Saturday, October 18, 2014

Mountain View, we've got a problem

"Houston, we've got a problem". This sentence from the crew of Apollo XIII is an icon of popular culture. With very little time to react, and under great pressure, the engineers had to find a way to join a cube-shaped containers with cylindrical entries, and they could only do it with the materials that were in the ship itself. Thanks to this solution, and several additional measures, those astronauts survived almost certain death.

When researchers at Google found this week the vulnerability dubbed Poodle, they lived a similar situation. "Mountain View, we've got a problem". If you have the capacity to go into one device to downgrade and invalidate the SSL protocol, someone should look almost as ingenious solutions as those Apollo XIII engineers did. Cupertino have decided to win this medal, and its brand new version of its iOS operating system, Yosemite, has achieved to patch this vulnerability. This has caused admiration in the industry, since there have been, if not hours, between vulnerability spread and the built-in patch after months of "cooking" Yosemite.

The ecommerce giant eBay doesn't want to stay out of play. This firm does not produce components, it sells them, so eBay has taken a drastic decision: preventing access to a platform to outdated browsers not supporting TLS protocol. It's one of those decisions that may involve getting less traffic, but also gaining respect from the online community.

The quintessential social network, Facebook also wants to be in the top-of-mind of security awareness for online community. Since password theft is one of the favorite activities of cybercrime, for offering them for sale in difficult location platforms, Facebook has decided to "move to cybercriminals side". At least, that's what Facebook has just announced: their security specialists are moving in the same places that digital balaclava boys, the Deep Web, and with the same techniques; ie looking for leaked passwords and automatically blocking accounts that match the stolen ones. Immediately, the user is notified to generate a new password.

However, credential theft is less more than a "training" for more hazardous activities. The Group-IB has just published the latest edition of its prestigious report on trends in cybercrime. The report covers the second half of 2013 and the first half of 2014. It identifies significant growth in carding black market, and a large increase in the theft of virtual currency; attacks against financial institutions do not miss their tricks, with increasing specialization in mobile banking.

Finally, an anecdote: only a week ago we saw here the vulnerability for new "smart" electricity meters, which are imposed to Spanish consumers and they can not reject them. The case has transcended our borders and as reputed blog as The Hacker News has echoed that. Clicking here you can check it.

Nobody likes to say "Houston, we've got a problem". But if we do, the best we can do is start looking for solutions as soon as possible. And, if possible, to take the initiative to avoid it next time. Have a good weekend.


Post a Comment