Thursday, October 31, 2013

Count of Mirabeau 2.0

Honoré Mirabeau 4“The greatest danger of governments is wanting to govern too much”. Just by following news you could think that this is a Today’s quote. Well, it’s not. Its origin is the Illustration and is attributed to Count Mirabeau, who died in 1791.

Is it applicable to today? The leaks "machine" called Edward Snowden gives more and more headaches to a government that apparently wants to govern too much. Yesterday, the Washington Post published a dizzying story: it is not as large technology companies are under suspicion for alleged collaboration with U.S. intelligence, but even without such collaboration, the NSA had been constantly and permanently eavesdropping Google and Yahoo servers, intercepting all. “All” also means personal communications. The U.S. government, of course, has emphatically denied so great accusation.



If that were not enough, worldwide espionage operations could explain part of the suspicious activity increase in Tor network, supposedly spy-tested. Governments are not alone. They are accompanied by cybercriminals (unlikely traveling mates), which would have seen Tor as a chance to spread malware. The presence of malware on the “onion” network is not new, but it is this increased use linked to criminal activities. Could that be why rulers want to rule too much? Would Count de Mirabeau think the same today, if he must face the challenge of managing security?

This challenge is so large that Security Intelligence explaines, half joking, half serious, 9 reasons why a security officer (CISO), needs a hug: nobody understand him, their environment is always changing, its ROI is difficult to prove, etc. One sample of this changing environment that any CISO deals with is the evolution towards biometric security systems. Hispanic blog Security By Default analyses this trend, wondering if we are prepared for a technological standardization. So, to make life easier, as well as hugs, we must innovate through tasks automation. That’s what a recent survey of Tufin Technologies reflects, after interviewing more than 500 security directors and managers.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Wednesday, October 30, 2013

Double-edged Fame

"A sign that is worn own fame is taking care of the infamy of others" (Baltasar Gracian, Spanish writer). Is it enough infamy to have 15,273 negative votes (and growing up) on YouTube? And what if your name is Keith Alexander and you are about to leave one of the institutions that today are in the spotlight?

Well that's the number of "dislikes" accumulated by almost outgoing director of the NSA, in an interview published in the audiovisual channel by the U.S. Defense Department, and conducted by one of its journalists star, Jessica L. Tozer: "Sarcasm. Science fiction. Games. Geek staff" she says in her Twitter profile @JLTozer.



But we must also note that while NSA gets all the blame, others are getting away with exactly the same thing. We mean: Russia itself. In the last G20 meeting its intelligence was distributing flash drives with malware designed to steal information. It raises two questions: first, those delegates accepting such a poisoned gift are certainly unprepared; second, did the authors of the idea really think that they were going away scot-free?

The great debate that the Snowden issue has put on the table is privacy. Is it possible the anonymity on the web? Anyone is able to secure a noninvasive online experience? Are they both compatible? Splitting hairs, RSA Conference Chairman, Art Coviello, draws an explosive headline in his opening event keynote: "Anonymity is the Enemy of Privacy." Jumping from event to event, and staying at the safe online experience, Net Security echoes of one talk during the last DefCon, which reveals how a technology as obsolete as the phone can pose a problem for many companies more serious than the malware. How is it? Combining it with social engineering techniques.

You can also qualify as real engineering to generate easy money, the last operation of phishing that uses the American Express Company. A clean message with a credible link that silently injected Javascript code and ends asking the user credentials, everything seemingly in safe navigation. Watch out where you click. It’s always better to prevent. The next step is infection: the latest Adobe security breach reported that 3 million customers exposed data. Well, they are not so many, they are even more: up to 38 million, as just has revealed the prestigious journalist Brian Krebs. When something like this happens, you must treat that others infamy is not excessive, or you will spend your own fame.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Tuesday, October 29, 2013

Forever Friends

131029 Amigos postOne of the best known sentences by American singer Bruce Springsteen is that "friendship keeps you from slipping into the abyss". Perhaps in these times we would have to rewrite the sentence and replace by "indiscriminate Facebook friendship can take you into the abyss". 12 out of 100 netizens acknowledge having ever suffered the kidnapping of a social account. The "yes to all", including requests for friendship, is often behind these incidents.

