Friday, August 1, 2014

The far side of the Moon

A study by the University of California just determined that the Moon is not round as believed, but lemon-shaped. It is even ensured that this shape is the result of tidal influence, which has always been studied the other way around. Anyway, what remains unchanged is that the moon has two sides. A visible one; a hidden one. Just like information security.

The difference between the Moon and infosec is that infosec’s dark side is not always the same. It basically depends on who is more skilled to hide whatever he wants, or to hide himself wherever he wishes. The CIA has acknowledged that it spied on a computer of the U.S. Senate Committee on Torture. It did it indeed, but as remembered with much sarcasm by Robert Graham at Errata Security blog, it was actually spying on "itself". It created a network secured by the CIA itself and was able to check what attracted the attention of researchers, allowing it to reclassify the most "compromising" documents on the go.

When we talk about CIA two words always come to mind: onion (.onion) and TOR. Specialized blogger and CIGTR’s contributor, Pablo Fernández Iglesias, is clear: as all encryption system TOR will end up falling. It is not the same to be hidden than to be anonymous. Put it another way: the moon may have a hidden side, but we know it exists.

There are always things that you cannot hide and are exposed to the public. Chema Alonso launches "a cry for awareness" on his blog regarding the photos uploaded to the networking site Badoo. Accessing them by a direct route is not possible. But taking a short detour we can reach the full-sized photos of whoever we want. And, there is malware that would like to be like the Moon. It is malware that hides itself requesting non existent DLL libraries to force the execution of libraries with malicious content, as it is described on Security By Default blog.

You also have your "moon’s dark side" (and it is fine that you have it): your passwords. If you do not want anyone to steal them, what out. The latest Facebook scam redirects to a webpage which warns the user that his Facebook account has been deactivated and requests his credentials. Look carefully at the URL because such credentials will be used by someone to take control of your account. As we know, Zuckerberg's social network is scam territory. Now Net Security has gathered the top 10 scams in Facebook: from the classic "who has seen my Timeline" to the "say goodbye to the blue Facebook".

If you don’t want to "live on the moon" but to be on "honeymoon" with your online life, you can follow us everyday on our blog and on our social networks, whose links you will find at the right sidebar. Have a good weekend!


Post a Comment