Tuesday, June 30, 2015

"Cybercrime generates more money than the weapons trade"

Daniel Solís, CEO and founder of Blueliv. Speaker in the Space of  Startups in the summer course on Cybersecurity Innovation applied to the protection of digital identities.

Daniel Solís is the visionary behind Blueliv. He's been working for 20 years making safer Information Technology and he's created many tools and award winners security solutions. Solís founded Blueliv with many years of experience in research and development. Before Blueliv, he was the Director of Information Protection and Business Capacity Reaction in KPMG. When not working hard, Daniel enjoys cooking for friends, diving into the Mediterranean and playing with his nephew.

Monday, June 29, 2015

"A man is bullying me on the Internet and nobody does anything"

Chantal, the pseudonym  of a 21 dutch girl, is the latest victim of cyberbullying. Her ex-boyfriend posted a sexually explicit video where she is easily recognized and, then, humiliation began for her. When a judge asked Facebook for the data corroborating the guilt of the ex-boyfriend, the company which saves more data said that they had erased it. We'll talk about it and we'll give good advices to act if you are a victim of online bullying, also mentioning another survey that warns about the lack security in the web discussing the case of a corrupt patch that "bundled brown."

Sunday, June 28, 2015

"Soon, being robbed bank data will be the least of our problems"

Shmulik Regev, Head of Security Innovation, Security Systems Division IBM. Speaker in the summer course Innovation in security applied to the protection of digital identity   

Shmulik Regev leads the Security Innovation Team for IBM Security unit. Shmulik, who joined IBM through the Trusteer acquisition, was the first employee to join Trusteer as Chief Architect, and was instrumental in the vision and development of all Trusteer’s flagship products and its Cloud development and operations (which he established). Prior to founding Trusteer, Shmulik was the Director of R&D at Blue Security. Regev was the founder and CTO of VirtualSelf (acquired by TDNet on 2004). He also worked for Ubique and Scitex as software architect. He holds a M.Sc. in pure mathematics.

Friday, June 26, 2015

Cisco miss a default SSH key ... again!

Cisco warns of a serious security problem on their IronPort devices: someone could get full access to them because they use SSH keys by default. The news, which is already worrying because the high number of these devices, especially when we recall that a year ago, Cisco had the same problem. We will take a closer look to it, as well as to the theft of data from Expedia customers, the judgement  of a cybercriminal  and yet another study on cybersecurity awareness by senior managers.

IronPort is a "gateway" of Cisco used in companies and other entities to control and protection of email  and webs with the objective of greater network security. But this safety is compromised just because Cisco has found that all the IronPorts use the same default SSH password. This means that if an attacker get this key, he could have opened the door to all devices. Cisco offers a patch amid the laughter of the community, as it is already the second time that happens the same with one of its products

Thursday, June 25, 2015

Samsung bumps off Windows Update

It was a mystery of the mysterious: recently, many consumers complaint about Samsung computers, where the "Windows Update" utility was disappearing, leaving your unit free program updates at the mercy of cyber attacks. It was thought to be a virus until a researcher discovered the truth. We will reveal it and also discuss the notice of false invoices of Movistar, the state of the art of cybersecurity in financial institutions and facial recognition, increasing more and more without laws which limit it.

Patrick Barker researcher has found that Samsung disables Windows Update to run their own utility, SWUpdate, which also manages updates but only from their drivers. Samsung's answer to this nonsense which leaves Windows users unprotected has been that Windows Update installs default drivers that work on all computers , "that sometimes work and sometimes not." So,in order to install the appropriate drivers you must disable Windows Update SW Update. Logical.

Wednesday, June 24, 2015

"We've changed the romantic cybercriminal for profit oriented organizations with strong interests"

Enrique Cabello. Director of IT and Statistic Department at URJC. Speaker in the summer course Innovation in security applied to the protection of digital identity

Enrique Cabello works as a teacher at URJC since 1998, coordinator of the FRAV (Face Recognition and Artificial Vision) Research group. He was the Main Researcher in the European project Visor Base (fifth Program UE Frame) and in other projects funded both by the Minister and private funds. Member of the standardization committees ISO SC37 and CEN TC 224 WG18, being as well the editor of "Borders and Law Enforcement Application Profiles for mobile biometric identification systems", we've stolen him a little time to answer a few questions: 

How did you get into this?

