Ethical Hackers 2

In a follow up to my post about ethical hackers, I found an article about a Cyber Challenge which was looking into getting teenagers and young adults, who have are partial to hacking, interested in cybersecurity jobs. “In the eyes of the organizers of the Maryland Cyber Challenge and Conference, today’s hacker could be tomorrow’s cybersecurity hero.”  Realizing that there is a shortage of security professionals in the work force, those who ran the whole conference, intended to help those who attended see the great aspects of cybersecurity. The challenge itself was:

an all-day brain tester for eight high school and eight college teams. The college students had to hack into a computer, gain control, and rummage through files for valuable information. Meanwhile the high-schoolers were required to defend six computer servers against attacks by cunning computer professionals seated across the room.

It would seem that the “Ethical Hacker” is a much needed resource in this day and age.

Article: http://www.homelandsecuritynewswire.com/cyber-challenge-encourages-teen-hackers-seek-security-jobs

The False Rumor

The way information travels has continually advanced as time has passed.  At first there were letters, then there was radio and television, and in the present day we have the Internet. With each technological advancement the speed at which this information travels has increased exponentially, especially today.  Therefore, any sort of news of them spreads quite quickly.  According to an article at HomelandSecurityNewsWire.com, “social media sites have proven useful in quickly disseminating information, and raising awareness during disasters or disease outbreaks.”  However, the only problem with information passing in this manner is that it can be a “double-edged sword” because any number of times this new information could just be a false rumors or false information in general. This can be especially troubling in the case of news about epidemics, natural disasters, and the like.

Info obtained from:http://www.homelandsecuritynewswire.com/social-media-double-edged-sword-epidemics

Cyber Attack Effects

When it comes to cyber attacks, no matter the purpose behind the attack, it always seems to cause harm.  As we have found, attacks can be perpetrated for a number of reasons, some meant to be harmful and some not particularly so.  However, whichever the case the victims of the attack tend to be harmed regardless. For example, the sportswear company  Adidas website suffered an attack by unknown forces, this was discovered on Thursday.  Currently investigation of this incident is going on and they have not found that any consumer data has been impacted. Despite this they have shutdown the site  and will keep it this way until the investigation is complete and all problems are resolved.  So in the end, although the attack itself may have not done any particularly harm it has caused the site to be shutdown which will affect the company anyway.

Adidas attack info: http://www.straitstimes.com/BreakingNews/TechandScience/Story/STIStory_731336.html

Ethical Hackers

For those people out there that enjoy hacking but don’t want to worry about the consequences one may have to face because you are doing something unlawful, there’s a job in it for you. An ethical hacker is someone who rather than hacks to, for example, steal, instead hacks when hired to find weaknesses in a company’s security.

Hacking becomes a job, and a job means making money.  As a ethical hacker one has a decent pay grade. Depending on the jobs you take on as well as your experience, a person can make between $60,000 and $100,000 if not more.

In the end, being an ethical hacker is a complete win-win situation. Hacking to your hearts content is now a possibility, plus you earn a steady income and the chances of serving time have been eliminated. If you want to hack being an ethical hacker seems to be the way to go.

info obtained from: http://www.nypost.com/p/news/business/jobs/what_up_with_that_job_73bcepcf42NSN1m1fRsr2I?CMP=OTC-rss&FEEDNAME=

Online Tracking

An article called ‘They’ Really Are Watching You discusses the several ways that some, for example advertising companies or web analytics companies, track people through their digital fingerprints.  In the end, I felt that it all comes down to your computer’s cookies, cookies are what allow these companies to track you.

One way method explained by the article, said to by the simplest, was,

An advertising network can track you is by putting a “third party” browser cookie on your computer when you visit a site to which it supplies advertisements. When you visit another site that uses the same advertising network you can be identified by that cookie. As time goes on, it will build up a picture of your browsing habits

After reading the article I felt that, although those described in the article have no particular malicious intent, it’s so simple for them to track you, what will happen when a person or group comes along does?

link to the article: http://www.esecurityplanet.com/browser-security/they-really-are-watching-you-1.html

Interesting Methods Being Employed by Social Engineers

Wanting to learn more regarding social engineering and what I should be looking out for, I decided to search for some recent methods social engineers have been using to entangle their victims.  I came across an article written by Joan Goodchild, called “5 More Dirty Tricks: Social Engineers’ Latest Pick-Up Lines”, put up on csoonline.com not more than a few weeks ago, which as referenced in the title was exactly what I had been looking for.

The article mentioned a method that requires impersonation on the part of the social engineer. The attacker is to impersonate a Microsoft support employee calling a person and claiming that an unusual amount of errors have been coming from their computer and they would like to help you fix it.  Then the so-called employee proceeds to give the victim a step-by-step on how to view these errors that were mentioned.  The article states that Windows users consistently have a number of errors shown in their event logs because it logs every little error that occurs, however, to the inexperienced user this can look quite worrisome. Now that they have actually seen the errors that are spoken of they are, of course, eager to listen to their attacker on how to solve the problem. The attacker then tells them to go to teamviewer.com, ” a remote access service that will give them control of the machine.” From this point on he or she installs some type of malware in order to access the victims computer at any time.

Link to the article: http://www.csoonline.com/article/690451/5-more-dirty-tricks-social-engineers-latest-pick-up-lines?page=1

Hacking and the Law

Finding out more and more about cyber security started to make me curious, what are the laws and penalties regarding hackers? After doing a little research I found that the penalties for hacking depend on what the hacker intentions were. If they are caught trying to cause harm, to steal money or identities, or to simply test their skills, one can expect different penalties for each of these, jail time is certainly a possibility in some of these cases. In the case that a hacker is sent to prison their sentences can range from one to ten years.

