Friday, February 28, 2014

The roses of the ‘ugly duckling’

What do roses have to do with “ugly ducklings”? Let's see. "Rose is a rose is a rose is a rose." Is it a broken record? No: the aphorism of poem "Sacred Emily' which, on the most literary experts’ opinion, expresses the principle of identity. Putting it in plain words, "Rose is a rose..." would mean that things are what they are. Are you sure? Always? Everything?

Identity is a debatable issue, at least in our digital era. Or something to be redefined. That was the approach of the initial speech at the RSA Conference, which concludes today, by the executive chariman of RSA, Arthur W. Coviello: "The rapid growth of cloud, social and mobile technology is leading us toward a breakpoint in how we protect and manage our identity."

Thursday, February 27, 2014

The digital gold rush

The digital gold rush

"It's like they found a pot of gold at the end of a rainbow," said the specialist in numismatics Don Kagin. He was referring to the 1,427 gold coins found by a Californian couple in his garden one year ago. Minted between 1847 and 1894, they were valued at 7 million euros. One of the theories about its origin is that it is the loot from a bank robbery.

There have always been thieves and unfortunately, the bad habit of appropriating of others’ belongings seems far from be over. A group of cybercriminals have used a botnet infected with spy malware Pony to steal digital currency worth $ 220,000, as warned by Trustwave. Just the way like the robberies of the XXI century are today.

Wednesday, February 26, 2014

What Paco de Lucía can bring to the cybersecurity industry

Today we felt a bit orphans because we lost a master. The great Paco de Lucia has passed away, but his music will be eternal. And his lessons as well. He showed us that there was another way of doing things. He played flamenco in his way, he explored it merging it with other styles and beat purists’ rejection to become a world legend.

In the field of cybersecurity, the success of the fight against cybercrime likely lies as well in a different and unique approach to take the lead to offenders. Meanwhile, in 2013, Android malware increased by almost 500% up to 1.2 million threats, according to G Data.

Tuesday, February 25, 2014

The latest developments on security at the Mobile World Congress 2014

In the pocket, in the purse, on the table... wherever it is, you're very close to your mobile phone for sure. This gizmo is invaluable for many people. And that is not for the device itself, but for all that it allows them to do and how much information they have stored on it.

Therefore, the mobile industry has increasingly grown for years. The Mobile World Congress being held in Barcelona these days is its best showcase. There they have been presented some developments that reflect the growing concern for security. For example, the new Samsung Galaxy S5 introduces biometric technology for performing critical operations such as payments or user profile protection through your fingerprint.

Monday, February 24, 2014

Even the longest night won't last forever

140224 blog

Even the longest night won´t last forever, says a song from Prime Time, Alan Parson’s Live
Project. Maybe, but for many the world-scale Whatsapp fail, last Saturday, took forever. Everyone was commenting on social media, or its closest circles. After four hours, everything came back to “normality”.

While most users showed discomforting because of being unable to send messages, and some people went humor way (“I’ve discovered there are people at home, they say to be my family”, or things like that), inquisitive users went further: would there be anything else, i.e. massive hacker assault? Said and done, 40 minutes before the restoring of the service, specialized blog Cyber War Zone echoed various hacker groups claiming on Facebook to be responsible for the service failure. Of course, they started the post with an “Unconfirmed”.

Sunday, February 23, 2014

Top 5 Infosec links of the week (XIV)

The SEA making the rounds on Twitter and Forbes, the foundations of security, how to hack a company and the price of your personal data. The five top post this week by the Sunday collection.

We began the week with the victory of FC Barcelona 0-2 Manchester, and hacking his Twitter account by the Syrian Electronic Army, where the allegedly warned unconstitutional practices of one of its sponsors, and greeted warmly at Real Madrid.

Saturday, February 22, 2014

The teachings of St. Augustine

You have heard more than once that St. Augustine famously said to his monks: "There isn't happiest who has more, but who needs less". A statement that comes in handy for presenting the news of the day.


The supercomputer Harvard University has been using secretly to undermine dogecoins. The architect of all this, besides not share the words of St. Augustine, was used without permission the University's Odyssey, formed by a cluster of Dell PowerEdge M600 totaling 4,906 cores, to undermine one of the most popular virtual currencies. The odd thing is that the Odyssey itself, despite what it may seem, has only the power of such mined 13 card AMD last generation to be comprised of CPUs, not GPUs, technologies more focused on increasing cycles of a machine, and therefore are critical when it comes to undermining.

