Phishing TC2027

--Originally published at TC2027SWSecurity

What’s Phishing? Resultado de imagen para phishing

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communcation.

Phishing can be done through:

E-mail
Phone call
MSM
Fake websites
etc..

How to spot phishing?

Poor spelling, typos and overall bad presentation.
Threats and urgent deadlines.
Wrong url, phone number or email.
Impersonal introduction.
Companies usually don’t ask for pin numbers, tokens, passwords or other kinds of personal data.

In conclusion, every time you get asked personal info by a website check if that website is 100% legit. It’s mostly common sense, don’t just give your information away, maybe a site looks legit but if it asks for important information such as a password or credit card number it looks kind of suspicious so TLDR (too long didn’t read): don’t give away your personal info without verifying the legitimacy of a website or else you will most probably regret it.

References:

Dredge, Stuart. (fri Jun 6, 2014). How to protect yourself from phishing. The Guardian, website: https://www.theguardian.com/technology/2014/jun/06/how-to-protect-yourself-from-phishing-attacks
N.A. (N.D.). Phishing. Wikipedia, website: https://en.wikipedia.org/wiki/Phishing

Gilberto Rogel García A01630171

Bitcoin TC2027

--Originally published at TC2027SWSecurity

¿What is Bitcoin?

It’s a cryptocurrency and worldwide payment System, also the first decentralized digital currency, as the system works without a central bank or single administrator.

Peer-to-peer transactions which take place between users directly, without an intermediary.

It was invented by an unknow person or group of people under the name of Satoshi Nakamoto.

Released as an open-source software in 2009.

Video explaining how does bitcoin work:

TLDW (Too long didn’t watch): Transactions between users are verified by network nodes through the use of cryptography and recorded in a public distributed ledger called a blockchain.

I highly recommend watching the previous video to understand how bitcoin really works because the TLDW is very summarized and some of the words might be unknown for a first timer in this topic.

Careful! Bitcoin is NOT anonymous:

All Bitcoin transactions are public, traceable, and permanently stored in the Bitcoin network. Bitcoin addresses are the only information used to define where bitcoins are allocated and where they are sent.
Because the Bitcoin network is a peer-to-peer network, it is possible to listen for transactions’ relays and log their IP addresses.
To protect your privacy, you should use a new Bitcoin address each time you receive a new payment. Doing so allows you to isolate each of your transactions in such a way that is not possible to associate them all together.

Bitcoin price is VOLATILE

Bitcoin should be seen like a high risk asset, and you should never store money that you cannot afford to lose with Bitcoin. If you receive payments with Bitcoin, many service providers can convert them to your local currency.

I personally would not invest in Bitcoin for two reasons:

As mentioned above its price changes alot so it is unpredictable if you are actually going to make any Continue reading "Bitcoin TC2027" →

Autosploit

--Originally published at Lord Security

Autosploit is a tool developed by a cyber security enthusiat that combines two tools, Metasploit and Shodan, making it pretty easy to hack someone by using automated tools anyone could use without lots of skills.

According to its author, “AutoSploit attempts to automate the exploitation of remote hosts.” To do that, the Python script uses command line interfaces and text files to extract data from the Shodan database, which is a search engine that taps into scan data on millions of Internet-connected systems. AutoSploit then runs shell commands to execute the Metasploit penetration testing framework.

You just ype in keywords to locate certain devices or targets, and AutoSploit will both list available targets and allow hackers to launch a menu of pre-loaded hacking techniques against them.

In the Shodan part, you type the query you want it it will return you the IP address from the device, then in Metasploit it uses the text that was used for Shodan and run the exploit, if everything works well, the script will then kick off Metasploit attacks against all the hosts.

The release of Autosploit caused a controversy, security experts thought that releasing automated tools that would do the hacking easier is a terrible error, because anyone could do something with the tool even without hacking knowledge. Personally I think releasing Autosploit can make a lot of damage, giving scripts anyone could use is very wrong, people may not know what they are really doing and create a great damage, and it also makes hackers job easier, putting in risk thousands of devices.

