Monday, January 26, 2015

Ups and downs in the digital world, just like in politics

This week began with breaking news in Greece: the political map of "the cradle of Western democracy" has dramatically changed. Political turmoil always generates informative pills full of ups and downs. From this perspective, it is difficult to blur the boundaries between politics and information security. Are you ready... for one more day of vertigo in infosec?

Malaysia Airlines’s website was defaced in the weekend. A typical 404 error warning said "Plane not found" instead of “Page not found.” This fact clearly has to do with the disappearance of one of their flights months ago. A picture of a lizard left clear the authorship of such attack: Lizard Squad again.

Under this socio-political perspective, a in collaborator at Security By Default surprises us with an essential article to understand how global communications work. In this case, the topic chosen is SS7 networks, one of the standards present in almost any communication by cable. It seems to be being targeting by several attacks that could allow to bypass upper layers and perform (massive or targeted) espionage between countries.

Information security has already gone further than the IT department to become a cornerstone of companies in a few years. In fact, Information Security Analyst people is the most growing professional profile in 2015, according to a new study by CareerBuilder. They represent 4.3% compared to 3.0% of app developers and system analysts.

Those good news are followed by a very tragic one. What could it happen if a boy with autism discovered that police says he visited websites with forbidden content? Unfortunately a 17-years boy called Joseph Edwards was not able to understand that the message showed to him on the screen by a ransomware was a fraud, and that was enough to push him to kill himself.

Actually social engineering could be use both for good or bad. For instance, it allowed a person to hunt the thieves who stole his iPad. Absurdly those guys used it to take selfies and recorded themselves even after committing several crimes. All that information was synchronized with the iCloud account of its actual owner, who did not hesitate to post it on Reddit, where a user recognized them and reported them to the authorities.

In the end nothing is black or white. Technology is a tool, not an end itself. Hence some people wonder whether Google’s Project Zero entails more dangers than solutions. Such initiative is aimed to force other companies to solve critical vulnerabilities by publishing 0days and exploits within 90 days after notifying them. What do you think about it?


Post a Comment