Thursday, October 2, 2014

The time we need and we never have

They say about Muhammad, the "seal of the prophets", that he was a thoughtful man and usually spent part of his day practicing meditation. Thanks to it he have his first revelations, which led him unequivocally to the path of social awareness on the word of God. What would have happened to Muhammad in today’s civilization where time flies? "Do not spend time dreaming of the past and the future; Be prepared to live the present moment. "

For example, the moment that leads to a company like Trend Micro and one organization as important as the Interpol to work together for smaller world for cybercrime. The first of them will provide knowledge and technological expertise, and the seconds will supply the resources and experience to succeed in an environment not respectful with boundaries and authority.

This kind of projects links private and public sectors to join forces against a common goal. Therefore the information company 4 Security (I4S) belonging to the BBVA Group has created the University-Industry Chair along with the Rey Juan Carlos University related to the field of Information and Communication Technology security (link broken). This chair aims to train experts in these demanded areas.

Time goes before we can realize it, but some things never change. For instance, the spread of malware campaigns. At ESET they tell us part of its research on the techniques used by attackers to install malware on our devices. It has been working like that for twenty years. A simple email, correctly formatted as an Adobe’s bulletin, is accompanied by a doc file. When opened with MS Office, it will load through this suite’s macros a call to an exe file hung in some dark corner of the internet, which is responsible for infecting the victim.

Have you already updated your Mac to prevent possible attacks that exploit Shellshock vulnerability? If not and you usually use VMWare virtual machines, what are you waiting for? In the file that launchs the machine there are routines loaded directly from bash that can reproduce the vulnerability and compromise the integrity not only of the data on that machine, but the rest of networked systems.

We sometimes lose some of that time due to human error. Joomla, a content management system behind a significant percentage of commonly visited websites, yesterday received an update that solves two critical bugs. On one hand a privilege escalation vulnerability that would allow to remotely upload files to the server, and on the other hand a possible breach that would facilitate denial of service attacks. But something went wrong. This morning all those who had updated found out that they had to do it again, facing the usual problems of these procedures (possible incompatibilities between new extensions, themes and other specific elements of the service).

Sometimes those who work involved in cybersecurity tend to use too many technicalities that a medium / low level computer user does not understand. However cybersecurity is increasingly understandable to anyone. Simply following a few easy guidelines, most of them guided by common sense, you will minimize the risk dramatically.

Among those measures that every user should know, there is certainly one that is etched in fire across the security industry: To not connect to public WIFI networks, and if it is strictly necessary, do it in the most secure way (using VPNs to encrypt communication, access to strictly necessary services). The Europol along with F-Secure recently conducted a field test with a WIFI antenna posing as a well-known access in London. They gathered up to 250 devices connected at the same time, all of them sending emails and messages with no encryption at all, so they all were perfectly legible for researchers.

These tips and news may be useful for you to protect your data and the time invested in them. This is your most valuable asset, so is there any better way to make use of it that sharing this articles with your people.


Post a Comment