Friday, April 25, 2014

The "portuguese way" of cyber security

“Grândola, swarthy town / Land of fraternity / It is the people who lead / Inside of you, oh city”. 40 years ago, this revolutionary song was played in the Portuguese radio. It was the second signal that the Movimento das Forças Armadas (MFA) awaited to occupy the strategic points of the country and initiate what is known as the "Carnation Revolution".

The movement that ended the Portugal’s Dictatorship is one of the least violent and bloody revolutionary processes in history. Known as the "Carnation Revolution" due to the carnations that soldiers put in their rifles as a sign that they did not want any bloodshed. Maybe it was a call to common sense, which we may miss today. We could learn a lesson for the risk environment of cybersecurity.

There is no blood here, or at least it is not always visible. But be careful with your own blood, your leukocytes, with your cells, with your health. The FBI warned health authorities again that health is a sector at risk. Indeed a sector in severe and permanent risk: data are vulnerable, machines are vulnerable, so cybercriminals have a broad field for their actions. In a world where everything is connected, health cannot remain in "splendid isolation" as was intended by the Portuguese Dictatorship.

Like in medicine, in cybersecurity nothing is better than prevention. But if prevention fails, you have to apply patches. And sometimes the patches also fail. The Apache Foundation has just  announced that the patch they released for a number of vulnerabilities found in their Struts and Struts 2 frameworks are not completely reliable, and it is working on a new one. Carnations in the rifles are fine, but beware that if the enemy can shoot, he will shoot.

Imagine how the Portuguese revolution would have ended if the Dictatorship’s high command had managed to intercept MFA’s communications. Not very good, for sure. In the Twenty-First Century, that is called "Man In The Middle" (MITM). It is one of the worst things that can happen to you. Do you use Viber for instant messaging, for instance? For you should know that you are vulnerable to a MITM.

The José Afonso’s song (Grândola, swarthy town) determined that "It is the people who lead", right? Well, a student of the famous Spanish researcher Chema Alonso tells on Alonso’s blog how he recently warned Google Chrome developers of a 0day... and they fixed in less than 24 hours. As we always say: You can be the next to find a vulnerability and help make the Internet a bloodless revolution. Where there is will, there is a way.

In any case, if you don’t want that a revolution turns out of control, one of the things you should control is uncontrolled elements. That is the origin of Blackhole DNS Servers or "Internet black holes", as Vicente Motos reminds us in a recent post in HackPlayers.

The network could be both a place for risk and a land of opportunity. It depends on the use we make of it. We wish that the day comes when we can sing to the Internet like Afonso did to Grândola: "On each corner, a friend / In each face, equality".


  1. Interesting article, but I must correct you. The artist's name is José Afonso (best known by the nickname Zeca Afonso) and not João Afonso.

  2. Hi, Miss C.M. As one of the CIGTR's collaborators, I must thank your comment. Just to get it right, I don't remember where did I see Joao, and not José. But the truth is that José is the right name. We proceed with this change, and hope this fail doesn't ruin this post. Thank you very much and keep on reading us and commenting. See you.