Spear Phishing Anyone?

April 12, 2016 at 7:31 pm

Spear Phishing

Spear Phishing Review:

If you took my CompTIA A+ 220-902 course, you remember we discussed spear phishing. As a quick review, phishing is when we have email that looks legitimate, but is really faked. It is typically an attempt to gain our personal information, or to spread malware at the very least. Spear phishing can be much more successful since it will be much more targeted. The emails might look to be from people you know in your organization, or they might already have some information about you so they look even more legitimate.

Spear Phishing in Action:

So how could something like this happen…really! Well let’s examine a recent case of it!

Here we have the true story of Charles Harvey Eccleston, an environmental scientist formerly employed by the Energy Department and the Nuclear Regulatory Commission. For unknown reasons, but enough to really anger him, Eccleston was terminated from the NRC in 2010.

Fast forward to April 2013, when Eccleston offers to provide an unnamed foreign government with more than 5,000 email addresses of all Energy Department employees for $19,000. He indicates that if the foreign government does not take the offer, he will offer the information up to China, Iran or Venezuela. He is of course selling the email addresses so that they may launch spear phishing attacks.

Thankfully the FBI catches wind of this and sets up a sting operation. In January 2015, the FBI has him target more than 80 Energy Department employees in Washington and at four national nuclear labs. The spear phishing emails contain what Eccleston thinks are links to malicious websites.  He is led to believe that, if activated, the sites could infect and damage computers. Obviously the FBI ensures that no malicious code ever gets transferred. The FBI pays Eccleston $9,000 for the fake operation and thanks him for the 1,200 email addresses (they already had!).

Eccleston now enjoys 18 months in prison for pleading guilty in February 2016 to one charge of attempting to damage protected government computers. Oh yeah, and he also has to pay back that $9,000. 🙂
Cisco Expert Level Training Programs for CCIE Routing and Switching v5.0 468x60 white

Not Your Grandfather’s CompTIA A+

March 23, 2016 at 6:15 pm

Comptia A+

When most of us think of A+ we immediately think – “oh yeah – that is the cert where you learn to build and support a PC.” That is certainly what I thought when I was thrilled to receive the teaching assignment for CBT Nuggets. Boy – have times changed! First of all – it is no longer one exam – it is two. There is 220-901 and 220-902. And most importantly, the topics really do hit the most important in our industry today. Check out some of the themes I was thrilled to teach in this exciting new cert:

  • Blade servers
  • TCP/IP
  • WiFi
  • WiFi Security
  • End System Design
  • Mobile devices and BYOD
  • Virtualization
  • Cloud Computing
  • Network Security
  • Linux
  • Mac
  • Windows
  • Troubleshooting. Troubleshooting, and More Troubleshooting
  • Communication Skills for IT

This certification is so impressive, and a better first step into the industry than ever before!

Register Today: What’s New With A+ Webinar

January 25, 2016 at 5:28 pm

The new CompTIA A+

CompTIA recently revamped its A+ certification exam. Learn about new topics and expectations for the revised certification and its two exams. Join us for our January 26 “What’s New With A+” webinar to learn more!

During the 30-minute webinar, trainer Anthony Sequeira will discuss the changes to the A+ exam, why the certification holds value for IT pros, and more. And bring questions, as Anthony will answer as many as time permits. Thinking about CompTIA A+ certification? You don’t want to miss this webinar.

What: What’s New with A+ webinar
When: 10 a.m. (Pacific Time) Tuesday, January 26, 2016
Register here.

Mark your calendars and we’ll see you there!

PC Expansion Cards for CompTIA A+ (220-901)

January 23, 2016 at 7:34 pm

Enjoy this sample from the new CompTIA A+ (220-901) course at CBT Nuggets. This exciting new course completes on February 15, 2016.


UEFI – Unified Extensible Firmware Interface

December 27, 2015 at 7:26 pm

UEFI

UEFI Overview:

Your PC needs software to make it usable. Specifically, it needs software to control things before the Operating System software can take over. The BIOS or UEFI are options for this software. They allow you to control powerful characteristics of the machine, and they may also contain diagnostic and testing software for the system. A great example of using this software is to set the boot order of the device. Should it try and find the operating system for boot from a USB device first, or should it use the local hard disk drive first?

The Details:

Why did engineers try and improve upon the existing Basic Input/Output System (BIOS) by creating the UEFI? Here are just some of the reasons:

  • They wanted better security; they wanted to ensure they could better protect the pre-boot processes on the PC
  • They wanted to make faster start times possible for a PC
  • They wanted to improve the ability of a PC to resume from hibernation
  • They needed to provide support for hard drives larger than 2.2 Terabytes
  • They wanted to provide support for 64-bit firmware device drivers
  • They wanted to create new software that would be backwards compatible with hardware reliant on a BIOS

The UEFI is controlled by the Unified EFI Forum. This forum is an alliance between many PC giants, like Apple, Dell, Microsoft, etc.

Unlike the BIOS, UEFI does not rely on a boot sector. The UEFI specification uses a boot manager as part of the UEFI specification. When a computer is powered on, the boot manager checks the boot configuration and, based on its settings, loads and executes the specified operating system loader or operating system kernel. The boot configuration is a set of global-scope variables stored in NVRAM. This includes the boot variables that indicate the paths to operating system loaders or kernels.

Operating system loaders can be automatically detected by a UEFI implementation, which enables easy booting from removable devices such as USB flash drives. This automated detection relies on a standardized file path to the operating system loader, with the path depending on the computer architecture. Booting UEFI systems from GPT-partitioned disks is commonly called UEFI-GPT booting. It is also common for a UEFI implementation to include a menu-based user interface to the boot manager, allowing the user to manually select the desired operating system (or system utility) from a list of available boot options.

Want more information? Wikipedia has it here!