James Morley
Location United Kingdom
Achievements
Activity
-
James Morley made a comment
Lincolnshire Staff Restore System - I think that, as stated in the article, the IT department did handle the situation as best as they could have done for damage limitation. Some data was lost. The only thing that I can spot as what could have been done better, is staff training. The staff could have been trained on how to spot phishing attacks (not clicking...
-
James Morley made a comment
Some businesses perhaps do not understand or think that they will be the target of an attack. I think that sometimes, dependent on the industry, that there is an assumption that there will be no reason or gain from them to be attacked. Thus ignorance and no serious line of defence by businesses.
-
James Morley made a comment
8 out of 8! Boom! :-)
-
James Morley made a comment
Colonial Pipeline Hack
The data breach details are not too specific. But at a high level, it was reported that a “legacy” VPN network account access, that did not have “two factor” authentication was breached.
This attack would have most likely resulted from a social engineering phishing trick to get some sort of username for the VPN and a password. With... -
James Morley made a comment
Digital Security is becoming vulnerable for many organisations and individuals involving all sorts of systems. All these digital systems need to have adequate Cybersecurity protection to mitigate any future risks to all, as so not to suffer financially and reduce confidence and damage reputation.
-
James Morley made a comment
I think it will force us to take Cybersecurity more seriously. It must be addressed ASAP above the "fast to market" and "profit" objectives that are always a priority. Early adoption of the evolving ISO and SAE Cybersecurity standards and processes will help mitigate and address Cyber risks and vulnerabilities, that will also help and in parallel mitigate any...
-
James Morley made a comment
1. IoT devices have have both physical and digital components for connectivity and use within our world to make things more efficient and productive.
2. Care must be taken when designing and releasing IoT devices into the real world, carefully considering and distinguishing the "right to tinker" and "right to repair", with regarding ownership by a "user"...
-
James Morley made a comment
A very interesting example. I think that there must and should be some law (in all countries) for this type of system, so that the farmers must give consent about this data for John Deere to use... But, the consent, like all other things we all happily tick and agree to before proceeding (after pages and pages of legal text) will and may not necessarily...
-
James Morley made a comment
It's interesting to point out what is actually meant by "right to tinkering" in the context of repairing a device that has broken. It is good to see with the article on "right to repair" being allowed. I am all for that and this should be allowed, but will be only beneficial to people when products are out of warranty. Thus prolonging the life of your product...
-
James Morley made a comment
Generally, in the context of a "user" I think that the right to tinker should only be bound by needs and law. If a "user" decides to tinker by themselves, they could increase the risk of causing damage and in some cases harm to property or people, dependent on the IoT device HW and SW capability. They could also, if proven, be breaking a law.
Tinkering or...
-
James Morley made a comment
My opinion of the importance of the IoT has not changed. It is useful and important that lots of things are easily connected to make a number of processes more efficient and optimised to thus reduce waste and time. However, the applications of the IoT devices need to be very carefully developed with regards to Cybersecurity. If left vulnerable, the risk will...
-
James Morley made a comment
A "Ring" door bell camera has both physical and digital domain parts.
1. Physical camera for still and video image information in the digital domain (phone app)
2. Physical Microphone for sound in the digital domain (phone app)
3. Physical Button for notification that the door bell has been pressed as a notification in the digital domain (phone app) -
James Morley made a comment
1. Smart TV with microphone in remote
2. Games Console with microphone
3. Mobile phoneAll these have the potential to record and log your voice. This can then be used, as I'm sure is already used to target you for marketing and influencing you to buy specific goods and services. It can also be used to steal other sensitive information you share by...
-
James Morley made a comment
Connected devices to the IoT is a good thing with regards to logistics and gathering data to make processes more efficient and productive. But, at the same time there is a larger attack surface opened up, with vulnerabilities for Cybersecurity. This can thus be exploited in all sorts of ways to upset supply chains, deliveries etc. There are others that is...
