Category: Hacking

“Hack the Air Force” is a new White Hat Hacking contest. The United States Air Force is inviting vetted computer security specialists from across the U.S. and select partner nations to do their best to hack some of its key public websites.

Posted by Vincent Banial

The recent DOD ‘Hack the Pentagon’ contest was a success. That contest was limited to US based Cyber Security enthusiasts. The United States Air Force “Hack the Air Force” contest,  will be expanding the opportunity to join in the contest by allowing individuals and groups from the following countries to also participate (in addition to US Citizens): United Kingdom, Canada, Australia and New Zealand.

The Hack the Air Force contest is being run with the help of CyberSeurity Firm HackerOne. The HackerOne platform will help allows White Hat Hackers to submit their Security Holes in a safe and secure manner.

Video is courtesy of the HackerOne YouTube channel

On the HackerOne main website page they state :
“77% of Programs Find Security Vulnerabilities within 24 Hours.”.

This sounds like a great move by the Department of Defence and the US Air Force. The prior “hack the Pentagon” contest was a great success. This new Hack the Air Force contest will allow non-US based CyberSecurity Talent to participate. The more people joining the contest the more Security Vulnerabilities I suspect will be found.

This should be a win-win for bothe the Air Force and for the White Hat Hackers. The HackerOne facebook page states that $16 Million in bounties have been paid out in prior HackerOne coordinated White Hat Hacking events.

Registration for the ‘Hack the Air Force’ event opens May 15 on the HackerOne website. The contest opens May 30 and ends June 23. Military members and government civilians are not eligible for compensation but can participate on-duty with supervisor approval. Mark your calendars and make sure that you register starting on May

Mark your calendars and make sure that you register starting on May 15 2017.

Click on this link to visit the official US Air Force site to read their news Release about this new “Hack the Air Foce” White Hat Hacking contest.

Click on this link to view other Cyber Security posts on Uniquely Toronto.

 

Advertisements

“SysAdmin’s Essential Guide to Linux Workstation Security” free eBook from The Linux Foundation

artificial-intelligence-2167835_1920-Vince changed-640x480-web
Photo courtesy of Gerd Altmann  – CC0 License. Vincent Banial modified the look & feel.

The Linux Foundation is offering a free download eBook titled: “SysAdmin’s Essential Guide to Linux Workstation Security“.

The suggestions offered in their eBook, are based on 3 level levels of security which one would want. These are:

(ESSENTIAL) items, if “not implemented” could introduce high risks to your workstation security.

(NICE) to have items will increase the overall security, but may require learning new habits or unlearning old ones.

(PARANOID) items could significantly improve your workstation security but may require time to learn new ways of doing things.

Click on this link to visit The Linux Foundation website and download your own copy of their eBook titled:SysAdmin’s Essential Guide to Linux Workstation Security.

Click on this link to view other Cyber Security posts on Uniquely Toronto.

Robots can be Hacked – new findings from IOActive

Posted by Vincent Banial

IOActive published some major findings this week, that Robots can be hacked and rather easily.

Click on this link to read the IOActive post titled: “Hacking Robots Before Skynet.

Video is courtesy of the Humanoid Robot YouTube channel

In the following video an Artificial Intelligence clearly states that it will “Destroy Humans”.

Video is courtesy of the CNBC YouTube channel

Humans have already been killed by Robots. Click on the following link to read a post on Gizmodo.com titled: “Robot Cannon Goes Berserk, Kills 9”.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Dropbox Mega-Breach confirmed.

Over 60 million email addresses and passwords were hacked from Dropbox years ago. That data is floating around the folks on DarkNet. It is older and apparently not being marketed, yet some hacker have it. Even though the breach happened years back, the data still has value. People often rarely change their password. Similar Mega Breach data from prior breaches at LinkdIn and Tumblr, was being bought, sold and traded on DarkNet markets.

Click on this Link to visit the Motherboard site to read their post about Hackers stealing account data on tens of millions Dropbox users.

Click on this Link to visit Troy Hunt’s site. He was sent the hacked data from a supporter of “Have I Been Pwned?” site. Troy then found his own account data and also his wife’s account data and proceeded to confirm that the Dropbox Mega-Breach was real.

Video courtesy of the Fox Business YouTube channel

Click on this Link to visit theguardian newspaper website to read their post titled “Dropbox hack leads to leaking of 68m user passwords on the internet

Change your passwords often.
Use random numbers, letters and special characters,
for greater security.

Click on this link to view other CyberSecuirty related posts found on Uniquely Toronto.

Posted by: Vincent Banial
http://www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

HORNET, the alternative to Tor Network

When we think about surfing the Internet, most people are looking at just the top of the network iceberg. When in fact, the web actually holds a “Deep Web,” hidden from everyday users and ordinary browsers. This is due to the Deep Web continuously encrypting …

Source: HORNET, the alternative to Tor Network

 

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

Major Bank Heist using SWIFT. Hackers tranferred over $950 Million and got away with $81 Million

The link above is to a Financial Post article on Cyber Security by Martin Arnold

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial
http://www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

“Hack The Pentagon”. The Department of Defense, in the USA, announced Cybersecurity Initiative.

The following is the official News Release about the DoD’s Cybersecurity Initiative titled”Hack The Pentagon“.

