or documents. Lastly, we should take immediate action against any tech support who requires payment in gift cards or other similar payment methods. These scammers want you to purchase these gift cards and provide them with the numbers as there is no easy way to cancel the money being removed or used. With credit cards, most of the time the company or person the card is associated to will cancel it before any major damage is done, preventing the money from getting to the scammers.
Overall, this report from Microsoft is troubling and we should take care when dealing with anyone calling themselves tech support, especially if their services come randomly to you.
Sources Cited:
Tung, L. (2018, April 23). Windows warning: Tech-support scammers are ramping up attacks, says Microsoft. Retrieved April 23, 2018, from https://www.zdnet.com/article/windows-warning-tech-support-scammers-are-ramping-up-attacks-says-microsoft/#ftag=RSSbaffb68
Tuesday, April 17, 2018
Week 6 - Security Assessment - GPUs to fight back on malware scans
For this week’s security assessment write up, I decided to talk about arstechnica.com’s article titled “Intel, Microsoft to use GPU to scan memory for malware.” This topic jumped out at me as in past weeks I have talked about attacks that have gone on or advances by hackers that are making detection and threats harder to deal with, but this article describes new and innovative ways the industry is attempting to push back against the threat. The article describes that “certain kinds of malware refrain from writing anything to disk” (Bright, 2018) and causes problems when anti-malware software needs to scan for a threat. To compound the problem, the CPU must use a significant amount of power to do the scanning, upwards of “20 percent” (Bright, 2018) dedicated to scanning the system for malware. This is something you can directly see in your own personal machine as starting any anti-malware scan causes programs to be slow and laggy. To help combat this, Intel has both proposed plans that will utilize the GPU, either integrated or installed, to do the scanning. The article states that the GPU is usually “only light loaded” (Bright, 2018) and could easily take on the hard work of doing the scanning.
When I ran through this article I thought this to be a rather ingenious way to deal with the problem as during most operations on a computer, outside watching a movie or playing a computer game, the GPU is not necessarily being taxed. These cards also carry some serious power in them in most cases and can do the work with ease. While I do think that this is an interesting idea to help solve a problem of scan time and cost, I wonder how this will affect the already hard-hit market of GPUs. With the rise of cryptocurrency mining, GPUs have been a hot commodity that have seen their prices sky rocket in the past year. If features for security are pushed to the GPU, you could see the demand for them increase and cause the prices to go up higher than they are right now. While this might be a possibility, I think this might be a necessary evil to bare.
This article also talks about Microsoft’s changes to the Windows Defender program that is bundled with it’s Windows products. To help the Defender program protect your computer, Microsoft is starting to utilize “cloud-based machine learning with endpoint data collection” (SOURCE) to help spot anomalous usage on a machine to get in front of affected machines. I found this bit of information to be incredibly fascinating as it’s attempting to watch for when a machine is infected, instead of just trying to stop from getting infected. I think with both approaches combined in one solution, the amount of attacks and infections will start to decrease.
My overall take away this week was one of hope. There are companies out there who are leading the fight against these agents of chaos and are coming up with new and innovative ways to fight them. While the news may be filled with articles on successful attacks and damages to systems, we should take the occasional time out to look at those who are trying to save us.
Sources Cited:
Bright, P. (2018, April 17). Intel, Microsoft to use GPU to scan memory for malware. Retrieved April 18, 2018, from https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/
When I ran through this article I thought this to be a rather ingenious way to deal with the problem as during most operations on a computer, outside watching a movie or playing a computer game, the GPU is not necessarily being taxed. These cards also carry some serious power in them in most cases and can do the work with ease. While I do think that this is an interesting idea to help solve a problem of scan time and cost, I wonder how this will affect the already hard-hit market of GPUs. With the rise of cryptocurrency mining, GPUs have been a hot commodity that have seen their prices sky rocket in the past year. If features for security are pushed to the GPU, you could see the demand for them increase and cause the prices to go up higher than they are right now. While this might be a possibility, I think this might be a necessary evil to bare.
This article also talks about Microsoft’s changes to the Windows Defender program that is bundled with it’s Windows products. To help the Defender program protect your computer, Microsoft is starting to utilize “cloud-based machine learning with endpoint data collection” (SOURCE) to help spot anomalous usage on a machine to get in front of affected machines. I found this bit of information to be incredibly fascinating as it’s attempting to watch for when a machine is infected, instead of just trying to stop from getting infected. I think with both approaches combined in one solution, the amount of attacks and infections will start to decrease.
