Tuesday, October 21, 2014

Remedies for digital evils

Sir Francis Bacon, to whom we owe the principles of the scientific method (among other things), was a renowned philosopher and politician in his era, and left many lessons to be considered by future generations. Among all of them, we echo one that it is so natural that it could have been written even this morning: "He that will not apply new remedies must expect new evils; for time is the greatest innovator."

Remedies are the order of the day. But they do not always work in favor. The Chinese government decided to redirect all traffic heading iCloud or Microsoft’s services through their network to a fake website in order to perform a man-in-the-middle attack. This way it can obtain users’ access credentials without their consent.

On the other hand, there are also some remedies as valuable as Sweetie, a virtual child created by Terre des Hommes charity, which helped hunting about 1,000 pedophiles worldwide. It can record chats, video camera images and instant messages that can be eventually used as evidence in court.

Among all technology areas, security requires loads of remedies. So much so, the security guide for iOS devices presented recently by Apple has been updated this week to include all information regarding Apple Pay and changes in Touch ID. It contains 48 pages for any iOS auditor and pentester who wants to stay well-informed.

Meanwhile at ESET they could analyze in detail how FinFisher works thanks to a WikiLeaks leak. FinFisher is a German spying malware for governments running until 2013. The funny thing is that its methodology is not as advanced as believed. It infects devices via both USB or compromised websites, and uses one or two drumpers to install the virus. It creates temporary folders and replicates itself obfuscated under any video, document or image format.

Remedies do not always work as expected. Like many other discoveries, they are due to chance. Like Google which gradually changes its algorithm to penalize piracy sites (although in some cases legitimate portals are affected). Or the arrival of ‘hacker’ to the Royal Spanish Language Academy, which was considered as an achievement by the security industry. Nevertheless it has been associated only with negative values, alluding to this term’s degeneration and not its original definition: Anyone interested in going beyond a branch of knowledge, whether computer or any other knowledge.

Fight against evil requires perseverance, freedom and proper access to information. Those are remedies that every hacker must have into his backpack, despite what the RAE or the Chinese government have in mind.


Post a Comment