"Do not accept friendship from random users", assets Pierluigi Paganini in his last post about social networking security. It is not the only statement, and almost all are built on negative: do NOT click on shortened links whose source you don’t trust, do NOT enter your password into a URL that does not match the social network, do NOT share your location, do NOT , do NOT, do NOT...

Sure it would NOT matter us a lot, since they are no more than the basics of online security, if not because Barack Obama himself partly has suffered Twitter and Facebook kidnapping. It was only a few hours, but there is the medal for the Syrian Electronic Army, which also gives a technique and perfectly transparent explanation of how they came to commit URL shorteners used by the White House team, which is what they really hacked.

However, Obama's biggest concern these days is not that, but the continued outbreak of spying scandals on governments of the Atlantic Alliance. For now, the governmental line is that Obama knew rather little of this "intelligence mess", and if he would know, he would have stopped it, because it is meaningless to spy on friendly nations. The "enemies"... well, the enemies have got spy tactics that sometimes roam the improbable: may someone imagine a cuppa sending data via integrated chips that use our WiFi vulnerabilites? Well, it is happening, and it appears, with the support of Chinese espionage.

Big Data Fever? For a large majority of people, security is more in their day to day than in those big power struggles. It’s in things like saving money from robbery. OK, that’s also for them: the ATM specialized malware Plutous, which began in Mexico, has "mutated" into English-spoken. It’s not enough to defeat malware once, we must do it again and again, and this is an arduous task. Whether cash or mobile phones, which is precisely the object of study of a new whitepaper by Help Net Security: "Top mobile applications security threats". The applications are like friends: if you choose then well, you will prevent falling into the abyss, otherwise they will push you.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Monday, October 28, 2013

Spy me if you can

It’s my first class of the semester at New York University. I’m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly. I’m being hacked — and only have myself to blame.

Last article by Professor Adam L. Penenberg begins with vibrant. It tells how he challenged months ago Nicholas Percoco, senior vice president of Spider Labs, and his ethical hacking team, to perform a personal penetration test (or personal pentesting). It was not the first time for him to do something similar: 15 years ago he asked a detective to figure out details of his personal life, and well, he did, using only information available and accessible via online.

Certainly in the cloud there is more information than we would like to imagine. Spanish researcher Chema Alonso boards on his last post a thorny issue: the amount of e-mails from Gmail that are available to anyone. He adds a mocking headline about the current trend of naming "leak" to anything : "79,400 Gmail URLs indexed in Google is not a leak". Interestingly, after this incident to notify Google, and the "evasive" answer from the big G, 50,000 of those URLs are volatilized.

The most serious incident in the cloud over the past weekend has been starred by an unofficial descendant of another Google service, Reader. Some Feedly users saw their accounts started spamming Facebook with messages without rhyme or reason, or were told that they were sharing very freak content. Feedly immediately cut the bleeding, but still thousands of users have had to manually delete their publications.

And the worst news in Spain, home of this Research Center, was released yesterday by the newspaper El Mundo. It was not unexpected, but even that it’s a great scope (and scoop): as it was easy to imagine, the NSA also spied million phone calls in Spain, up to 60 in one single month. The headline has been collected even by some English-language media, including NBC News. To top it, the NSA itself has gone to the news this weekend because of an alleged unlawful access to their servers. The Agency said it was nothing to care about, but a scheduled and controlled system break.

We talked at the beginning of this post about cloud security. Let’s close it the same way, thanks to the new whitepaper by Help Net Security, entitled "Security and the cloud, a perfect matching pair”.


