Sunday, October 12, 2014

Top 5 infosec links of the week (XLVII)

Let's draw an unwritten law of Murphy for security issues, and let's summarized as it follows: if something can be broken, there will always be someone who will end up breaking it; but if not, surely, too. Once upon an innocent time maybe there was some pirate epic in breaking codes and systems; in any case, today we've got very little from that epic because almost all is business.

The five top issues this week have to do precisely with more or less dark intentions characters, that have managed to break something because he could break it. Because that "something" was waiting for someone smart enough, or sufficiently well paid, to penetrate where he is not expected. It is the case of the sinister character able to develop a third party app for Snapchat, convince people enough for using it, steal all the ephemeral data shared by the network, and drop them to 4Chan in huge amounts of compromising information.

It is also the case for those who are taking advantage of the latest vulnerabilities, as Shellshock, to commit all kinds of felonies. Although in some cases the fear of vulnerability is greater than the breach itself, as happened days ago to Yahoo!, when its spokespersons had to backtrack and refine their "we have suffered an attack via Shellshock" into another "it was a minor bug". Sometimes, evil guys have to do nothing to get things done, but just sitting around and waiting for others to do it. A recent study settled that the organizations themselves are behind 9 out of 10 leaks of private information. A tasty dish for those who appropriate what is not theirs.

Among the things that can be broken, part of them are really scary, even some of them give a terrible fear, as ATMs security. We go there almost daily to supply us with money for day to day, so we are also exposed daily to great risks that anyone may manufacture, according to an expert in cybercrime. And since most things can be broken, two Spanish researchers have anticipated the move and have released that new "smart" electric meters for household consumption are easily hackable. Watch out, this week at the Black Hat Europe, they will give a full talk about it.

Do you know any other security Murphy law? Propose it, here or via social networks, where as always we invite you to follow us. Have a nice Sunday.


Post a Comment