Federal rules now mandate that a person who uses computers to cause death or bodily harm can get the maximum sentence. Said to be aimed primarily at cyber-terrorists, and not at “teen hackers”, the harsh sentences are reserved for those who bring down power grids or airport control centers.

Under the new guidelines hackers will face a 25 percent increase in their sentences if they steal personal information, and a 50 percent increase if they share the stolen information. If the information is posted on the Internet, their sentences can double.

Those who write and distribute viruses and worms will face a 50 percent increase in their sentence. A double penalty will also apply to those who break into government, military, or computers tied into the power or telecommunications grids.

Breaking into a bank account will provide a penalty based upon the amount of money in the account. If the hacker actually takes the money, the judges can tack on a 50 percent increase.

info obtained from: http://www.esecurityguy.com/hacker_laws

Can’t Stop the Pirates

Constantly keeping things secure and protected is a tough job. Security applications and the like need continuous advancements as exploits are also regularly in order to thwart the efforts of security professionals.  I decided to look into the what sort of piracy protection Microsoft uses for its video game consoles and the games themselves, as Microsoft being as big as it is should have decent security. I found that, of course, they have both physical and software based protection.  One of the main sources that Microsoft draws its protection from is the Digital Millennium Copyright Act (DMCA).  The basic guidelines to the act are as follows:

·         Makes it a crime to circumvent anti-piracy measures built into most commercial software.

·         Outlaws the manufacture, sale, or distribution of code-cracking devices used to illegally copy software.

·         Does permit the cracking of copyright protection devices, however, to conduct encryption research, assess product interoperability, and test computer security systems.

·         Provides exemptions from anti-circumvention provisions for nonprofit libraries, archives, and educational institutions under certain circumstances.

·         In general, limits Internet service providers from copyright infringement liability for simply transmitting information over the Internet.

·         Service providers, however, are expected to remove material from users’ web sites that appears to constitute copyright infringement.

·         Limits liability of nonprofit institutions of higher education — when they serve as online service providers and under certain circumstances — for copyright infringement by faculty members or graduate students.

·         Requires that “webcasters” pay licensing fees to record companies.

·         Requires that the Register of Copyrights, after consultation with relevant parties, submit to Congress recommendations regarding how to promote distance education through digital technologies while “maintaining an appropriate balance between the rights of copyright owners and the needs of users.”

·         States explicitly that “[n]othing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use… (1)”

Microsoft also has anti-piracy software in place.  One example of this is, Anti-Piracy 2.5 or AP25. “Anti-Piracy version 2.5 is the newest addition by Microsoft to detect custom DVD Drive firmware and is included in the new Kinect dashboard. This check has been included for some time but hasn’t been activated until Kinect. This authentication blocks backups from being loaded. (2)”

More and more improvements in security are needed constantly as people continue to find and create work-arounds to new defenses, even the protections that microsoft has in place have yet to and most likely will never put a stop to “pirates”.  This is why security professionals in this day and age and for a long time coming will always be in demand and  will always have their hands full.

Sources: (1) http://gseis.ucla.edu/iclp/dmca1.htm (2)http://www.se7ensins.com/forums/topic/401704-new-anti-piracy-25-information-noobs-guide/

File Sharing, Right or Wrong?

Earlier this week, during class we watched a video called What Do You Think? The video is a short documentary discussing file sharing.  In the video we see several college students express their opinions and views on file sharing and intellectual property.  There was also a survey done in the same light as the video, here are its results:

According to the IP Institute’s March 2006 survey of college students, more than one-third (34 percent) of college students are illegally downloading music from free peer-to-peer file sharing networks. Thirty-nine percent say they pay for downloads, while two in five college students say they never get music online. Among other findings:

• The two most popular locations for downloading were college campuses (53 percent) and students’ parents’ homes (19 percent)
• Of those who never download music (free or paid), 53 percent equate it to “stealing” while 44 percent don’t see a problem with it
• More than half of respondents (54 percent) said they weren’t sure whether illegal downloads were against their college or university’s policies
• Almost three in four students (71 percent) said that illegal downloads “hurt record companies,” and more than half (56 percent) said they “hurt established musicians.”
• 74 percent said downloads “help up-and-coming musicians,” ostensibly because the students believe the file-sharing helps to increase the musicians’ exposure
• 14 percent of students use “work-arounds”—software employed to counter the anti-copying technologies used by programs like iTunes.

From my point of view, file sharing, particularly the downloading of music is ethically challenged as there are points to be made when talking about file sharing in a positive light but at the same time one should be able to see the possible harm that it can cause for those involved in the creation of the work. What do you think of the matter?

Survey information taken from http://law.richmond.edu/about/centers/ipi/ncep.html

The Obama Administration and Cyber Security

Up until I entered the classroom for Cyber Self Defense I was never very aware of cyber security and its importance on a scale any larger than that of the average user at his or her home computer. In a blog called Cyber Security News I found out just how important it is in today’s world, as i read about the Obama Administration putting forward the Cybersecurity Legislative Proposal and then the US National Strategy for Cyberspace.

The proposal calls for several IT advancements with the express purposes of protecting “the nation’s critical infrastructure, Federal Government computers and networks, as well as the American people.”  An example of one of these advancements is the Department of Homeland Security putting in place new cybersecurity programs as well as hiring more IT security professionals in order to better understand any of the issues at hand. The US National Strategy for Cyberspace is meant to work on an even larger scale where they intend to work with “like-minded states” to create a standard for securities needed to protect the country while at the same time promoting freedom on the Internet.

I think it might be safe to say, there are wars being waged out there in cyberspace and of course protection is necessary, so these policies are needed as well. Cyber security is of great importance in the present day and now, I am aware.

blog article: http://cybersecuritynews.org/2011/05/17/obama-administration-pushes-for-more-national-international-cyber-oversight/