Saturday, February 14, 2015

50 shades of... (in)security

This week has been released all along the world one of the most viral movies last times: '50 shades of Grey'. It's kinda review of classics like 'Cinderella' or 'Pretty Woman', with some explicit sexual content. For film critics, you will find a predictable screenplay, but it's a "yes or yes" decission for millions of moviegoers. So it's... just like computer infection, isn't it?

After all, the vast majority of vulnerabilities or issues on devices are predictable. And they will be much more predictable from now on, if US companies are beginning to share information on risks and security, just as it's settled in the Executive Order that president Obama signed just yesterday. It's been a long-time announced Executive Order, as if it was a film premier and now the courtain has raised.

If you click where you don't have to, or fill forms at 'apparently' legitimate websites, it is so predictable that you will end up being infected. Every user is a severe vector of vulnerability, but it's not the only one. These days there have been a whole battle about disclosure policies from Project Zero team at Google. Disclosures go public 90 days after its confidential information to software vendors, but a giant like Microsoft thinks that this is an arbitrary deadline, because sometimes vendors will need more time, sometimes less time. Google wants to stop controversy: its team will never disclose vulnerabilities on weekends or public holidays, and it will even offer software vendors a brief grace period to finish their patches.

Almost everyone know that main character of 50 shades, Christian Grey, is a billionaire. So if he was at real life, probably he should put part of its attention on financial cyber-risk. In 2014 there were more than 22 millions of attacks with malware against almost 3 millions of users, says Kaspersky's last report. i.e., an average of seven attacks per user, an obsession that dwarfs even more unconfessable fantasies of Grey. Kaspersky's report give some other relevant information: attacks with malware for bitcoin mining have tripled.

Anyway, E. L. James' trilogy now on the big screen is been a success somehow because it's based on mistery, the unknown and the forbidden... A new crypto tool is on the Android market, for delight of both privacy lovers and cyber crooks. Remember that technology is not good or bad, but they are users and uses of it. Called DroidStealth, their developers claim ability to invisibilize data for anyone wanting to crack device.

Computer insecurity is an almost always predictable bad thing, but we must not guard down. Even on the contrary: as soon as it is a real possibility for anyone, to be on alert and to apply common sense with new technologies, will be our best defensive weapon.


Post a Comment