Monday, January 12, 2015

You can't please everybody

Someone always goes badly in our society. Whether it is facing a dispute or dealing with a new project. Someone always ends up upset or giving up on his piece of the cake. Actually it is the daily bread in the information security field.

Last Saturday we told you about Google disclosing a vulnerability on Microsoft systems. It did not take long to come Microsoft’s response to the issue. Chris Betz from the Microsoft Security Response Center has criticized Google for this, and its whole Coordinated Vulnerability Disclosure (CVD) program. He considered it as a strategy to discredit its rival companies in an alleged attempt for keeping users safe. Alternatively, Betz advocates the use of cooperation platforms where companies can share their findings in a discreet way, thus protecting the privacy and security of the customers.

The Common Vulnerability Scoring System (CVSS) is a rating system for vulnerabilities. It points them from 0 to 10, establishing priorities in the fight against cybercrime. Besides it is about to be updated to satisfy market demands since exploits change every year.

Any development is associated with some risks. The art project "The Darknet: From Memes to Onionland" showed what a random bot was able to buy in the deep web. And incidentally, it brought out an intense debate about the potential use of algorithmic randomness for crimes without a perpetrator to blame, which is a loophole that we will soon have to face.

Huge losses and information leaks prompted by cyber attacks have led large companies to allocate higher budgets in security. But you cannot please everybody. At Net-Security they wonder if IT security investment for external risks is leaving in internal risks in a dangerous position. This risks can be easily combated with better training for workers, and above all, collaboration at various levels.

Where there is money, there is fraud. The guys at ElevenPaths keep "fiddling" with their Path 5, supported by Sinfonier technology, which allows them to see how crapware (garbage applications) and Black ASO (positioning on black hat app markets) evolve. These growth hacking strategies position fraudulent apps under pseudonyms in a manic struggle to replicate and avoid continuous user and app bans.

Let’s end this news pill with another Google story. The Mountain View’s company has blocked one Chrome’s forks, based on security and privacy, called Aviator Browser. The discovery of a vulnerability which would allow remote code execution was enough for an intense dispute between a number of employees of each of the two companies.

To avoid being affected by poor security measures or lack of security knowledge, you should keep updated about the latest developments in the security sector. So count on the CIGTR to stay well informed. Have a good start to the week!


Post a Comment