-
James Morley made a comment
This was a great course and had a very good practical side to work on with regards to the VM machines with the Linux command tasks. Plus also about the SQL injection techniques for password extraction on Web Servers. The legal side and methodologies for Pen testing was a whole area that you could spend many more hours getting to grips with and understand...
-
James Morley made a comment
My opinion of Ethical Hacking has not changed at all from when I started this course. I wanted to know more about Ethical Hacking in general and this short course has introduced me to this area very well. It has given references for me to continue this learning outside of this course.
From an Ethical Hacking perspective, yes, it has given me the the...
-
James Morley made a comment
The current major challenges in Ethical hacking, I see, is the people and the skills required to perform the practical Ethical Hacking through Penetration Tests. Not to miss out the work prior to this on TARAs and Cyber Goals and requirements etc, to try and mitigate Cyber Threats and Risks.
Cybersecurity is becoming more of a need now that everything is...
-
James Morley made a comment
A great exercise and links to follow.
I have spent many hours setting this up on a PC to run the VMs, but well worth it. I have had to revisit it a few times, whilst trying to follow the rest of this course. The tasks are like an exciting clue hunting adventure that becomes addictive to pursue. I still want to continue this exercise to learn more outside...
-
James Morley made a comment
As I am not from an IT background, I found it difficult to go to any depth relating to PC servers and their networks. However, with my experience of my industry I used a high level approach which I think is common to all industries. A risk based approach to determine the vulnerabilities, cyber goals and requirements are needed to present the best Pen Test...
-
James Morley made a comment
A good high level of information. This is useful for assessing the impact of a real cyber attack and what is required when sourcing Pen Testers for a project.
-
James Morley made a comment
Running Penetration tests gives an organisation a "bench mark" on how resilient their system is or is not to find vulnerabilities that can be addressed. As said before by others, spending the money and time prior to launch will save money and reduce the risk of any breach in the future.
-
James Morley made a comment
A great course. Thank you.
-
James Morley made a comment
A great introduction course and a lot packed in at a good level to understand the fundamentals. As soon as ISO 21434 comes out, it would be good to include in this course as an appreciation of what is to be the standard for addressing Cybersecurity.
Thank you Future Learn and Coventry University.
-
James Morley made a comment
I think it is possible to proactively prevent Cyber attacks. As long as you have a process like the upcoming applicable ISO21434 for Automotive Cybersecurity, you have to stay on top and monitor the emerging threat landscape and adapt to defend. Failure to do so will result in a vulnerability becoming exposed. New threats and finding out this information can...
-
James Morley made a comment
1. The method of attack was a remote access and theft of company and personal employee data. Somehow, the threat actor (group) managed to gain access directly into the heart of Sony networks, which was publicly distributed.
2. Vulnerabilities exposed, embarrassment, financial and credibility damage to the company and its employees.
3. Data Access and...
-
James Morley made a comment
A good article by Infopulse. New terminology to learn.
-
James Morley made a comment
I think the challenges are: -
1. Standards and Legislation. This is being firmed up with European WP.29 Cyber regulations and the introduction of ISO/SAE 21434 Automotive Cybersecurity (2021).
2. Applying Cyber Risk Assessment, Goals and requirements with these standards as early as possible into the vehicle lifecycle as so to produce the best defence...
-
James Morley made a comment
Watch out!
SAE J3016 = Driving Automation Standard
SAE J3061 = Cybersecurity guidebook Standard -
James Morley replied to Robert McDougal
There is also an ISO/SAE Standard 21434 that is currently DIS and will be ready for the middle of this year. This Automotive Cyber standard has evolved from what is known and learnt from the the automotive functional safety standard ISO 26262.
-
James Morley made a comment
As more technology is added to our vehicles to make them comfortable, easy to use and connected, it makes them more vulnerable to physical and remote Cyber attacks. As with "vehicle safety", the standards and legislation for Cybersecurity are being enforced and mandated. But it does not appear to be happening quick enough to match the pace of the technology...