---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Sunday, October 27, 2013

A smart spy system

John Fitzgerald Kennedy said that ”An intelligent man is one who can be smart enough to hire people smarter than him”, that extrapolated to the cyber security takes on new value even more disturbing.

We arrived Sunday, a day to relax and break the routine. But also a day to sit at the table and talk with the family. Therefore, to ensure we are well informed about today's post we structure around a short wiki about complex programs American spy system.

If you have to start somewhere, is to control networks. A strategy used before the popularization of computers, taken to the extreme by the British government with the Tempora operation, taking advantage of its central geographic position in the framework of transatlantic networks linking America, Asia and Europe.

Controlled the middle, now need to obtain the information, and for this are responsible several different projects. If we wish to access the databases of Internet companies, Prism suffice to use, a back door between business and government agreed to this fact.

If our objective is to analyze emails and conversations, we must use XKeyscore, a monitoring center and categorization of metadata. Hundreds of computers that work together to process large volumes, and archive what could be interesting.

What do we need to access data that the user or the service has encryption? Don´t worry, for this we have Bullrun and Edgehill, two programs prepared to skip encrypted, either taking advantage of the immense control that has always had the NSA on computer security, either through access agreements of the companies that provide these services.

And finally, and to make life easier for the interested in what belongs to others, we will access to this spy network with a beautiful interface, which is called UTT, able to segment by areas, priorities or professions, in order to complete searches without even having to know the name of who seek.



We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Saturday, October 26, 2013

Ready for the revolution

”I feel it is a far more potent political act to completely renounce the current paradigm than to participate in even the most trivial and tokenistic manner”.

The sentence accompanying today's post is not coming from the mouth of a distinguished philosopher, but someone of our time. Russell Brand calls for revolution, a peaceful revolution by the return of control of our privacy.

A problem that affects us all, and has driven the President of Spain, Mariano Rajoy, to convene the U.S. ambassador to demand an explanation, right after it came to light the NSA spying leaders of half the world.

A privacy than, say, enjoy in all Indian Prime Minister Manmohan Singh, which is reluctant to use new technologies, and therefore does not count or even with an email account or mobile phone.

And is that the movements of the NSA are currently over the weekend than ever, with the apparent attack on their web services for some hours offline, that has led the National Security Agency of the United States to make a statement to deny, under an internal error in one of the scheduled updates.

Whether true or not, there is tension, and a lot. So much so that many celebrities have joined the initiative StopWatching.us of Electronic Frontier Foundation (EFF) with the next video, to ask just what Russell Brand asked several paragraphs above: Stop watch us.



We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Friday, October 25, 2013

If you wanna come my way

131025 Escobar post"I have many things to give you my love / if you want come my way / a lot of dreams for enthusiasm you / and all the good things that are within me." These lyrics are from one of the most known singers of Spanish traditional song throughout the world, died in the last hours, Manolo Escobar.

Likes apart and considering that tradition and IT environment are not exactly best friends, this stanza of the late singer is a small nod to his memory, and in addition a way for presenting the many readings proposed by this Research Center for this weekend. Up to five documents, each more interesting. "If by way of security you want to come", there are plenty of things to discover. Let's make a little collection of documents published in recent days.

"Big Data and the future of security" is the title of a whitepaper published these days in Net Security, which seeks to understand the always evolving security environment, and how persistent threats (APT) and the sophisticated malware have changed how security teams must face them and use detection tools.

Upon registration for download, IBM has also released these days, a study of the evolution of the heads of corporate security (CISO), from data collected in a survey. Among its key findings, the document states that today CISO must not only understand technology, but to be leaders who must find the meeting point between business objectives and security.

One of the most comprehensive and constant sources in  IT environments, TheInfoPro, is also in the news because of a recent document, which identifies that security "is back again the pain-points of the network management." In this case, the basis of the study are multiple interviews with professionals and business decision makers all along North America and Europe.

