Sunday 18 June 2017

Android vulnerabilities (Part-1)

The android operating system

Android is an open source Linux based operating system for mobile devices (specifically smartphones, tablets and computers). It was developed by open handset alliance lead by Google and some other companies. Android operating system is linux based and it can be programmed in C/C++ whereas most of the application development is done in java. Java access to C libraries via JNI (Java Native Interface).

The iPhone operating system

Apple Inc. developed iOS. It was originally released in 2007 for iPhone, iPod Touch and Apple TV. Apple's Mobile version of the OS X operating system used in Apple computers is iOS. BSD( Berkeley Software Distribution) is Unix based and can be programmed in Objective C and Swift languages.


Free cyber security tools that can be utilized by startups

Investment in security is major challenge either it is online or on hardware. The available solutions are not cost effective. But do not be disheartened, as there are freewares which startups can utilize.

1. IT security- Soteria: This include reputation monitoring, phishing detection and take down, endpoint complaince monitoring and protection.

2. VPN- cyberghost: This uses 256 bit AES encryption algorithm means military upgrade.

3. Software update automation-Heimdal: Heimdal promises to automate software updates and eliminate vulnerabilities that are used in cyber attacks. It also allows to install new apps safely.

4. Customized, professional training- Cybrary: The courses include understand cloud computing, protection of information assets, manage a network infrastructure and develop a security strategy.

Sunday 14 May 2017

Wannacry ransomware was stopped just by Rs.686

The ransomware which hit 100,000 computers worldwide mainly in Asia,Europe and United States. This ransomware which hit many hospitals,institutions and government agencies demanded 300$-600$ as per economics times. The ransomware came in the form of malware which had attachments upon when clicked encrypted the data and asked for ransom. The cyber security analyst who is a researcher slowed down the attack by registering the domain which malware was trying to connect. This took Rs.686 as per Indian currency to register the domain. The loss has not been known yet. It will be disclosed till monday. Many systems with Microsoft Windows were affected just because they were not updated. The experts say that if the ransomware needs to be avoided then proper updates, backups of data and not clicking the attachments mechanisms should be followed.

Thursday 11 May 2017

Military cadets fought with NSA in mock cyber war

The National Security Agency has been testing the military cadets since 2000 by hacking servers and kept an eye on their classrooms for an entire week. The various Academies participated such as Naval Academy, the Military Academy, the Coast Guard Academy and Royal Military college to find out who can fend off NSA's cyber attacks. Red team and blue team were formed. The teams were restricted in night to perform any task. They made a Grey cell to make the task harder. The politician would come with the laptop with a virus. The team had to clean the device, remove any malware before Grey Cell connects to the server.

Four important questions to be asked by businesses about cyber security attacks

The senior director, Peter Tran of advanced defense for RSA, provided the answers to these four questions related to cyber security attacks.

1) Are all hacks created equal?
Ans. It all depends upon how we take the word as equal. Hackers don't follow any standard.

2) Why are some attacks popular?
Ans. The attacks which involves the credit cards, the money involvement are popular though some of the attacks which are nation state attacks are also covered.

3) Do we actually need to know who hacked us?
Ans. Yes, but only if the business can prove a net profit by proving attribution.

4) What steps need to be taken?
Ans. As starters, we need to use VIX to determine the potential vulnerability of our data. 

Patients records leaked at New York hospital

Thousands of medical records were exposed by the attackers in one of the hospitals in New York. The leak was caused by a misconfigured backup server by the company which was responsible for using records management technology. It is unclear since how long the records were exposed. The records related to patient's mental health, mental diagnoses, HIV statuses, sexual assaults and domestic violence were exposed. Other information including names, home addresses, addiction histories and religious affiliations were exposed. The leak was discovered in early May during a routine sweep of internet using Shodan which is a search engine for networked devices.

Friday 17 March 2017

Think like a bad guy!!

Cyber security is growing concern. We tend to improve the security but on what basis? Do we ever use the updated or recent tools or even think of making a new one to deal with the attacks?

Cyber war is in trend. Black hat hackers search for vulnerabilities and find the loopholes to track the information. If we start thinking like bad guys, work to find vulnerabilities and perform penetration testing for our organization then we can really build a strong algorithm to improve security.