Friday, December 5, 2014

Don’t let your lack of digital knowledge make you weaker

Cleobulus, known as one of the Seven Sages of Greece, launched a personal crusade against ignorance. A quote attributed to him says “Ignorance and talkativeness bear the chief sway among men”.

Such ignorance is used to weave the dark and harmful side of technology. As an example, several Chinese popular cellphone clones are sold within a malicious software on their firmware. This software allows to install external packages, monitoring data consumption and even steal the identity of the user. If you have chosen a clone device, watch out! Don’t let ignorance make you weak.

Apps are continuously updating in vicious circle to keep up and solve security problems associated with innovation. The latest version of Firefox, which is the 34th, finally eliminates support for SSL 3.0 protocol, which was taken as a hook for POODLE vulnerability to listen encrypted communications. It also fixes 8 more vulnerabilities, three of them which are critical.

Ignorance sometimes makes us wonder about the true meaning of a certification. If an antivirus firm obtains the VB100 certification (100% virus detection) does not mean it is 100% effective. It is physically impossible to detect 100% of current viruses, as each new day they arise hundreds of thousands of them. But it actually gives us an approximation on the quality of such product, which was able to cope successfully 100% of the viruses used by the certification authority in the tests.

However it is so common to become part of a botnet without realizing. Each botnet is different so it is interesting to analyze their proliferation by techniques such as flow analysis. This is a botnet detection strategy that monitors the technical side of an alleged victim’s communications (IPs, ports, traffic volume, length of sessions...) trying to find nonhuman anomalies as a signal to point out a possible victim.

But ignorance is sometimes associated with human inability to maintain different passwords for each service, which leads a company like Google to rethink digital identification methodologies. Mountain View see biometrics as the future. It is an identity verification system based on inherent characteristics, which can be supported by immediate devices like Google Glass.

Therefore, it is welcome proposals like the one brought by the Rey Juan Carlos University and I4S, which is a company that provides IT risk management, fraud prevention and security services. They sign a cooperation agreement aimed to give scientific dimension to traditional approaches to managing IT Risk, Fraud Prevention and Security, resulting in the I4S-URJC IT RF&S (IT Risk, Fraud & Security) Research Chair.


Post a Comment