Week 7 Update

Week 7:

So far so good! I had never thought CYBR 515 class would be very challenging. It's not because I am getting a bad grade, but it's because of lack of resources. I know I am not that bad searching for resources online or library. Thanks to the professor who is very responsive and provides guidance if asked. I need to survive six more weeks then I am done. Despite close to finishing my Masters, I still have issues writing especially with the grammar. I take professor's suggestion seriously and try my best to improve. Sometimes when you are close to due and don’t have enough time, there is always a chance of mistakes. I am not a procrastinator though. I start my assignments early. The discussion board has been a great place to learn. The professor making to choose from the different topic is also helpful, so many students don’t end up writing on the same subject. Since this is my final semester, I have to say that online college is not easy. It gives students flexibility, but that doesn’t mean it is any easier than the traditional format. I would highly recommend others to go online if they want to be independent learners. You don’t get to ask questions directly to the professor being an online student, but you are saving time and improving yourself by doing research and asking a question on the class online forum.  I am glad I decided to go back to college, and I am close to finishing. As long as you are dedicated, finish assignments on time, you are good. You should think twice going for masters if you don’t love writing. I am more of a math and science student who likes solving a problem but not necessarily just writing. In the Cybersecurity field, there were many technical assignments, but you still have to write a report for the assignment. For example: if you design a wireless solution for a company, you still write a lengthy report how you would implement the design. Wow, I went little too far sharing my experience. Let's get back to regular topic "What's trending?".

Week 6 Updage: 
Thank God, I am almost half way through my final semester! It's been very challenging. I have to admit I am not good at designing network diagram. Hopefully, I get better since this was my first time designing a network diagram. Reading other students assignments and network diagram helping me to understand better. As usual, discussion board has been my source of learning and understand the different views of students. Some of the assignments from by Security Architecture class are tough. I wish professor would provide us additional information about the topic. We had some assignments where I couldn’t find much information on the Internet or textbook. Well, this is a part of learning. Sometimes you have to go deeper and work hard to find resources. Cyber Security field not meant to be so easy. Also, I read other students question on the professor's online board, and makes me feel ok that I am not doing that bad. We all are on the same page except those smartest ones. I think milestone types of assignments are difficult because if you mess up the first assignment, most likely there is a good chance you won't do good on the next milestone since you didn't build the base well. Applying students and professor's suggestion has been helping me to improve. This is good enough about my experience in week 6. So let's roll back to our usual blog writing style.

Article 1:
I read some news this week. They are talking about the United States might be behind the North
Korea's missile test failure. This may or may not be true, but if it is true, it would be good news for the United States, but the future, it may not be good unless we continue to develop new ways of fighting in the cyber domain. I liked how the news was written on this website (http://www.maxim.com/news/us-hacking-north-korea-missiles-2017-4). If this is true, I hope they always keep this secret as no-one needs to know how they did. Imagine if countries like Iran or North Korea could do the same to the other countries. No matter how sophisticated tool you build, if the hackers can somehow penetrate, your tool is useless since you can't operate how you want. For North Korea, this was an embarrassing moment especially when they were celebrating the 105th birthday of Founder Kim Sung.  

Article 2:

It's unusual and surprising what hackers are capable of doing. In a way, they are the troubleshooters for the good guys. If we didn’t have black hat hackers, I think the newer technology development would be much slower. There are the ones who make IT companies think twice before the design anything or release new products. Whenever a company releases a new tool and claims to be the most secure, hackers eventually hack the tool. This is the fate of the current technology. It's easier to break then build but what hackers are doing is very smart even though they do for various negative reasons. I am trying to refer to this news I read this week which is titled as "Stealing your PIN by tracking the motion of your phone." How is this even possible?

This article says, "Cyber experts have revealed the ease with which malicious websites, as well as installed apps, can spy on us using just the information from the motion sensors in our mobile phones. Analyzing the movement of the device as we type in information, they have shown it is possible to crack four-digit PINs with a 70 percent accuracy on the first guess — 100 percent by the fifth guess — using just the data collected via the phone’s numerous internal sensors.".

Wow, this tells us why we shouldn’t download apps that we see on the app's store. Malicious apps can spy users from the motion sensors which are used in our mobile phones. Even though the study has shown only 70 percent accuracy on the first guess of the PIN used in a mobile, the fifth try got 100 percent score. Most cell phone users are unware of this and continue to use the mobile as usual. It sounds like a serious threat, but this article didn’t give any ideas to prevent from happening. But I think it is always a smart not to click or download any unknown apps. Reading the apps reviews gives a good idea where the apps are good or bad. Some of the smart phones allow having 6 to 8 digit pins or using biometric to log into the cell phones. 

http://www.homelandsecuritynewswire.com/dr20170412-stealing-your-pin-by-tracking-the-motion-of-your-phone

Week 5 Update:
It's been a very busy week. Taking two classes is no joke especially when you have a family and full-time work. A lot of writing and writing. I like the fact that CYBR 515 offers some challenging and technical questions. Also designing network diagram of a company when you only have a script can also be difficult. I designed it but have to wait until professor grades it. Not sure how i did but I am not happy with the work I have done. Even this week there are so many assignments. Thank god, only 7 more weeks left!