My overall take away this week was one of hope. There are companies out there who are leading the fight against these agents of chaos and are coming up with new and innovative ways to fight them. While the news may be filled with articles on successful attacks and damages to systems, we should take the occasional time out to look at those who are trying to save us.
Sources Cited:
Bright, P. (2018, April 17). Intel, Microsoft to use GPU to scan memory for malware. Retrieved April 18, 2018, from https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/
Thursday, April 12, 2018
Week 5 - Security Assessment - Insider Thread
For this week’s security assessment, I decided to talk about an article from The Register named “Company insiders behind 1 in 4 data breaches – study.” This article is in response to Verizon’s Data Breach Investigation Report which had shown that 25% of all data breaches a company will experience come from those working inside the organization being motivated by “financial gain, espionage, and simple mistakes or misuse” (Leyden, 2018). The ultimate reason I had choose to talk about this article was because of the surprisingly high numbers of the data that was being talked about. While I knew that company insiders prove to be a big part of data breaches, I would have never guessed the number would have been as high as 25%. Another fact that jumped out at me is espionage being one of the leading factors to doing this. While it was not as high as the financial gain, I found it surprising that espionage was such a major contributor to the problem. This is a hard one to try to prevent as well, as finding an enemy that has legitimately joined your company can be a hard task to do. One of the take aways I got from this article is how we need to make sure proper controls and security measures are in place in company’s networks to make sure that people do not steal information or gain access to something that they should not have had access to. The problem against this is if that a rogue employee already had access to that information because of a legitimate need and then decided to leak it or open up a way for someone to get a hold of it. Proper measures sure be in place that would try to minimize this risk as much as possible.
The article also goes on to explain that ransomware has had a drastic rise in incidents, going up nearly “39 per cent” (Leyden, 2018) over the last several years. This dramatic increase is an indicator that these attacks are working and yielding results to those utilizing them and we should take extra caution when it comes to clicking on suspicious links or messages. A great way to combat these types of attacks as well, as I have written about in the past, is to make regular backups of your system and have a strong anti-virus and anti-spyware software involved. Should your system become infected with a ransomware, you might be able to roll the system back to a time before the attack happened and be safe.
The last bit of striking information this article talked about are the industries that are at the biggest risk. Topping all other industries was education with attacks being motivated by the act of espionage and motivation coming from viewing the activity as “fun.” I found this data to be a bit disturbing on many accounts as purposely harming an education firm or people who are at or enrolled at the school merely for fun is inexcusable. Those who do these activities should be held just as accountable as those who do it out of espionage or other reasons. These kinds of attacks should never be utilized for fun.
Sources Cited:
Leyden, J. (2018, April 10). Company insiders behind 1 in 4 data breaches – study. Retrieved April 10, 2018, from https://www.theregister.co.uk/2018/04/10/verizon_dbir/
The article also goes on to explain that ransomware has had a drastic rise in incidents, going up nearly “39 per cent” (Leyden, 2018) over the last several years. This dramatic increase is an indicator that these attacks are working and yielding results to those utilizing them and we should take extra caution when it comes to clicking on suspicious links or messages. A great way to combat these types of attacks as well, as I have written about in the past, is to make regular backups of your system and have a strong anti-virus and anti-spyware software involved. Should your system become infected with a ransomware, you might be able to roll the system back to a time before the attack happened and be safe.
The last bit of striking information this article talked about are the industries that are at the biggest risk. Topping all other industries was education with attacks being motivated by the act of espionage and motivation coming from viewing the activity as “fun.” I found this data to be a bit disturbing on many accounts as purposely harming an education firm or people who are at or enrolled at the school merely for fun is inexcusable. Those who do these activities should be held just as accountable as those who do it out of espionage or other reasons. These kinds of attacks should never be utilized for fun.
