<?xml version="1.0"?>
<rss version="2.0">
   <channel>
      <title>SC Magazine Discussion  by Dr MJ Frederick</title>
      <link>https://padlet.com/mj_frederick/r2wr5v14u0z9</link>
      <description>Authorization &amp; Access Control</description>
      <language>en-us</language>
      <pubDate>2017-09-02 18:15:29 UTC</pubDate>
      <lastBuildDate>2019-01-28 22:29:41 UTC</lastBuildDate>
      <webMaster>hello@padlet.com</webMaster>
      <image>
         <url></url>
      </image>
      <item>
         <title>Intel Flaw allows admin Authorization to systems through bios with default Admin password (Group 7)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283051263</link>
         <description><![CDATA[<div>Article explains that anyone can gain remote access to a system with any special software if they are able to physically login to the bios of the machine. The article goes into more detail of the simple attack, however the the solution to the "Evil Maid" attack is to be sure to change the default bios password so that malicious persons can't not gain auther<br><a href="https://www.komando.com/happening-now/437579/new-intel-flaw-allows-hackers-full-remote-access-to-network-computers">https://www.komando.com/happening-now/437579/new-intel-flaw-allows-hackers-full-remote-access-to-network-computers</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-18 17:17:48 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283051263</guid>
      </item>
      <item>
         <title>Wisconsin county clerk reportedly accused of local government breach affecting 250K-plus individuals (Group 11)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283159119</link>
         <description><![CDATA[<div><br>This article details how one individual was able to use their internal privileges to gain unauthorized access to confidential local government information.  This is a perfect example of why P.O.L.P is important to limit individuals access level.  The employee used a keylogger to capture from county computers. As a remedy they have limited control/or authorize access to on designated individual. <br><br><a href="https://www.scmagazine.com/home/news/cybercrime/wisconsin-county-clerk-reportedly-accused-of-local-government-breach-affecting-250k-plus-individuals/">https://www.scmagazine.com/home/news/cybercrime/wisconsin-county-clerk-reportedly-accused-of-local-government-breach-affecting-250k-plus-individuals/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-18 20:38:03 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283159119</guid>
      </item>
      <item>
         <title>New standard accepted by Federal Energy Regulatory Commission for critical infrastructure protection (Group 1)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283162339</link>
         <description><![CDATA[]]></description>
         <enclosure url="" />
         <pubDate>2018-09-18 20:47:12 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283162339</guid>
      </item>
      <item>
         <title>New standard accepted by Federal Energy Regulatory Commission for critical infrastructure protection (Group 1)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283167529</link>
         <description><![CDATA[<div>Our group chose this article because it directly relates to the concept of access control. The government has updated their security regarding critical infrastructure protection standards. This in theory should reduce the vulnerabilities that plague the american power grid system by limiting what devices have access to the ability to alter critical infrastructure properties. These measures also put in place policy for contractors working with the grid to respond to breaches in a timely manner. This new reliability standard was approved in April of this year.<br><a href="https://www.scmagazine.com/home/network-security/new-standard-accepted-by-federal-energy-regulatory-commission-for-critical-infrastructure-protection/">https://www.scmagazine.com/home/network-security/new-standard-accepted-by-federal-energy-regulatory-commission-for-critical-infrastructure-protection/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-18 21:03:20 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283167529</guid>
      </item>
      <item>
         <title>Two keyless entry door locks vulnerable to unauthenticated requests (Group 2)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283176745</link>
         <description><![CDATA[<div>This article explains that hackers were able to navigate around the authorizartion process in two keyless entry door locks. The hackers were also able to produce their own RFID badges and authenticate them by sending signals and gaining unauthorized access to the user's phone.<br><br>https://www.scmagazine.com/home/news/two-keyless-entry-door-locks-vulnerable-to-unauthenticated-requests/</div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-18 21:41:01 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283176745</guid>
      </item>
      <item>
         <title>Interpol warns IoT devices at risk(Group 8)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283180206</link>
         <description><![CDATA[<div>This article said crime is so high everywhere you turn. You think you are safe and boom you've been hacked. Certifying those IOT devices would be a good idea, but people are always figuring out ways to steal.<br><br><a href="https://www.scmagazine.com/home/news/iot/interpol-warns-iot-devices-at-risk/">https://www.scmagazine.com/home/news/iot/interpol-warns-iot-devices-at-risk/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-18 21:57:09 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283180206</guid>
      </item>
      <item>
         <title>Chase ‘glitch’ grants customers access to random accounts (Group 5)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283183585</link>
         <description><![CDATA[<div>A glitch that is thought to have occurred within Chase Bank's mobile app allowed some users to accidentally access other users accounts when attempting to log in to their own account. However, their communication director stated a very small number of customers were affected and the issue only lasted from 6:30pm-9pm.<br><br><a href="https://www.scmagazine.com/home/network-security/chase-glitch-grants-customers-access-to-random-accounts/">https://www.scmagazine.com/home/network-security/chase-glitch-grants-customers-access-to-random-accounts/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-18 22:19:48 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283183585</guid>
      </item>
      <item>
         <title>Amazon Employees Allegedly Sharing Internal Data (Group 3)</title>
         <author>halerachel1210</author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283203334</link>
