Contents
- 1 New & Tools
- 2 QuickTime must be uninstalled from all Microsoft Windows systems
- 3 Better Focus and Efficient Studying When Not Multitasking / Multi-Focusing
- 4 Panopticlick
- 5 How would you know a network has been compromised?
- 6 Segment Your Network / Isolate Guests & IoT devices from your main segment
- 7 Cisco IOS and Router Command Reference
- 8 TCP/UPD
- 9 Data Encapsulation
- 10 Deprecated / Deprecation
- 11 Wireless Network Security
- 12 Virtual Private Network (VPN)
- 13 Autonomous System (AS)
- 14 Microsoft OneNote
- 15 Cisco Learning Network
- 16 Synchronizing Using Allway Sync
- 17 Subnetting Tutorial & Reference Page
- 18 Read / Do
- 19 Do
New & Tools
- Biden administration launches initiative to protect U.S. water systems from cyberattacks: The Biden administration on Thursday will kick off an effort to protect the country’s water sector from cyberattacks, the latest attempt by the federal government to strengthen the digital defenses of the nation’s critical infrastructure.
- Hacker Tries to Poison Water Supply of Florida Town – A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar and raised the levels of sodium hydroxide in the water.
- UEFI firmware vulnerabilities affect at least 25 computer vendors: Researchers discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. UEFI (Unified Extensible Firmware Interface) software is an interface between a device’s firmware and the operating system, which handles the booting process, system diagnostics, and repair functions.
- News Corp breached by suspected Chinese hackers: Attackers are believed to have gained access to emails and documents of News Corp reporters and employees from “a number of publications and business units including The Wall Street Journal and its parent Dow Jones; the New York Post; the company’s UK news operation; and News Corp headquarters.”
- Microsoft has temporarily disabled the MSIX protocol handler in Windows installations after the Emotet gang has abused it over the past three months to deploy malware on user systems. The OS maker said it is working on ways to better protect this feature from future abuse but did not say when it expects to re-enable it back on.
- The Washington Department of Licensing (DOL) said it suffered a security breach of its IT system and the personal data of hundreds of thousands of licensed professionals may have been exposed. “The type of information varies for different licenses and may include social security numbers, dates of birth, driver license numbers, and other personally identifying information,” the agency said on Friday.
- Scammers continue to spoof job listings to steal money and data, FBI warns
- Social media fraud: The influencers promoting criminal scams
- Skeletons in the IT Closet: Seven Common Microsoft Active Directory Misconfigurations that Adversaries Abuse
- Google: Better patching could have prevented 1 in 4 zero’days last year: Vendors should fix the root cause of a vulnerability, rather than block just one path to triggering it, says Google
- Identity theft spikes amid pandemic: The US Federal Trade Commission received 1.4 million reports of identity theft last year, double the number from 2019
- University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices
- Data Breach Digest: Studies in Cyber Crime by Verizon
- Healing the Earth | John D. Liu
DNS Hijacking
DNS hijacking is a type of malicious attack in which an individual redirects queries to a domain name server via overriding a computer’s transmission control protocol/internet protocol (TCP/IP) settings – generally by modifying a DNS server’s settings.
- Attackers can set record values for the domain name systems
- They can obtain valid encryption certificates for an organization’s domain names; this allows browsers to establish a connection without any certificate errors as the certificate can be trusted.
- That valid certificate then enables the redirected traffic to be decrypted and exposes any user-submitted data.
- U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks (Threatpost.com)
- Global DNS Hijacking Campaign: DNS Record Manipulation at Scale (FireEye.com)
- Crooks Continue to Exploit GoDaddy Hole (KrebsOnSecurity.com)
NoMoreRansom.org
- The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
- Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection.
ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem (https://atcommands.org/)
- AT commands, originally designed in the early 80s for controlling modems, are still in use in most modern smartphones to support telephony functions.
- The role of AT commands in these devices has vastly expanded through vendor-specific customizations, yet the extent of their functionality is unclear and poorly documented.
