Friday, January 31, 2014

A bad spark, a bad click

"If it contains only what the Koran says, is useless and must be burned; if it contains something else, is bad, and it is also necessary to burn it." So exhaustively (and cheater), Caliph Omar referred to the Library of Alexandria, a temple of knowledge that refused to go away despite the continuing siege by the "hackers" of that time.

0131ENDisasters in libraries are the paper version of the dreaded security breaches of modern digital times. A bad spark in those equals a bad click in the wrong place today. If you take as true the version maintained by some classical historians (discussed by more contemporary authors) that Julius Caesar was the cause of the fire in the Library of Alexandria that swept away half a million volumes, it would be a equivalent damage to nearly 600 Gb of information. Quite a serious event that was not overcome until the World War II when the Nazis bombed some libraries in Poland.


Thursday, January 30, 2014

How curious!

¡Qué curioso!

Albert Einstein said: "It is a miracle that curiosity survives formal education." Undoubtedly we are curious by nature. However, it is possible to drive this desire for learning and discovering on the right or the wrong way.

The former analyst of the U.S. National Security Agency Edward Snowden satisfied the curiosity of the entire planet when he leaked thousands of confidential documents which revealed the extent of the espionage carried out by such agency. For some people, Snowden did not make a good decision because that threatened the security of US. On the contrary many other people believe that civil population had the right to know and accept or reject the practices of its government. As proof of this, he has been nominated for the Nobel Peace Prize 2014 by two Norwegian deputies.


Wednesday, January 29, 2014

The melody of justice

The melody of justice

“Justice is sweet and musical; but injustice is harsh and discordant” (American writer Henry David Thoreau). From time to time we make use of these lines as a camera to portray how justice works while emitting its sweet melody. Thus it can sometimes stop the unbearable screech of injustice.

Injustice such as in the case of those who saw how their bank accounts were looted by cyber criminals using the trojan SpyEye. But its creator, a 24 years old Russian hacker, was captured by the Interpol in the Dominican Republic and has been pleaded guilty in U.S. for an offense of conspiracy to commit wire and bank fraud. Music to the ears of their victims.


Tuesday, January 28, 2014

Is it online privacy a mirage?

“Publication is a self-invasion of privacy”. This statement was made by Mr. Marshall McLuhan, one of the authors whose theories in communication are studied in media schools worldwide. Today we wonder if privacy on the Internet is possible or we may cheat ourselves with the illusion that we preserve our complete privacy space in a hyperconnected environment.

Is online privacy a mirage?

Despite all legislation and initiatives about cookies promoted by different countries or the European Union, there are still a major percentage of users who do not know what cookies are or what they are for. Therefore, they are not aware that their movements are being tracked on the Internet. But this is not something you have to live with since there is some software that allows you to overcome most of the cookies.


Monday, January 27, 2014

Unity makes strength

Unity makes strength
Photo: Stephen Eastop

Sharing on the Internet is all the rage since a few years ago. Mass adoption of social media by users represented a turning point in the use they had made ​​of the network before. The Internet user became creator and distributor of content. This change of philosophy had even a name: Web 2.0.

Nevertheless today it is not only about sharing content and ideas, but also resources. To that end, Telefónica presented its BeWifi project. This initiative encourages individuals in a community or neighborhood to "steal" or rather, borrow, some of the Wifi bandwidth that others are not using. The idea is that the subscribers to the program can benefit each other of a more reliable and faster common wireless network. You know, unity is strength.


Sunday, January 26, 2014

Top 5 infosec links of the Week (X)

Perhaps we are ‘techies’ a lot, but we like nice stories with a happy end. For example, something like a ‘freak’ developing an algorithm to find its dreamed girl, then testing it, and finally achieving its goal. That really move us, and well, you make it visible: it’s the most read story this week out of all of shared links by CIGTR.info. And, of course, it isn’t the only one. Here you’ve got the top links of the week, 10th edition.

Oh! My beloved hacking!“McKinley the Enamored” story is everything but typical. In fact, it is absolutely atypical, because of its personal trajectory and for the methods he used to develop its algorithms to make OkCupid social networks become a success in his life. And he got it, based on perseverance and commitment working on a social network where you don’t exist if you don’t get enough visibility.


Saturday, January 25, 2014

Of mysteries and laws

"Here I am the CEO of a public company and people know if I have a cold. People might know my heart rate, my blood sugar." So has said Marc Benioff, the head of Salesforce, during the inaugural conference at Davos, the major international economic forum.