Sources Cited:
Leyden, J. (2018, April 10). Company insiders behind 1 in 4 data breaches – study. Retrieved April 10, 2018, from https://www.theregister.co.uk/2018/04/10/verizon_dbir/
Thursday, April 5, 2018
Week 4 - Security Assessment - Panera Bread Breach
This week in security assessment news, I decided to talk about NPR’s reporting on a Panera Bread Website hack entitled “For Months, Panera Bread Website Reportedly Exposed Millions Of Customer Records.” I decided to talk about this topic when my wife brought this article to my attention. I had to question out loud “Great, we aren’t safe from ordering food anymore.” Much like many other point of sales attacks or retail attacks, hackers were able to make off with “customers’ first and last name, their date of birth, address, email address, phone number and the last portion of their credit card number” (Chappell, 2018). While this may not have affected the large portion of Panera’s customers, if you did any purchasing through their website like calling in orders, it is likely your information was stolen. All in all, this attack further shows us how vulnerable our information is and how easily it can fall into the hands of a hacker.
While you may think that the theft of customer information might be the biggest thing in this article, it wasn’t. Panera knew about the attack for some time, and either failed to act against it or didn’t realize what kind of problem they had. It wasn’t until very recently that their website was taken down and likely patched to remove the ability to access this data. What is troubling being that Panera itself did not find the actual problem, it was a security analyst who came across that Panera was not securing their data. He reached out to the company to illustrate the problems to them, however Panera did not seem to care or take him seriously, and these reports were left. This point illustrates the need for companies to take all security concerns seriously and investigate all claims, even if some come across as dubious. Instead, with what Panera is dealing with now, is that they might be held accountable now by a court as they had the information that this information was exposed, and willingly chose not to do something about it.
The biggest take away from this all is not that our information is vulnerable on the web, no matter where you are. This is understood by most and we put our information in other company’s hands for safe keepings. The takeaway is that we need to make sure that these companies are keeping their side of the bargain and doing all that they can to keep our information secret and safe. Hopefully customers will now keep a keen eye on all the sites they use and hopefully Panera has learned from their mistakes, putting the necessary steps in place to keep this from happening again.
Sources Cited:
Chappell, B. (2018, April 3). For Months, Panera Bread Website Reportedly Exposed Millions Of Customer Records. Retrieved April 4, 2018, from https://www.npr.org/sections/thetwo-way/2018/04/03/599135288/for-months-panera-bread-website-reportedly-exposed-millions-of-customer-records
While you may think that the theft of customer information might be the biggest thing in this article, it wasn’t. Panera knew about the attack for some time, and either failed to act against it or didn’t realize what kind of problem they had. It wasn’t until very recently that their website was taken down and likely patched to remove the ability to access this data. What is troubling being that Panera itself did not find the actual problem, it was a security analyst who came across that Panera was not securing their data. He reached out to the company to illustrate the problems to them, however Panera did not seem to care or take him seriously, and these reports were left. This point illustrates the need for companies to take all security concerns seriously and investigate all claims, even if some come across as dubious. Instead, with what Panera is dealing with now, is that they might be held accountable now by a court as they had the information that this information was exposed, and willingly chose not to do something about it.
The biggest take away from this all is not that our information is vulnerable on the web, no matter where you are. This is understood by most and we put our information in other company’s hands for safe keepings. The takeaway is that we need to make sure that these companies are keeping their side of the bargain and doing all that they can to keep our information secret and safe. Hopefully customers will now keep a keen eye on all the sites they use and hopefully Panera has learned from their mistakes, putting the necessary steps in place to keep this from happening again.
Sources Cited:
Chappell, B. (2018, April 3). For Months, Panera Bread Website Reportedly Exposed Millions Of Customer Records. Retrieved April 4, 2018, from https://www.npr.org/sections/thetwo-way/2018/04/03/599135288/for-months-panera-bread-website-reportedly-exposed-millions-of-customer-records
Thursday, March 29, 2018
Week 3 - Security Assessment - Safer Alternatives To Passwords
This week in security assessment news, I decided to write about Entrepreneur’s article titled “Passwords Are Scarily Insecure. Here Are A Few Safer Alternatives”. I choose this article this week not because this information presented in the article was a revelation to me, but how it appears that this movement of going away from passwords has not really caught fire like you would think. The article points out that passwords innately suffer from two different kinds of problems. One being that when people create passwords, they usually create a weak, or very easy to guess, passwords. Some sites and systems now required a minimum character limit, mixing numbers, letters and punctuation, however these types of requirements are the exception, and not the rule. The next problem passwords have is they are extremely easy to steal from someone. Whether through virus or worms, or simply “impersonating someone you know or trust to gain login information or personal details” (Rafaeli, 2018), this makes passwords simply not reliable. The article then covers several different alternatives that I will talk about, in more detail.
