Wednesday, October 15, 2014

No matter how invincible they may seem, in the end, they always fall

It is said that Gandhi was not a good student when he was young. He hardly passed the entrance examination to the University of Bombay. He eventually ended up taking his law studies in London. It was in South Africa where he discovered his true calling when he witnessed how people lived in that country. Thereafter, he found a way to hack the system, which led to the independence of India and the integration of the poorest people within society. His life is a reflection of constant war against injustice and exploitation, which was wisely introduced in one of his many speeches: "When I despair, I remember that all through history the ways of truth and love have always won. There have been tyrants, and murderers, and for a time they can seem invincible, but in the end they always fall."

They fall both, good and bad people. Today’s top headline is undoubtedly the discovery made by researchers at Google of a vulnerability on SSL v3.0 protocol, which could allow attackers to downgrade client’s version to this one, typically by injecting javascript, and then skip it. The attack would have to be carried out along with a man in the middle attack in order to steal data successfully. Nevertheless the importance of this vulnerability is that HTTPs encryption based on SSL is eliminated. This situation will hopefully boost the adoption of TLS and make this standard to be abandoned (after 15 years).

Controversy over the alleged Dropbox leaked accounts continues. The two leaks made until today do not exceed 400 accounts, and everything seems to point that hackers collected credentials elsewhere more than taking advantage of breach in the company’s system. While we waits for those 7 million accounts apparently stolen to be disclosed (which would place the attack as the second largest ever, only behind the Adobe’s case), it doesn’t hurt to change your password and enable two-steps authentication.

Apple is one of those companies that would hardly be forgotten. Some people wonder if this new crusade for its customer’s privacy is nothing but a facade to gain followers and move itself aside of competitors like Google. Although there is no way to decipher data stored on the user’s device directly from Apple’s servers , it does not mean that the company can keep providing access to user’s iCloud account, where backups are made regularly by default, to law enforcement.

When your personal information goes from private to public domain, problems arise. This is why Facebook’s movement towards the health field rings alarm bells if it is taken into consideration that this kind of social services survive selling information, and that such health information could create a very dangerous personal profile when exposed on the Internet.

Desperation provoked by the risk of storing their documents on the cloud leads more and more families to use an Internet connected hard drive as a private data store. NAS were not very common a few years ago, but nowadays have become more widely used. Unfortunately, they have serious security flaws. Jacob Holcomb, a researcher specialized in data storing, has found critical vulnerabilities on at least 10 different models. Such bug encouraged the development of a worm that can bypass such NAS devices’ security and accessed the content shared by family through their router.

As an end point for this article here you have several myths about hackers, which responds some of the most common questions. Are they often young people living with their parents? Is it a club just for men? Are they real experts in their industry? And above all, is it chaos and destruction the goal for any hacker?


Post a Comment