Tuesday, December 31, 2013

12 grapes, 12 links

Bye, bye 2013! Each of you may have your own opinion about the year that ends today. Indeed today is a day to take stock. Therefore, we will collect  the 12 news on information security and cybercrime that have interested you most over the past 12 months.

Monday, December 30, 2013

The color of cyber threats

The color of cyber threats

“But what is of great importance to me is observation of the movement of colors.” said French artist Robert Delaunay. In information security field, there are dangers and threats of a wide range of colors. Observing where they come from and where they are going to is a paramount issue.

Red has always been the color of a warning light. This red bulb turned on in the BBC last week when they realized that a hacker managed to take over one of their servers and was selling access to it on the black market. It is unknown yet if he finally got to make some sales, but the British media conglomerate’s security team claimed to have secured the affected FTP server.

Sunday, December 29, 2013

Top 5 infosec links of the Week (VI)

Learn from the mistakes of others , disappear Internet , the value of geo data card , the rising price of Bitcoin and Typosquatting. The five top post this week.


We begin the article with the words of the guys from Dark Reading, recently surprised us with the lessons we should all learn from the five most notorious attacks this year: Cryptolocker , New York Times, Bit9 , the DDoS operations and South Korean blackout. No waste.

Saturday, December 28, 2013

Fools Day

”Sometimes it's better ear pure wit and tongue almost silent, clean innocent witness courage, that curiosity eloquent.” We begin today's article with the words of Garcilaso de la Vega, in the hope that it will serve us to this day, we miss going to do ...


Can you imagine what would happen if Apple took out a Nexus terminal iOS 7? The controversy is served. From those who appreciate the fluidity of apple operating system and security based strict control to those who would threaten the freedom and customization that Android offers.

Friday, December 27, 2013

A new year, new life

Forget everything you know. Forget everything you've learned so far. Maybe in 2014 it will not do any good. Just do yourself one question: where would you have invested $ 100 during the last year? Maybe most of us give an inadequate response.

CoinsAccording to market prices, the best investment in 2013 would have been the bitcoins. They’ve experienced an appreciation that few of us have dared to estimate when this year started walking. Catch this: a 5.000% according to an estimate published in Forbes, ie your $ 100 a year ago would now be near $ 5,000. The other rising values, all of them technological ones, have also experienced increases, but none as extensive as those of 2013 virtual currency par excellence. Another spectacular rise at the same rate of growth but with a much younger stock trades, is Twitter: more than twice that of its debut on the stock exchange on 7th November.

Thursday, December 26, 2013

Privacy in danger of extinction

"Privacy matters. Privacy is what allows us to determine who we are and who we want to be." One of the protagonists of this year, former NSA analyst Edward Snowden, has decided to compete with the speeches of the King of Spain or the Queen of England to convey his concern over the gradual loss of privacy suffered by citizens worldwide.

UK’s Channel 4 was chosen by Mr. Snowden to broadcast the message that he wanted to deliver to humankind yesterday. "A child born today will grow up with no conception of privacy at all. They'll never know what it means to have a private moment to themselves... an unrecorded, unanalyzed thought." In this situation, the whistleblower urged society to find a balance between trust “we place both in the technology and the government that regulates it.”

Tuesday, December 24, 2013

CIGTR wishes you a Merry Christmas

CIGTR wishes you a Merry Christmas

Today is Christmas Eve. For some, a endearing date. For others, an evening dedicated to melancholy. In any case, tonight officially begin the holiday season, a time where we look back and we take stock of the year which it is about to finish.

That's exactly what Edward Snowden has done. The individual who leaked documents that proved the questionable practices carried out by the U.S. National Security Agency, said in an interview published in the Washington Post, that for him, "in terms of personal satisfaction, the mission is already accomplished." In his particular Christmas gift he affirmed that he is not trying to bring down the NSA, but he works for improving it. “I am still working for the NSA right now. They are the only ones who don’t realize it,” says former analyst.

Monday, December 23, 2013

Do not steal my identity!

Can you imagine you are trying to pay some Christmas gifts with your credit card and mysteriously is out of credit? In this case, it is very likely that you have suffered an identity theft.

Perhaps most of these situations do not become as extreme as you can see on the trailer of the comedy movie that comes with this post, but the United States Department of Justice warns that such practices increase at Christmas time. In fact, 11 million and a half people in that country are victims some fraud from identity theft every year.

