Reflections

On my blog, I primarily wrote about vulnerabilities or solutions to vulnerabilities or occasionally new cyber security laws. I wrote about the vulnerabilities because I believe that people as a whole can frequently become very relaxed when it comes to security, especially with cell phones. If one person can read what I posted and think “oh, I never even thought about that being a risk or vulnerability, maybe I should take another look at what I am doing” then my job is done. I wrote about new laws because I think it is interesting to watch the judicial and legislative system evolve based on the ever-growing world of technology. I typically used cnet.com as my source because I find their articles to be more captivating than some of the other tech sites. I also used wired.com to gain ideas for this blog. I don’t think this type of blog would be useful to an information security professional because I tend to write about things that are trending now and most tech sites have an article that reiterates what I have written.

A few lessons to the next group of students:

1.       Do your work ahead of time or at least get a rough draft of what you will write about. There are times when there isn't too much new news out there for you to write about, so don’t wait until the last minute to start looking.

2.       Ask questions if you don’t understand an assignment.

3.       You get back what you put into this class. The more you put in the better off you will be in the long run. 

Google Security Vault

Google is attempting to make your smart phone more secure. At the end of May Google came forward with Project Vault, a digital security system in the form of a microSD card called the Vault Card. The Vault Card can protect the personal information of the owner’s phone. It can encrypt messages from an app and provide additional authentication level so that your device recognizes that you are the owner of the phone. The Vault Card has 4 GB of data and uses NFC, near-field communication, to communicate with devices that are in range. The Vault Card is also compatible with any operating system. The Vault Card is still in the works and is being developed for enterprise companies. 

http://www.cnet.com/news/googles-project-vault-is-a-security-chip-disguised-as-an-micro-sd-card/

Norton Identity Safe

This week I stumbled upon Norton’s Identity Safe, which is a password manager that is absolutely free. While I understand that it is owned by Norton, I still do not feel safe with using any type of password manager. I’ll tell you a little bit about Norton Identity Safe. It offers a desktop client, a web based vault, and apps for both Android and iOS. Norton ID collects and manages log-ins, passwords, and billing and shipping addresses. In addition there is a wallet feature that manages your credit card information. Norton locks your passwords and allows you to quickly access sites without providing log in credentials. I like the idea of the ease and convenience but what happens when it gets compromised? Do I then have 15 passwords to change? I’m not a big proponent of storing passwords in any capacity. But if that is your thing, Norton seems to be doing pretty well at handling that for you. 

http://www.cnet.com/news/manage-your-passwords-for-free-with-norton-identity-safe/

Bodyprint by Yahoo Labs. A new type of Biometric Authentication?

This week I read about a new biometric scanner created by Yahoo Labs called Bodyprint. The scanner would allow a person to unlock their smartphone using their ear print, fist, phalanges, palm, or fingers instead of a single fingerprint. The reason that there are so many different body parts that can be used is because the scanning device is bigger than a fingerprint scanner. Yahoo Labs is taking the capacitive touchscreen of a smartphone and turning it into a biometric scanner that has a 99.52% accuracy rate while it has a false rejection rate of 26.82%. Even though a capacitive touchscreen cannot capture every single line on a fingerprint, it can detect large prints such as the ear or fist. Bodyprint analyzes touch patterns on the screen as opposed to 2D location mapping like the ones used to track gestures on smartphones now. Bodyprint can even be used by multiple people on one device. The video in the link below shows a device calling for the authentication of two users to gain access to a document. Bodyprint is still in the early testing phases but hopefully this will one day be widely used as a better biometric authentication source.

I like the accuracy rate while it still has a relatively low false rejection rate. At some point in the future I think everything will have some form of biometric authentication because of how easy it is to commit identity theft now. All you really need is a first and last name, address, last four of SSN, and sometimes a phone number. Biometrics is the future of safer transactions in my opinion.

http://www.cnet.com/news/bodyprint-could-let-you-unlock-your-phone-with-your-ear-print/

Obama's Email Hacked?

Earlier in the month, US officials confirmed that there was a cyber-event last year but would not confirm that Russia was involved in the attack. But now a senior American official is stating that the hackers may be working for Moscow. They have stated that the hackers infiltrated the State Department’s unclassified system, and from there got into the email archives of White House personnel whom Obama had emailed regularly. Officials don’t believe that the hackers got into the server that holds messages from Obama’s BlackBerry nor have the hackers penetrated any classified networks. However, officials said that the unclassified system often holds highly sensitive material such as schedules, emails with ambassadors and diplomats, personnel moves, and debates about policy. The email account of Obama’s had not been breach itself, but it is unclear how many emails were read that Obama had sent. Even so, the fact that it came from Russia is scary enough. It is unclear what their exact motives were as of yet. 

http://www.securityweek.com/russian-hackers-read-obama-emails-report

Amnesty Blog for week 3

Compensation for the Target Breach?

Everyone remembers the Target breach that happened in 2013. It was all over the news and millions of people had to go through quite a bit of trouble to get new credit cards or hurry up and freeze their accounts before anything was taken from them. Well apparently, Target has come to an agreement with MasterCard to help pay for some of those expenses. Target has agreed to pay MasterCard $19 million to cover the cost of replacement cards, new account numbers, and cancellation of old the affected accounts. So far, the agreement is only with MasterCard but Target is currently trying to work something out with Visa as well. The breach affected 110 million customers and 40 million credit cards. No one has been charged with the crime as of late. 

http://www.cnet.com/news/target-settles-with-mastercard-for-19m-over-data-breach/ 

This is an Amnesty Post for Week 2

Boeing Vulnerabilities Shown

Remember last week when I told you that the FAA said that Boeing was vulnerable? Well that happened. A security expert named Chris Roberts was on a United Airlines flight when he tweeted “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM. ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone? :)”  This message essentially translates to the fact that Roberts could get the passenger oxygen masks to deploy. After Roberts tweeted, he was removed from the plane by the FBI and questioned but was later released and allowed to take another flight.  Apparently, the company Roberts works for has been telling Airbus and Boeing for quite some time that their aircrafts were more than vulnerable to attack. Roberts said that he has tried to connect to flight systems 15 to 20 times and has seen all sorts of things, including the flight management system. At the time, he has not been deemed a security risk as is still allowed to fly. This just goes to show that if you even remotely know what you are doing, you can hack all sorts of things. That is a scary thought.

http://www.cnet.com/news/fbi-pulls-computer-security-expert-off-flight-after-he-tweets-about-hacking-its-systems/