Saturday, June 29, 2013

Ignorance = no peace

"Where ignorance is our master, there is no possibility of real peace" (Dalai Lama). From ignorance comes fear, and this fear of the unknown sprout all kinds of reactions that make the human being unpredictable.

The dangers of cyberspace frighten governments, organizations and people of all kinds. Even the most senior military see as a priority need to create specialized cells in order to fulfill the lack of knowledge that exists about these threats. Now there are about 20 of them in the world and the Chairman of the Joint Chiefs of Staff of the United States believes that it is necessary to embrace this type of missions to protect the state itself and its citizens.

This speech will sound familiar to many of you because it is similar to the Obama's Administration regarding its surveillance program PRISM, a project which has created a social alarm regarding the right to privacy. For those Android users who want to hinder his communications they list a number of apps to encrypt our calls, SMS, emails... in

In this desire to know and control everything, University of Illinois has launched a project for any user to know how much his mail account would be worth in the black market. Through a service called Cloudsweeper they review his trays for passwords and user names to give them a value.

None of us can enjoy real peace as long as there are criminals determined to infect our devices. For example, with the Citadel Trojan that has adapted to different platforms and languages so you can display phishing pages tailored to each user regardless of their country.

Perhaps all this climate of insecurity around the Web is why people who demonstrate their skills and knowledge of cyber-threats and warn us about it are rewarded. We refer to a British researcher who has pocketed $ 20,000 for discovering a security flaw in Facebook.

In the end, union means strength to stand against fear or ignorance. Sharing knowledge is the best weapon to fight for the peace that the Dalai Lama spoke about. One of the placer to perform this is the oldest computer security and hacking congress in Spain, the No cON Name (NcN) which is closing the call for papers (CFP) next Monday 1st.

Wednesday, June 26, 2013

In the middle of chaos

Bob Dylan once said, "I accept chaos, I'm not sure whether it accepts me". We are surrounded by chaos. On the Internet, this results in massive flows of information, millions of human beings trying to raise their voices at the same time, a variety of constant security threats…

In fact, in South Korea they have started Tuesday with a great deal of confusion and bewilderment. Several governmental institutions and Korean media's websites have been victims of a coordinated attack coinciding with the 63rd anniversary of the Korean War.

Another situation to add to the ongoing chaos of the Internet is an spam attackwith pharmaceutical messages from Yahoo accounts that have previously been compromised. But it does not stop here, because the links they contain have been designed to infect Android devices with malware.

Also joining the party we have one warning from the US-CERT (United States Computer Emergency Readiness Team) warning about the dangers of not changing the default password that comes on all types of devices connected to the network. These passwords are usually included in public documents and, therefore a hacker who already knows that can locate those devices via Shodan searches and attack them.

And if taking care of yourself is not enough difficult into this mess, you must also keep an eye on the little ones. Security firm +Kaspersky Lab warns that one in seven Latin American children lie and cheat to get into social media without paternal permission. Also, over 16% of them visit porn sites or online stores. As usual, they recommend to restrict access to them through parental control software.

However there is a figure that appears to be above all this chaos. This is the CISO. Those security managers have the task to react quickly against Internet attacks and threats, or even anticipate to them. Sometimes they get to the point that their own peers may think they are mind readers. At least that is what happens to the protagonist of the video we bring you today.

Leaving the realm of fiction, we bring you the interview that Infosec Island have made to an actual CISO, the VP of Enterprise Security Services at the +Scotiabank. Throughout more than a dozen questions, he gives his views on the most demanded skills or technologies or the most dangerous threats nowadays.

Saturday, June 22, 2013

Sex & Drugs & Rock n'Roll

"Sex & Drugs & Rock & Roll". The title of this song popularized by Ian Dury in the 70's could well define the latest video that John McAfee, the creator of the first commercial anti-virus program, has launched.

In the short-film, McAfee satirizes the difficulty of removing this security product that bears his name, echoing supposed complaints alleged by users. He laugh at himself and at the criticisms that have been made about their lifestyle in recent times. He appears with weapons, some women from a Portland Exotic club, a white powder as cocaine, a lot of vulgar language... He has not worked for the business he founded in more than 15 year, and takes every opportunity to show their discontent with the way it has taken since he is not in charge anymore.

Major concerns, however, have the Spanish population. The concern about their data being stolen and used for fraudulent purposes has grown by 8% in the last year. According to a study of the technology company Unisys, today more than half of the Spanish population feels worried at the prospect of becoming a victim of fraud.

Precisely, the 6 million Facebook users' personal information has been exposed by a "down our content" tool's bug. Facebook itself has acknowledged that the application allow some users to get other user's email address or phone number. It seems that the reaction from the company has been quick and the problem has been solved.

Wednesday, June 19, 2013

Hackers and voyeurs

"I'm a real voyeur" (Janet Evanovich, American writer). At least there are people like Ms. Evanovich who openly acknowledge that fact. However observing what others do or say without noticing our prying eyes on them is more usual than ever. Reality shows, social networking, all those situations when we can secretly record videos or take pictures thank to technology…

IP security cameras were born under the aim to provide a costly security technology that only government institutions and large companies could afford to the common people. But the truth is that they can also be used by hackers to "observe" being unseen. According to a study by some students of the Master's in ICT security of UEM, many of these cameras' software contains vulnerabilities (7 of the 9 analyzed).

