SVSU CSIS Department offers Study Abroad program

The SVSU Computer Science and Information Systems Department has offered a Study Abroad program geared towards students who are interested in the new Cybersecurity Minor. The Study Abroad trip is ran in conjunction with, and will satisfy part of the requirements for, the CS232 (Cybersecurity System Administration) course. The deadline for signing up for this Study Abroad trip is December 15th, 2016.

The Study Abroad trip includes attending the BSides Las Vegas security conference in addition to the largest security conference in the world – Defcon. More information about the program, costs associated with the program, and what the trip entails can be found here:

http://studyabroad.svsu.edu/index.cfm?FuseAction=Programs.ViewProgram&Program_ID=36142

Cybersecurity Minor

As previously announced, the Cybersecurity Minor has passed and is in the process of being added to the catalog and other areas on the SVSU web site. In the meantime, below are the courses, their prerequisites, and when they will be offered:

CS232 – Cybersecurity System Administration. Pre-requisite: CS105. Offered: Fall semester (starting Fall 2016).

CS233 – Cybercrime. Pre-requisite: CS232. Offered: Winter semester (starting Winter 2017).

CJ315 – Private Security. Pre-requisite: None. Offered: Fall and Winter semesters.

CS333 – Forensics. Pre-requisite: CS216 and CJ315. Offered: Fall semester (starting Fall 2017).

CS433 – Cybersecurity. Pre-requisite: CS333. Offered: Winter semester (starting Winter 2018).

D-Link says sorry for shoddy security and sloppy patching of its routers | BetaNews

“D-Link has issued an apology to its customers for an on-going security issue with many of its routers. A problem with the Home Network Administration Protocol (HNAP) means that it is possible to bypass authorization and run commands with escalated privileges.

The list of routers affected by the issue is fairly lengthy, and D-Link has already issued one patch. But rather than fixing the problem, last week’s update left routers wide open to exactly the same problem. As it stands at the moment, a firmware patch is still being produced for a total of 17 routers. In the meantime, all D-Link has to offer is an apology.”

D-Link says sorry for shoddy security and sloppy patching of its routers.

HP Awards $240K for Firefox, IE, Chrome and Safari Exploits | eWeek

“On the first day of the Pwn2Own event, HP awarded $317,500 for exploits against Adobe Flash, Adobe Reader, Microsoft IE 11 and Firefox. The second day saw no new Adobe exploits, as researchers turned their attention back to the browsers, with new exploits reported against Firefox, IE, Chrome and Safari.

A security researcher identified by HP only as ilxu1a delivered the first exploit of the day with an out-of-bounds memory vulnerability in Firefox that took less than one second to execute. For his efforts, ilxu1a was awarded $15,000.

All told, Mozilla Firefox was exploited twice at the Pwn2own 2015 event, with exploits demonstrated on both days of the event, for a total payout of $70,000. Mozilla is no stranger to Pwn2Own and is often the first vendor to patch issues that are first disclosed at a Pwn2own event.”

HP Awards $240K for Firefox, IE, Chrome and Safari Exploits.

Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy | WIRED

Interesting claims made by both sides:

“A Southern District of Texas judge sentenced Salinas earlier this month to six months in prison and a $10,600 fine after he pleaded guilty to a misdemeanor count of computer fraud and abuse. The charge stemmed from his repeatedly scanning the local Hidalgo County website for vulnerabilities in early 2012. But just months before he took that plea, the 28-year-old with ties to the hacktivist group Anonymous instead faced 44 felony hacking and cyberstalking charges, all of which were later dismissed. And now that his case is over, Salinas is willing to say why he believes he faced that overwhelming list of empty charges. As he tells it, two FBI agents asked him to hack targets on the bureau’s behalf, and he refused.”

Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy | WIRED.

Bank Hackers Steal Millions via Malware – NYTimes.com

In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.

[…]

The majority of the targets were in Russia, but many were in Japan, the United States and Europe.

No bank has come forward acknowledging the theft, a common problem that President Obama alluded to on Friday when he attended the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He urged passage of a law that would require public disclosure of any breach that compromised personal or financial information.

Bank Hackers Steal Millions via Malware – NYTimes.com.

Health insurer Anthem hit by massive cybersecurity breach | Reuters

Health insurer Anthem Inc (ANTM.N), which has nearly 40 million U.S. customers, said late on Wednesday that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees.

[…]

The information accessed during the “very sophisticated attack” did include names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, the company said.

Health insurer Anthem hit by massive cybersecurity breach | Reuters.

DailyTech – Appalling Negligence: Decade-Old Windows XPe Holes Led to Home Depot Hack

It wasn’t ShellShock or HeartBleed that caused credit card woes within Home Depot – it was continuing to use an outdated, unsupported operating system. Yikes! Sadly, this is one of the reasons why Target was targeted (pardon the pun) as they were also using Windows XP Embedded. If you happen to see a point of sale cash register using Windows XP, it might not be a bad idea to pay cash instead of swiping your credit/debit card.

DailyTech – Appalling Negligence: Decade-Old Windows XPe Holes Led to Home Depot Hack.

This Week In Credit Card News: The Costly Home Depot Breach, Are Chip-And-PIN Cards Safe?

“The fallout from the Home Depot data breach is starting to be felt by financial institutions. Credit unions have spent nearly $60 million to reissue cards, deal with fraud and cover other costs as a result of the breach.”

This Week In Credit Card News: The Costly Home Depot Breach, Are Chip-And-PIN Cards Safe?.