Wednesday, October 1, 2014

The incentive of information society

"Incentive, stimulus, claim, appeal, stimulation, bonus, award..." All of them are synonyms for one of the main engines that keeps the gears of our society running. Those gears work together for the common good, or alone facing internal machinery, testing what is it made of. 

Google, a tech giant able to position itself as one of the most valuable companies in less than two decades of history, has such lesson very well learned, so it has increased its incentive program’s rewards for those auditors who find bugs in any of its tools, what allow Google to stay ready for whatever may come in a fast-evolving market and offer more guarantee of success at a much lower price.

Indeed, money moves everything. It is a perfect hook to corrupt the small group of security experts and draw them into the ranks of the crime industry. Attacks on credit card terminals, which are those computers exposed on the street that allow us to check our balance and nourish our whims, represent El Dorado of these gangs. They don’t even need to move from their seat to compromise them. They just scan the Internet for operating systems running identifiable strings and seek exploits on them until they get inside.

Money is attractive, it holds everybody’s attention. Everyday both good and bad boys wage an intense battle around this precious asset. How to reduce bank fraud? How to prevent credit card theft and their use in illegal transactions? At CA Technologies they point to machine learning techniques. A sort of system that learns from our habits and is able to alert and even block the account when the usual pattern does not match the alleged client’s requests.

Changing the subject to the Shellshock, a bug in the Bash command-line interpreter as we told you on previous articles that roughly affects all online systems, there are good and bad news. The good one is that all users running OS X (Mavericks, Mountain Lion and Lion) already have a patch (already complete this time) since yesterday that put an end to the exploit. Users only need to open the Software Update application or download it directly from Apple's servers.

The bad news is that all servers based on OpenVPN technology, used for communication between clients and services or services and services through a virtual private tunnel, are affected by the vulnerability. The system itself allows code execution by bash, which puts at risk the security of a VPN based on this protocol.

Is there better reward for a hacker than knowledge? This is what Alessandro Tanasi must have thought, tired of going crazy looking for documents, papers, podcasts and lectures on computer security. So he decided to create a directory called SecDocs where he expects to gather all this valuable information, what is similar to the BBS (Bulletin Board System) that helped the first generations of hackers to share information and became virtually obsolete with the passage of time and the evolution of the web.

Here you have some incentives to get up every day and claims to fuel our desire to keep learning. There is no better weapon than knowledge. To share it or not is on your hand. Thank you!


Post a Comment