Tuesday, September 2, 2014

Infosec's Farabutto

Raise your hand who knows who are Guido & Luigi Farabutto. Nope. They are nor two italian researchers, neither two grandson of immigrants argentinian hackers. Let us give you some clues during next paragraphs. How long will it take you to guess it? ;-)

Clue number one: Farabutto bros are too much related with most "celeb" leak lately, the nude celebrities photos leak after an iCloud security breach. Scandal is so huge that Twitter is deleting profiles tweeting these pictures, and FBI itself is working on the "w" of this shocking leak: who, what, how...

Clue number two: their history have to do with power and privacy. Two issues more and more related since Edward Snowden just came up airing NSA espionage techniques, that go into infinite branches. One of them is a not Microsoft "skype", developed on 4Chan environment, just the same place where nude celebrities pics were first posted.

Clue number three: don't trust who try to trick you. Just trust in common sense, the less common of the senses, and even sometimes the hardest to apply. Related to privacy, security and data accesibility, the adviser of this Center, Pablo Fernández Iglesias, raises up in its last post alternatives for information storage, and physical/drive dilemma. The debate is open.

Have you guessed who the Farabutto are? OK, they are responsible for someone making a fool. Just the way they must feel the users aiming to be anonymous and using an Apple device. Due to protocol reasons between native apps and apps as Facetime, their identity could be revealed to anyone gaining access to this vulnerability.

Fifth clue: Mocked? So don't be so fool to show it. There have been a lot of havocs because of CryptoLocker, but the advice on ransomware is always the same: "Do NOT pay". Basically, it increases the teasing most of times. Before or after, there are settlements for almost everything. FireEye and FoxIT have started a website to unlock any file crypted by this malware.

Sixth and last clue: don't go out on the balconny as if you were protected. If you are not alert while browsing, it is so easy to visit XSS vulnerable or HTML injected websites. Chema Alonso pursue this subject discussing Chrome bugs AKA 'features' as Google team call them.

If at this point you were not able to guess Guido and Luigi Farabutto as the tailors of 'The Emperor's New Clothes' tale, we must think that you are not reading us enough (of course, fondly). Just a few days ago we were talking about the post 'The Nude King of information security' (http://kcy.me/19rvn). Maybe you were on August vacations... but relax is over. If you don't want 'reentrée' to be harder, the best you can do is stay up-to-date, share this information and avoid scams as much as you can. Don't let you to be nude facing multiple risks of the network. ;-)

0 comments:

Post a Comment