140125esThe annual meeting of the World Economic Forum has started with surprises: they were not several Nobel prizes in charge of giving the starting signal to this forum, but managers of several technology companies. Along with Benioff, the first conference saw Marissa Mayer, CEO of Yahoo!; Randall Stephenson, CEO of AT &T; John Chambers, CEO of Cisco, and Gavin Patterson, CEO of BT. All of them are united by a concern and main work area for the immediate future: privacy. And they said they work for reconciling participation in social networks and privacy safeguarding.


Friday, January 24, 2014

The economy, stupid!

"It is strange, isn’t it? The same people who laugh at fortune tellers take economists seriously." The anonymous quotation clearly reflects the state of opinion today about the economic scenario that awaits us after six years of chained recessions and a crises whose exit is not clear yet.



Davos (Switzerland) is one of the places where the future of the economy is debated at the World Economic Forum.* This controversial but unquestionable influence annual meeting returns to bring to one of the documents with a greater chance for the future: Risk and responsibility in a hyperconnected economy. This is a report which is periodically developed and this time has been developed supported by McKinsey Consultancy. Among others, this document gathers the seven key points to face cybersecurityfrom models that have to be different, but also based on a common consensus.


Thursday, January 23, 2014

Oh! My beloved hacking!

Oh! My beloved hacking!

Let’s make a toast for Chris and Christine! What hacking has joined together let no man put asunder!

Usually when we talk about hacking, it is relative to attacks performed by cybercriminals or hacktivists with questionable purposes. However, this time, the mathematical genius Chris McKinlay showed us that hacking can also be useful for finding the true love. He used his mathematical and programming skills to exploit the database of OkCupid dating website. That way he could find girls more likely to fit with him. Finally the spark came when he met Miss Christine Tien Wang.


Wednesday, January 22, 2014

The pursuit of a clear sky

The pursuit of blue sky

“The brain is wider than the sky” said by poet Emily Dickinson. Unfortunately, there are some people who do not use their brain to write poetry but just to find new ways to harm, cheat, steal and make money at the expense of others. It is the case of cybercriminals and cyberterrorists.

Indeed, the cyberspace’s firmament looks full of clouds due to such individuals. The color and position of such clouds are directly related to the level of Internet development in a region. For example, in Western countries, the risk of cyber attacks is very high. Specifically in Spain, the National Institute of Communication Technologies (Inteco) states that they identified 7000 security incidents aimed by malicious purposes in 2013. It also warns that the level of awareness about cybersecurity among population is still low.


Tuesday, January 21, 2014

"RATs" from the Internet's sewers that steal your data|"

“It gives the attackers nearly full control as if they were sitting at the computer”. Precisely this ability to dominate an infected device being unnoticed by the user represents the main danger of creepware, also known as Remote Access Trojans (RATs).



As you can see on today’s video, creepware can be transmitted by email, chat, social networks and even via torrent downloads. It will infect your computer and you won’t detect it. Then the attacker will have access for spying on you through the webcam, steal your passwords, crash your computer... It is quite disturbing, right?


Monday, January 20, 2014

Not very funny threats

“Our 'Mortadelo Virus' evolved, it took different 'faces', and even used different modus operandi to get to us." That is how Angelucho (@ _angelucho_), one of the most recognized security experts in Spain, expains what has beenwas, in his opinion, the main threat that we faced over the past two years.

But what does Angelucho mean by 'Mortadelo Virus'? What does the peculiar Spanish cartoon character created by Francisco Ibáñez have to do with aa lethal piece of malware? What kind of malware are we talking about? Well, we mean ransomware viruses and their ability to camouflage themselves in different forms, as Mortadelo used to do on Ibañez’s comics. However, their aim is basically always the same: to block user’s device or encrypt user’s files to force him to pay a ransom if they want them back.


Sunday, January 19, 2014

Top 5 infosec links of the Week (IX)

Anonymous Surfing, attacks on Microsoft systems, Ubuntu as an example of security, DDoS phones and hacking to cameras. The five top post of the week, we bring in the Sunday session.

Really we are confident with the security settings in the browser by default? Well it seems that no. Whenever we access the internet, leave a trail, even by anonymous tab browser, or using proxies that act as intermediaries.