The company specialized Kaspersky, meanwhile, has a recent survey on security in a multi-device world, approached from the point of view of the consumer. You can access the full PDF directly from here.

And to cap this intense reading session, thanks to Hispanic SeguInfo blog, we turn to a paper in draft published in February this year by United Nations Office on Drugs and Crime , "Comprehensive study of cybercrime", a complete 320 page PDF that you can download from this link.

"I will not ask you to be perfect / or to change change the way you are / but if you put a grain of sand / so that we can get our thing well." We would save many cybersecurity troubles if we put all the grain of sand that Manolo Escobar asked his muse, right?

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Image credits: criben / Shutterstock.com

Thursday, October 24, 2013

4th Amendment is not for Hackers

JusticeIt is difficult to choose between the quote from one of the Seven Sages of Greece, Bias of Priene, "knowledge is the only property not to be missed", or go directly to proverbs and stay with "who robs a thief, a hundred years of forgiveness." Either illustrates the paths of the following lines.

It is true that if John "borrows" the knowledge of Francis, Francis does not lost them. But if he used for commercial benefit from them to the detriment of Francis, then John is getting illegitimately returns, and therefore Francis would begin to "steal" knowledge also John. Not only Francis: anyone. That at least is what has set a district court of Idaho (USA), which has found that a company that has publicly stated that they love to hack and they will not stop doing it, is not entitled to the Fourth Amendment's protection about "irrational" seizures on the property.

The case has its roots in the fact that the owner of that company is a former employee of another one that had developed software for cyber attack detection. The original company claimed that its former employee was marketing code, in the form of proprietary software, but actually it was a replica of that had developed in his old job. It's right or not, security is guided by the weakest (or uncontrollable) link of the chain. A report in the newspaper My San Antonio tells precisely how the subcontractors (or suppliers) have become a real toothache for large companies.

So if you do not invest for yourself... do it for those who are part of your ecosystem. More and more solutions, the question is to choose the best for you. That is, choose correctly your eyes and ears, which is the subject of a dense article in the prestigious Forbes. If you do nothing, you may not just be attacked, but you will be tested. The U.S. Securities Industry and Financial Markets Association (SIFMA) last month simulated a cyber attack led by "white hat" hackers that showed some weaknesses (and strengths) of large corporations in this area.

Finish off the day with two notes. First, yesterday we wondered how soon the new Apple devices would be hacked, and now we have a researcher, Vladimir Katalov, which has shown the ineffectiveness of two-steps verification when accessing backup data of iPhone, iPad and iPod. The second point brings us back to a scam being propagated via Facebook (and it's the third in three days). So once again: no, Celine Dion has NOT died in a plane crash, if you get that message despise it.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Wednesday, October 23, 2013

Brand new doesn’t mean invulnerable

Some technologists say that Apple has done it again, they have managed to surprise with the presentation of the new iPad and OS Mavericks. So, semi 'geeks' as we are in technology, today we are going to allow us recreate in the short chronic by CNet.

Also we share it, in part, because even more amazing is going to be, at the speed cybersecurity moves, when a hacker finds the first breach of security for these shiny new hardware and software. The seventh edition of ENISE in the city of Leon (Spain), from Tuesday until Wednesday, is just teaching us that nobody will stop developing. Although there is possibility to enjoy streaming, you can download some of the lectures and papers from the website of the National Institute of Communication Technologies (INTECO), organizer of the event.

The news today lead us to cybercrime environment: from the theft of two laptops on October 12th at a hospital in Alhambra (California, USA), which allow access to 720,000 patient records; to a hacker group claiming to have made ​​a lot of $100,000 through a "simple" SQL injection. That ‘s certainly a formidable loot for a click, of course. The last article from one of the most recognized experts worldwide, Pierluigi Paganini, deals specifically with this: the growing relationship between hackers and criminal organizations.