Sunday, December 22, 2013

Top 5 infosec links of the Week (V)

Joke Security Predictions, ATMs fail, malware, different views on the Deep Web and the use of well-known brands to spam attacks are the top five articles that you like, and therefore we bring in Article of Sunday. Mindful that started.

Cybersecurity is not to take it with humor, but it is the large group of articles appearing over the holidays with the predictions of next year. Javvad Malik cybersecurity expert parodies in the video that accompanies this collection some of the most common. Did you know that intelligence agencies ... will continue spying? :)

Saturday, December 21, 2013

When the security is not so.. safe

”The only secure system is one that is off inside a concrete block protected in a sealed room surrounded by armed guards.” So clear and direct Gene Spafford was shown a decade ago the question of which system was really sure. And yet, I would add that you forgot to remove the power supply.


So long ago, and we continue with the same old problem. Security systems that have become the mainstay of communication and information in our society, and can be attacked at any time, the most unlikely way possible, ignoring all the measures that seem insurmountable, as recently shown by several researchers University of Baltimore. All iMac and Macbook OS X devices before 2008 have a bug that allows an attacker to record with the webcam without turned on alert.

Friday, December 20, 2013

What a lottery: chances and money

Next Sunday Spain holds Christmas El Gordo Lottery, one of the most expected and well linked to collective memory events on these holidays.

Although the amount of the jackpot is not, even remotely, the highest current gambling, this draw is such that "El Gordo" (literally, ‘The Fat’), has gone beyond its current definition and also serves to define something unexpected, both if it is very good news as if it is a very bad. By definition, the Information Security has to deal with the bad news ;-) And when speaking of lotteries we are talking about two things: probability and money. So, and like ‘El Gordo’ deals five top prizes, these would be the five biggest prizes today.

The first prize goes to last credit and debit cards security breach which we mentioned yesterday Thursday, and it has undoubtedly become this weeks news. The number of cards affected rises to 40 million, and the attack has been such that the experts agree on two things: first, that this is a turning point in the financial threat, and the second, and this is really a Christmas “Gordo”, that they can’t explain how this breach could happen.

Let’s hand second prize to the president of the Israel Space Agency, Yitzhak Ben-Israel, who is also one of the most renowned international experts in cybersecurity. In a recent interview for the Colombian El Tiempo, Ben-Israel reviews the four major types of current threats (cyber criminals, mafia organizations, ideological struggle, and States). And if probabilities are the key point, the expert pulls no mincing words: "We are all exposed to cyber attacks."

The third prize goes to one of the most persistent attack ways over the years attack: Denial of Service or DDoS. The Computer Emergency Response Team (CERT) in Poland has just detected a new specialized malware on Windows and, catch this, Linux systems, to put millions of computers slaves for this kind of attacks. Again, be careful where you click, the risk is just around the corner.

We must give the fourth prize, sold in the same location as the first one, to all those guys who strive to repeat again and again the advices to avoid theft of information. CNN’s economic section summarized them in four steps, which may seem too basic but that is why they are often forgotten: first, check the current account regularly; second, contact your bank, or your credit card company; third, replace your card or change your PIN code; fourth and finally, hire a fraud monitoring service.

The fifth prize is the less substantial, but we must monitor it closely because tomorrow it may be a resounding "Christmas Gordo": the virtual currency Bitcoin. Two scares have just whipped its users: the suspension of operations by China largest operator, China BTC Exchange, and the detection of a new version of the Gameover malware, which in turn is an evolution of scary Zeus Trojan, and could be related to that suspension of operations.

Unlike what happens with the lottery, you have high chances that you touch any of these awards. So do not let your guard down, it is also your responsibility.


We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Thursday, December 19, 2013

Mum, I don't want to go to the school toda

Mum, I don't want to go to the school today

Who has not ever felt overwhelmed by finals during his student days? Surely more than one thought about delivering a false bomb warning to provoke the evacuation of the building and basically not take the test (or at least delay it).

Though one thing is to fantasize about it and quite another to put it into practice. A Harvard student faces a sentence of up to five years in prison for sending an anonymous email with a bomb threat that had the authorities at bay for several hours. He tried to hide his trace using the Tor network, but unfortunately for him, the university tracks all connections to Tor from its facilities.