A big problem of privacy, especially when the person behind can have perverse interests, ... or just looking to hang out. Something happened to the video worker, whose terminal had been afflicted with a ransomware that allowed manage music and the camera device.

The question is therefore choose what systems, UK seems to be clear. The version of Ubuntu 12.04 is the least known bugs and exploits has, much better that Windows or OS X. So if you are concerned about privacy, without losing user experience, you know.

Pending the arrival of Ubuntu to mobile terminals, is disturbing boom denial of service from these devices that take advantage of the naivety of people accessing public WIFIs to let them become part of the botnet shift.

Of massive attacks, to targeted attack, as it has brought down the street from bitterness to Microsoft. One of his Twitter account was corrupted at the end of last week by the Syrian Army Electronic, and during this time one of his blogs.

Five articles that put the icing on a week full of malware and abuse of our privacy. Navigate with eyes wide open!

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Saturday, January 18, 2014

The reform of the NSA

“The reforms I'm proposing now should give the American people more confident that their rights are being protected, even when our enforcement and intelligence agencies maintain the tools they need for security”. Obama thus began his speech yesterday on the future of the NSA.

“I think the critics are right to point out that without proper safeguards, such programs could be used to generate more information about our private lives and open the door to indiscriminate collection programs and more intrusive information”. Front the Department of Justice, the President of the United States was optimistic a reform of the country intelligence. A reform whose main focus revolves around the protection and surveillance abandonment allied leaders and tracks of citizens, up to two levels of association with a suspect, and they will necessarily pass by a judge before taking out.


Friday, January 17, 2014

War, privacy & algorithms

What is cyber warfare about? What does it implies for you? With these two simple questions, microphone in hand, we are introduced to some of the attendees at the Campus Party 4, held in Mexico. Few places are so propitious for a questionnaire like this. Like it or not, 2500 years later, we are far from meeting the judgment of the author of The Art of War, Sun-Tzu: "The supreme art of war is to subdue the enemy without fighting."



Now, how many covers has the enemy we have to subdue? We understand that those kids of digital balaclavas are a quite big part of the bad boys, but today the eye is also placed on the control that public and private entities may have over our lives. Subduing such monitoring without fighting is the very basis of blackphone, a smartphone that is offered as "your usual Android" with all its applications and so on, but without a trace of who you are. Total privacy.


Thursday, January 16, 2014

Road to the horizon

Road to the horizon

“Leaders keep their eyes on the horizon, not just on the bottom line” (U.S. consultant Warren Bennis). It is been more than 15 days since 2014 started, a year which draws a horizon full of challenges in regards to the field of cybersecurity.

Chief Information Security Officers, commonly known as CISO, will have already checked results from last year and now they have to lead their teams towards to a smooth 2014. Surely they will face challenges such as improving risk management, improving security efficacy, streamlining security operations and, all of that, enabling business and IT flexibility.


Wednesday, January 15, 2014

Some incentives against laziness

Some incentives against laziness

“Luck is always the last refuge of laziness and incompetence” affirmed by U.S. businessman James Cash Penney. Nevertheless those who let their destiny in hands of luck could have an unpleasant surprise sooner or later.

On Tuesday, a lot of security updates were launched by a number of companies. On one hand, Microsoft corrected a half dozen vulnerabilities in Windows and Office. Adobe also solved security weaknesses in several of their products: AIR, Acrobat, Flash and Reader. For its part, Oracle put remedy to 150 flaws among its extensive product portfolio, 36 of them in Java. Therefore, it is time to overcome laziness and upgrade all our systems. Otherwise we will leave our devices’ security at the mercy of capricious chance.


Tuesday, January 14, 2014

War at the rampart

War at the rampart

In words of the famous U.S. Army General George Patton, “battle is an orgy of disorder.” Nevertheless the battles that take place in cyberspace every day have little to do with the Second World War. Cybercriminals often act in an organized way following a plan previously set to achieve victory. We could even say that the war against cybercrime is even "more global" than anyone else in history, since it is combated in every country on the planet.

However, from the thousands of battles which take place every day, just some which are win by the “bad boys” are on the news. For instance, they use new techniques to perform Denial of Service (DoS), as they recently did, addressing 100 Gbps flood to popular online games servers such as League of Legends. In fact, attacks against gamers are increasing. According to Kaspersky Lab, this group of users suffered 11.7 million attacks in 2013 and over 4 million pieces of malware especially designed to hit games have been detected.