Friday, February 21, 2014

‘Hasta la vista’, crackers

No, no, no, no. You gotta listen to the way people talk. You don't say "affirmative," or some shit like that. You say "no problemo." And if someone comes on to you with an attitude you say "eat me." And if you want to shine them on it's "hasta la vista, baby." (John Connor to T-800, in Terminator II: Judgement Day).

Are we really far from this science fiction referent, released in 1991? Guys from All Time 10s are devoted to compile every kind of matters “Decalogue", from delicious pizza facts, to things you never knew about South Park, even top 10 fails in Winter Olympics. One of their last videos is 10 technologies that could enslave mankind. Some more, some less, it is easy to check that more than 20 years since that Arnold Schwarzie’s movie, there is a fine thread to our days: robotics and Artificial Intelligence.

Thursday, February 20, 2014

Cybercrime is 5 times bigger than the new Facebook's Whatsapp

“Cyberspace is all around us: it’s in our pockets, our vehicles, our places of work and our homes.” That’s the beginning of this video which describes roughly how the state of cybersecurity is today. It gives us some striking data such as that cybercrime produces a loss of 110 billion dollars (80 billion euros) a year in the world and affects 556 million people.

Our homes are becoming more and more intelligent and connected so a vulnerability, such as the one suffered by Belkin’s product WeMO, could allow criminals to remotely disconnect security cameras and motion sensors before barging in our homes.

Wednesday, February 19, 2014

The foundations of cybersecurity

The foundations of cybersecurity

“You can't build a great building on a weak foundation. You must have a solid foundation if you're going to have a strong superstructure” (religious leader Gordon B. Hinckley). What happens to a building that is flawed at its base? Most likely, it will end falling down.

Just like the U.S. Navy’s intranet when it was attacked through a flaw on one of its websites by Iranian hackers last summer. It took them four months to fix the situation and had to assumed a cost of $10 million because they hired cybersecurity experts in order to to push out the hackers, repair the network and build safeguards to protect it from new attacks.

Tuesday, February 18, 2014

Things that make you feel like a Goldfish in the Internet

Princess Margaret said once, “I have as much privacy as a goldfish in a bowl.” Thanks to the development of Internet services and the massive adoption of social media, most citizens of the 21st century may have this same feeling.

Since our personal details have economic value, it is very difficult to keep them secure. Moreover if we enjoy the comfort and benefits of the Internet. That is the reason why they arise some initiatives such as Datacoup’s one, that proposes to take an intermediary role between companies and their clients. Datacoup pays 6 euros to the user for his data and delivers the information to the companies in an anonymously manner.

Monday, February 17, 2014

A hospital for hacked companies

A hospital for hacked companies

- Doctor, Doctor. We received three patients with severe symptoms of having their user databases got hacked.

- Okay, we have to examine the seriousness of those gaps and to get them operated. Prepare the operating room! And notify all their users, tell them about the situation and ask advice them to change their passwords in order to prevent further damage. Please fill me in on the status of each.

Sunday, February 16, 2014

Top 5 Infosec links of the week (XIII)

Valentine's Day unsure, cybercrime alliances, handling an ATM, privacy web services and DDoS massive those who make history. The five top post this week by the Sunday collection.

The day before yesterday was one of those days that we all like to celebrate with couple. Or so it should have been you followed to the letter five safety recommendations to have a little Valentine's night.

The security interests of both users and businesses. Therefore, it is not uncommon for companies such as Microsoft bet for creating partnership with the Organization of American States, Europol and banking technology company FIS against cybercrime. Not to forget the National Institute of Standards and Technology U.S., which has developed a set of standards to prevent spoofing based security firms attacks mainly targeting critical industries.

We discovered also midweek what methods used crackers for obtain our credentials bank cards. And nothing terribly sophisticated processes, as we see in the video that accompanies the article.

Social networks are already so present in our lives, that any new vulnerability is a real problem for the future of our privacy. The week certainly exploit that affects Instagram, allowing an attacker to change the photographs from private to public.

And we end with a blow to the Net. The biggest attack in the history of Internet, DDoS between 300 and 400 Gbps that has shaken much of the worldwide DNS and pointing to a very complicated future for digital communication.


We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)7

Saturday, February 15, 2014

Entrust the sheep the wolf

”You have entrusted the sheep the wolf” How many times have we heard this quote from Terence, the celebrated playwright latino? And how many times have we turned to her to talk about net neutrality and / or privacy in the third environment?


We continue with the analysis of some of the tools used by the American National Security Agency: BULDOZER, rootkit (set of services designed to exploit vulnerabilities in any network to escalate privileges and gain control of it) composed of a piece of hardware (GINSU) that would bridge between wireless infrastructure and track workers NSA. A sophisticated piece of engineering that goes into action when all other attacks have not obtained the expected result, and that its qualities is the ability to self reinstalled once it is localized and hide their actions following the cheats techniques of video games, what has led him to be called colloquially as “God Mode” malware.

