Friday, July 25, 2014

Fruit of everybody's labor

"A civilization is only sustained when many people offer their collaborative effort. If everyone prefers to enjoy the fruit, civilization collapses". This quote belongs to Spanish philosopher and essayist José Ortega y Gasset, and is in the day-to-day of Information Security. Governments and companies always call to collaboration to identify risks and deal with threats. But watch out: the other side is also collaborating.

Of course, who seeks to give the maximum knowledge available to everyone, is someone who works in a joint effort. The renowned Spanish researcher Yago Jesus, editor of the blog Security By Default, proposes an ambitious challenge: eight books, one each week on average, to refocus career during the summer and go from 0 to 100 in computer security. Do you dare?

If your obsession is not to become a security professional, but privacy, today should not miss the bit for the collective effort that brings Omar el Akkad on The Globe and Mail: A comprehensive guide that takes the suggestive title of The paranoid guide to computer user's guide's to privacy, security and encryption. Reading it will not leave you indifferent neither the tone nor the way. If you do not believe, please click on the link.

On this side, the good collaboration. We now turn to the pernicious collaborations. Because they work together, as we said above, and they do it a lot. In a documented information published on The Guardian, Samuel Gibbs says that there is a strong community of "hackers" sharing the results of all kind of attacks against companies and users using the Internet Explorer browser. One of the strengths of this community would be the use of these attacks to know what antivirus software systems are being used, and therefore develop more accurate tools to deal with them.

From one browser to another browser, Google surprised us today with the strength of his decision: goodbye to OpenSSL in its Chrome browser. Heartbleed damage is so recent and so intense, so they have decided to implement their own encryption package called BoringSSL. However, as this post talks about collaboration, it is also important to note that Google will continue to contribute to research and funding for OpenSSL technology. And since we're talking about Google, today we must also mention the M2M "collaborations". Thanks to Pierluigi Paganini, we know that false Googlebots (those who serve it to index the web) are beginning to proliferate, to direct traffic to malicious pages. In other words: DDoS attacks by robots that most of websites do not recognize as evil, since they seem Google indexing bots.

Among this huge collaboration, there are some who are looking only to harvest their fruits. This is the case of the famous Social Media platform Add This, that has developed a "canvas footprint" that identifies specific users even if they are applying techniques for privacy or anonymity when browsing, as we find on Dark Net (taking the news from Mashable). A footprint which, incidentally, can be found in a wide disparity of websites. To name just two cases: the White House and Youporn, pages that are not supposed to be linked for any reason.

From CIGTR we try to do our bit with these divulging posts. If you want to help just rate, comment or share these posts on social networks. At the right, on the sidebar, you have the links to our online presence. Have a nice weekend.


Post a Comment