Statement by Pentagon Press Secretary Peter Cook on DoD’s “Hack the Pentagon” Cybersecurity Initiative

Press Operations

Release No: NR-070-16
March 2, 2016

PRINT | E-MAIL

The Department of Defense announced today that it will invite vetted hackers to test the department’s cybersecurity under a unique pilot program.  The “Hack the Pentagon” initiative is the first cyber bug bounty program in the history of the federal government.

Under the pilot program, the department will use commercial sector crowdsourcing to allow qualified participants to conduct vulnerability identification and analysis on the department’s public webpages.  The bug bounty program is modeled after similar competitions conducted by some of the nation’s biggest companies to improve the security and delivery of networks, products, and digital services. The pilot marks the first in a series of programs designed to test and find vulnerabilities in the department’s applications, websites, and networks.

Participants in the bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program.  Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system.  Other networks, including the department’s critical, mission-facing systems will not be part of the bug bounty pilot program.  Participants in the competition could be eligible for monetary awards and other recognition.

This innovative project is a demonstration of Secretary Carter’s continued commitment to drive the Pentagon to identify new ways to improve the department’s security measures as our interests in cyberspace evolve.

“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Secretary of Defense Ash Carter.  “Inviting responsible hackers to test our cybersecurity certainly meets that test.  I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”

The “Hack the Pentagon” initiative is being led by the department’s Defense Digital Service (DDS), launched by Secretary Carter last November.  The DDS, an arm of the White House’s dynamic cadre of technology experts at the U.S. Digital Service, includes a small team of engineers and data experts meant to improve the department’s technological agility.

“Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country,” said DDS Director and technology entrepreneur Chris Lynch.

This initiative is consistent with the administration’s Cyber National Action Plan announced on Feb. 9, which prioritizes near-term actions to improve our cyber defences and codifies a long-term strategy to enhance cybersecurity across the U.S. government.

The pilot program will launch in April and the department will provide more details on requirements for participation and other ground rules in the coming weeks.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial
www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.

Latest version of Windows 10 may have a Linux subsystem secretly installed inside.

Image of Linux Penguin called Tux By Larry Ewing, Simon Budig, Anja Gerwinski

Linux Penguin called Tux By Larry Ewing, Simon Budig, Anja Gerwinski

“Renowned Windows Hacker and computer expert, who goes by the name ‘WalkingCat’, discovered that the latest version of Windows 10 may have a Linux subsystem secretly installed inside.”

 

 

Posted by: Vincent Banial
www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. Many moons ago I had worked with someone named “Wang Wei”, not sure if it was the same person as the author of The Hackers News post

Superfish, was preinstalled (starting Sept 2014) by Lenovo on a number of their consumer laptops, is detected as being Adware, Trojan, and Riskware by at least 23 AntiVirus & AntiMalware scanners

Cybersecurity For Dummies available for legal download, at no charge from cybersecurity firm Palo Alto Networks

Palo Alto Networks is a Cybersecurity firm which creates Enterprise level solutions from Firewalls to full Endpoint Protection.I had previously written about Palo Alto Networks and the work of their Unit 42 Experts who broke the story, back in November 2014, about the WireLurker Apple IOS and OSX Family of Malware.

Chinese authorities had arrested a number of individuals and shut down the WireLurker Command and Control Server just ten days after Palo Alto Networks released their findings.

Last weekend we focused on Cybersecurity issues. Many visitors to this site may not be fully versed in Cybersecurity issues. In that vein, I wanted to let you all know that Palo Alto Networks is allowing the legal download of Cybersecurity for Dummies. It discuss APTs (Advanced Persistent Threats) to the Enterprise Network. Old solutions no longer work. A layered approach of new solution is detailed.

Click on this line to visit the Palo Alto Networks page where you can fill in a brief form to gain download access to Cybersecurity for Dummies.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.

Next Suits and Spooks event to be held in London England on May 06 and 07 2015


Suits and Spooks Events are a bit like TED Talks, but focused on Cyber Security issues. From the Suites and Spooks webpage: “Each event draws thought leaders and decision makers from the public, private, defense, law enforcement and intelligence sectors who come to learn about and discuss some of the key security challenges which face our digitally connected nation and world

One unique aspect of the presentations made at Suits and Spooks is that after the first 10 minutes, the Audience can join in by asking questions or directly challenging the presenter. Audience participation resulting in Debate and Discussion is the cornerstone of these events.


The next Suits and Spooks Event will be held in London England on May 6th and 7th 2015.


Click on this line to view their prior events which were held in 2014 and to check out the agenda of presentations made.


Click on this line to visit the Registration page for the upcoming 2015 London Suites and Spooks Event.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial for Uniquely Toronto
http://www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.

WireLurker Malware targeting Apple IOS and OSX products


If you use an Apple IOS or OSX device (phone, tablet, notebook and desktop) you might want to check out my post about WireLurker.

Apple users sometimes are smug about not needing any security software. Yes, Apple products have been highly secure.

As the number of Apple products being purchased keeps growing, Apple products are also becoming targets for those who create Viruses and Malware and other interesting code.

Back in 2012 “Flashback” victimized about 700,000 Macs. WireLurker and future variants of it could have the potential to do the same.

Staying informed can help keep you and your Apple IOS and OSX gear from falling victim to such attacks.

 

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.