Bibliography

https://github.com/NullArray/AutoSploit

Gallagher, S. (2018). Threat or menace? “Autosploit” tool sparks fears of empowered “script kiddies”. Arstechnica. Recovery date: February 2nd 2018. Recovered from: https://arstechnica.com/information-technology/2018/02/threat-or-menace-autosploit-tool-sparks-fears-of-empowered-script-kiddies/

Greenberg, A. (2018). SECURITY NEWS THIS WEEK: ‘AUTOSPLOIT’ TOOL MAKES UNSKILLED HACKING EASIER Continue reading "Autosploit" →

Remote Desktop Protocol

--Originally published at Lord Security

Remote Desktop Protocol (RDP) is a proprietary protocol created by Microsoft. It allows a system user to connect to a remote system with a graphical user interface.

Even though the client-side is built into the Microsoft operating system by default, it can be installed on non-Microsoft operating systems, such as those from Apple, various flavors of Linux, and even mobile OSes like Android.

On the server side of RDP, it is installed on a Microsoft operating system and receives requests from the client agents to display some graphical form of a published application, or remote access to the system itself. By default, a system will listen on port 3389 for requests from clients to connect via the RDP.

RDP uses port 3389. Opening up this port on the firewall means that as attackers scan for open ports, your vulnerability can easily be found. Once found, hackers can instantly launch a brute force attack against your server resulting in 1000s of authentication attempts with random user names and/or dictionary passwords to see if any of them matches and passes the authentication. If a match is found, the attacker is in.

Not using proper encryption for the end-to-end connection is another issue. This means that your connection is prone to man-in-the-middle attacks.

Some good practices for securing RDP practices are:

Use Strong Passwords: Passwords are your first line of defense
Don’t Save Login Credentials in Your RDP Files: Saving them can be a potential security exposure because it bypasses the remote login.
Limit Administrators Who Don’t Need Remote Desktop: If not all your administrators need access to Remote Desktop, then you should consider removing the Administrator account from RDP access.
Use Lockout Policies to Strengthen Password Protection: Locking out the system for a specified period of time after a number of Continue reading "Remote Desktop Protocol" →

TC2027 First Post

--Originally published at TC2027SWSecurity

Test post for the TC2027 Software Security course.

Blockchain

--Originally published at Tc2017-security

Esta es tu primera entrada. Haz clic en el enlace “Editar” para modificarla o eliminarla, o bien crea una entrada. Si lo prefieres, puedes utilizar esta entrada para contar a los lectores por qué has empezado este blog y qué tienes previsto hacer con él. Si necesitas ayuda, contacta con los simpáticos miembros de los foros de ayuda.

Rescuing your data

--Originally published at Lord Security

Probably you’ve heard of someone who can’t access the data of its computer unless he pays some money to a criminal, that is ransomware we are talking about.

Ransomware is usually spread through malicious email attachments, infected software apps, infected external storage devices and compromised websites. But there can be infections through RDP (coming on next Blog) or approaches that don’t require interaction with the user.

Once your device is infected with malware Trojans it can make changes on it in many ways:

It can block completly the access to it
It can encrypt the data on the victim’s disk.

The changes usually are seen when the device is restarted, the user notices he can’t access his data (or can’t control its device) and receives a message demanding a payment (in cryptocoins) to decrypt the files or restore the system.

Some of the most famous ransomwares are CryptoLocker and WannaCry

Bibliography:

Ransomware & Cyber Blackmail. Kapersky Lab. Recovery date: January 24th 2018. Recovered from: https://usa.kaspersky.com/resource-center/threats/ransomware

Krebs, B. (2017). Ransomware for Dummies: Anyone Can Do It. Krebs on security. Recovery date: January 24th 2018. Recovered from: https://krebsonsecurity.com/2017/03/ransomware-for-dummies-anyone-can-do-it/

Rouse, M. (2017). Ransomware. SearchSecurity. Recovery date January 24th 2018. Recovered from http://searchsecurity.techtarget.com/definition/ransomware