Week 3

This weekend I babysat for some friends of mine. He is about to be sent to Pax River to work on an unmanned airplane. What awesome technology. It was an amusing news story he showed me on his iPhone. Apparently, it was being delivered via truck to Pax River. The reaction of the people as it passed through town was quite amusing. Apparently, this plane is intended to be used for reconnaissance missions and eventually be developed for unmanned air attacks.

However, upon looking at a recommended website from the professor, I found this disturbing story: U.S. Drone Hijacked By GPS Hack?

GPS technology has a long ways to go. Apparently, Iran has been looking for the vulnerability for sometime through various other downed drones. By finding the weakness they were able to take advantage. When a drone's GPS is jammed, the drone goes into autopilot because GPS is "its brain."

Perhaps what bothers me most is the fact that it was publicized that GPS was the drone's weakest point and have known about it for a while! *facepalm*

In this case though, Iran "spoofed" the GPS coordinates to obtain the drone.

Knowing this makes me wonder about what else GPS affects should it be jammed or spoofed. Does this mean a bored geek can try and send different GPS to a person who uses it to get to a destination and either get them lost or worse, lead them to a dangerous destination? If we think about this further, most smartphones also have GPS technology embedded in them. I use mine when I am out of town and in unfamiliar territory.

This was very enlightening to discover! I always knew that with new technology would come new threats. For some reason I had believed that GPS is invulnerable or at the very least never really thought about it being used for malicious intent. But apparently, if it's got circuits and radio waves, it's just a matter of time before someone finds a way to use it for bad intentions.

Week 2

There are some students who can only take one course at a time because they work. I get the opportunity to take two at the same time. I am lucky enough to be taking Risk Management and Information Security Management at the same time. It has taught me many things.

In Risk Management we learned about the different types of assessments:

Business Impact Assessment (BIA)
Vulnerability Assessment (VA)
Penetration Testing
Risk Assessment (RA)

In these, depending on the organization's size and its needs, an organization can use all of the above to beef up security.

This week, in Information Security Management, though I noted that while there were some project management tools that are similar they each have a purpose as well, but it is not as viable to utilize more than one. It can confuse things, at least from my point of view.

The different types of project management tools we learned about this week were:

Work Breakdown Structure (WBS)
Program Evaluation & Review Technique (PERT)
Gantt Chart

I had found a lot of links that helped me with learning about those different tools. Sometimes the book is not enough. I need it put into little words.

So, now that I have mildly vented my frustration, I found an interesting article about Adobe Flash. You see, I am a webmaster for three sites and all of them have some form of flash on them so this really caught my interest:

New Zero-Day Vulnerabilities Found In Adobe Flash Player

Adobe Acrobat and Reader products are used on both Windows and Mac machines. Macs are known for not being attacked like Windows machines and are so far not being affected, but that does not mean they will be safe. Because the malware is embedded in Adobe files, they can bypass scanners. With more and more websites using Flash Player or Adobe Reader, this makes everyone more susceptible to attacks that cannot be detected.

The malware crashes the programs and obtains control of the system the program is on. The malware can "bypass the antiexploitation features in Windows such as DEP and ASLR, and can get around the Internet Explorer sandbox."

I think this is something I may need to be doing more digging into the Adobe software I am using. For now, maybe I should begin blocking unwanted Flash content from running on my computer. It's a good thing I use Firefox and Chrome!!!!

Week 1

I am not much of a blogger, in fact, this is my very first blog. I have never kept a diary or anything like that so, this will be an interesting aspect of the course.

The one thing about security is that I apply all that I learn at my home network. It was how I learned to secure my WiFi router and even discover questionable files on my computer with extra extensions.

So, for my future reference, I will post professor's recommended links on here for easy access on a regular basis.

• http://www.securitywizardry.com/radar.htm
• http://www.mcafee.com/us/threat_center/default.asp
• http://isc.sans.edu/newssummary.xml
• http://news.cnet.com/security/

Here's to a new experience! Cheers!