Does anyone remember Obama’s cybersecurity executive order, last February? Well, despite PRISM, Snowden and budget shutdown, that order bears fruit. United States has just released a comprehensive paper on "Cybersecurity Framework" to operate at institutions, still in early development. You can access the PDF from this link for download and reading: it will sure provide you some clues.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Tuesday, October 22, 2013

Will Smith is NOT dead

131022 WSmith post"I’ve heard about the insecurity prevailing here, but I think there is no more dangerous country than where I live in.” This is a quote attributed to actor Will Smith, during one of its promotions at Mexico. If that “country” was called the Internet, his sentence would be even fuller of meaning… And especially for him, today more than ever.

We can say it higher but not clearer: Will Smith is NOT dead due to spinal surgery, as it is going throw Facebook at full speed. The invitation to view the camera from a Closed Circuit Television (CCTV), where you would see a doctor committing malpractice, is actually a passport to install a malicious application. So, Will for friends, Mr. Smith for those interested, is still alive and kicking.

Let's stay on Facebook: two researchers have just shown what to do with Graph Search (or maybe its dark side), with a powerful machine called FB Stalker, which allows to draw with great degree of precision and detail the online universe of a user, without resorting to illegal tricks, only using Zuckerberg's network resources. Sounds like a spy? Please, let’s get accustomed to this new day-to-day in digital era, and open your eyes with exceptional presentations as this one from former cyber spy hunter Eric Winsborrow, lectured at TEDx event in Vancouver: "I'll show you the future of cyber espionage, with technologies that have actually been created today to protect the nations."

Probably espionage is behind a confidential note that the International Atomic Energy Agency (IAEA) has circulated among its state members, and undisclosed via Reuters: several of their computers have been hacked in recent months, apparently without risks. Behind all this, of course, organized cybercrime, also responsible for hundreds, thousands of daily incidents through DDoS attacks. In an unprecedented commitment, giant Google has announced the launch of Project Shield, a cloud computing based solution to protect from these incidents and specially designed (they say) for online dissenting or uncomfortable voices, to ensure their freedom of expression where it is sought. In any case, we’ve got a very good test of how the story is changing, there at the UK, where some convicts ‘hackers’ could become part of British cyber army.


---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)


Image source: Wikiquote (See description for more details

Monday, October 21, 2013

Hell, ma non troppo

“Maybe this world is another planet’s Hell”. We could start the journey across this new week with these words of British writer Aldous Huxley. And we will end up concluding that, fortunately, there are too many people doing good things to say definitely that we are really ‘helly’ people...

… even since there are many local hells. For example, the daily threats to security, that Sophos's team gathers in small one-minute pieces. The last ends with the recent gap discovered on D-Link devices. "More than strange", says the video, and, of course, sometimes this local hell is more than strange.

We also have myths little hell: ideas slipping in our day to day and slowing us all. HP and Intel have decided to break down some of them and they have released the whitepaper  Five myths of cloud computing, which aims to "separates fact from fiction, reality from myth, and, in doing so, will aide senior IT executives as they make decisions around cloud computing.” Sometimes myths goes on IT wars, like those related to mobile malware: all experts say Android is the big security hole, but Google’s top officials deny it, and John Leyden replies now from The Register that the antihacker barriers made in Mountain View are mostly dialog boxes. He adds an ironic "Mr. Wonka" in reference to the recent agreement between Nestlé and search engine for Android version 4.4 Kit Kat.

Want a real serious Hell? OK, take the money’s one. More than it, the chance to lose it. TrendMicro has just made an interesting study from 3,7 millions references, for visualizing that not all banking fraud online campaigns are widely spread, but some of them specialize on exact geographical areas of our planet-this hell. They’ve call it ‘Operation Apollo’. More hells, even more serious, this one we know day in, day out, about the spying scandal and documents leaks. This time is Mexico who raises his voice, through its Ministry of Foreign Affairs, which condemns the NSA for its “unacceptable, unlawful and contrary to law” activity.

