Name: S.

Ram Sandeep Kumar

Id : 700759940
Intro to information Assurance

Access Control Homework

1. Open the article https://frontnet.eu/reveal-all-hidden-passwords-in-any-browser/

and follow the steps to reveal at least three of your passwords. List which apps you were
able to find your passwords. Additionally, list which websites/apps you were able to find
your email and provide 5 measures that can be implemented to secure your account.

Ans. These are the 5 Websites names and the link pf the websites are shown email breach data
DE Hashed https://dehashed.com/
Intelligence X https://intelx.io/
Mx toolbox https://mxtoolbox.com/emailhealth
BREACHDIRECTORY https://www.breachdirectory.org/
Ashley Madison Emails https://ashley.cynic.al/

Here, some of 5 measures that can be Secure your Email accounts from Hackers
 First a fall Use strong password and do not use the same passwords for many
accounts.
 Strong Password consist of Upper case, Lower case, Special characters, and
Numbers combination of all together become a strong password.
 Enable your two-factor authentication.
 Turn on Enhanced Safe Browsing for Get faster, protection against dangerous
websites, downloads, and extensions when you signed in.
 Identify phishing frauds.
 Do not click the links from mails which will be like untrusted emails and do not
download any software or application from unknown mails.

2. Read three recent news articles about passwords and write a brief summary. Include a
reference to each article.

Ans. Article 1: “Netflix to start charging US customers for sharing account password”

For a time now, Netflix has been developing a plan against password sharing. A third of
all US subscribers engage in this behavior, and now Netflix will tax them for it.
Netflix informs all US users through email that single-family accounts are the only ones
available. In order for the person you want to share Netflix with to able to pay for their
own membership, it says that you can use thee profile transfer facility that was
introduced last year.
 Reference link: https://www.techspot.com/news/98801-netflix-start-
charging-us-customers-who-share-account.html

Article 2: “Thinking about a password-free future? Not so fast”

In the modern world, passwords are a typical problem that requires frequent updating
and complicated process. With billons of devices relying on passwords for encryption
and authentication, the epidemic has made the issue worse. The goal of password less
authentication techniques like passkeys and biometrics is to make it easier to access
internet accounts. As they safeguard the underlying mechanisms that link the modern
world of networked gadgets, passwords always require a backup.

Password are built for security with over 1.1 billion websites and native applications.
Because current solutions don’t offer a complete end- to – end solution for identity and
access management, a future without passwords seems doubtful. By generating secure,
one of-a-kind passwords, keeping them in a secure location, and activating multifactor
authentication, users can protect their online experience.

By eliminating the need to establish or remember passwords, password mangers can

make using the internet easier. We must keep developing password less solutions while
also assuring secure transactions because passwords are still required by billions of
websites, systems, applications, and devices.

Referencelink:https://www.bangordailynews.com/2023/08/31/opinion/opinion-
contributor/thinking-about-a-password-free-future-not-so-fast/

Article 3:“it’s a Zero-day? It’s Malware? No! It’s Username and Password”

Cyber threats are evolving, with adversaries using stolen or weak username and
passwords as powerful weapons. This article highlights the importance of robust
measures to protect Active Directory environment’s an introduces “Silverfort Unified
Identity Protection”.

Stolen login information can result in unauthorized access to networks and systems,
giving attackers access to confidential information. Cyber threat detection relies on
spotting flaws in activity, but existing security and identity management solutions are
unable to differentiate between authenticating in a secure manner and authenticating
with hacked credentials, potentially denying the former and allowing the last option.
Keyloggers and memory dumps on hacked computers are only a couple of the ways
hackers might acquire compromised credentials. This highlights the importance of
taking proactive security measures.
the importance of the fact that modern web and SaaS platforms have built-in MFA
capabilities, Active Directory (AD) setups frequently lack native multi-factor
 authentication (MFA) support, rendering them extremely susceptible to attacks utilizing
stolen credentials.
Simply actively protecting against misuse of stolen credentials, a serious concern in
cyberattacks, Silverfort Unified Identity Protection helps improve AD security.