Monday, January 13, 2014

Lessons in the office

“I went to work in an office and learned, among other lessons, to do things I did not care for, and to do them well” (Danish writer, Sigrid Undset). Today, you can learn many things in an office, sometimes by the example of your colleagues, although in some occasions you will learn them by the hard way.

The protagonist of the video today had to deal with a situation in the office which was unfamiliar to him: his computer suddenly reproduced music and he felt observed by the webcam. In fact, a hacker was playing with him and recording all his reactions and his conversation with the technical service. Will he have learned a lesson here? As we have advised you from these lines several times, the most effective way to avoid being unknowingly recorded is covering the camera lens when not in use.




Sunday, January 12, 2014

Top 5 infosec links of the Week (VIII)

Malware on websites, Yahoo corrupted by a botnet, concept maps, as the death of McAfee brand and loss of control of Michael Bay at CES. The five top post of the week, we bring in the Sunday session.

john-mcafee

From its union with VirusTotal, Google has a very efficient way to know whether a website is active malware system. This is an advantage for everyone, but it also has its downside. Once you enter the blacklist of pages to Google, it is difficult to get out of it, even if you've already solved the problem. In the link that accompanies this article we leave some issues to consider if you are in this situation.

There is much interest in the future of virtual currencies, in particular the Bitcoin. The malware earlier this week that affected some Yahoo ads mission was to create a botnet to mine Bitcoins. Yahoo already been solved, and seeks the causes of an advertisement and pass the filters.

René Mérou give us the mind map of Hacking, a document with fast and simple tips that we all know about the motivation and tactics of hacking, offensive or defensive. A great gift of kings for our readers.

And we end with two articles and a mistake for which we are responsible. Intel's decision to rename the brand of antivirus McAfee as "Intel Security" was one of the Top Rated Articles of the week, followed closely by the response of the media John McAfee, founder and former partner of the company, which life full of ups and downs looks like something out of a television program.

Although the article dealt with this, the fact is that the link led to another, just very consistent with the subject matter, in which they talked about how the film director Michael Bay was left blank in the middle of the presentation of new 4k screens Samsung in Consumer Electronics Show to be held this week in Las Vegas. So apologize for the confusion caused, and thank you for understanding (and unusual excitement reader) shown in social networks.

Five articles that put the icing on a week full of malware and communication errors, ... external and internal :).

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Saturday, January 11, 2014

Opportunism in the network

”Behind an extremist, always hides an opportunistic”. With these words, Lenin left his position clear to opportunism lurking in every corner of his government, and serves as input to speak of opportunism in the network, the new battlefield.

oportunismo

Opportunism as unfortunately we live day after day, with leaks to internet service attacks, and attempt to "appease" tempers of the users concerned with small figures. These figures increase over (when you can no longer hide any longer). And they tell it to Target, the third largest U.S. store, and that has happened in just one month of the 22 million accounts affected, 110 million this morning.


Friday, January 10, 2014

It's Friday, so let's enjoy!

140110

Can you feel it? Yeah, we too. It is the unmistakable aroma of Friday. That makes you stretch your legs, relax your arms, squint and imagine the deserved weekend break. How could I not recognize it? For many people, Friday means the beginning of fun.

For those who want fun, they can start with Cicada 3301. A few days ago the issue came to our Community IT & CyberSec Sec. But now even the BBC took care of the matter and it seems to make more sense than ever, perhaps because of the aura of mystery that surrounds it, perhaps due to the very convoluted and complex problem posed. Only best minds, and not all of them, can stand up to this challenge. What? Are you at the industry and you had not heard of it? Well, wind down! It’s Friday.


Thursday, January 9, 2014

Your perimeter is his challenge

our perimeter is his challenge

“There is always more spirit in attack than in defence” (Roman historian, Tito Livio). Hackers will always be looking for ways to circumvent our defenses and carry out their offense. This implies that it is even more important for organizations and users to take the protection of their systems and their devices very seriously.

For example, retailers should keep their point-of-sale (POS) systems isolated from the rest of their networks to prevent that an attack on them, for example through the payment card reader, affects to other devices or data bases of the company.


Wednesday, January 8, 2014

Surveilling in solitude

Mother Teresa of Calcutta once said “loneliness and the feeling of being unwanted is the most terrible poverty.”  The U.S. National Security Agency (NSA) must feel immensely alone and poor, despite having monopolized attention for months across the globe due to leaked information about their methods of surveillance.

