Tuesday, November 18, 2014

Four plus two is not always six, or at least it shouldn’t be

If you ask a mathematician how much is four plus two, he will tell you that it equals six. Exactly 6. It belongs to integers with no fractions or decimals. But if you have an engineer in front of you, it gets a bit tricky. He will probably tell you that he is missing some data. Indeed it is not the same four kilograms plus 2 grams than vice versa.

Now, when it comes to information security, fractions, decimals, variables or elements are not insteresting. What it is truly interesting is the value that can be derived from such summation. So if the CIGTR tells you four recent attacks and two recommendations to foster debate, what do you think will be its outcome? Let's see.

The US State Department has been victim of an attack on its mail system. It made headlines because it is the fourth government service to be attacked in recent weeks. The United States Postal System, the National Oceanic and Atmospheric Administration, and the White House suffered similar breaches, pointing to potential Chinese and Russian interests.

Moving from governments to massive servers. The giant behind online game such as World of Warcraft, Diablo or Hearthstone, Blizzard was hit by a Denial of Service (DDoS) attack that affected to its millions of players. This type of attacks has increased by 240% in 2014, despite the significant defenses that the company has lift around its business.

Now, jumping from big servers to outlets. The popular office store Staples recently found out that customer data had been compromised. It is still unknown how it was, but everything points to its communication and control protocol (C2) used at more than 1,800 of its stores.

At this point, let’s swap to Tibet activists. They have been targeted by an APT launched in relation to the G20 summit in Brisbane, Australia. Emails allegedly sent by the Tibetan Council of Australia with an attached text file are spreading across the Internet. Does it sound familiar to you?

Regarding our two recommendations, here is the first of them. Relative to the lack of confidence in home devices, Google and Nest’ thermostats, Dropcam’s wireless camera, or even Amazon’s peculiar Virtual Assistant Echo raise suspicion since they could be exploited by others to enter our homes in the future. If this do not happen finally, you can not forget that all these companies based their potential on the exploitation of user data.

Speaking of privacy, it seems odd that Facebook does not come out. On its Privacy Basics explains how and why the company needs to know all that information and some tips for you to manage our profile information in the most appropriate way.

Four plus two is not six, but much more, a number that hopefully will be high enough to raise awareness of the importance of being well-informed.


Post a Comment