Week 12.

Time to finish up your blog. This last assignment should be a retrospective look at your postings over the last 11 weeks. Time for a little analysis. Write up an entry that provides a summary of what you chose to write about.

I decided to right about a current event of the week. Over the last few weeks, there have been some critical articles from Apples IOS issues to a security flaw in the Xbox One.

First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?

I tried not to limit myself to certain items. I wanted to hit all areas for my blog. I found some extremely serious topics like the IE security flaw and some more light hearted articles like the FBI needing “Pot Heads”

Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?

I usually started with Slashdot.com and then moved on from there. One week I discovered an article on the Wall Street Journal and another week I found one Cnet.com.

As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.

These types of blogs can be very helpful. However, my blog would not be very helpful. I do not enjoy writing, and it echoes in my blog. The posts are short and to the point. Some of my classmates are very good writers, and their blogs reflect their passion.

Lessons learned, find items that you enjoy. Do not blog on something you do not have feelings about, it will show in the final product. Always spell and grammar check your work. Finally, always preview your post before hitting Publish.

FBI Needs Potheads

The rate of cybercrime is growing and law enforcement is struggling to keep up. The FBI is trying to add agents to their headcount, but they're running into a problem; many of the hackers applying for these jobs have a history of marijuana use. 

 FBI Director James Comey said, 'I have to hire a great work force to compete with those cyber criminals and some of those kids want to smoke weed on the way to the interview.'

 http://blogs.wsj.com/law/2014/05/20/director-comey-fbi-grappling-with-hiring-policy-concerning-marijuana/

Phil Zimmermann creates 'Spy-Proof' Mobile Phone

Phil Zimmermann (inventor of PGP) has designed a “Spy-Proof” mobile phone. The blackphone has a 4.7” display and features a 2 GHz NVIDIA Tegra 4i ARM Cortex-A9 quad-core processor with 60 GPU cores, 1GB RAM and 16GB storage. The OS is a customized version of Android called PrivatOS which offers encrypted calls, texts and emails that can't be unscrambled even by spy agencies. It is coming out this June, and many Fortune 50 companies have already ordered placed orders for the phone.

 

https://uk.news.yahoo.com/blackphone--why-the-the-first-%E2%80%9Csnooper-proof%E2%80%9D-mobile-is-already-a-hit-090358818.html#cgTXBwc

Symantec Says Anti-Virus Is Dead

Symantec Senior Vice Presidents for Information Security says anti-virus is dead and that it lets through 55 percent of all attacks. While Symantec sill makes 40 percent of its revenue on the sale of antivirus software they believe the future is on prevention of data loss.

http://www.techweekeurope.co.uk/news/anti-virus-dead-or-dying-symantec-144954

Microsoft issues workaround for Internet Explorer bug

Microsoft has recently posted instructions on how to protect some versions of Internet Explorer against a security flaw. The security flaw is extremely dangerous because it affects all versions of Intern Explorer. This flaw allows Hackers to add code into an innocent website. When someone visits the infected website using Internet Explorer, hackers can gain full user rights on the victim's computer. While a patch has not yet been issued, Microsoft is working on a solution.

 http://www.usatoday.com/story/tech/2014/04/30/internet-explorer-bug-microsoft-homeland-security/8518837/

Apple Fixes Major SSL Bug

Apple has fixed a serious security flaw present in many versions of both iOS and OS X.  This flaw could allow an attacker to intercept data on SSL connections. The bug is one of many the company fixed Tuesday. The bug joins a list of serious problems that have affected SSL in recent months. The most notably tissue was the OpenSSL heartbleed vulnerability.

https://threatpost.com/apple-fixes-serious-ssl-issue-in-osx-and-ios/105631

Malware attack on iOS devices

Mysterious malware steals Apple credentials from jailbroken iOS devices

 A malware campaign of unknown origin is infecting jailbroken iPhones and iPads.  It is stealing Apple account credentials from the SSL encrypted traffic. The threat was discovered after some users reported they experienced crashes in some applications.  

http://www.infoworld.com/d/security/mysterious-malware-steals-apple-credentials-jailbroken-ios-devices-240954

Microsoft Confirms It Is Dropping Windows 8.1 Support

Microsoft announces that in May Windows 8.1 will not be patched, and that users must get the Windows 8.1 Update if they want security patches.

For those users who are still using Windows 8 you are unaffected and will continue to receive updates as normal.

More detailed information can be found in the following links:

KB2919355 (Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update April, 2014)
http://support.microsoft.com/kb/2919355

OpenSll and Heartbleed

A very serious bug in OpenSSL 1.0.1 has been discovered that can leak just about any information, from keys to content. It appears to have been introduced in 2011, and known since March 2012.  OpenSSL logs show that German developer Robin Seggelmann introduced the bug into OpenSSL two and a half years ago while working on the project. 

 

http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/

Bad week for Xbox One

Five-Year-Old Uncovers Xbox One Login Flaw

Five-year-old boy from San Diego has uncovered an embarrassing security flaw within the Xbox One login screen. By entering an incorrect password in the first prompt and then filling the second field with spaces, a user can log in without knowing the password to an account.

http://www.bbc.com/news/technology-26879185

Gameover ZeuS Targets Monster

A new variant of the Gameover Malware  is targeting job seekers and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com. A computer infected with Gameover ZeuS will inject a new 'Sign In' button into the Monster.com sign-in page,  but the page looks identical.

 

http://www.f-secure.com/weblog/archives/00002687.html

Week two starts of with a bang.

Week two of Information Security class and Slashdot reports Malware Attack Infected 25,000 Linux/UNIX Servers.

Security researchers from ESET have identified an attack campaign that has infected more than 25,000 Linux and Unix servers. The servers are being hijacked by a Trojan horse. ESET is calling the attack “Operation Windigo”

For a long time, many people believed viruses and malware were only a Windows issue. However over the years people have come to the conclusion that Windows devices are not the only thing you need to worry about.

http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers?utm_source=slashdot&utm_medium=facebook

In other news, Google made Gmail exclusively HTTPS. Gmail now requires HTTPS and all email will be sent encrypted. They have always supported HTTPS and in 2010 they made it the default, but until this week it was not mandatory. This ensures all messages are encrypted while they transverse their servers and through datacenters.

McCumber Cube

Welcome to my blog. I am new at blogging, and I am looking forward to developing a new skill. I hope you enjoy the blog and come back again as it develops.

This week’s discussion was about the McCumber Cube model, and how it can help with your company security. This model is portrayed in a Rubik’s Cube like design and is good at establishing information security programs.