Wednesday, December 18, 2013

Some predictions and a looking back

The current year is almost done so it is time to make predictions towards 2014. In recent days, many security experts are releasing their forecasts for the next year. In fact, we have mentioned some of them in our latest posts.

Nevertheless, for information security expert Javvad Malik the conclusions of this kind of exercise are usually quite obvious. In the video that accompanies these lines, he parodies such predictions, for example, by stating that Government spy agencies... do spying.

Tuesday, December 17, 2013

Don't be so naive

Don't be so naive

Smartphones have been a while with us, but many people still use them with the innocence of a child. They are not aware that someone could spy their calls, their messages or their online activity.

Not even the encryption system used by most of telecom companies, known as A5/1, is safe. In fact, the U.S. National Security Agency has the means to decode billions of calls and messages sent by citizens every day, according to an agency’s internal document. How many secret services around the world will have also developed this tecnology?

Monday, December 16, 2013

Let's tell lies

Let's tell lies

“Profit is sweet, even if it comes from deception” wrote the poet from Ancient Greece, Sophocles. Surely the vast majority of cybercriminals would agree with this statement, because their business is held on lies and fraud.

A large number of the scams experienced by users begins with an unsolicited mysterious email. A highly attractive promise is made to the receiver in this email in order to fool him. Thus, the innocent victim will eventually provide personal data, click on malicious links, or even open some malware attached. To make the whole pantomime a bit credible it is usually shield behind premium brands or important events.

Sunday, December 15, 2013

Top 5 infosec links of the Week (IV)

Undercover agents in cybercriminals campaigns, Christmas cards, predictions for next year, sexting and hacked user studies are the most burning issues in a week comes to an end. Collection item voted by you.

We started Monday knowing the history of Michael Adams, an undercover agent who has spent four years in a fraud scheme of sale of false documents through internet that caused losses of more than $ 50 millions.

We continue with the predictions made ​​us Websense cybersecurity, which predict more targeted attacks than advanced malware threats in the next year. The ransomware and the cloud will be other aspects to deposit our resources.

Saturday, December 14, 2013

Security Trends "Made in Spain

”When fortunes are made in war, war becomes a business”. A declaration of intent by Christian N. Bovée, one of the most critical American writers of the nineteenth century, predicting what would future wars.

This week has been in the news, among other things, the coming-out of a Spanish company, 11Paths. For those who do not know them, stay with Chema Alonso and Informatica64, from a few months ago under the aegis of telecommunications giant Telefonica.

In the event, along with a panel of leading figures from the world of security, were revealed some trends to consider in the coming years, together with the presentation tools also "Made in Spain" for the international market.

Cloud Computing Security: In a world where companies are using the benefits of the cloud, and with knowledge that increasingly, information is compromised in such architectures, is evident the need to propose good cloud security measures. Require insurance provider environments, not forgetting internal company policies.

Pentesting by design: It is anecdotal that day after day we see the flight of millions of customer data in large Internet services, the attack on critical infrastructures that support our way of life, the constant danger of APT, and in many cases, still maintain security outside the software lifecycle. Pentesting by design is a methodology, adding the figure of the audit in every design process of a system. An integration should start at time 0, and accompany our services until they become obsolete.

Auditoría persistente: Why should we feel safe audited every year after our services have prepared for two weeks to the test, when the attackers will not notice, or they will spend more than two days to carry out the attack? Infosec as a service, a concept that involves the development of automatic methods of testing, would work 24x7x365 continuously testing our systems. A much more realistic test, monitored, and if anything, positively affect the company's business.

In addition to these trends, it is necessary to mention two services that are new. For one, free delivery of a portable Foca Final Version, which is to "kill" Foca Pro, one of the tools Figerprinting best known in our country. And secondly, welcome a new service, Latch, which proposes "a new way to democratize security the connections we make with our digital accounts", so that we can "turn off" access while we need not use them, include a verification system in two steps, or prohibit the activation of some services in our bank accounts, websites or social networks just move a scroll in a our mobile application. A simple idea, open to anyone and with Spanish label.


We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Friday, December 13, 2013

Take care where you click

Grandma got phished by a hacker browsing through the sale sites Chrismas Eve, you may think there’s no such thing as security, but as for me and grandpa we believe. It’s the joker tone and lyrics from a cartoon video by IT University at Rochester. Christmas is coming soon, and with it, there’s also coming loads of bad clicks in the wrong places and you’ll get a dull Christmas.

