Wednesday, April 30, 2014

April's cyberthreats



“April is the cruellest month.” Today, the poet and playwright T. S. Eliot - author of the quote - would be very happy. Finally the fourth month of the year is about to end. It has left behind one of the most serious vulnerabilities in recent times, the Heartbleed one in OpenSSL._

But Heartbleed is not the only threat that April brought us. In fact, some researchers have discovered a security issue on Telegram instant messaging app. The flaw lies in the authentication between the client and the server, which could result in an attacker accessing to a user account. Anyway, the vulnerability only affects Telegram unofficial apps. Hopefully its creators will fix this situation soon. For example, as Adobe did releasing an update that covers a serious vulnerability affecting its Flash player for Windows, Mac or Linux.


Tuesday, April 29, 2014

We'll keep on fighting till the end


“We’ll keep on fighting till the end”, sang Queen in his ‘We are the Champions’. This well-known song will become the soundtrack of the semifinals of the UEFA Champions League to be played today and tomorrow.

Millions of Europeans will be watching their TVs waiting for the victory of one of the four semifinalists, Real Madrid and Atletico de Madrid among them. However, the vast majority of people are not aware that a far more important event for their daily life was held yesterday. This is the Cyber ​​Europe 2014 (CE2014), a cybersecurity exercise which involved 200 organizations and 400 cybersecurity professionals across Europe.


Monday, April 28, 2014

Failure, amendment and a lesson to learn

“It's fine to celebrate success but it is more important to heed the lessons of failure.” We completely agree with the author of this quote, Microsoft cofounder Bill Gates. Cybercriminals do not give second chances, so it's essential to avoid repeating the same mistakes.

We bring you some examples of errors that we should not find again in the future. For example, the flaw discovered in Facebook’s servers which could be used by a cybercriminal to perpetrate DoS (Denial of Service) attacks against other websites, with a bandwidth of 800 Mbps.


Sunday, April 27, 2014

Top 5 Infosec links of the week (XXII)

A defragmented internet, malware campaigns for iOS and Android, the sex video of Miley Cyrus and the value it provides security on Big Data. The five top post this week, directly in the Sunday compilation.


Situations as unlikely as the intense scrutiny that intelligence agencies like NSA have been performing with Internet traffic reopen the talk about the possible fragmentation of the network. This time, Turkey, which threatens to create their own, abandoning the "www" with "ttt".


Saturday, April 26, 2014

The responsibility for our actions in the third

"The positions of responsibility to make the most eminent yet eminent men, and vile, vile and small". One of the most famous statements of the writer Jean de la Bruyère, we recover in advance of the articles linked.

Responsibility. That quality necessary for the good future of our society, and with interest bordering on the personal aspirations of each. This is how Javier Cao wondering how long we can look the other way, without stopping to discuss infoethics new technology. In a scenario where the analysis of large volumes of data has become our daily bread, the boundaries of reality are marked solely the responsibility of the use made of.


Friday, April 25, 2014

The "portuguese way" of cyber security


“Grândola, swarthy town / Land of fraternity / It is the people who lead / Inside of you, oh city”. 40 years ago, this revolutionary song was played in the Portuguese radio. It was the second signal that the Movimento das Forças Armadas (MFA) awaited to occupy the strategic points of the country and initiate what is known as the "Carnation Revolution".

The movement that ended the Portugal’s Dictatorship is one of the least violent and bloody revolutionary processes in history. Known as the "Carnation Revolution" due to the carnations that soldiers put in their rifles as a sign that they did not want any bloodshed. Maybe it was a call to common sense, which we may miss today. We could learn a lesson for the risk environment of cybersecurity.



Thursday, April 24, 2014

Cybersecurity is not just a freak’s thing

People look at me like I was a freak. Not because my Dalí’s style mustache. Nor because I like to sing using broccoli as micro while I work out. The truth is that everyone looks at me like I was an alien when I tell them I work in cybersecurity.
Although users’ knowledge about the protection and the precautions for their electronic devices is gradually increasing, a large majority still are not aware of the risks of the Internet and look to the field of information security as something from another planet. Therefore, they can easily become victims of cybercrime.


Wednesday, April 23, 2014

Mobile security is key for the future of the Internet

“The Internet is a collective construction and its governance process must also be built that way,”said Virgilio Almeida, Brazil’s Secretary for Information Technology Policy at the NetMundial meeting in Brazil. It is a two days event where about 850 government officials, academics, technical experts, etc. are trying to find the most proper way to transfer the Internet governance from the U.S. hands  to an international body.



