Preface: Data breaches continue to be a threat to consumers. Many companies were hacked and likely had information stolen from them since January 2017.
Headline news Jan 2019: Abine announced that they learned on 13th December 2018 that a file containing information from customers who had registered prior to January 2016 was exposed online.
Who is Abine? Abine is a Boston-based privacy company. Led by consumer protection, privacy, and identity theft experts.
Official findings of data breaches: The file was in a “mis-configured Amazon S3 storage bucket that was being used for data processing.
User Tips: AWS code of law
You
can enable Block Public Access settings only for buckets and AWS
accounts. Amazon S3 doesn’t support Block Public Access settings on a
per-object basis.
When
you apply Block Public Access settings to an account, the settings
apply to all AWS Regions globally. The settings might not take effect in
all Regions immediately or simultaneously, but they eventually
propagate to all Regions.
An attacker could exploit these vulnerabilities to take control of an affected system.
Reminder: It is hard to avoid system administrator read the pdf format of document during installation. If such vulnerability occur, it is very dangerous!
Preface: QR codes have become common in consumer advertising. Friendly speaking, it make your finger and mouth more relaxed!
Is the QR code safe? Most risks with QR Codes stem from QR Codes not being readable to humans. Since the QR codes not being able to easily identify a code as the original where the problems arise. As a result, the mobile application authentication design will be a key factor for security protection. In addition, malware hidden in the QR-Reader app can infect your smartphone. Malware known as ‘Andr/HiddnAd-AJ’ was able to load itself onto a number of apps designed to read QR-Codes. And compromise your smartp
Realistic: Even if it involves risk, the modern world likes to take a risky approach. So how to enhance the QR code system security?
Possible ways:
QR code system uses fingerprints and face recognition.
Awareness training
Mobile device management especially patch management and antivirus system.
Preface: Electric vehicles (EVs) have no tailpipe emissions. Replacing conventional vehicles with EVs can help improve roadside air quality and reduce greenhouse gas emissions.
Technical background: Level 2 electric car chargers deliver 10 to 60 miles of range per hour of charging. They can fully charge an electric car battery in as little as two hours, making them an ideal option for both homeowners who need fast charging and businesses who want to offer charging stations to customers.
Subject matter expert: EVlink Parking a charging stations for shared usage or on-street developed by Schneider Electric.
Vulnerabilities found: Schneider Electric has become aware of multiple vulnerabilities in the EVLink Parking product (see below):
A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.
A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier
Preface: The internet contains at least 4.5 billion websites that have been indexed by search engines. But may be more data not shown there?
Technical background – Dark Web Synopsis: What is dark web? It is the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.The dark web is a huge marketplace for stolen data and personal information.
Attack surface:
So far, social media companies have often experienced data breaches. However, the healthcare industry is the priority attack target.
Data theft action:Once the company has been hacked. the situation will be as follow
the data will be posted to dark web immediately
if company management not intend to pay for ransom. they will sell the data in dark market.
Preface: The objective of an APT attack is usually to monitor network activity and steal data. But the APT historical records shown that there are APT attacks intend to damage the network or organization.
APT might not easy to detect: VM handler able to relocate and move code because of ASLR (address space layout randomization) applied. Example shown below for refernce. For example the instruction AND has opcode 0x17 when you print. The 32-bit code to run is stored entirely into the variable section with the value at offset 5 specifying the number of bytes to be copied and executed. However the ability of conditional opcodes, the variable part can contain the next JIT packet ID or the next relative virtual address (RVA) where code execution should continue. So it such a way increase the difficult to detect the malware behaviour.
Prevention: In order to fight against APT activities. Try to understand their goal of action. For example, we can learn from security report. For more details, please find below URL for reference.
Preface: Business Insider predicts business spending on IoT solutions will hit $6 trillion by 2021.
Technical background: EcoStruxure is Schneider Electric’s IoT-enabled, plug-and-play, open, interoperable architecture and platform, in Homes, Buildings, Data Centres, Infrastructure and Industries.
Comment: Not only a phishing scam trigger a URL redirection vulnerability. It also causes awaken product design weakness let multiple vulnerability occurs. It is a array effect. Since modicon and PLC products contains design limitations. The total 3 layers will be compromised once attack successful implement their phishing scam.
Preface: Open a command prompt and type the following commands in sequence. Download vSphere PowerCLI from the Download page of the VMware Web site and install the vSphere PowerCLI software.
Technical background: VMware vRealize Operations will help customers derive even more value from a “Self-Driving” approach to operations management. For instance:
Intent-Driven Continuous Performance Optimization
Efficient Capacity Management
Intelligent Remediation
Vulnerability: VMware vRealize Operations (vROps) could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper permissions of support scripts. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain root privileges on a vROps machine.
Preface: If it is possible to do the space-time travel. So, what is your expectation?