The planet itself is becoming a hell, due to climate change. Scientists have warned that the reaction time is exhausted. So the din of wailing and saber rattlng from stakeholders, some people are trying to achieve a bit of out-of-the-box pov: if you can’t revert the climate change ... hack the climate. People like them, like those looking for our money security, like those concerned about our mobile devices, or those engaged to make laws something more than trampled items, let us say that, despite everything, still this planet is not 100% Hell.


---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Sunday, October 20, 2013

Distrust is the mother of safety

Week just ends with eyes fixed both low-level security as the most sophisticated, and with the worlds of Aristophanes, which was right when he said that about “Distrust is the mother of safety”.

A system is as secure as the weakest of its elements, a law that any security expert should bear in mind, and something that appears in DIAN, Colombia Tax and Customs, with serious problem in container entry contraband favored by a system controlled by the mafia.

On one side of the world to another, where a user tells helplessly as China Mobile, your mobile operator, is unable to successfully manage spam traffic to their number, receiving an average of 60,000 messages per year. Neither the temporary blocking of the account, neither the Smart Filters are able to control it.

A situation that makes clear with the need to implement a BYOD plan (Bring Your Own Device) in each company upgraded to the necessary, and especially to the irruption of biometric systems.

And is that new technologies bring new challenges, as he had to live Dick Cheney, ex U.E. Vice President, to prevent possible attacks on its own heart implant (ICD).

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Saturday, October 19, 2013

The world is on cyber fire

Ready for the rocker…

Weekend is been coming really hard in some parts of the world. It must be true what American writer John Ernst Steinbeck said, "The art of rest is part of the art of working" because when your guard down, you're gonna get "keep you going" twice with a frantic pace.

Qatar and Pakistan, there is where we go today. Both countries national security has been compromised in recent hours. The Syrian Electronic Army itself announced “Qatar is Down”. They apparently went into the Qatar Domains Registry and from there they began a wave of attacks, including government pages, sites like Facebook or Google, and companies like Vodafone. A full-scale assault.

For its part, the Pakistani government watched as long as 18 official sites were going down, though reportedly all attacks have been surpassed.

In this cyber world on fire, the Chinese company Huawei has come to add more fuel, saying (without saying) that the bad guys are the good one and vice versa. That is: they do not serve Chinese dictatorial regime's orders, the U.S. blockade is absurd since 70% of its components come from there, and they are positioned on the side of those who demand maximum transparency and standardization of all processes at international level to play by the rules clear.

Do we need more data to know that whoever does not have the art of working, will not enjoy the rest? In Mexico, IBM promotes the cybersecurity challenge 2013, under the umbrella of "Students for a smarter planet." To the extent they work, maybe they may rest. For the rest it should be more difficult.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Fuente imagen: Public Domain Files

Friday, October 18, 2013

Bye, Intelligence Officers; Hi, Famous leakers

"When you can not achieve what you want, it’s better to change your attitude" (Terence, Latin author, 195-159 BC). We do not know if that's what is behind motivated last ‘facelift’ at the head of the U.S. National Security, but it really comes at a difficult time, because of the government 'shutdown', while the spy scandal goes on and on.

They are leaving the office Gen. Keith Alexander, head of the National Security Agency (NSA), his second in command, the civilian John "Chris" Inglis, and if the above was not enough, Janet Napolitano says bye as first head of the Department of Homeland Security. Is President Barack Obama's looking for a new leadership on security? For now, Info Risk Today has highlighted that Napolitano's successor, General Counsel Jeh, has no experience in the field of IT.

Meanwhile, Snowden’s leak goes further. The most known leaker after Julian Assange faces the consequences in an interview with The New York Times. He asserts he’s not given sensitive information to Russia, and has got in his hands every detail on each cyber-operation against China. Brazil, maybe giving a try to point in this race, or because these revelations change the political agenda, has announced a formal network of communication between government members and departments. A "spy proof" one ... and yes, “US spy proof”.