Of course, sometimes the bad guys have it easier than ever. Android user? Have you ever downloaded an application outside the official circuit? Well, you can be sure (really sure), that you’ve got malware on your smartphone or tablet. That is not what we say, that’s what Arxan Technologies says in a document: 100% of paid Android applications off-Google Play have been hacked. iPhone user, perhaps? Well if you've left the App Store you’ve got half chance that you’ve been infected.

Thursday, December 12, 2013

Yummy candy

Yummy candy

Cybercrime is like some yummy candy for too many people. Internet crimes are increasing in number and variety despite efforts to combat them. The losses that this kind of criminals cause worldwide are count for millions of dollars.

Therefore, it is not surprising that almost a quarter of British users claim that at least one of their internet accounts was hacked. Hotmail, Yahoo and Facebook are the most affected services, but cybercriminals also seek accounts directly related to financial data such as Paypal and eBay.

Wednesday, December 11, 2013

Dad, that's not right

Dad, that's not right

"Dad, that's not exactly true. Let me explain it to you." Young people are better at adopting technology and, in many cases, in a position to lecture their parents about its risks. We already have the beginning of a conversation between father and son, let’s see how it could follow:

Son - Dad, actually the risks of Android have been a bit exaggerated. It is an open environment, so, of course, it is more likely to be attacked than others, but its main two risks are in its app store called Google Play and in its large amount of different devices and OS versions.

Tuesday, December 10, 2013

At the cybersecurity market

At the cybersecurity market

“A market is never saturated with a good product, but it is very quickly saturated with a bad one” (American industrialist, Henry Ford). Thus, in the black market of malware, we would say that a product is good if is highly effective, flexible, hardly detectable, and so on.

Walking among the stands of this market, you can find some trojans, malware kits, ransomware, and even zero-day vulnerabilities. In fact, the kilo and a half of this type of product is usually sold at prices ranging between $ 40,000 and $ 160,000. Sometimes, it could even reach one million dollars, according to a study by NSS Labs security consultancy.

Monday, December 9, 2013

Change: an essential factor in cybersecurity

“If you do not change direction, you may end up where you are heading” (Chinese philosopher, Lao Tzu). Therefore change is essential in redirecting our path.

With this thought in mind, eight of the leading Internet companies have formed a bloc to ask a Global Surveillance Government Reform to the U.S. administration. AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Yahoo and Twitter say in a public letter that "it's time for a change". It is their way of pressuring Washington after the news on surveillance that were released last summer.

Sunday, December 8, 2013

Questions of the week

Questions of the week - Preguntas de la semana

To find the right answers, we must ask the right questions. So today we will answer key questions about the topics that most took your attention throughout this week.

What can someone learn about you from the metadata that you generate? In light of the news that Australian surveillance services offered ‘bulk’ amounts of metadata of its own citizens to foreign agencies, the journalist Oliver Laughland describes the type of information that he generates in 24 hours. From tweets, emails or SMS to Visa transactions or the location where he creates his documents.

Saturday, December 7, 2013

Mum, when I grow up, I want to be a cyber policema

Mum, when I grow up, I want to be a cyber policeman

“It is a lot harder now to be a police officer than what it used to be” once said U.S. action actor Steven Seagal. Indeed it is certainly true that cybercrime puts it increasingly difficult to police.

Fortunately, the police forces are more and better prepared to deal with such threats which are easily spread around the globe. Therefore, to combat them it is required a high level of coordination between different countries, institutions and private sector. In fact, collaboration between the FBI, the Europol and a number of technology companies like Microsoft, has been indispensable to the partial takedown of the ZeroAccess botnet, which was mainly focussed in stealing user data and increasing advertising spending through fraudulent clicks.

Friday, December 6, 2013

Infosec Constitution

Today Spain celebrates the 35th anniversary of the referendum that allowed the nation, in 1978, be provided with a Constitution that ended nearly 40 years of dictatorship and political obscurantism. 35 years later, many items may be subject to revision. In the areas that we usually take, there are some sections that are perhaps more times into question, such as Section 18. Let's see them.

Section 18.1: the right to honor, to personal and family privacy and to the own image is guaranteed. Continuous espionage scandals that have rocked this year 2013 are enough to put on the table these rights, and to deepen their compliance. The renowned cryptographer Bruce Schneier says, in a recent interview with the TV magazine MotherBoard, that privacy is a right so high that sooner or later the citizens themselves will put a stop to the atrocities that have been experienced since the fateful September 11 2001.

