Wednesday, November 5, 2014

The success of computer security and the music industry

A cold day in January 1956, Elvis stepped into the recording studio convinced of giving birth to his new single "Hearbreak Hotel". RCA Victor, the recording company which was working with the singer, had not given its approval, but producer Steve Sholes decided to "trust" Elvis and record it anyway. "Heartbreak Hotel" was number 1 in several top song lists at the moment. 50 years later, thanks to its remastered version, re-monopolize the charts and entered in the exclusive Grammy’s Hall of Fame.

In the computer security world there are other "greatest hits" that never go out of style. Emil Kvarnhammar is the computing artist who challenged Apple with Rootpipe, a new vulnerability that allows to escalate privileges to administrator one. After talking with the company, he published a video where you can see how he launches the exploit, but he will wait for Cupertino to patch it until early next year, before explaining how to take advantage of it.

Banks are still number 1 on cybercrime’s target list. When a single song is not enough, it is best to call several artists to make a special collaboration. The Financial Services Information Sharing Analysis Center (FS-ISAC) and the Depository Trust & Clearing Corporation (DTCC), along with a group of 16 banks, seem to be doing something similar with the creation of Soltra Edge, a real time communication system that allow banks to minimize risk reporting possible breaches as soon as possible.

Facebook users’ data requests by US intelligence agencies and law enforcement increased by 24% over the same quarter last year. This figure may sound as a wilted summer blockbuster. USA, India, France, Germany and UK were the countries which made more requests, with 80.5% of decisions in favor of the plaintiff, and in favor of the fight against terrorism, robbery or kidnapping.

Not always is necessary to ask permission though. 43 health monitoring apps, 26% free and 40% paid ones, do not have any privacy policy. This is what a research published by the Federal Trade Commission on the misuses of fitness and health apps shows. An endless playlist for any criminal who could collect personal information to establish patterns which can be useful to perform social engineering, phishing or even theft, rape or extortion.

To avoid this, there is nothing better than relying on experts, who in the end are those who know about music. In this sense, it does sound good that Google releases Nogotofail, its SSL/TLS vulnerabilities testing tool  for websites and applications. It does under open source license, which is even better. Now there's no excuse to not reach top 1 on charts, although you use third party’s projects which may or may not interfere with data traffic security.

In the end, in both music industry and computer security one, everything is based on following the right steps and have active common sense. Elvis reached the top thanks to his talent. The user will always live in fear if he does not go one step ahead cybercriminals, enjoying the ride. Bad guys can have the resources needed to carry out their misdeeds, but remember that they will always have less information than you. The more obstacles you put on their way, the harder it will be for them.


Post a Comment