Tuesday, October 7, 2014

Curiosities of such an insecure network

With a dose of reality and a bit of fantasy in some cases, the history is riddled with curiosities of the most diverse nature. For instance, the joke that fate played on a German woman who in 1914 took six pictures of her son on a film. Later she sent it to an acquaintance to be developed on paper, but she recovered two years later by chance, when she realized that I the film that she had just bought was actually hers. Or the fortuitous prophecy of Morgan Robertson, author of a novel about a ship called Titan that was not as "unsinkable" as he had expected. Moreover the temporal coincidences lived by Lincoln and Kennedy. The path is capricious, and  even more the human search for common ground.

Robert Graham made it clear on one of his last articles, attributing the name of Shellshock, the vulnerability that has shocked Internet in recent days, to Andreas Lindh, who tweeted the picture accompanying these lines by chance in the first few minutes of chaos, which is the logo of a ride at Nickelodeon Universe theme park. Its full name is Teenage Mutant Ninja Turtles Shell Shock.

On the other hand, this vulnerability has splashed Yahoo!. Yesterday some of its servers were affected early in the morning. Short after they were patched, and Yahoo ensured that there was no evidence of any user information leakage in this case.

This kind of coincidences led two Spanish bloggers, Chema Alonso and Alejandro Eguía, to talk about black SEO techniques on the same day. The first of them presents a collection of methods to obfuscate pages related to Viagra scams on legitimate websites, accessible only by crawlers or even from specific references. The second one describes a joke that will drive your SEO savvy friend to believe that Matt Cutts visited his blog, by modifying the HTTP Referer field.

However, the victim himself sometimes seeks for his own misfortune. Keurig, a company that develops and sells capsule coffee machines, launched the first coffee machine with DRM in history. This technology prevented its use with no genuine capsules. The competition denounced Keurig for anti-competitive practices and published an extensive research on how to bypass the ultraviolet light sensor that Keurig uses to avoid other brands’ coffee capsules.

Meanwhile people at Tripwire wonder why still today it is not mandatory to take security as an essential part of every technological development. In a permanently connected world, security protocols and measures to protect personal data communications should be the basis for any business project. Otherwise, we will have to face the usual contingencies that allow strangers to obtain our photographs or access our contacts, to take advantage of our good reputation with unethical purposes. Can we consider an information breach as an accident when it happens on a system that does not meet the appropriate security measures? Is the chance enough excuse to not take legal action when a new Shellshock appears on stage?

With these questions we say goodbye today, but let us tell you again that our best ally in this intense battle of odds is to be well informed.


Post a Comment