Section 18.2: The home is inviolable. No entry or search may be made without the consent of the householder or a legal warrant, except in case of flagrante delicto. That's what the paper says. The reality of today tells us almost the opposite: if ADSL or any connection is considered a gateway to the house, well, that’s continually violated. One of the continuing unlawful accesses are cybercriminals seeking to gain control of our bank accounts. In this sense, Russia has announced the arrest of 12 leaders of a cybercriminal group precisely dedicated to fraud via Blackhole exploit kits.

Section 18.3: Secrecy of communications is guaranteed, particularly regarding postal, telegraphic and telephonic communications, except in the event of a court order. That secret is roughly fulfilled (see Section 18.1), but in any case, if something is secret in our digital communications, we must refer to passwords. Recall the ideal: one for service, and combining uppercase, lowercase, numbers and special characters. If that secret falls, all others fall. The specialist Eric Chabrow reviews on GovInfoSecurity the lessons learned from the recent security breach of 2,000,000 Google, Facebook, Twitter and LinkedIn accounts. The main one: do not use the same password for personal and business affairs. That let’s jump into the next item.

Section 18.4: The law shall restrict the use of data processing in order to guarantee the honour and personal and family privacy of citizens and the full exercise of their rights. Today’s limitations on the use of information not only affect personal and family privacy. If there is a raging debate in recent years, that is the use of personal devices at work (the BYOD phenomenon). Is there a limit? For now it is the kingdom of contradictions. In Spain, for example, several companies are aware of the risk, but they do nothing about it... and they are not thinking in any improvement, at least according to a recent survey.


We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Thursday, December 5, 2013

Tell me where you are

Tell me where you are and I will tell you who your friends are. If you think about it, is not completely obvious, but this statement may have some truth.

In fact, this is the main motivation for the massive collection of geolocation data gathered by the NSA. U.S. National Security Agency collects no less than 5,000 million location records of mobile devices outside its borders a day. They argue that it is legal and that allows them to track targets and find hidden relationships with other individuals.

Wednesday, December 4, 2013

Fantasy or reality?

“All fantasy should have a solid base in reality” said the English writer Max Beerbohm. Sometimes fantasy can even be put into practice to make it become a true reality.

A few days ago, we saw how Amazon tests drones for delivering your orders. Well, both this company and others must act carefully because some people have already found a way to hack those drones. The engineer Samy Kamkar developed SkyJack, a drone that is able to detect other of its kind and hack them to gain their control. Thus, SkyJack could compose a zombie army with several of these devices. It sounds like science fiction, but Kamkar recorded the video that accompanies these lines to demonstrate its potential.

Tuesday, December 3, 2013

If your grandparents saw it

If your grandparents saw it|Si nuestros abuelos lo vieran

How would be your grandparents’ face if they saw the kind of threats we deal with in this century? Surely, many of them, who witnessed several regime changes and civil war lived, will not quite understand anything.

Actually, not everything is so different than it was a century ago. There are still governments determined to control and put limits on what people say about them. What changes now is the type of media restricted, which is the Internet. In this sense, China boasts of having eliminated rumors from the web as a consequence of a major "cleaning” campaign carried out through sanctions and arrests.

Monday, December 2, 2013

Security in perspective

Security in perspective|Seguridad con perspectiva

“Distance not only gives nostalgia, but perspective, and maybe objectivity” (Robert Morgan, American poet). Today we write this article from a cable car in the spirit of bringing you the latest of computer security with greater perspective, although we hope not to transmit you even a hint of nostalgia.

From the cable car chair, we can admire a colorful blanket and notice a slight smell of curry. We arrived to India! Around here, the security company Symantec warns that cyber attacks are not just targeting computers or mobile phones, but surveillance cameras circuits, medical devices and smart TVs.

Sunday, December 1, 2013

Personal information and privacy

Hiring hackers by the army, the weakness of our digital privacy, industrial control systems, cybersecurity and assaults of the NSA. Vital part of all those entries that have more valued throughout the week, and as has become usual, we bring you the top 5 collection. Hold on to what you can.


The democratization of information systems in industry, coupled with the expansion of the same for submission, put in the center of any objective industrial control systems, critical elements of our society, and suggest new ways to deal with them.