Article 1: 

A bit old news but I was still interested reading the news posted on technewsworld.com. I recently bought a new laptop, and it came with Windows 10 Operating system. As soon as I did initial settings, the first thing I googled was "Windows 10 security issues", I saw a lot of sites talking about security issues with the window 10. According to this article, Microsoft has been pushing new security updates to keep their newest version of OS secure. So far Win 10 has been the most secure, fast and reliable operating system. This article mentioned that if a user wants to have a more secure means of OS, they must pay the additional cost. There are many updates since Windows 10 came out and it includes mitigation techniques with the Edge browser. Microsoft is focusing on mitigation techniques that counter classes of exploits rather than an emphasis on a single vulnerability. I just didn’t like the fact that there are some different versions of OS and if a user willing to pay more, he/she would have to pay more. Also, Microsoft says there is always a chance of newer vulnerability, so they will continue to fight against the threats and keep the OS secure. What is new about this? Every tool developed always say they are working to make their tool efficient and secure. I think it's all about business and money. When you buy a computer, at a minimum, you should get basic software like Office and antivirus software. On the top of the additional cost to the software, they are asking more money for the security features.

http://www.technewsworld.com/story/84233.htm

Article 2:

I read a news titled "Global investors lose billions to cyber-attacks." This news was posted on CNBC.com written by Ryan Browne. It reports that the cyber-attacks have caused about $53.4 billion loss to the stock market. As cyber-attacks continue to grow, the share prices fall and decrease the market value. Especially the bigger companies are losing the stock value because of the breaches. According to the vice president of cyber security at CGI in the U.K., Andrew Rogoyski estimated that around 10-20 percent of the major breaches companies suffer in Europe are currently made public. I think there is a problem here. Why are almost 80% of breaches not made public? Either the statistics are wrong, or they don’t to release the information because of the fear of losing business. For example, if I know my personal information will be used without my authorization, I won't be doing business with the company. It has become a reality that hackers are getting smarter and sophisticated every day. What can we do to protect ourselves and businesses? This week couple of my classmates wrote about the easy access of hacking tools to the public adding challenges for the security professionals. I agree with them, and these tools should not be easily available unless you are a security professional. Anyone with basic computer skills can download a software and start causing damage. Many users are unaware of the consequences. Plus it is hard to hold them accountable for their actions especially when the attacks coming from outside of the countries. Overall this article was great information to read, and it also shows the dark side of the hacking activities. The only way of preventing these types of attacks in business is by adding security layers, training employees and coordinate with other companies and share knowledge.

Week 4 update:

I never thought CYBR 515 (Security Architecture) class would be this challenging. Especially the technical type of questions is taking most of my time. Week 3, we had to use ASCII chart and convert characters into hex and then binary. The most challenging part was to use XOR function to multiple binary digits. After asking many questions to the professor, I was able to figure this out. Again challenging but fun! CYBR 650 is going well so far. There are a lot of reading assignments. I love two weeks assignment format even though each week has some assignment, but it gives students more time to work on the projects. Week 4 we are to update our week one threat model and add improvements based on the professor's comment. Hopefully, we will have a professional looking final "Threat Model Process" which can be used in any business.

Article 1:

I read a very surprising news on CNBC titled "Cybersecurity firm: More evidence N. Korea linked to Bangladesh heist". I thought North Korea would target countries like United States/South Korea. The cyber security company Kaspersky researcher has found additional evidence that the North Koreans were behind stealing the money ($81 Million) from the Bangladesh Central Bank's account. Usually, hackers make big target where they can get the most benefit; however, this time Bangladesh's bank was a target. I think they wanted to take the most advantage of the weakly secure banking system. So it was an easy target for them. I was little surprised to see Russian-based security company investigated the incident. The company is still working on finding additional information about the crime. This proves that if there are any monetary benefits, hackers can target anyone.  

This also shows the countries like the United States need to coordinate with the countries to gather information about the tactics they use to steal money or sensitive information. If this can be proven, North Koreas are taking money from the banks. It was kind of crazy to hear that a country who doesn’t have easy access to the computer and the Internet can do all this. Imagine what they could do if the public had easy access of the computer and Internet.

Source: http://www.cnbc.com/2017/04/03/cyber-security-firm-more-evidence-n-korea-linked-to-bangladesh-heist.html

Article 2:

Next, I wanted to research more about the news. I googled "hacking news." The very first thing shows are about North Korea is attacking banking systems worldwide from CNN. The news CNN also mentioned about the Bangladesh's bank but added more to it by providing additional examples of hacking incidents. Like always CNN writes about the possibility of Russian government involvement with the cyber security firm Kaspersky, but the company strongly denies the allegation. Like in 2014, the US government blamed North Korea for the hacking of Sony pictures. How they found about where the attack came from sounds fascinating. According to Kaspersky, the Lazarus hackers carefully routed their signal through France, South Korea, and Taiwan to set up that attack server. But there was apparently one mistake spotted by Kaspersky: A connection that briefly came from North Korea, CNN writes.

In summary, this is an alarming finding to the world banking system that their banking system is vulnerable and they must do everything to protect their banking system; otherwise, they will lose the trust of the customers and eventually lose customers.

Article 3:

I read another news this week and it is titled as " US cyber-attack could have caused North Korea's
failed missile test, the expert suggests." This would be very interesting if it is true. I am sure government agencies are working to achieve this but not sure if the United States did. The article writer doesn’t really validate the authenticity of the claims but suggests that a rocket test came just before a crucial meeting between Donald Trump and Xi Jingping. Recently, North Korea has tested multiple missiles, but one was failed. Now some experts suggest that the U.S. was behind of failing the test. It is a fascinating reading if you are interested. Here is the link to the article.

http://www.independent.co.uk/news/world/asia/north-korea-missile-test-fail-us-cyber-attack-barack-obama-kim-jong-un-intervention-a7669686.html