So as I initially suspected that this new buzz of Internet of Things with companies setting up DevOps and equipping their departments, there would soon be a security issue behind this.
Last Friday hack had this IoT behind its hack: Twitter, Spotify and Paypal were affected.
How it worked
The attack was targeted at Dyn a company for helping hi-traffic websites and this affected other companies. The attack came from an IoT device and caused a DDOS attack on Dyn's DNS. This was successfully done using botnets.
I remember studying this at University it was one interesting topic for me. Also heartbleed attack has a relationship with this.
How can this be solved
If you have an idea please share, I'll share mine when I fully understand the IoT environment.
For more information
https://www.washingtonpost.com/news/the-switch/wp/2016/10/21/someone-attacked-a-major-part-of-the-internets-infrastructure/
https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/
Wednesday 26 October 2016
Tuesday 25 October 2016
The big exception in Cyber security jobs
These days most Cyber security jobs have this exception to their application, SPLUNK!
So I had to look it up.. It makes sense for Cyber security researcher like me! It's an operational intelligence software for analysing machine data.
I'll be Splunking soon on here so join me, view these videos here and I'm sure you'll be just as excited as I was. Available on Linux, Unix and Windows
http://www.learnsplunk.com/splunk-training-videos.html
So I had to look it up.. It makes sense for Cyber security researcher like me! It's an operational intelligence software for analysing machine data.
I'll be Splunking soon on here so join me, view these videos here and I'm sure you'll be just as excited as I was. Available on Linux, Unix and Windows
http://www.learnsplunk.com/splunk-training-videos.html
Saturday 22 October 2016
Vulnerabilities found in 3 vendors (ISC, RedHat, and Linux)
The details of these vulnerabilities is not known but this would be researched and posted in the next few hours or days.
The information presented on CVE, CWE and Skybox is that on ISC and RedHat there's a DOS attack on their products - these versions 9.9.0 - 9.9.P2 have been affected when handling DNS packets. There is an issue with assertions, basically the exit failure is being exploited.. (more information about this later)
Linux Vulnerability
Reported as medium. Kernel versions 2.6.22 - 4.8.2 is prone to an Escalation of Privilege vulnerability (talk about obtaining root access.. eish!) Try it at home and let us all know what you did and if it worked. I'll try it on my VM.
The information presented on CVE, CWE and Skybox is that on ISC and RedHat there's a DOS attack on their products - these versions 9.9.0 - 9.9.P2 have been affected when handling DNS packets. There is an issue with assertions, basically the exit failure is being exploited.. (more information about this later)
Linux Vulnerability
Reported as medium. Kernel versions 2.6.22 - 4.8.2 is prone to an Escalation of Privilege vulnerability (talk about obtaining root access.. eish!) Try it at home and let us all know what you did and if it worked. I'll try it on my VM.
Friday 21 October 2016
I finally get a break from Study
I don't think I'll study any more this isn't for me but before you think I've quit, here's what I'd like you to know.
My interest in Cyber security is burning so terribly I just want to pop. So many interesting things and now I am looking at the security of IoT (Internet of Things). And no, I am not jumping the gun. I am going out there into the industry to know about about all these new phrases, technology and applications going on.
I'm jumping right into programming as well, well I think I'll stick to scripting. I'll be using this blog to post my updates as I find new things. Sit back and enjoy the ride because I am sure it is going to be challenging, interesting and captivating.
This is what I love and this is who I am.
My interest in Cyber security is burning so terribly I just want to pop. So many interesting things and now I am looking at the security of IoT (Internet of Things). And no, I am not jumping the gun. I am going out there into the industry to know about about all these new phrases, technology and applications going on.
I'm jumping right into programming as well, well I think I'll stick to scripting. I'll be using this blog to post my updates as I find new things. Sit back and enjoy the ride because I am sure it is going to be challenging, interesting and captivating.
This is what I love and this is who I am.
Subscribe to:
Posts (Atom)