The first alternative offered by the site is the idea of security tokens. These tokens can generate a password based on a “seed record” (Rafaeli, 2018) that will need to be inserted into a login screen. This form of authentication, at this point, is still coupled with a password retrieved from the user as an extra form of security. These tokens are a great alternative as the only way someone would be able to ‘guess’ the password would be to have the device in their own hand. Without it, it would be near impossible to do. While this method is a drastic improvement over regular passwords, it does carry some problems. First, it’s a very expensive method to offer security as physical devices will need to be purchased and distributed to users. It also means that these tokens need to be carried with the users at all times, if they wish to login with it.
The next alternative offered by the site is the idea of biometrics, or a security device that uses fingerprints or facial scans to determine if you are who you say you are. The article mentions that “a fingerprint, for instance, can’t be lost or hacked” (Rafaeli, 2018). This is incredibly useful as a form of authentication as they are relatively quick to complete and user friendly. While this form of authentication is catching on quickly, it is still prone to problems, much like other authentications. The first of it being that it’s not entirely accurate all the time. The technology is still coming along in this area and more advances need to be done. The other area is that should whomever you are authenticating against gets hacked, it is possible for the hackers to steal vital biometric data that can be used for more nefarious things.
Lastly, the site covered phone-based authenticators. This is the latest in the growing authentication security market, and has some of best potential on all of the other methods. This operates by installing an app on your phone and connecting it to your account. When someone tries to log in with your username on a system, you would receive a notification on your phone. From there, you might have to enter a one-time password that would be generated on your phone, or simply authorize the login. I have some personal experience with these type of authenticators as I have 3 of them to satisfy requirements from several games I play. It’s curious that such high security measures are in place for simple games I play, but not for say my bank.
Overall this article was really good in breaking everything down. When offered, you should consider using an alternative authentication methods over passwords. While not entirely foolproof, they make it hard enough that you won’t be a constant victim.
Sources Cited: Rafaeli, R. (2018, March 7). Passwords Are Scarily Insecure. Here Are a Few Safer Alternatives. Retrieved March 29, 2018, from https://www.entrepreneur.com/article/309054
The first alternative offered by the site is the idea of security tokens. These tokens can generate a password based on a “seed record” (Rafaeli, 2018) that will need to be inserted into a login screen. This form of authentication, at this point, is still coupled with a password retrieved from the user as an extra form of security. These tokens are a great alternative as the only way someone would be able to ‘guess’ the password would be to have the device in their own hand. Without it, it would be near impossible to do. While this method is a drastic improvement over regular passwords, it does carry some problems. First, it’s a very expensive method to offer security as physical devices will need to be purchased and distributed to users. It also means that these tokens need to be carried with the users at all times, if they wish to login with it.
The next alternative offered by the site is the idea of biometrics, or a security device that uses fingerprints or facial scans to determine if you are who you say you are. The article mentions that “a fingerprint, for instance, can’t be lost or hacked” (Rafaeli, 2018). This is incredibly useful as a form of authentication as they are relatively quick to complete and user friendly. While this form of authentication is catching on quickly, it is still prone to problems, much like other authentications. The first of it being that it’s not entirely accurate all the time. The technology is still coming along in this area and more advances need to be done. The other area is that should whomever you are authenticating against gets hacked, it is possible for the hackers to steal vital biometric data that can be used for more nefarious things.
Lastly, the site covered phone-based authenticators. This is the latest in the growing authentication security market, and has some of best potential on all of the other methods. This operates by installing an app on your phone and connecting it to your account. When someone tries to log in with your username on a system, you would receive a notification on your phone. From there, you might have to enter a one-time password that would be generated on your phone, or simply authorize the login. I have some personal experience with these type of authenticators as I have 3 of them to satisfy requirements from several games I play. It’s curious that such high security measures are in place for simple games I play, but not for say my bank.
Overall this article was really good in breaking everything down. When offered, you should consider using an alternative authentication methods over passwords. While not entirely foolproof, they make it hard enough that you won’t be a constant victim.
