From bda886bbb27125c4253f0b2ce3199acf656287dd Mon Sep 17 00:00:00 2001 From: Jet Hughes Date: Thu, 14 Jul 2022 17:16:50 +1200 Subject: [PATCH] vault backup: 2022-07-14 17:16:50 --- content/notes/02-concepts-and-roles.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/content/notes/02-concepts-and-roles.md b/content/notes/02-concepts-and-roles.md index 38acb10f5..f27c13c80 100644 --- a/content/notes/02-concepts-and-roles.md +++ b/content/notes/02-concepts-and-roles.md @@ -11,10 +11,27 @@ tags: - [deakin university attack](https://australiancybersecuritymagazine.com.au/up-to-10000-students-targeted-in-deakin-university-cyberattack/) - staff credentials were leaked and acces to students information was gathered - [rusian hackers attack lithuania](https://www.reuters.com/world/europe/russian-hacker-group-says-cyber-attacks-continue-lithuania-2022-06-28/) -- +- [attacks against india](https://www.indiatoday.in/india/story/prophet-row-international-hackers-cyber-attacks-india-nupur-sharma-remark-1961941-2022-06-13) +- [retbleed attack affects AMD and Intel CPUs (spectre-based speculative-execution attacks)](https://thehackernews.com/2022/07/new-retbleed-speculative-execution.html) + # Vulnerabilities +- a potential weakness in an asset + - or in its defense security control +- e.g., flaws in software packages or an unprotected system port + +exploit is the technique used to attack + +- [RAND report r-609-1 (1979)](https://i.imgur.com/GEVLIq1.png) +- need to be aware of vulnerabilities + +e.g., +- websites can steal browser data via extension APIs # Security services and control +- services + - the intended security goal or property (C.I.C provides the three main security services) +- controls + - the mechanisms employed to implement the services # CIA