PRISM or other government spying operations are justified by the fight against cybercrime and terrorism. It’s an area where we find a steady trickle of news, like the recent security breach at PR Newswire, who has ask their customers to change their passwords. Companies allegedly linked to PRISM say they have nothing to do with it, but sometimes they are contradicted by facts… at least, debatable facts: a developer has just proved that Apple itself has access to iMessages from its users, despite of previous public denials.

Finally, the relationship between e-health and cybersecurity is becoming increasingly important. Specialized company SANS has published a survey on the matter, conducted to 373 health professionals involved in IT activities, with very revealing data.


---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Thursday, October 17, 2013

Chaplin's Style Hackers

"You get the real meaning of things when trying to say the same things in different words." That said Charles Chaplin, and let’s today begin this post with the following thinking: will you know the true meaning of things, now that all of them will be defined increasingly by a digital identity? Are we prepared to "understand" the Internet of things?

Btw, take care at this side of the trench. We have had ample evidences that any device connected, such as printers or IP cameras, are highly hackable. In the recent security conference DerbyCon, a paper tried to opened your eyes on vulnerabilities of the Internet of things, which will grow up over and over.

Nevertheless, if we stay Today date, there are other vital aspects. Two prestigious companies, Akamai and Symantec, have just published two reports on information security. The first one focuses on issues such as the Syrian Electronic Army attacks, the transition from IPv4 to IPv6 or the mobile connectivity. The second one is an annual map and analysis about cyber threats, by Symantec Global Intelligence Network.

Among the continuing threats today, we’ve got identity theft and unauthorized access to CMS (Content Management Systems). Three posts on the blog “An IT Guy at the Evil Side” deal with the  first issue, written by Enrique Rando, author of book Hacking with search engines. The second issue leads us today to the popular vBulletin: CMS failure would have been the cause of at least 35,000 websites breaches.

So, if this post was beginning with an event like the DerbyCon, well worth closing it with the promising 8.8 Computer Security Conference. Their organizers say it aims to be the first 100% technical infosec conference held in Chile.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links you ;-)

Wednesday, October 16, 2013

The Weakness of Omnipotence

131015 PostsWe’re not trying to get now mystics, especially today that we go publishing again (anyone out there?). But you should take note of what St. Augustine once wrote: "The very weakness of God comes from his omnipotence".

Where you read God, you can say the most used browser, Chrome, or the language in one way or another affects us all when using the Internet, Java. Being "in the heights" means that you'll have more enemies seeking your downfall, and therefore there will be more ways for them to exploit your vulnerabilities. You can patch them, yes, like Oracle has just made with a monumental update. Even, you may let your community to help you, as Mountain View giant has done: three out of five important safety warnings, fixed in the latest update, in exchange for a $ 5,000 awareness (ridiculous figure considering their turnover).

The same recipe could be applied to the gods of espionage. Nothing concerning to privacy and encryption will ever be as before September 5th, the date that the former contractor Edward Snowden leaked new documents which unveiled the practices of the U.S. and UK to totally break encryption systems used by Internet users in the most common services.

Then we knew that tracking of conversations was for real, regardless of the majors "partnership", over and over denied by the companies themselves. In addition, today we know that intelligence agencies would also be tracking addresses and developing social graphs of all users worldwide. Too much information, perhaps… Too big to fail, such as economics, or as the St. Augustine object? There is so much news surrounding this issue, that even some independent researchers have launched a fundraising campaign to completely audit the most standardized solution on encryption: TrueCrypt.

These days it is more necessary than ever to identify vulnerable gods, and separate them from false gods with feet of clay. Because there are many people acting like a fake. And that affects all fields, from biometric sensors to sexting applications. The higher your range is, the wider your vulnerabilities will be.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links you ;-)

Image source: Wikipedia