Undoubtedly the reasons behind this attempt to untie U.S. government from the control of the Internet are the U.S. surveillance programmes disclosed by Edward Snowden, which generated mistrust in the rest of the international community.


Tuesday, April 22, 2014

Sheriffs of the Internet

Harsh, implacable, and always willing to keep the evildoers away from their people. Here’s how Hollywood described the figure of Sheriff in its westerns.
Nowadays every company has its own sheriff, a person responsible for keeping ‘cyberbandits’ away from its employees. But instead of a gun, that person uses computer security systems and data analytics to fight the bad boys. It is here where Big Data enter the scene. According to Gartner’s report “Reality Check on Big Data Analytics for Cybersecurity and Fraud”Big Data analytics gives businesses faster access to relevant information for them which means time and money saving when tackling cybercrime and fraud.


Monday, April 21, 2014

Cibercriminals can make your return to work even tougher

Come on! Wake up! Stop whining in front of the screen. We know that Easter holidays are too short and getting back to work on Monday is doubly tough, but think that it is much worse for teachers.
According to a survey by the NASUWT teachers’ union in U.K., more than one in five teachers suffered adverse comments on social networks. A quarter of those insults come from the parents of the students, but have been even detected attacks from students as young as seven years old. Many of those offensive messages include photos or videos taken without the consent of the victim. This situation is causing different effects on teachers, from loss of confidence to health problems.


Sunday, April 20, 2014

Top 5 Infosec links of the week (XXI)

How to get followers on Twitter, Social Media 2014, SO that Snowden used for communications, the dangers of cyberflirting and Big Data as a tool to reduce bank fraud. The five top post this week by the Sunday collection.



Social networking is in itself a way of life. Some tools we use everyday, and improve care. They are the window to the world of our social identity, and therefore, we care greatly. At the top of this week have two articles related to it. Namely, the study security expert @Blackploit recently conducted to demonstrate how accounts illustrious personalities like Britney Spears, Lady Gaga or President Obama make use of tactics inflation Twitter followers and a new videography on the 2014 evolution of SMaccompanying the article.


Saturday, April 19, 2014

Judges and satellites

"Four characteristics correspond to the judge: Listen politely respond wisely and prudently decide impartially weigh”. Four characteristics that reflect the work of the judiciary. 
And four are also the functions of coverage. 4 FC’s all computer expert has to meet in an expert report. What they do not know which are? As I say, in the article that accompanies these words explain one to one.


Friday, April 18, 2014

Friday concessions

”Father, into your hands I commend my spirit”, quotes a psalm of these appointed feasts, and it seems that also resorted large Twitter accounts.


Everything starts with an investigation by a security expert, this time @Blackploit, on service useinflation followers on microblogging network. There are 5 different services, all from the same manager, and each offering its own way a free version of 100 new followers daily to fill you change the timeline of spam, or 1000 per day if you choose to pay. The strange thing is that using a newly created account, and subscribing to the free version, has made accounts like @ladygaga, @britneyspears, @BarackObama will follow his. Coincidence?


Thursday, April 17, 2014

With proper precautions, long life Social Media

The six seconds of any Vine video have become the equivalent of 30-second spots in the era of Web 2.0. In this new era, user attention window is 7 seconds, even lower than fishes one, which lasts 8 seconds.



That’s said on the latest video from Erik Qualman (Socialnomics), one of the essential references of the Social Media scene. In just 3 minutes and 18 seconds, it gives us plenty of data to understand the scope of social media today. We echoed 2013 edition of this video (http://goo.gl/Q0WVzF), with some considerations that are still OK: “Although it is not #Infosec as such (…) What information is given, where and when shared is crucial in an industry that is constantly growing. Take note the current figures of the “Social Media”, that give us clues as to how far we should make a prudent use of our, moreover, beneficial social presence.”


Wednesday, April 16, 2014

The Paschal eggs of cybersecurity


The tradition of giving Paschal eggs in Easter is related to fertility which is what spring represents.In some countries decorated chicken eggs are exchanged, in others it is more typical to give chocolate eggs to your beloved people.
Perhaps information security professionals could take example and arrange their own tradition in order to celebrate that they work in a fertile and growing professional field. In fact, their level of satisfaction about their jobs soared last year, as is reflected on the study, “Information Security: from business barrier to business enabler” commissioned by Infosecurity Europe. 81% of cybersecurity professionals surveyedsaid that their job has become more enjoyable, although there is still a significant gap of qualified talent in this field.


Tuesday, April 15, 2014

Are you sure you care about your privacy?

“Do you consider yourself like a private person?” As you can see on the video, most people would answer ‘yes’ to this question almost instantly. Perhaps we should stop and think a bit more about where we put the boundaries to our privacy in social networks. You may be surprised!



