Network Security

http://www.cisco.com/c/en/us/products/security/what-is-network-security.html

Sometimes at the end of a class, it is a good idea to review some of the fundamental definitions and concepts we visited at the beginning. Cisco’s website offers a quick overview of the different types of networks and their corresponding securities. 

Adware: Legal Ramifications

http://moritzlaw.osu.edu/students/groups/is/files/2012/02/cain.pdf

The linked article provides information on what can happen when ad generating programs are installed on a computer, and what the legal ramifications of these situations can be. Downloaded viruses can cause real issues for people, so some people have taken legal action against people that employ these ad spam viruses. This type of lawsuit could discourage future would be spammers from violating newly created laws that protect people from spam malware.

Most Vulnerable Voting Machines

ttp://www.cbsnews.com/news/ex-nsa-expert-if-i-were-an-election-day-hacker-id-hit-pennsylvania/

While the election may seem like forever ago, the issue of hacked machines will be relevant as long as electronic voting machines are used. This article outlines what a former NSA agent would do if he was to hack a voting machine; and where he would do it.

5 Most Common Password Hacks

http://www.makeuseof.com/tag/5-common-tactics-hack-passwords/

Here is a list of the 5 most common password attacks. Included is a list of the twenty most common passwords (at the time of the post).

Bio-metric Authentication

http://www.informit.com/articles/article.aspx?p=32102&seqNum=9

Someone in our class posted an article on biometrics as a means of authentication. I was very compelled by their posting, and wanted to read more about the subject. Here is an article I found that talks more about the complications surrounding biometrics used for authentication.

Legacy Security Systems

https://www.honeywellprocess.com/library/marketing/whitepapers/cyber-security-legacy-systems.pdf

I am going through converting an old system at work, so that it does not need a legacy server to support it. Companies (in this case Microsoft) that have old servers typically charge a premium for hosting on these legacy systems. This encourages companies to invest in moving their applications off of them. There are also huge security implications, highlighted recently by wanna-cry. This article talks a  little more about what goes into legacy computer security.

Military Posting for Security Learning

http://www.military.com/education/getting-your-degree/education-in-cybersecurity-a-bright-future.html

This is a posting for cyber security education in the US military. While this is different than the rest of my posts, I still think it is relevant to put out some information on how many people choose to get their education in cyber security. It is a very compelling way to do so, because often times your education is covered through the military, and you get to serve your country while learning.

New ‘Judy’ Malware

http://www.independent.co.uk/life-style/gadgets-and-tech/news/judy-malware-latest-android-smartphone-infect-millions-virus-google-play-a7762766.html

There is a new form of Malware we all need to be aware of; particularly us Andriod users. The malware does its damage by infecting mobile devices with a virus that will simulate clicking advertisements over and over again. This results in increased ad revenue for the websites, who are likely affiliated with the creators of the malware.

ICS 382 week 3 2nd post US government backs off in Apple lawsuit

https://theconversation.com/fbi-backs-off-from-its-day-in-court-with-apple-this-time-but-there-will-be-others-56932 

Not so long ago, Apple's Iphone was hacked by a terrorist. There was quite a bit of news about it when the US government tried to sue Apple for the rights to be given access to all future products. Their claim was that it would allow them to more easily protect the US citizens. Apple did not agree with this; they thought that the less people that knew their security secrets, the better. This article touches on some of the finer details of the  lawsuit and the hacking. According to the article, the way he did this was by "tricking" some piece of hardware within the phone that would prevent the user from trying passwords after a certain number of times. Once the hacker was able to bypass the restriction on password attempts, they would easily be able to use a computer to try the 10*10*10*10 (10^4) permutations of passwords, and get into the phone every time.

ICS 382 Week 3 blog 1st post US government attempts to gain encryption privileges

https://theconversation.com/governments-undermining-encryption-will-do-more-harm-than-good-53038

This article is on encryption, and how the government is using their position to “undermine” the general public, and convince them that they should support the governments ability to force tech companies to provide backdoor access to their encryption. Obviously the security companies are not in favor of this. It is up to the citizens of the country to decide what is best for the people as a whole.

XEE External Entity Processing

https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

External Entity Processing is an injection technique similar to SQL injection. It is something I have dealt with at work, and will be the focus of my individual report/video project.

Essentially XEE happens when an app parses XML that has been supplied by its user. The attacking part is when the XML contains an external reference to a malicious entity that can lead to stolen or altered data.

Veracode

https://www.veracode.com/about

Veracode is a website that I use at work to scan the application I work on for common security issues. If veracode finds something that does not adhere to their scanners standards, it will flag the issue in the source code, explain to you what the problem is, and offer advice on how to remedy the issue. It is a tool I have only just started using, so I can’t answer advanced questions on it, but hopefully by the end of the summer I can!.