Sources Cited: Rafaeli, R. (2018, March 7). Passwords Are Scarily Insecure. Here Are a Few Safer Alternatives. Retrieved March 29, 2018, from https://www.entrepreneur.com/article/309054
Wednesday, March 21, 2018
Week 2 - Security Assessment - Orbitz Breach
For this week’s security assessment, I decided to expand upon TechRepublic’s article on a breach at the travel site Orbitz in which 880,000 customer’s payment methods were stolen. The article can be found HERE. This attack is especially unique as it was targeting data that was at least 2 years old and brings up the idea that not only the most cutting edge, most used sites are targets. Older legacy systems are just as much at risk as any other site.
TechRepublic lays out that hackers were able to steal “two years of data, including names, birthdates, home addresses, email addresses, and gender information” (Forrest, 2018). This information, including information about credit cards, could lead to devastating results for those who would be affected. With all this information, including oddly enough information about the customer’s gender, could allow a whole spree of new attacks on other systems or people. While this attack is not necessarily as widespread as many other attacks that have happened in recent history, it’s size is considerable and scary.
While this attack and information stolen is something that would be noteworthy on its own, there is something secondarily that everyone should sit up and take notice on. This attack was not against Orbitz main webpage that is in existence at this very moment. Instead, the hackers targeted a much older legacy system whose security features were not as secure as the main sites. This incident reminds us all that security needs to exist prominently and aggressively across all products that are exposed to the web, and updates and upgrades of these features need to be performed and maintained across all systems, including legacy. TechRepublic states “legacy systems are a reality in most IT environments” (Forrest, 2018), so we should be ever mindful of how well the security features are on legacy systems.
When it comes to how to combat against these sort of attacks, I believe that IT professionals should keep an active document of some nature that maintains what the current security features are on all their systems, including things like versions. This document should be regularly reviewed and if one system requires an upgrade or patch, this document should be consulted to see if any other system requires the same upgrade or patch, even legacy systems. Vigilance and monitoring are our best tools to fight back against attacks like this.
Sources Cited:
Forrest, C. (2018, March 21). Orbitz 880K credit card breach highlights IT's need to protect legacy systems. Retrieved March 21, 2018, from https://www.techrepublic.com/article/orbitz-880k-credit-card-breach-highlights-its-need-to-protect-legacy-systems/#ftag=RSS56d97e7
Friday, March 16, 2018
Week 1 - Security Assessment - Cybercrime-as-a-service
This week I learned about a new and terrifying way that hackers are conducting their attacks against us, and that is through the concept of ‘cybercrime-as-a-service’. A great article produced by zdnet found here walks through a cybercrime-as-a-service named BlackTDS that allows cybercriminals to learn their trade and be assisted in their attacks utilizing a variety of different means. As zdnet points out, this could include “hosting and configuration of the components of a sophisticated drive-by attacks, as well as support for social engineering” (Palmer, 2018). While these features are scary enough, BlackTDS offers their services at a relatively low cost allowing a much smaller barrier of entry for those wishing to do these. It appears that this site began to advertise that it could do these services around the end of the year, and also deliver their attacks through fake updates from major software companies.
Some takeaways I got after reading this article was that we need to do our best to shut down these types of sites as soon as they are uncovered. While many of these sites are situated on foreign soil, we should be reaching out to countries to help in shutting these criminals down and removing their site from the internet. The next big take away from all of this is making sure that any software update you receive from any company is first verified to be from the company you think it is. This can be a bit hard as most updates are received from automatic installers, but we should do our best to verify that these automatic installers are legit, and do not install any updates to any software from a random site that is not the original software site.
Sources Cited: Palmer, D. (2018, March 15). Cyber-crooks find a new way to share malware and scams. Retrieved March 16, 2018, from http://www.zdnet.com/article/cyber-crooks-find-a-new-way-to-share-malware-and-scams/#ftag=RSSbaffb68
Some takeaways I got after reading this article was that we need to do our best to shut down these types of sites as soon as they are uncovered. While many of these sites are situated on foreign soil, we should be reaching out to countries to help in shutting these criminals down and removing their site from the internet. The next big take away from all of this is making sure that any software update you receive from any company is first verified to be from the company you think it is. This can be a bit hard as most updates are received from automatic installers, but we should do our best to verify that these automatic installers are legit, and do not install any updates to any software from a random site that is not the original software site.
Sources Cited: Palmer, D. (2018, March 15). Cyber-crooks find a new way to share malware and scams. Retrieved March 16, 2018, from http://www.zdnet.com/article/cyber-crooks-find-a-new-way-to-share-malware-and-scams/#ftag=RSSbaffb68
Subscribe to:
Posts (Atom)