- Functionality exposed, including the ability to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, and inject touch events solely through the use of AT commands.
Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records
- mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages (WhatsApp, Facebook Messenger), contacts, notes and location data secretly collected from phones running the stealthy spyware.
QuickTime must be uninstalled from all Microsoft Windows systems
- Apple no longer issues security updates to QuickTime on the Windows Platform and recommend users uninstall it.
- QuickTime for Windows has dangerous security vulnerabilities that let attackers take over your computer, but Apple won’t be updating it to fix them. It’s time to uninstall it.
- Zero Day Initiative has released two advisories ZDI-16-241 and ZDI-16-242 detailing two, critical vulnerabilities affecting QuickTime for Windows. These vulnerabilities will not be patched by Apple.
See:
- Zero Day Initiative has released two advisories ZDI-16-241 and ZDI-16-242 detailing two, critical vulnerabilities affecting QuickTime for Windows. These vulnerabilities will not be patched by Apple.
- New versions of Windows since 2009 have included support for the key media formats, such as H.264 and AAC, that QuickTime 7 enabled.
- VLC Media Player should handle any media formats Windows does not natively support.
Better Focus and Efficient Studying When Not Multitasking / Multi-Focusing
Panopticlick
The Electronic Frontier Foundation (EFF) has online tracker-testing in its Panopticlick, helping you analyze the privacy protections in your Web browser.
Web Browser Plugins
How would you know a network has been compromised?
Network Analyzer/Packet Sniffer
- NetWorx : Bandwidth monitoring and usage reporting
- Wireshark : Network Protocol Analyzer / Packet Sniffer
- How to troubleshoot issues in Computer Networks? // Wireshark Tutorial
- HakTip 64 – How to Capture Packets with Wireshark – Getting Started
- Wireshark Display Filters (PacketLife.net)
- How to Use Wireshark to Capture, Filter and Inspect Packets
- Intro to Wireshark: Basics + Packet Analysis! (SinnohStarly – Ross Teixeira)
- 5 Killer Tricks to Get the Most Out of Wireshark
- tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over an attached network.
Segment Your Network / Isolate Guests & IoT devices from your main segment
- Use a router like the Ubiquity EdgeRouter X to segment your LAN.
- For example, having a Guest network, Private network, IoT (Internet of Things) network, all in the one device.
Cisco IOS and Router Command Reference
- Also accessible from the Technology > Networking menu
TCP/UPD
Connection-oriented service vs Connectionless service
- Connection-Oriented Service
- In a connection-oriented service:
- A connection is first established between the sender and the receiver.
- Data is transferred.
- At the end, the connection is released.
- TCP and SCTP are connection-oriented protocols.
- In a connection-oriented service:
- Connectionless Service
- In a connectionless service, the packets are sent from one party to another with no need for connection establishment or connection release.
- The packets are not numbered; they may be delayed or lost or may arrive out of sequence.
- There is no acknowledgment of the packet arrived at its destination
- UDP is connectionless.
- Reliable vs Unreliable
- The transport layer service can be reliable or unreliable
- If the application layer program needs reliability, we use a reliable transport layer protocol by implementing flow and error control at the transport layer.
- On the Internet, there are three common transport layer protocols.
- User Datagram Protocol (UDP) is connectionless and unreliable
- Transmission Control Protocol (TCP) and Stream Control Transmission Protocol (SCTP) are connection-oriented and reliable.
Data Encapsulation
- Data encapsulation is a process whereby information is added to the frame from each layer of the OSI model. This is also called packet creation. Each layer communicates only with its peer layer on the receiving device.
OSI Reference Model [re-post]
- Study the: OSI Model Quick Reference (pdf)
- TCP/IP and the OSI Model Explained by Blanchae
- The OSI Model Demystified by Eli the Computer Guy
- Understanding the OSI Reference Model: Cisco Router Training 101 by SoundTraining.net
Deprecated / Deprecation
- In several fields, deprecation is the discouragement of use of some terminology, feature, design, or practice; typically, because it has been superseded or is no longer considered efficient or safe – but without completely removing it or prohibiting its use.