Technical synopsis:
How Long Would It Take To Get To Jupiter? Jupiter made of gas. However, we may travel to Europa, one of its moons. Travel time to Jupiter takes around 6 years. If we use “wormholes“, you can reach distant places in the universe in a flash.
Remark: Europa (Jupiter II) is the smallest of the four Galilean moons orbiting Jupiter.
About wormhole: According to the general theory of relativity, black hole is the result of the curving of spacetime caused by being composed of dense mass.
In 1935, Albert Einstein and physicist Nathan Rosen use the theory of general relativity prove that widely separated black holes can be connected by a tunnel through space-time. It is a conjecture in physics stating that entangled particles are connected by a wormhole.
Since White holes are not proved to exist. It is considered by some physicists to be the mathematical answer to the general equations of relativity. Perhaps no method expose the while holes in the moment. But the practice of scientific development and research keen to hypothesize boldly, and prove it carefully. Whereby, all depends on your interest to this subject matter.
The mathematics theory proof that if we use “wormholes”, you can reach distant places in the universe in a flash. But how to figure out the wormhole?
Unconfirmed technical details but it might enhance the exploration level if it is genuine
Nikola Tesla was a Serbian-American inventor, electrical engineer, mechanical engineer, and futurist who is best known for his contributions to the design of the modern alternating current electricity supply system. He is the man behind the magnetic field unit. In 1921, Einstein and Tesla both two remarkable scientists meet up during RCA meeting (Marconi RCA radio station).
Perhaps Tesla spends his research and development man hours in magnetic field, frequency and vibration. But have you heard a statement mentioned that if you knew the magnificence of the three, six and nine, you would have a key to the universe. And the people claimed that the above statement was told by Nikola Tesla.
Reminder to reader
Since related information couldn’t found in Tesla original document. Besides, Telsa pass away in 1942 and it is hard to prove the integrity of the information. However this theory was display on a paper. This drawings was found in an antique shop at central Phoenix Arizona by artist (Abe Zucca). See below:
From mathematical point of view, above drawing shown the following hints.
The multiples of 2 form a hexagon shape (⬡) as we go around the spiral.
Multiples of 3 give us diamonds shape (◇).
Multiples of 5 (when we go all the way out to 144) give us a more complex star shape (☆).
The prime 11 spirals out from the center.
Above items of detail is the real story of Multiplication chart, but
it hasn’t prove that the idea of chart belongs to Tesla. But do you
agree with the idea shown below?
Not easy to programming above graph, right? Seems following the
direction of Multiplication chart do not shown it is a key to the
universe. Am I wrong? May be I am not a mathematician so it cannot
understand the background of the reason!
Hypothesize boldly, and prove it carefully
Einstein-Rosen bridges proof that wormhole in between black hole and
white hole. A vortex around of the black hole contained a strong X-ray.
Since it is a vortex so it is a circle shape. The center of the black
hole is the gravitational singularity, meaning that at that point, all
the concepts of three-dimensional space will disappear.
Reference: The world we see with our eyes similar to
be 3-D but it is actually made up of too many dimensions. We accept the
3D concept everywhere because it defines various equations and
theories.
Assumption:
If we apply map to multiplication criteria into black hole theory. May be we can find out some interest topics (see below):
I assumed 9 is a constant with the following formulation (refer to below diagram).
A vortex around of the black hole contained a strong X-ray. And therefore the black hole is in circle shape. And we can receive a quantification value. That is 360° degrees.
So, we can apply above mathematics theory.
360=3+6+0=9
I apply above mathematics assumption to above equivalent table (multiplication table created by the artist). Refer to below diagram. You will find that two line intercept point is not in the middle of the circle. When you comparing my prediction with existing detected back hole (see below picture). See whether is there coincidence of the current detected black hole Sagittarius A? The location of the black hole and sun looks have similarity. It is magic!
Conclusion:
Draft out above idea merely for personal interest. From technical point of view, the formula not in precise way and might have error. But the practice of scientific development and research keen to hypothesize boldly, and prove it carefully. Perhaps my prediction is not factual. But from my personal point of view, it is a good start.
Supplement: A theoretical proposal by Greenleaf et al. presented a strategy to build a wormhole for electromagnetic waves. Based on metamaterials, it could allow electromagnetic wave propagation between two points in space through an invisible tunnel.
Preface: Over 3,000 companies around the world to protect intellectual property and other digital content deployed WibuKey Digital Rights Management (DRM) solution.
Technical background: Keep documents safe and stay compliant, while protecting your digital assets without impacting productivity. Digital Right Management (DRM) solution is a file-based security system that prevents exposure of sensitive and confidential files by trusted insiders, business partners, customers and unauthorized people.
Vulnerabilities details: Cisco Telos security expert has discovered a vulnerability in WibuKey WIBU-SYSTEMS WibuKey.sys, which can be exploited by malicious, local users to gain escalated privileges.