Saturday, November 30, 2013

The price of the currency

The cash is for ruined. The opulence is no longer measured by the money you have to pay, but by the ability of moratorium with cards you have.


The words with which we began this Saturday come from Juan Cueto, director of Canal Plus, and have become obsolete in a few years. The reason for this decline as early live day after day in the news, with the rise of online payment methods, and in particular the rehabilitation of digital currency par excellence, the bitcoin.

Friday, November 29, 2013

Risky Business

“Cyber risk is also to stay apart from globalization if we don’t understand cybersecurity”, says the CISO of global leading BBVA’s Group, Mr. Santiago Moral Rubio, at one of the roundtables held yesterday in #ciberseguridadenempresas event (cybersecurity at enterprises). CIGTR.info was there tweeting about it all along the morning.

131107 1410 Andromeda Lightning talks Recording on 2013-11-07 1405-Vimeo from Øredev Conference on Vimeo.

Globalization is already a non-discussible fact. Everything happens everywhere, every time, and we don’t need to be where things are going: finding information is all we really need. What can’t be shared via Internet, it doesn’t exist. What is going through networks, it survives. For example, the tons of videos that allows us to know closely the Øredev developers seminar, held in Sweden early this month, from where we extract the lecture shown below these lines.

Thursday, November 28, 2013

Keeping an eye on the future

“The only thing we know about the future is that it will be different” (Peter Drucker, Austrian lawyer and author). Mr. Drucker’s statement is not a very compromising one. However you should commit in terms of security so it is necessary to analyze the present to prevent threats from the future.

Nowadays, one of the actual dangers are trojans, which have become a real headache for banks. The last one which has been discovered storms the stage. It is called NeverQuest and is designed to grab all the data entered in 28 different sites. It could even snatch the dubious distinction of being the most widespread banking trojan to Zeus and Carberp.

Wednesday, November 27, 2013

Your work away for lack of prevention

Your work away for lack of prevention|Tu trabajo a la basura por no estar prevenido

“A destruction, an annihilation that only man can provoke, only man can prevent” (Hungarian writer, Elie Wiesel). Therefore, the power to prevent third parties from reducing your company to a pile of rubble is held by the management.

We should be on alert of a long list of threats on the Internet. For example, the distributed denial-of-service (DDoS) attacks that can shut down an organization’s networks. Having a plan of action in such cases may be essential, although 45% of corporations, surveyed by security networks company Corero, claim not to have a roadmap to follow in such cases.

Tuesday, November 26, 2013

The smell of cyber threats

The smell of cyber threats|El olor de las ciberamenazas

Margaret Thatcher once said, “I seem to smell the stench of appeasement in the air”. We live and do business in a world of constant change. In the computing and security environment, change turns to be a whirlwind that destroys anything which does not adapt to these changing times.

What would the Iron Lady say if she knew that 8 out of 10 companies are satisfied with their current security systems? Only 13% of them have made drastic changes in their security approach ove the last 2 years.

Monday, November 25, 2013

We are a bunch of exhibitionists but we don't know it

“Thanks for invading our privacy. I’ll call the police if you do that again”. This was the reaction of one of the individuals who was bothered by the social media experiment made by the American comedian Jack Vale (watch the video).

But Mr. Vale just approached to some strangers with information that they had already fully shared in public on social media. It is very interesting to see the reaction of surprise from those who did not understand how this stranger knew so much about them. They were not aware that when they publish a photo of their dog on Instagram or write a tweet their mother's birthday, they are giving up their privacy.

Sunday, November 24, 2013

Top 5 infosec links of the Week (III)

Crowdfunding serving professional killers, Google and Microsoft’s measures against child abuse, the Cyberpol creation, arrest of 5 suspected cyber-criminals and hacking through public wifis, were the topics that most caught your eyes this week.

'Assassination Market' is a website that promotes the murder of specific people, mainly politicians suggested by its users. They crowdfund each target’s assassination in bitcoins. Thus, its creator’s aim is to destroy “all governments, everywhere."

Saturday, November 23, 2013

Cyber-criminals' modus operandi

“What worries me is the professionalism of everything” (Scottish writer, Irvine Welsh). Especially the professionalization of cybercrime has become a problem that is increasing.

In the breathtaking video that accompanies this post, we are privileged to witness some of the techniques used by thieves in this century: from stealing credit cards or credentials to using call centers or hiring mules to make it difficult to track the money. In this way, the protagonist kneaded € 100,000 to buy a sports car.

