Thursday, October 23, 2014

Digital pessimism is almost as dangerous as cybercrime

"Hope is a denial of reality, it is the carrot stirred in front of the workhorse to make it move forward, struggling in vain to reach it". It is also said that "The pessimist is a well informed optimist". In this sense, the way we face life is far from being the most profitable one, even more if we think of today’s technology hardships.

Perhaps in the infosec field it is usual that pessimism is passed on to others. If HP and the Ponemon Institute launched the Cost of Cyber Crime Report 2014, and you find out that bad boys have caused losses of $ 12.7 million in the United States alone, which is 96% higher than the previous year, it is normal that it ends up affecting to you.

Pessimism could have overwhelmed BIP! card!" developers after realizing that their system has been hacked. This NFC card allow Chilean commuters to pay on Chile’s public transport system. but non official Android apps allow users to change the card number and even top-up for free. To make matters worse, the adventurers who dare to try these others apps are not safe since some of them are infecting devices with botnets and ransomware.

This relentless struggle against cyber evil turns your mood positive when everything works well, and pushes you towards a cliff when you become victim of some type of fraud. Why does cyber ransomware work so well? Because it takes advantage of your loss of hope, it uses user’s fears of losing his data and his feeling of guilt for something he allegedly made (watching pornography, having illegal content on his device...).

You also lost hope when you see that new vulnerabilities sprout every single day. Each of them seems more serious than the previous one, as a new exploit that takes advantage of Windows OLE technology. This technology allows, for instance, to embed a form on a Word document. Only Windows Server 2003 avoids this exploit that allows attackers to gain control of all user’s permissions. If the user is the system administrator, for example, they would get full access to the system.

Well, on some occasions some move that seem good for usability can arise a few doubts. In fact, the identification method proposed by Twitter for its new cross-platform apps development framework. Digits does not depend on any password because it is associated to your phone number.  It moves identification from a method based on knowledge to another based on possession. Very nice on paper, but where is privacy?

Precisely PC Actual has focused on this topic on one of its latest articles: The value of digital anonymity on an environment that it is becoming less and less anonymous. Neither one extreme or the other are good, but the balance, which is really difficult to find… Just like with our feelings.


Post a Comment