Wednesday, May 20, 2015

How a stupid fail can endanger million people

Today We have known the existence of two important failures in security  happened in the nineties. The first one is related with NetUSB tecnology, present in millions of routers, printers and Internet devices. The other one is used to“man in the middle” attacks on  private social networks. We also talk about how long it takes to companies to detect an attack and a bad joke in a garage in Manchester.


It is curious  how a ridiculous failure in a small company of Taiwan can jeopardise millions of routers and other  electronic equipment all around the world. NetUSB makes possible to change the name of your device so  when you connect with your equipment and the name is bigger than 64 characters it fries the client device. A common failure in the 1990s which has been resolved.



Other failure from the nineties is Logiam which affected the digital certificates  of websites which  suffered “man in the middle” attacks. It had just been discovered and is related with  TURBULENCE proyect of the NSA, Snowden documents show this kind of attacks in connections  on Virtual Private Network, now thanks to Logiam you know how it works.

Other information which makes your hair stand on end: According to a study by Ponemon Institute, a store takes, on the average, 197 days to detect a computer attack, for example the theft of it´s clients credit card numbers. 197 days is  half a year! Others get better times, but nothing extraordinary, for example, some banks have better averages like 98 days to detect the attack. Three  months!

We want to end with an incident occurred last Sunday in Manchester: Someone remotely blocked all the locks of cars and motorcycles in a garage forcing them to stay opened. It was possible to close them manually, but in many cases still open after a while. Some owners slept with their cars and motorcycles.

News not to sleep, yes we have more in our Twitter account every day: https://twitter.com/cigtr. Today, for example, it should be pointed out the existence of Putty trojan version or the new wave of attacks by Cryptolocker.


0 comments:

Post a Comment