Friday, February 14, 2014

All Valentine's Trheats: #SaintSecuretine

"Self-love is a part of love just as self-interest is a part of friendship." You better keep in mind what the French writer of the nineteenth century George Sand said, because today, February 14th, you may find a lot of self-love and many (not very legitimate) self-interests on the Internet. Let’s take it into consideration to have a happy 'Securentines'.
140214 PRISometimes both maths and love are capricious. For example, a recurrent post today would be titled "5 threats on Valentine’s Day" (or something similar). However, they are not always the same 5 threats, but anyone highlights the ones he believes are most appropriate. So in an attempt to concentrate all this "experience of risk", we will mention it below. Take pen and paper (or finger and screen):

Thursday, February 13, 2014

Drugs, tricks, alliances, and smart rifles

“The black market was a way of getting around government controls. It was a way of enabling the free market to work. It was a way of opening up, enabling people.” Nevertheless we are afraid that the black market that American economist Milton Friedman described differs a lot from those we can find on the Internet today.

To the sites closed last year, Silk Road and Black Market Reloaded, we have to add the recent closure of Utopia by the Dutch authorities. At those hidden markets that run under Tor network’s anonymity, it was possible to obtain almost anything, from weapons or stolen information to false documents or all kind of drugs.

Wednesday, February 12, 2014

"Ugly things" on the Internet's raging sea

"Ugly things" on the Internet's raging sea

“Start of ugly things to come”. That was what CEO of security firm CloudFlare, Matthew Prince, tweeted at dawn yesterday, after a massive denial of service attack (DDoS) mitigated by his company’s infrastructure on Monday.

Imagine the sea breaking on the shore. Normally towns located by the sea are prepared to receive the pounding of the waves. However, strong storms such those that they recently suffered in northern Spain are very destructive and have the power to collapse any village’s activity. DDoS attacks between 300 and 400 Gbps which take advantage of NTP protocol’s weaknesses, as it happened two days ago, are a new trend with a devastating capacity to hit Internet servers, just like a huge storm smashing coastal cities. Hence Mr. Prince predicts a very ugly future.

Tuesday, February 11, 2014

Threats from a black hat on the Internet

Threats from a black hat on the Internet

"Most of the time I am checking my own security, making myself pentesting weekly tests, checking all input and output connections, re-checking addresses when entering web sites...". Do you imagine that all users took cybersecurity so seriously? What kind of person could have a routine like this? In this case, it is the Spanish black hat (malicious) hacker K *** h.

Today it is the International Safer Internet Day, an annual initiative to promote worldwide safe and responsible use of new technologies. Being informed and acting in a prudent way are essential measures to protect ourselves from individuals such as K *** h. In an interview for Security by Default, the Spanish hacker reveals what kind of actions he usually performs, how much he is paid for it and what techniques he uses. He also states that he usually has no ethical qualms because their victims are mainly users who break the law by downloading software illegally.

Monday, February 10, 2014

The bitter sunflower seeds of the Internet

The bitter sunflower seeds of the Internet

If the Internet were a package of sunflower seeds, a cyberattack would be like a bitter one. In Spain, it is very common to eat sunflowers seeds as kind of appetizer. While Spaniards enjoy the pleasant salty taste of websites, social networks or online games, the onslaught of cyber criminals can spoil it in a second, with the added disadvantage that they cannot simply spit it out.

But let's say that the mother of all bitter seeds on the Internet is the advanced persistent threats (APT). Such threats are often high-value targets such as government organizations, financial institutions, critical infrastructure... and according to Kaspersky Lab, they represent an increasing risk because the cost of carrying out this type of attack is dropping significantly.

Sunday, February 9, 2014

Top 5 Infosec links of the week (XII)

The value of passwords, microchips that self-destruct, data warehouse fires, car hacking and human forgetfulness. The five top post this week by the Sunday collection.

The video that accompanies the article was the overall winner of the week, and no wonder. Starring a clueless Paco León, set in a 2056 where all our interaction with the world is based on maintaining our password safekeeping. But what if we forget it? Nothing good, that we can be absolutely certain.

Saturday, February 8, 2014

Adaptive environment

"Accept our vulnerability rather than trying to hide it is the best way to adapt to reality". Quote of the famous and media David Viscott, psychiatrist and host of his own program on American television, and is slavishly follows the substance of this article.

