Saturday, May 24, 2014

Randomness and vulnerable systems

"We predict an increasing number of new data breaches in both sectors in the next few years, as well as the appearance of new types of specific malicious code targeted at retailers' backoffice systems and cash registers". IntelCrawler guys words, after making public a discovery that will not leave anyone indifferent:

Discovered a PoS botnet, apparently directed from Serbia, almost 1500 stores in over 35 countries. The odd thing is that among infected at least 25 different types of management software are counted, pointing to a criminal industrialization with great resources. Systems which, as we mentioned last week, start to be in the crosshairs of cyber attackers, being programs that handle credit cards, and usually do not have the necessary security measures.

For anyone who has fought with the development, randomness is a constant problem. How do we ensure random elements in a system based on algorithms that are not? Because otherwise, if an attacker can predict the outcome, would the keys to access everything that protects it behind him. Gastón Charkiewicz explains it, advancing in an article for the ESET blog, some basic terms in the field, such as entropy and machine learning.

Have you recently been to The Bahamas? If true, there will surely be phoned one of his friends, family, or in the worst case to resolve a work item. Well, according to recent statements by Snowden, the NSA has a record of all calls made from the island, by using two different programs, MYSTIC and SOMALGET. The first charge of generating a titanic database calls, without any segmentation, and second, the collection of metadata from each of them. The question following this knowledge would be why the U.S. has so much interest in this paradise?

And ended up with one of those stories that make your hair stand on end. The life cycle of a zero day is usually relatively low. Since being discovered until the discovery is made public and the company responsible solves rarely spend several months. But what happens when even with the knowledge of its existence, the company seeks solution immediately? That you are to a product (in this case, Internet Explorer 8) has spent at least seven months (possibly more among circles of black market) helpless to the execution of malicious code using email marketing campaigns and/or involved sites. If you regularly use the version 8 of the browser, until further notice recommend disabling ActiveX controls and Active Scripting.

If you've come to the end, remember that you can rate and comment our posts, or follow our social profiles whose links you will find at the sidebar, as usual.


Post a Comment