Friday, October 10, 2014

In love as in war…

Lots of quotes show how human being has been historically attached to military, such as Sun Tzu’s "All warfare is based on deception",  Joseph Stalin’s "The only real power comes out of a long rifle", or famous popular saying “All's fair in love and war”. Despite of we consider ourselves social beings, the desire for power and the imposition of a hierarchy based on goods makes us raise arms, spending resources to protect ourselves instead of spending them for the common good.

A war is being waged in cyberspace, a war with no boundaries. Some people are protecting their property while others try to steal it. In the middle, we usually found the user, who witnesses how some tools that were originally designed to safeguard his data end up being exploited in phishing campaigns. For instance, the notifications sent by iCloud to the owner’s account when someone else attempts to access its content. You better be very careful with what you get on your email inbox and always make sure that you access its official website before entering your credentials.

Sometimes digital and physical worlds merge in a strategy to gain victim’s trust, taking into account the social engineering campaign that is hitting Spain. An alleged Microsoft’s support executive calls users to check their PC (and incidentally, get control of it). Microsoft has never offered this type of service, and if so, it would never ask your personal details (since it already has them).

Both sides face each other in thousands of cyber fields dominating and continuously losing territories. However, there are always some "old friends" in the spotlight. This is the case of Windows XP that even several months later since Microsoft stop supportting it is still present in 20 % of Spanish computers, all of them vulnerable to new exploits coming out, without any chance to get patches for them.

Shellshock vulerability is on the hype in black market. All suites and exploit kits have designed or are designing ways to take advantage of this bug in bash management enviroment, as reported by Malware Must Die. Botnets like Mayhem have been using it since a week ago to compromise Linux and OS X devices’s security worldwide, although patches are available for anyone.

Against black hat army, the best shield to protect your projects is a proper implementation of security and privacy policies in software development cycle. The main topic of the second week of National Cyber ​​Security Awareneses Month (NCSAM) revolves around tools to minimize risks in IT development, such as internal tests, the added value of open source communities, deployment of necessary certifications and a contingency plan for what might come.

Well, these recommendations are for developers. On the other hand, it is worth it to remember iPhone users 10 tips for securing their devices: use of strong passwords, active screen lock, two-step verification on Apple and iCloud accounts, keeping SIRI disabled on the lock screen (which is something we talked about earlier this week), disabling automatic synchronization (to avoid potential compromising photos being uploading to the cloud), tking care of Automatic WIFI conection, use of VPN (particularly on insecure connections), disablng the use of cookies and autofill fields on the browser and controlling access to personal data by applications.

All Those measures are necessary to enjoy of all great advantages that this environment offers in a secure way..


Post a Comment