-
@AntalGoldschmidt Thank you.
-
James Morley made a comment
Both the input and output IoT devices have a great use in collecting data and providing remote control of items to make our life easier, for all sorts of leisure and commercial reasons. But, this tech has to be managed both safely and securely because of the risk of Cyber attacks.
If the products are not safe or secure, Cyber criminals could influence the...
-
James Morley made a comment
IoT devices are Smart Systems that are interconnected and can become part of a larger network of Smart Systems both wired and wireless. The tech is becoming more affordable, reliable and accessible. It's growth is becoming exponential and is enabling the collection of data for many purposes so that the consumer, manufacturer and service industry can become...
-
James Morley made a comment
These short courses with Future Learn and Coventry University are great. They are in manageable sizes that enable me to learn whenever I can during full time work and whilst I have a family to look after. I would love to do all of the programs and courses towards the Cyber Security MSc. I was wondering if there are other alternatives to the 1 year and 2 year...
-
James Morley made a comment
My response is that anything that becomes connected has the possibility to become compromised for misuse and must be taken seriously. The increase in connectivity is making more cyber attacks possible with a further reach. I think, in some cases, making it almost unnecessary for Social Engineering to be required as there is no "air gap" to bridge, thus making...
-
James Morley made a comment
Interesting to know about this other relevant legislation. I wonder how difficult the scoping becomes when pen tests are done for systems that reach outside to many countries that have different or inadequate laws? Sounds like the scoping could take a long time when seeking approval from a number of countries involving legal teams.
-
James Morley made a comment
Cybersecurity is becoming more and more important in our world today. Virtually everything is becoming connected in some way or another, but with the ever increasing demand and pressure to release products and services into use, security is one of the things that does not get the attention that is required to defend against attacks. All too often...
-
James Morley made a comment
Black Hat Hacker is unethical. Illegal.
-
James Morley made a comment
Interesting to know that Social Engineering can and must play an important part in the way to get into some systems. In some cases it must be essential to "bridge the air gap" to get connected. In "big hack" news from around the world people have usually been persuaded and tricked to assist by a number of means, like phishing, plugging in purposely left over...
-
James Morley made a comment
Agreed and understood.
-
James Morley made a comment
I think this depends on the context of the statement. If this is said by a person who has just been caught Hacking unethically, then its totally unethical. If this is being stated by a person working for a company of ethical hackers, then its ethically OK so that they are gaining the knowledge to learn about vulnerabilities.
-
James Morley made a comment
Teaching people how to break into their own systems enables them to know more about the physical and software vulnerabilities with regards to Cybersecurity. It is from this that the "Risk" and cybersecurity goals and requirements can be assessed and defined, so that risk mitigations can be introduced as early as possible in the product lifecycle. So, when the...
-
James Morley made a comment
Hi all, I am very much looking forward to this course introduction. FutureLearn has opened up an easy portal for me as I work full time. I am really interested in increasing my learning in Cybersecurity an being able to apply it to my role in employment and industry. I think, even though Covid19 has impacted face to face learning, the ability to learn with an...
-
James Morley made a comment
I am curious as to how much time they both had to work on this attack. It seems like there was some very detailed knowledge obtained and some insider information. Surely all this was not done with "public domain" knowledge and brute force penetration? Although the attack was done remotely via the cellular network, it does not seem like a particularly trivial...
-
At a high level, I agree with comments about the joint responsibility. The owner should arrange ASAP to go to the local "approved" dealer/garage and the OEM should ensure that the owners are notified ASAP via their contact details with customer acknowledgements. Traceability of this process will be important in all cases for both the customer and the OEM in...
-
James Morley made a comment
Hi, I am a Chartered Electronics Engineer in full time employment with JCB Excavators in the UK with almost 20 years experience. I decided to join the course to help me give something back and help a younger generation to get inspired to one day become engineers. I am hoping to learn about improving myself further, to help run a Code Club I am already part of....