Surveilling in solitude

In its own country, in the state of California, there are a couple of state senators trying to prohibit by law that state utilities provide water or electricity to NSA’s premises. They called it the Fourth Amendment Protection Act.


Tuesday, January 7, 2014

The Three Wise Men... of hacking are coming

Ya vienen los Reyes... del hacking


There is a Spanish Christmas carol that says “The Three Wise Men are coming through the sand. They are bringing a nice diaper to the Child”.  Take advantage of this opportunity to sing a Christmas carol because it could be the last chance to do it until next December. Yesterday Spaniards were busy on unpacking the gifts brought by the Magi, the day that marks the end of the holidays.

Although antivirus software or security suite products are not very glamorous, they should have been on the Christmas gifts top ten. Anyone who received one of McAfee’s products can keep it as a collector's item since Intel decided to change the name of the company - which owns since 2010 - for Intel Security. Meanwhile John McAfee, the firm’s founder  and a controversial figure who created several anti-McAfee campaigns since he lost control of the company, received the news as a real Christmas present: "I am now everlastingly grateful to Intel for freeing me from this terrible association with the worst software on the planet."


Sunday, January 5, 2014

Top 5 infosec links of the Week (VII)

Right to oblivion, assault to privacy in our services, dust-zero default, DDoS WhatsApp users and India against bitcoin. The five top post this week by the Sunday collection.

What is known about the data protection and the right to be forgotten? What about our duties and rights? How far they are able to reach the developers companies such services? The video that accompanies this article answers all these (and many more) questions. A documentary created by Spanish Television you can not miss.

Mass communication services with its security breached. The most notorious case of this week, Snapchat, with the following number: 4.6 million phone numbers in compromise. Are fixing a bug which forced marches.

The opposite happens in WhatsApp, susceptible of being denied service by a simple method, and whose technical team, despite being warned not seem very motivated to find a solution. All this means that tomorrow will pass this bill.

What does it say all this? That cloud services should be based on a scenario of "trust-zero", as predictions indicate the prestigious Ars Technica. Not to overlook nothing, and the assumption less favorable.

Or at least that's what it had to think of the Reserve Bank of India, which announced earlier this week that temporarily suspended the trading of bitcoin, apparently because it is a tactic increasingly used for money laundering and terrorist financing.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

Saturday, January 4, 2014

When the fox preaches

Miguel de Cervantes said that "When the fox preaches, chickens are not sure." An overwhelming judgment both in the real world and the virtual, which reminds us every day that are no more than a helpless chickens fenced by foxes.

gallinas


Facebook news again (perhaps to prevent Snapchat hog the headlines), and worse. It has been denounced by monitor and share information that customers share in private messages with advertisers. Yes, you heard right, private messages. Although the service itself ensures that these messages are private, shared information is being financially exploited. Privacy absent.


Friday, January 3, 2014

Da Vinci's Year

On one 3rd of January like today, Leonardo da Vinci tested his flying machine. This "hacker" of science and arts had an outstanding year in 1496. Some people know how to start a year keeping themselves full of energy, looking to the future and ready to face 12 months loaded with challenges.



You can tell that about FireEye, a cybersecurity company that has started 2014 monopolizing all the covers for its acquisition of forensic company Mandiant by $ 1 billion. Does that name sound familiar to you? Indeed, Mandiant became famous in 2013 when it uncovered the case of APT-1, a Chinese secret military unit for organizing cyber attacks against Western’s strategic interests. Regarding the acquisition, remember that 1,000 million was what Facebook paid for Instagram.


Thursday, January 2, 2014

Tactics and Strategy

“My strategy is, nevertheless, deeper and simpler. My strategy is that any given day, I do not know neither how nor with what reason, at last... you need me”. It would be difficult to know how many security consultants would be willing to paraphrase Mario Benedetti in order to get a contract. But what is clear is that the Uruguayan poet discussed about security environment without even knowing it, when he said "Perfection is a polished collection of errors".



Based on trial and error, as any Paulovs of the information age, we gradually draw the path that leads us to conquer unexpected goals. Collecting errors is a way of collecting as we can collect some learnings from the past and even some predictions (no better date than this) for the year we have ahead. McAfee Labs were among the early birds this year to release what they called “key trends for 2014”: Mobile malware, virtual currency, espionage against espionage, social attacks, new vulnerabilities (watch HTML5), security at Big Data environment and corporate cloud-based applications.