Unmanned Aerial Vehicles (UAVs) — also known as drones have operating systems, network connections and hardware which all have programmed code which can be just as easy to hack into like a computer.

Image for post
Image for post

Designers, developers and users of UAVs need to understand the risk profile of a specific UAV system, by addressing various system vulnerabilities, identify high priority threats, and select mitigation techniques for these threats.

At London’s Commercial UAV Show November 2019, the largest in Europe. I highlighted UAV’s security risks and recommended new security policies. DOWNLOAD Dr Ikhalia’s Presentation


Image for post
Image for post

When malicious hackers take over a website it is not a pretty picture and may cause a tremendous psychological, reputational and financial burden for the victim. In the early hours of Sunday, November 3 2019, I successfully recovered a hacked wordpress website from a criminal seeking quick advertising profits. Luckily, the site was only compromised at the application level, which gave me the chance to launch a recovery by accessing the server resources via SSH. …


Introduction

Blockchain is largely based on PKI (public key infrastructure) and some of the operational security challenges are due to its fundamental design. Transactions must be signed by a specific private key. To access a Blockchain data requires access to either the ledger file (stored on a number of servers) or access to the interface mechanisms placed over the Blockchain data. These interfaces are typically secured via a network credential system (linked to the corporate directory) or a custom password authentication mechanism.

These multiple security mechanisms have to operate without increasing the surface area for attacks while maintaining the security of a system that potentially contains data from other companies due to the consortium model that is typical of most BlockChain arrangements. Security mechanisms are the primary consideration when integrating highly secure, cryptographically-based BlockChain security protocols with other, potentially looser access and control rules in existing legacy systems. …


In the early years of my Cybersecurity journey, I published a paper on the need for two-factor authentication based on a conceptual framework. More than ever, my practical experience in the field raises serious concerns about the inherent insecure state of single-factor authentication (regardless of how strong your passwords are). In this short and sweet article, I explain the need for a dynamic two-factor authenticator system like Google authenticator for effective access control. Enjoy reading!

Two-factor authentication (2FA)ensures that your accounts are safe even when a malicious hacker gets hold of your primary login credentials (e.g. username/email and password).

2FA can be implemented through the following…


Image for post
Image for post

A Session Fixation attack allows an attacker to hijack a valid user session. The attacker explores any identified weaknesses in the way a Web application manages users’ session IDs, more specifically the session management issues of a vulnerable Web application. In this short and sweet article, I demonstrate a Session Fixation attack scenario and draw some vital lessons. Enjoy reading!

A typical scenario of Session Fixation attack goes as follows;

  1. The attacker visits a Web application which has inadequate session management and gets a valid session token.
  2. The attacker prepares a link to the application which contains the session token and sends the link to the victim (e.g. through a phishing email or via instant messenger). Since the link is to a trusted website, the victim suspects nothing and clicks it. …


Cross-Site Request Forgery (CSRF) is an attack that forces an end-user to execute unwanted actions in a Web application in which he/she is authenticated. In this short and sweet Web application security series, I describe the workings of CSRF by using a practical online banking scenario. I also highlight 5 key lessons from the scenario for security considerations. Enjoy reading!

A typical scenario of CSRF goes as follows;

  1. A user visits his/her online banking website which has CSRF vulnerability.
  2. The user realises that the website has newly been designed with a new interface and he/she cannot find the money transaction function on the new interface. …


Dr Joseph E. Ikhalia

This article will help you differentiate between the types of malware (viruses, backdoors, worms and trojans) based on their characteristics, behaviour, purpose and architecture. You will learn how malware can easily bypass antivirus software and more important, you will understand simple techniques used to remove malware from all your computing devices. Enjoy reading!

The term “malware” is the blend of two distinct words (malicious and software) and can be classified into two types; user-mode malware and kernel-mode malware. Kernel-mode malware corrupts the operating systems such as Windows 10 Pro, Windows 8 and Ubuntu 14.01. When the kernel-mode malware corrupts the kernel program that controls user-mode applications such as Microsoft Office, the link between the application and the OS becomes broken. User-mode malware relates to the corruption of specific application files e.g. …


The Creeper Virus 1971

Creeper, one of the first programs to resemble an Internet worm, definitely lived up to its name. Infected systems would display the message: “I’m the creeper: Catch me if you can.” The program would begin printing a file before finding another Tenex system, opening a connection, picking itself up, and transferring itself to the other machine. It would start running there, bouncing from machine to machine in a game of cat-and-mouse. Creeper’s actual level of damage is still unknown. …


Two weeks ago, I began a series on simple techniques you must implement to secure your WordPress website effectively. In this article, I dig a little deeper by elucidating four key measures I have used for clients over the years to secure their WordPress websites. These security measures include; keeping good home directory and webroot hygiene, disabling directory listing, installing wordfence plugin and backing up your wordpress website.

Keep Good Home Directory and Webroot Hygiene:

It is not enough to keep your WordPress website up-to-date with the latest software and plugins, malicious hackers can also exploit an untidy home directory to steal sensitive data and/or take complete control of your WordPress website. …


Over 30,000 Websites are hacked daily. The activities of malicious hackers cost the global economy over 450 billion dollars every year. In 2017, over 1.5 million WordPress Websites were hacked in one single day. Malicious hackers use sophisticated tools and techniques to scan the internet daily looking for vulnerable Websites. It is quite astonishing to know that every Website on the internet is important to malicious hackers notwithstanding their size or scale. If you have a WordPress Website, I hope you find these security measures extremely useful to safeguard your business and personal brand online.

  1. Make sure your admin username is hard to…

About

Joseph E. Ikhalia, PhD.

Cyber Security Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store