Reference link: https://thehackernews.com/2023/09/its-zero-day-its-malware-no-

its.html

3. Read three recent news articles about Biometrics and write a brief summary. Include a
reference to each article.

Ans.
Article 1: “Musk’s X to collect biometric information and employment data”

According to an update to its privacy policy, X, the formerly Twitter social media site, will
soon begin gathering biometric and employment data from users. The modifications will
take effect on September 29. Biometric data may now be saved and utilized for safety,
security, and identity purposes, according to the company's privacy policy. Since platforms
often rely on biometrics like fingerprints and facial scans for authentication, it is unclear
how X wants to exploit biometric data. X could ask users to switch on their camera in order
to gather biometric data through images or videos. The business might suggest jobs based
on user preferences and employment history, potentially positioning the app to compete
with LinkedIn, which is controlled by Microsoft.
Beyond social media, texting, and audio content, X continues to expand its impact into
industries including finance and employment. The first acquisition made by X under CEO
Elon Musk since the purchase of Twitter in 2022 was the job recruitment tool Laskie last
year.

Reference link: https://www.cnbc.com/2023/09/01/musks-x-to-collect-biometric-

information-and-employment-data.html

Article 2: “New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint
Brute-Force”

BrutePrint is an inexpensive attack method developed by researchers that bypasses

biometric authentication restrictions by taking use of two zero-day flaws in the smartphone
fingerprint authentication framework. Due to inadequate security of fingerprint data on the
Serial Peripheral Interface (SPI) of fingerprint sensors, the vulnerabilities Cancel-After-
Match-Fail (CAMF) and Match-After-Lock (MAL) exploit logical errors in the
authentication framework. Between the fingerprint sensor and the Trusted Execution
Environment (TEE), BrutePrint serves as a middleman, enabling the attacker to submit as
many fingerprint images as necessary until a match is made. The configuration needed for
the attack, which calls for a threat actor to have the target device, consists of a
microcontroller board and an auto-clicker that can steal fingerprint sensor data for as little
as $15.
BrutePrint was tested against ten different smartphone models, resulting in an infinite
number of Android and HarmonyOS attempts as well as ten more iOS device attempts. The
information was discovered as a group of researchers described a hybrid side-channel that
employs "browser-based pixel stealing and history sniffing attacks" against Chrome 108
and Safari 16.2 by taking advantage of the "three-way tradeoff between execution speed
(i.e., frequency, power consumption, and temperature) in modern system-on-chips (SoCs)
and GPUs."

Reference link: https://thehackernews.com/2023/05/new-bruteprint-attack-lets-

attackers.html

Article 3: “FTC Warns About Misuses of Biometric Information and Harm to Consumers”

The growing collection and use of customers' biometric data and related technologies, such
as those driven by machine learning, has prompted the Federal Trade Commission (FTC) to
issue a warning. These developments raise serious privacy and data security issues for
consumers. Data that shows the physical, biological, or behavioral traits, qualities, or
measurements of the body of an identified or identifiable person is referred to as biometric
information. According to Samuel Levine, director of the FTC's Bureau of Consumer
Protection, businesses must abide with the law regardless of the technology they employ.
The FTC is dedicated to stopping unfair or deceptive activities and practices involving the
gathering and use of biometric data from consumers as well as the promotion and use of
biometric data technologies.
Consumers are exposed to new and growing risks as a result of the collection and use of
biometric data. These risks include disclosing sensitive personal data about themselves,
having large databases of biometric data targeted by hackers, and some biometric data-
using technologies having higher error rates for specific populations. When determining
whether a company's use of biometric data or biometric information technology may be
unfair and in violation of the FTC Act, the FTC will take into account a number of factors,
including whether foreseeable consumer harms were considered before collecting biometric
data, an assessment of the methods and capabilities of third parties, the provision of
adequate training for employees and contractors, and ongoing monitoring of biometric data
technologies.

Reference link: https://www.ftc.gov/news-events/news/press-releases/2023/05/ftc-warns-

about-misuses-biometric-information-harm-consumers
4. Research the Bell-La Padula Security Model and complete the second table.

Ans. In multilevel secure systems, confidentiality is guaranteed through the Bell-LaPadula

security model, a state machine model. A subject with a lower security level cannot read an
object with a higher security level since it is based on the no read up concept.

• You wish to implement a Bell and LaPadula model of security for this system. Fill in the
access rights (R and/or W) permitted by the model for each subject/object pair in the
access matrix below.
Obj1 Obj2

Subj1 Can not read Can read

Subj2 Can read Can read