To protect their users from some of these dangers, Twitter has strengthened all it’s traffic with the Elliptic Curve Diffie-Hellman (ECDHE) cipher suites that generate a randomized key per session that is shared between the browser o app and Twitter’s servers. But these ones don’t exchange the key in full.


We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Friday, November 22, 2013

Light vs. Infoxication

British writer Andrew Lang said that "an unsophisticated forecaster uses statistics as a drunken man uses lampposts for support and not to light”. The tide data about the information security of is so huge that if we are not able to analyze it properly, we can end up like "drunks" on information. Just on piece of that, from the video below these lines: cybercrime generates more than 1.5 million victims... every day!

In order to enlighten rather than drunk, the Electronic Frontier Foundation (EFF) has just published the results of an investigation aimed at Internet giants on the adoption of five basic steps to ensure the encryption of files shared by its users. Among the results they are included some striking features: full compliance from companies like Dropbox or Google vs. the almost total failure of others like Microsoft, which does not encrypt the data center links, and doesn’t supports nor strict HTTPS (HSTS) neither STARTTLS. You’ve got all the information compilled in a very clear infographic.

Thursday, November 21, 2013

If you took a cab in the Internet

If you took a cab in the Internet

“Please, stop the cab. I leave here”. Can you imagine a taxi driver who says “no”? “Look, I better bring you to the other side of the city and then we will go to your destination”.

Well, something similar has happened throughout this year with blocks of data sent over the Internet. Instead of following the shortest route to their destination, the Border Gateway Protocol (BGP) routes were modified to divert them to Belarus or Iceland before reaching their destination, presumably intended to modify or monitor them.

Wednesday, November 20, 2013

The dark side of crowdfinding

“Is anarchism possible? The failure of attempts to attain freedom does not mean the cause is lost”, affirmed the German anarchist Johann Most. Today we witness the latest try to finish with governments and politicians carried by a supposed anarchist.

'Assassination Market' is a website accessible through Tor network that encourages crowdfunding in bitcoins  to promote murder of the politicians suggested by its users. Thus, its creator is intended to destroy “all governments, everywhere".

Tuesday, November 19, 2013

Stones on the path

Protection against child abuse

This is how our faces look every day when we take a look at the latest news about Internet security. Sometimes the surprises that we find are not very pleasant. However, there are others that draw us a smile.

That is the case of the announcement made by Google and Microsoft regarding child abuse. They plan to put all the stones in the path of potential pedophiles seeking this kind of material on the Internet. They will not present results for about 100,000 terms in 158 languages ​​on their search engines. For now, it has only been launched in the UK.

Monday, November 18, 2013

The Police of this century

Interpol GCI Headquarters in Singapore

The police need to come down to street level”, said the British fashion designer Alexander McQueen. But  due to the expansion of the Internet the police is needed to patrol the cloud and the cyber networks as well.

For this purpose, European and Asian Interpol’s divisions have met in Singapore in order to determine how they will fight against cybercrime from their new headquarters which will be placed in that country.

Sunday, November 17, 2013

Top 5 infosec links of the Week (II)

Personal information exposed, phishing in mobile devices, companies forcing password resets for security flaws and secure web development tutorials. These are the topics that have applauded this week, and that we offer at the Sunday Post as a weekly compilation of the top 5. Are you ready?

Saturday, November 16, 2013

Cybercrime and Cyberdefense

"Trust in the goodness of others is no small testimony of his own goodness".

Saturday started with a quote from Michel De Montaigne, that it serves like a corollary to the topics to be discussed below. Cases such as a new scam campaign that is plaguing our inboxes, with emails like "suspicious contract (WARNING)". A campaign that warns us to be on the verge of losing the opportunity of a lifetime. The Nigerian scam by downloading an application that comes with “present”.

Friday, November 15, 2013

Go weekend! Go reading!

“You push it, stretch it, it'll never be enough. You kick at it, beat it, it will never cover any of us. From the moment we enter crying to the moment we leave dying, it'll just cover your face as you wail and cry and scream.” It's a mythical scene from 'The Dead Poets Society', the quintessential film to develop the love of reading. So if you are one of those who can enjoy a long, relaxing weekend, we do not want you to get in, without getting a few readings that may be very useful to you.