         <description><![CDATA[<div>This article shows the security concerns beyond user authentication, as humans prove susceptible to bribery.&nbsp; Amazon employees are being investigated for sharing internal data as well as deleting negative product reviews and reinstating users who have had their accounts removed.&nbsp; Despite needing to be authorized to access information, it is difficult to have complete control over secure data, when monitoring of employees can only be implemented in terms of business practices, and simple exterior communications can dissolve the practices so painstakingly put into place.&nbsp; <br><a href="https://www.scmagazine.com/home/news/report-amazon-employees-under-investigation-for-allegedly-sharing-internal-data-with-merchants/">https://www.scmagazine.com/home/news/report-amazon-employees-under-investigation-for-allegedly-sharing-internal-data-with-merchants/</a><br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-19 00:21:46 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283203334</guid>
      </item>
      <item>
         <title>Hackers steal data on 380,000 British Airways customers (Group 4)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283204943</link>
         <description><![CDATA[<div>This article shows that even major multinational corporations still struggle with limiting access. They are unsure of how the hackers managed to steal the data at this time. The extent of the breach is also not yet know, however, they do not believe that any passports were leaked.<br><br><a href="https://www.scmagazine.com/home/news/hackers-steal-data-on-380000-british-airways-customers/">https://www.scmagazine.com/home/news/hackers-steal-data-on-380000-british-airways-customers/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-19 00:29:55 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283204943</guid>
      </item>
      <item>
         <title>Nearly one-third of breached companies reported job losses after data breach (Group 4)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283211494</link>
         <description><![CDATA[<div>This article is about a survey done that talks about the job losses that occur after a data breach with a company. A relatively large percentage of jobs in a company are lost on average to cover the costs of a data breach for larger companies. It just goes to show that access control is a very important factor to consider and try to secure when security professionals design a company's security policies. <br><br><a href="https://www.scmagazine.com/home/news/survey-nearly-one-third-of-breached-companies-reported-job-losses-after-data-breach/">https://www.scmagazine.com/home/news/survey-nearly-one-third-of-breached-companies-reported-job-losses-after-data-breach/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-19 01:07:58 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283211494</guid>
      </item>
      <item>
         <title>Philadelphia Eagles are the NFL team most often referenced in credentials (Group 6)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283223484</link>
         <description><![CDATA[<div>&nbsp; &nbsp; &nbsp;In his September 10th article, “Pass’ words: Philadelphia Eagles are the NFL team most often referenced in credentials,” Bradley Barth highlights how die-hard football fans, like many other end users, tend to use common and easily remembered words when choosing a password. Unfortunately, choosing a password that is easy to remember oftentimes means choosing a password that is easy to guess and leaves an individual at risk. Recognizing previous instances where such a common practice has caused individuals’ accounts to be compromised and using stronger criteria when setting up one’s own accounts is one of the easiest ways someone can protect themselves.”<br><br>&nbsp; &nbsp; &nbsp;Passwords are a big deal mostly because they defend your personal and private information but also because they are a part of you. That’s why having a strong password is for the best. That being said using the same password repeatedly, strong or not for multiple networks and emails is a bad thing. One account could be compromised without the user’s knowledge which would put all your other accounts at risk before the website may be able to alert the user of this breach.<br><br>	It is not uncommon to want to use something important to you in your password that you can remember, but having such a simplistic password is too high of a risk. It is best to understand the cardinal rules about passwords: 1.) a password should include capital and lowercase letters, numbers, and symbols if possible. and 2.) the longer the password, the harder it is to crack. If you are intent in using your team’s name, then consider adding symbols and randomized letters and numbers around the word. You can also replace i’s with 1’s, and the letter o with the number 0, as well as a’s with @’s. Another smart consideration is to have a small amount of designated access points that have more than read-only settings, and notifications if an unregistered account attempts to access your account. You can still support your team, but how are you going to buy those tickets if a hacker wipes your account clean?<br><br>&nbsp;https://www.scmagazine.com/home/news/pass-words-philadelphia-eagles-are-the-nfl-team-most-often-referenced-in-credentials/<br><br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-19 02:10:40 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283223484</guid>
      </item>
      <item>
         <title>Cyberscammers Attack during hurricane (Group 9)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283224791</link>
         <description><![CDATA[<div>The is a short article talking about some of the phishing emails going around trying to take advantage of the disaster. Just goes to show there are people trying to take advantage of people even when they've already been knocked down so it's good to know to look for it after hurricane's since we live in Florida.<br><br><a href="https://www.scmagazine.com/home/news/cyber-scammers-using-hurricane-florence-as-a-hook-for-malicious-emails/">https://www.scmagazine.com/home/news/cyber-scammers-using-hurricane-florence-as-a-hook-for-malicious-emails/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-09-19 02:16:57 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/283224791</guid>
      </item>
      <item>
         <title>This article explains CISA&#39;s first emergency directive for dealing with an ongoing DNS attack affecting North America, Europe, and the Middle East. Attackers would steal credentials, and would replace website with their own code. Encryption certificates were also stolen which made it possible to unencrypt the data.  With multiple levels of authentication this would be less likely to happen to Gov websites. </title>
         <author></author>
         <link>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/325179987</link>
         <description><![CDATA[]]></description>
         <enclosure url="https://www.scmagazine.com/home/security-news/government-and-defense/dhs-issues-emergency-directive-to-protect-federal-domains-from-dns-hijacking-campaign/" />
         <pubDate>2019-01-28 22:23:10 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/r2wr5v14u0z9/wish/325179987</guid>
      </item>
   </channel>
</rss>