Fortunately that video is just a sociological test, a small joke to surprise people interviewed and raise viewer’s smile. However, these are the same methods that malicious hackers use to steal your data, deceive you, kidnap your accounts, etc.


Monday, April 14, 2014

Cyberflirting also has some risks


Are you a flirting master in your office? Can’t you get a date with any colleague anymore so you began looking for  women on Tinder? Be careful!
The popularity of this mobile dating app is booming. With 7.6 million active users per month, it has become a life raft for those who have no time or desire to go out for flirting. Tinder provides a whole catalog of potential dates around you at only one touch. However, you need to be alert to avoid being trickedThat so attractive girl who started to talk to you could be a bot or a hacker with malicious aim. Beware of all the links that they sent without request.


Sunday, April 13, 2014

Top 5 Infosec links of the week (XX)

NSA Comedy videos, hacking airline tickets, Yahoo and safety, OpenSSL and fraud in Google Play. The five top post this week by the Sunday collection.



The NSA remains objective of all eyes. Since it became known that the U.S. intelligence agency has been spying global communications have not stopped arise videos that humorously satirized their work. An example of this is the people of viral CollegeHumor: If Google were a boy.


Saturday, April 12, 2014

Stay tuned and keep watch

”Stay tuned and keep watch, because you know not the day nor the hour”. Mateo 25,1. A statement that reminds us how weak (and lucky) that we are to be able to be playing in this game. And a statement that usually observed without fail in the world of computer security.

So much so that Oscar Navarro wonders if indeed the end of support for Windows XP will bring some security problems that otherwise would not have. It refers to those critical systems that give us much respect: industrial control systems. An infrastructure that usually take years and years to work the same way, using Windows XP as a base, and whose continuous patches have not been applied. The end of support from Microsoft only affects those who allowed their system to update each patch, unfortunately being an action that is necessary, it need not have been usual.


Friday, April 11, 2014

Hacked life / checked life

Can you imagine a NSA agent stuck to the phone every time someone enters a suspicious term on Google? Well, that is the picture drawn by CollegeHumor, author of the parody video “If Google was a boy”The second part of the story was released a roughly month ago.



This parody gives us an idea on how Information Security is increasingly becoming part of our daily life:everything is connected, everything is susceptible of being hacked, monitored, controlled… more or less illegitimately, sometimes by those we would least suspect. That’s not our call, of course, but Ars Technica’s one. This specialized blog has reported a series of logins on the already most famous security breach of the year, Heartbleed, which could be attributed to intelligence agencies, while the Electronic Frontier Foundation calls for further research to clarify how far this charge is true.


Thursday, April 10, 2014

Don’t believe everything you see


Mmmmmmmm… Yummy! The apple pie on the picture looks good, right? Have you already started to salivate? Well you’re in for a disappointment when you find out that is not edible. A bit of wax here, a bit of gelatin there, some painting and… Here you are! An irresistible apple pie, but only for the eyes. 
We could say that tricks used by photographers and publicists to delight and seduce us have certain similarities with the baits used by cybercriminals to get our confidential data or to infect us with malware, among many other things. Phishing is an crucial technique for their strategy. For instance, banks are used as bait in 62% of financial phishing attacks in Spain, according to Kaspersky Lab, a company that in 2013 blocked 300 million of such attacks worldwide.


Wednesday, April 9, 2014

ATMs: cybercriminals’ favorite way to plunder your bank account


“The evolution that’s going on is an increase in attack sophistication and intensity, where fraudsters are analyzing the whole payments ecosystem, finding the weak points, and exploiting those.” Financial fraud expert Tom Wills speaks about those crime schemes that hack bank accounts, clone credit and debit cards or steal other people’s identity in order to plunder their accounts. This threat is increasingly more common, so both financial authorities and banks are under alert.
Probably this trend has something to do with the growing number of security breaches and information leaks that took place last year. According to Symantec, in 2013, there were 62% more breaches than in 2012. It is significant that the number of identities exposed have increased from 93 million two years ago to 552 million last year.


Tuesday, April 8, 2014

Windows XP: Lots of things have changed since then

“Introducing new Microsoft Windows XP. How much do you want this totally new Windows?” One of the craziest moments of Steve Ballmer, former CEO of Microsoft, took place on the commercial that he starred for the launch of the oldest operating system in our recent history, Windows XP.



You would like to see him now announcing the death of the operating system in the same way, right? Because, ladies and gentlemen, today support for Windows XP officially endsAn operating system that is still used by 20%-25% of users and it is still targeted by a quarter of malware infections, according to Kaspersky. however, this figure is expected to increase significantly from now on.


