Revolution Against Cyber Thefts

In 2000, couple individuals at Signal Lake were sued for $25 million by a man named Suni Munshani.   He alleged that Signal Lake’s officers promised him a large amount of asset.     Munshani provided an email that purportedly sent from the dependents as the proof for his allegation.   The court ordered security professional to investigate and concluded that the plaintiff altered one of the emails the dependent sent to him.   Although this does not relate to repudiation, it brings an important aspect of non-repudiation.   (memecrunch.com) Repudiation, in short, is the denial of any wrongdoing , which is the very first thing anyone would do when they get caught doing something illegal.   Professional hackers learn to cover their track very well.   Likewise, security professionals learn to track.   For the email tampering case I mentioned, the defendant would not win the lawsuit if old emails weren’t available for invest...

Alright, let me get back on track.  This week, I'd like to continue to the "T" mnemonic of STRIDE: Tampering.  It is a little bit more difficult to find information about data tampering comparing to Spoofing but let me share what I know.  Tampering can be either physical tampering, electronic tampering, or digital tampering. Physical Tampering In the 1990s, 1980s, or even before that, there were a few car dealers and private owners sold their cars with lower mileage than what they had.   Later, it was found that the odometer could be rolled back.   Since then, the mechanism has been improved and it is more complex for mechanics to change.   Other car-related tampering includes car door lock and starting tampering.   In fact, I had done this on my own car once about over 15 years back.   I left my key somewhere which I thought it was in the car.   After a few minutes playing around with the door with what I can find in the parking lot, I ...

Hi again! This week, I want to deviate to a slightly different topic, system analysis.   I was analyzing the Harry & Mae's Inc system from the given document, which you can find it here: http://content.bellevue.edu/cst/cybr/shared-resources/harry-and-maes.  The provided information is not very concise, and it is not possible to get the exact system state without a walk through the facility in person.  Until then, I have several assumptions about the unknowns, which I want to express them here while they are still relevant .  Harry & Mae's Inc has over 400 employees.  Its primary business is diner franchise.  The company also provides credit card merchant to its 100 plus franchise owners across Pennsylvania, New Jersey, New York, and Delaware.  The company's physical security is very strong for its type of business.  On the contrary, its network security is considered insufficient. For physical protection, the entire campus is inside ...

On week one, I briefly mentioned STRIDE as a method for threat identification. From this week, I want to go into a little more detail on each of its Mnemonic.  First, let's talk a little more about STRIDE.  In security , there are three fundamental aspects of the asset when speaking of security.  They are Confidentiality, Integrity, and Availability, which are referred to as the CIA triad.  To protect the asset means to protect its confidentiality, integrity, and availability.  STRIDE provides six ways to identify threats that would target the three areas. Spoofing: pretend to be someone or something that has legitimate permission to access the asset.  It is one of the ways to break the confidentiality . Tampering: ways to change the integrity of the asset. Repudiation: ways to obtain proves of violation Information Disclosure: access restricted information without permission (confidentiality) Denial of Service: ca...