In fact, if we think about it, hacking has a lot to do with voyeurism. It's about accessing other people's computers, information, photos, videos, bank accounts… always with the aim to be undetected. They even can try to access your webcam without you noticing it. +Maligno Alonso explains that there is a bug in Adobe Flash Player that provide access to a webcam through a clickjacking attack. Although it was assumed fixed, its discoverer has rung the alarm again.

This sort of "dark techniques" are even more alarming when the victims are minors. They can lead to cases of 'grooming' or sexual harassment, cyber-bullying , humiliation, distribution of material between pedophiles and so on. Nevertheless the Secretary of State for Security, Francisco Martínez, has warned that the children themselves are the ones who often send photos or videos to strangers.15% of European minors (from ones who use the Internet) have ever done that.

There are other technologies whose growth also come along with risk. In this case, we mean the HTML5 programming. Its advantage is its all pushed to the client. It is precisely there where its dangers are found, as the security expert and writer Ericka Chickowski states in +Dark Reading.

If we want to clip these hackers or cyber-voyeurs' wings, we must evaluate the type of security we apply to our systems analyzing at least five of the premises listed in Segu-InfoAttackers have infinite resources, the "X" security control will keep my organization safe, security is a goal to achieve, the security can be "added", my organization is not on risk.

We should also be clear on what the most common threats circulating on the Internet are and how they are such as phishing, data loss, Wi-Fi signal theft, identity theft or malware. Today all of them are explained on EnfoqueSeguro.

Sunday, June 16, 2013

Time changes everything

“Time changes everything except something within us which is always surprised by change,” wrote British novelist and poet Thomas Hardy. It changes the way we know information, the meaning of trust and the way we perceive the threats. All of these are surprising changes, and that’s why we evolve: we change ourselves to get adapted to environment.

One of the great changes that has come with the new Millennium is the gradual disappearing of the mass media. Nevertheless, the classics are still a referral due to their reach. Last cover from +TIME magazine gives its front-cover to the leakers. Or, to be more accurate: to the geeks who leak. It’s another great change of nowadays: who generates information?

Does anyone think that hottest stuff is PRISM? Really? Maybe you’re out of date. Note that millenials generation has assumed in almost full that privacy age has been gone for never turning back, and three out of four don’t trust in websites to protect their information… but they keep buying and sharing online, daily. The data is from video infographic by Cisco Systems, launched early this year.

Yeah. Time changes everything. There was a time when we thought of antivirus and passwords as essential. However, pass go nowhere without a double-factor authentication, like TrendMicro exposes in a recent post at their blog. Regarding antivirus, Ricky M. Magalhaes asks in about adopting new solutions, and he explains why.

Thursday, June 13, 2013

Muhammad Ali & John Lennon

As Muhammad Ali said, "The man who has no imagination has no wings". The wings are used to fly, and when we talk about risk and information security, technology rather than going fast, flies. Therefore it is important to have imagination or we can not be able to reach the proper level. The imagination is a requisite to become a hacker. And also to deal with "evil".

With the use of imagination, Symantec boys ask for somebody to instruct "the grandpa'" about the importance of backup in one of their latest videos. Just a wrong click and the computer can get full of undesirable warnings and blue screens. And there are better options to clean the computer up than put it in the dishwasher, as the character of Symantec video does.

Lack of imagination would mean the end of malware. But "the bad guys" are always looking for new ways to reach the user unguarded. "As long as people insist on clicking on phishing emails, choosing weak passwords, and leaving their PC unprotected" the hackers will always find an entry point, says an interesting article on Cyber ​​War Zone explaining why a Facebook account if safer than a bank one.

Imagination and malice combined are capable of doing any damage. Contactless credit cards have been with us for about five years, but only now they begin to experience a boom. As usual, where money sounds risk appears as well as come experts like Martin Emms to avert it. He and his team at the University of Newcastle have just published a study detailing how they have been able to produce a phone that gets data from those credit cards: account holder, 16-digit number, expiry date… well, anything you need to drain an account in the blink of an eye*.

Imagination is a mandatory among legislators. For now, not least, the Europeans are trying to figure out which way the wind is blowing and raising penalties for illegal access to information systems or violations of security systemsIt would be desirable to not have to go patching but it is difficult because, as we said in the first paragraph, in security matter the technology flies: it has just introduced the new Apple's mobile OS, iOS7, and some people have already managed to break the unlock screen. And regarding the great competitor Android, some inconsiderate guy has managed to bring a vulnerability in the Linux kernel to all the previous versions of Android 4.2 Jelly Bean.

Conjure risks is possible but involves dedication, time and knowledge. As John Lennon sang in Imagine"you could say I'm a dreamer, but I'm not alone."Thousands of developers around the world are struggling to make Internet a space to "fly" and not a place where you get your wings clipped. They also know that perhaps they are dreamers, but surely they are not alone.