Monday, April 7, 2014

Internet is like a box of chocolates, you never know what you’re gonna get

“Momma always said ‘life was like a box of chocolates, you never know what you’re gonna get.’”This quote taken from the famous film Forrest Gump may sound familiar to you. And if you have a look to the latest developments in the cyber security world, you can not say that Forrest’s mother wasn’t right.



You never know when your Android mobile phone may get infected, for example, by the Oldboot.A virus. This is a highly sophisticated malware which modifies the operating system’s boot partition, so although the virus were eliminated by an antivirus software, it would loaded again when your device were restarted.


Sunday, April 6, 2014

Top 5 Infosec links of the week (XIX)

Search for software engineers skilled in security, cloud services attacked, DDoS massive giants game industry, hackable cars and safer browsers. The five top post this week by the Sunday collection.



Will it attract our attention if a politician decides to talk to the people conversationally? Definitely. What if you were offered a job? Even more. In the video that accompanies this article we see the Israeli finance minister asking security experts that are committed to Beersheba, “the next world capital of cybersecurity”, thanks to a technology park at the crossroads military, college students and some of the most important companies in the sector.


Saturday, April 5, 2014

Skills acquired

”Acquire habits from young which is not unimportant. It has an absolute importance”. With these words, Aristotle pointed out the need to inculcate the “hacker” philosophy since childhood, creating in the minds of the young the pleasure to learn and test.
And this should it feel right Kristoffer Von Hassel, a child 5 years U.S. has managed to crack the access father profile in Xbox. The eagerness to enjoy some of the games that the father had closed password took the child to try a thousand and one ways until he found a really disturbing exploit: writing space request confirming default password validation. Microsoft is already aware, it has been fixed, and has been commissioned to promote information security interest of this child by giving him several games, some money and a one-year subscription to their services.


Friday, April 4, 2014

Looking for a job? As we all know the situation is terrible now, it is very difficult to get a job, but repeating it over and over again is useless. How about turning around your way of thinking? What if you catch up with Information Security? Because there is a lot of work on that field. A lot!

Can you imagine a politician talking on camera with casual look, using a clear and direct language, without jargon or gimmicky formulas of any kind? The Israeli Minister of Economy does not only imagine it, he does it. He has its own channel on Youtube, where he published around 300 videos. On one of the last videos, we can see him inviting security engineers around the world to settle in Beersheba, “the next world capital of cybersecurity”, thanks to a technology park that gathers military, college students and some of the most important companies in the sector.


Thursday, April 3, 2014

“Cybercriminals, leave me alone!”

When did you feel peaceful for the last time? It is difficult to reach that inner harmony without being disturbed, right? Every day is full of conflicts, problems and complex situations.
Despite all its positive points, the Internet and technology in general can also become a source of battle. Surely those bank customers in the Middle East who were affected by an Android botnet, that has already infected 2,700 smartphones through disguised electronic banking apps, will be very angry if the cybercriminals behind this scheme have finally managed to take everything from their bank accounts.


Wednesday, April 2, 2014

The Infosec industry needs more heroines

Undoubtedly, every woman is a potential heroine. They are able to deal with their professional responsibilities without neglecting their family’s needs even when more than once they have to overcome the clumsiness of men around them.
Although it is not very usual at CIGTR, today let me make a very personal comment. I am a man and I have to admit that, both during my studies and my professional career, I have been blessed to work very often in teams composed by majority of female members. So I am very aware of how much they can contribute to tackling any challenge or problem. Therefore it is a pity that women today are even less interested in the world of information security than 25 years ago. According to the study 2013 (ISC) 2 Global Information Security Workforce Study, only 11 out of 100 infosec professionals are women. Considering that currently in the U.S. there are no less than 30,000 vacancies in this field and 300,000 new ones are expected to emerge next year, is a pressing need than women begin to fill such positions.


Tuesday, April 1, 2014

The most serious cyberthreat is to gag Internet freedom

“What is freedom of expression? Without the freedom to offend, it ceases to exist” stated by British writer Salman Rushdie. In this regard, we would add another question: what is the best mean for exercising freedom of expression? Without freedom of expression, Internet become orphaned.
The arrival of the Internet allowed any citizen to convey his opinions and ideas freely to the world. However, as happened lots of times throughout history, powerful people hate being criticized. Therefore, some of them put all means at their disposal to prevent that, demonstrating a null democratic sensibility. If a country like Turkey – which has repeatedly expressed its public desire to join the European Union – blocks websites as popular as Youtube, it is not surprising that the EU authorities urges its government to fit “European standards” and jurisprudence from the Strasbourg Court.