Thursday, October 16, 2014

Carelessness can be costly

“Carelessness can be costly”, ranging from that person who leaves his dog boiling into the car under summer heat to go shopping to those pedestrians who cross the street without previously looking to both sides. Carelessness is very common, and unfortunately sometimes has to be more than paid.


This happened recently due to POODLE, a vulnerability on secure communication protocol since 15 years ago. Do we still use it because there is no alternative? Nothing is further from reality. Carelessly allowing backward compatibility to older versions in current ones leads to a situation where secure communication could be interfered and heard.

What happens when you add to the equation the explosion of new devices designed by different companies? Then companies such as Akamai launch reports focusing on the evolution of DDoS attacks, where they highlight critical vulnerabilities on many of the connected Plug and Play devices. In fact, these devices could be used as useful zombie clients to any evil that comes to mind.

What if we include also bank risk into the equation? Carelessness can be costly indeed, as recently happened to MBIA Inc, a provider of insurance bonds, whose subsidiary Cutwater Asset Management made a mistake that allowed search engines to index hundreds of documents with instructions on how to authorize new accounts, forms and internal fax numbers.

Taking into consideration all these oversights, it never hurts to remember some important points to mitigate financial impact from data theft. To save information in safe place, to use debit cards for purchases, to securize accounts and connections to services (especially banking ones), to be careful with public WIFIs and others’ devices and to remember that everything that goes online is not private (including emails).

The evolution of malware in recent years is also interesting. It began as a group of tools with reputational or activist purposes and has ended up as a whole industry at the service of cybercrime and cyberwar. At Kaspersky’s blog they are discussing the dangers of this new wave of malware designed by intelligence agencies and cybercriminal gangs with lots of resources and alarming sophistication. This is malware as a military weapon. Due to human carelessness, it easily bypasses your system’s passive protection and weaves a web of control and espionage that seems straight out of a science fiction movie.

Before putting and end to this article, there is good news for all those hackers who read us: The RootedCON, one of the best known computer security events in Spain, held in Madrid in early March, has opened its call for papers stage. If you are engaged in a groundbreaking research, if you want to tell stories you've lived in your company, this is your chance.

Carelessness can be costly. Keep in mind these words when you face any project. Be alert, be curious but not too confident, and do not worry more than necessary. Life is too short for that.

Happy Thursday!

0 comments:

Post a Comment