Pablo San Emeterio and Jaime Sánchez told us last year: WhatsApp was a very unsafe system communication. Fortunately, at that time it has rained, and now we ephemeral communication tools as Snapchat. You really are so safe? As is shown not with the creation of a universal token that can be used for spamming any client until we deny the service. And that's not all, as in next month in RootedCON unveil further. How the body you have?

Friday, February 7, 2014

Laughed and laughed, in the future

In 2056 a nice hologram will wake you up with a sweet voice to tell you what time it is, remind you schedule for the day and inform you of the temperature outside. Of course, the water in the morning shower will come at the right temperature and your home will be so intelligent that it will always look clean and tidy. Everything will be perfect...

…unless you forget the password that allows you to get out. With such an unlikely premise in the future, but so usual today (no passwords, you're nobody), it was released a short film starring one of Spain's most popular comic actors, Paco León. In fact, the video, almost 13 minutes long, is full of comic gags, like the constant parody to customer service system's protocols. In Spanish with English subtitles, is not a bad beginning to validate that Japanese proverb that states that "the human kind has one really effective weapon: laughter."

Thursday, February 6, 2014



U.S. astronaut Neil Armstrong said “people love conspiracy theories.” In fact, sometimes there are plenty of reasons to believe that some events were not completely random.

Yesterday, for instance, Argentina shuddered at the death of 9 firefighters who were working to extinguish a fire on a warehouse of the U.S. company Iron Mountain. It is more than surprising to learn that it is the sixth fire in less than 20 years that suffer this corporation on one of its premises since its business is precisely about the custody of documents from financial, oil and telephone companies, among others. Some people wonder if this company is hiding some dark secret.

Wednesday, February 5, 2014

On the blue marble

On the blue marble

I will tell you a story. Once upon a time, there was a blue planet inhabited by creatures of different species. Among all of those, there was one in particular which stood out. They called themselves humans and had managed to evolve to unimaginable limits. Development of information technology provided a remarkable level of truly interconnection between them. However, the information represented a weapon with a big destructive power and there were some individuals willing to use it against others.

The human Carlos Gómez, from a region known as La Florida, experienced in his own flesh the damage that this weapon could provoke on the hands of a bank clerk turned-criminal. He stole Gómez’s identity to perform money laundering so Mr. Gómez was captured and remained arrested for months until the fraud became clear.

Tuesday, February 4, 2014

Playing safe

“An inefficient virus kills its host. A clever virus stays with it” (English scientist James Lovelock). Indeed a large proportion of computer viruses try to live undetected in the victim's computer as long as possible.

If the affected user does not care about installing an antivirus protection, the malware could survive on his device for a long time. Therefore, in the market for security solutions, competition to attract consumer’s attention is fierce and leads to ads as aggressive as today’s video. Security firm Sophos presents an apocalyptic scenario as a result of having their systems protected with McAfee solutions, rather than with their own products.

Monday, February 3, 2014

"Treat your password like your toothbrush"

"Treat your password like your toothbrush"

“Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months." The advice from computer expert Clifford Stoll is not trivial. Think for a moment about all the passwords you use every day: for your email, your Facebook, your bank account ... you do not expect anyone chasing you, but many victims of cyber attacks thought the same and now they lament not have been more cautious.

However, you can do little to protect a password if it is videotaped by mistake and broadcasted by a national TV, as it happened with the wifi network’s passcode used by the Super Bowl’s security command center.

Sunday, February 2, 2014

Top 5 Infosec links of the week (XI)

Clearly we like spy stories. “Real” spies, but also simulated spies, even detectives so applied to their work that could be spies. Besides that, we also like to know how to push the technology to its limits, to know how we are stolen, or learn to not be teased.

So is this 11th edition of the weekly top infosec news, based on the preferences you have expressed clicking on the links that we have proposed through last 7 days. The top one goes to the revelation that even an email client as TorMail, which should be inherently inaccessible, was actually a loophole: the FBI has been spying at home.

Saturday, February 1, 2014

'Near' and 'Far', 'Hackers' Language|'

"Hi, this is your old pal Grover, and today I'm here to talk about the difference between 'near' and 'far'." If the popular Sesame Street character was back today to give lessons to little ones, may well teach the differences between ‘good hacker' and 'bad hacker’. Because, deep down, they are almost the same than the differences between 'near' and 'far'.

Step into the shoes of a very curious guy. Of someone who, among his interests, wants to go beyond what a single video shows. For example, to detect a second audio signal. That guy may have tools to separate audio channels, extract the contents, make several debug and filtering processes, and try to decipher what isolated digits mean… And get it. Well, that is "near", ie a ‘good hacker’, who tells his story in and who already has a legion of fans cheering its technological prowess.