- Deprecation may indicate that the feature will be removed in the future.
- Features are deprecated—rather than immediately removed—in order to provide backward compatibility, and give programmers who have used the feature time to bring their code into compliance with the new standard.
Wireless Network Security
- WEP (Wired Equivalent Privacy)
- Due to known security issues with WEP encryption, it is recommended that you do not use WEP. WEP can easily be cracked in a few minutes.
- Wi-Fi Protected Access (WPA, WPA2, WPA3)
- When using WPA2, use AES encryption only, instead of TKIP+AES
- SecurityNow! Episode 170 discusses the TKIP (Temporal Key Integrity Protocol) hack
- Using Wi-Fi Protected Access (WPA) encryption offers individual user isolation, preventing the attacker from decrypting any cookies sent over the network even if they have logged into the network using the same passphrase.
- WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping
- When using WPA2, use AES encryption only, instead of TKIP+AES
- Wi-Fi Protected Setup
- A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup, allows WPA and WPA2 security to be bypassed and effectively broken in many situations. WPA and WPA2 security implemented without using the Wi-Fi Protected Setup feature are unaffected by the security vulnerability.
- Widget Jacking (session hijacking (sidejacking/widgetjacking) attacks)
PMKID Vulnerability that bypasses WPA/WPA2 4-way Handshake
- PMKID Vulnerability FAQ – WPA/WPA2-PSK and 802.11r by (documentation.meraki.com)
- New attack on WPA/WPA2 using PMKID Proof of Concept by Adam Toscher (Medium.com)
WPA3
- Wi-Fi Alliance introduces Wi-Fi Certified WPA3 security (wi-fi.org)
- With WPA3, Wi-Fi security is about to get a lot tougher (ZDNet.com)
Virtual Private Network (VPN)
A virtual private network (VPN) enables users to send and receive data while remaining anonymous and secure online.
In the simplest terms, a VPN is used to create a secure, encrypted connection between your computer and a server operated by the VPN service.
- How to Choose the Best VPN Service for Your Needs (HowToGeek.com)
- That One Privacy Guy’s ? Guide to Choosing the Best VPN (for you) (ThatOnePrivacySite.net)
- The Best VPN Services Directory (CNET.com)
- The Best VPN Services (PCMag.com)
Autonomous System (AS)
- A group of networks and routers under a common administrative control.
- Routing inside and autonomous system is referred to as intradomain routing.
- Routing between autonomous systems is referred to as interdomain routing.
Microsoft OneNote
- A good tool to help you stay organized.
Cisco Learning Network
- Get access to the Packet Tracer router simulator
- Free learning resources
- Cisco certification exam topics
- CCNA, CCNP study groups
- Sample CCENT, CCNA, CCNP study questions
- Career resources
- IT learning games
- Community manager support
- Social learning with IT experts
- Cisco Exam Preparation – Studying for Results
Synchronizing Using Allway Sync
- What is Allway Sync?
- Free for moderate personal use.
- True folder/directory synchronization.
- Sync data between your desktop PCs, laptops, tablets and more.
Subnetting Tutorial & Reference Page
Read / Do
CCNA Certification Study Guide, Volume 2
- Read Chapter 3: Easy Subnetting
- Do the Written Labs
- Answer the Review Questions
- Do not submit your answers for this chapter. The answers are in the Appendix
Do
Make sure to always have access to a calculator which has an Exponent function (^key) ( xy ) for every class.
- If you don’t already have a stand-alone calculator, you can pick-up any of the following, or similar, from Staples or Office Depot for $10.
- Casio FX-260 Solar Scientific Calculator (Staples)
- Casio FX-260 Solar Scientific Calculator (Office Depot)
- Texas Instruments TI-30Xa Scientific Calculator (Staples)
Sign up for a free Cisco Learning Network account
- [A paid membership is not necessary to access a lot of the material]
- Download, install, and test the current version of Cisco Packet Tracer.