Hacking defense data-Impact of information outpouring of Scorpene in this era of hacking and cyber-terrorism, a data stealing might be a great loss for a country rather than a war. The developed nations had been disbursement billions or Trillions for their defense sectors. The rivals rather than directly attacking the nations, began to compromise the security of their data. A few of day’s back Indian Defense sector were appalled once 22,400 pages of information on Scorpene Submarine were leaked.
The GDPR is a Data Protection Regulation (EU 2016/679) adopted by European Union on 2016 and comes in to effect by 2018. The existing Data Protection directive (95/46/EU) will be replaced by GDPR on 2018.
The GDPR focuses on Individuals Data Privacy Protection within and outside European Union and plans to unify the regulation between all Member States. So, the same regulation will be applied across the member states which provides the ease of binding actions during the Investigations & Sanctions. A Supervisor Authority (SA) is appointed for each member state to handle the Investigations on complaints and Administrative Offences. The SA’s are given power to impose administrative fines.
War dialing is a process to dial any number with the use of a modem or a VOIP service in order to detect the terminal devices. In case of a modem, it automatically starts dialing a list of telephone numbers in order to search for computers, servers and fax machines, however, in case of VOIP a communication protocol IAX (Inter-Asterisk Exchange) is used for transmitting telephony session between a VOIP server and terminal device. It involves dialing any unknown telephone number, waiting for one or two rings and hanging up the connection once the phone to rings twice. Any modem or fax machine will answer the phone on the first ring and the hacker will make a note of that number. This facility can also be used to detect any unauthorized devices connected to a network which could possibly serve as an entry-point into the system.
Many a times while conducting a penetration test for a client with large infrastructure, subnets ranging from /16 to /19 (CIDR notation), it is required to determine the web applications that are running on ports 80, 443 (and other non-standard ports). The tool Eyewitness can be used to capture screenshots of web applications, server header information, to identify default credentials and instances of directory listing. This tool creates a report in .html format. It enables a pen-tester to concentrate on important and high risk targets rather than spending time opening applications in web browser.
Please refer to below link for EyeWitness 2.0 Release and User Guide:
[Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance.