Monday, October 27, 2014

Pursuing digital peace

Today 28 years ago, on October 27th in 1986, one of the largest religious in history was held in Assisi (Italy). Not only Christians but representatives of nearly all existing religions made a claim for world peace from this small town.

To arrange such a titanic meeting certainly was not something trivial. By that time, the Internet was only a project between a few universities, and most of us still contacted each other by telephone or mail.

Almost three decades later, the way we communicate has advanced so much that even the channel itself is under debate. Issues such as privacy and security of communications are now top concerns of society, although they certainly were not so at that historic meeting. Services such as Tor, which allow you to access a great piece of the so-called deep web, are constantly being targeted by intelligence agencies, since they know that confidential information are sold around there. Researcher Josh Pitts at Leviathan Security Group recently found that one of the Russian nodes sustaining Tor network is also used as a tool to install malware on all devices going in or out through it. So it was adata traffic scanner managed by a criminal group operating for months or years.

The way payments are made has evolved along with communication channels, so it presents new obstacles to overcome. Banks generally cover their customers’ economic losses caused by theft or cloned cards. Nevertheless one thing is to have evidence that a transaction is illegal, and quite another to proof it took place caused by a vulnerability on VISA or MASTERCARD system.

To stay updated about all this, there are numerous media like CIGTR aimed to translate security awareness to everyone. But we are not alone. The EFF published a very comprehensive guide on privacy management, whether you are a user without any knowledge or an expert. There you will find several tutorials divided into chapters on critical issues for a good training in privacy and digital laws.

The people of faith mentioned above had to organize a global meeting without the invaluable help. In less than 10 years, these devices have colonized most of the world, forever transforming the future of consumer electronics. Android’s new version, Android Lollipop, brings very interesting developments regarding security and data privacy. Unfortunately, this will become a headache for advanced users who prefer to have full control of their devices. Rooting an Android Lollipop gadget will not be as easy as before, having only two alternatives: either the manufacturers release versions with superadmin by default, or someone will eventually find a vulnerability that allows to do it, both for good and for evil.

Communication between devices can also turn against us. BadUSB, a baking technique presented at the BlackHat conference this year, is still on the crest of the wave. It could be used to transform an infected USB to an Ethernet card handling Internet traffic (thus, monitoring it), or even to infect seemingly legitimate peripheral to perform combo attacks.

Borders have always been problematic when facing changes. All officials issuing visas to Italy must have faced many uncomfortable situations in 1986. Currently we find problems too when fighting against cybercrime. Hence it is important that all countries work to legislate on the same direction of the legislation expediting analysts research and law enforcement investigations. If we are still interested in world peace, this should be the way.


Post a Comment