When I started in the world of investigation, the facial verification systems were just beginning. It was a very innovative and motivating project. I started working in this field and little by little I expanded the target of the investigation. Starting in facial recognition, patterns recognition, bio inspired systems, another systems to help decisions, etc.

What motivates you moving forward?

In the research group we're really envolved in projects (funded by the European Union or by the government) so maintaining us in ultimate issues is a need. The fact of being accompanied by companies and top investigation centers in Europe creates a very interesting, with fair competition, coworking environment.

Besides investigation, as a teacher I try to make the most of these experiencies, transferring them to the classroom. I think the students could benefit that the teachers are in projects very close to the world of international cooperation they will find when they finish their studies.

The fact of being in a multinational investigation group is an incentive to keep working. Finally, your closer environment helps and supports you to go on. To research alone, locked in the lab, is almost impossible nowadays. It's a collective task. The research group is the environment where you develop the day by day and, in fact, working with the research group is a real privilege.

What matters you most of the current cybersecurity world?

How fast it is growing. We've changed the "cybercriminal", a little bit romantic (like the movie "War Games" for profit oriented organizations with strong interests (economic, political, etc.) It has been a long time I believe this romantic conception of cybercriminal has disappeared. More and more they are specialized networks looking for economical profit.

Do you have any sentence as your day by day motto? 

I don't think so. I love reading and I try to extract something from the books I read (novels, history, outreach, economy,etc.) More than a sentence, I have a complete mosaic of situations which I select in each case, if I consider they can help me.

With movements like the new iPhone and many top Android smartphones it seems that the biometric authentication factors start to success in the mass consumption market. Which advantages and disadvantages they have compared with the authentication factors based on knowledge?

With the increase of the power and availability of the smartphones, they will have a bigger influence in our lives. More and more they're systems which we will use to pay, enter an event, bring our personal data, etc etc etc. Finally, a system like a smartphone or a tablet will substitute our traditional personal computer and it will be the system of communication with another systems.

The disadvantages are that we still have the smartphone as a phone with new features. But nowadays, it's a system that in many cases substitutes the traditional computer.

Among all kind of biometric technologies, you're specialized in the facial and visual recognition. In which field do you think these kind of technologies will fit and which problems do you commonly have to apply these tools in generic devices (smartphones, laprops, etc.)?  

In general terms, mobile devices have big problems to be used in facial biometric. The environment is not controlled: one day a person takes a pic in the street with full sunlight and another one is at home. Besides, an image can be taken from one angle and the other with a totally different perspective. In fact, the mobile devices for facial biometric are a very complex challenge. There are many situations where is possible to decrease this difficulties, for example, when the user wants to be recognized.

For this, the user has to feel some advantage. This is what's happening in the facial verification systems used in airports, people who go through the automatic systems are faster than the ones who do it manually.

Where are we going to in digital authentication?

Right now there's a great interest in what's called: Antispoofing or person attack detection. This means, detecting that biometric data really come from a user.

Por ejemplo y en el caso de verificación facial, descubrir si el sujeto lleva una careta que hace que se parezca a otro sujeto. O que intenta falsificar las huellas dactilares.

For example in the case of the facial verification, to discover if a user carries a mask which makes him look like another one. Or he's trying to falsify the fingerprints.

Another very interesting fact is the one related to privacy from design. That means introducing privacy and data protection from the biometric application design.

Both issues define my next lecture.

Tuesday, June 23, 2015

Don't trust your antivirus too much

Today, we say goodbye to two myths: the antivirus security and the anonymous browsing through proxies. The first one is the most worrying and unexpected,a Pandora's Box opened last week when the company Kaspersky reported an attack against them, possibly by a government. We'll talk about it, as well as the sell in black markets of SCADA systems and an analysis about the most vulnerable points of automobiles against a cyberattack.

The National Security Agency and the British secret services might be attacking the companies which produce the antivirus, as "The Intercept" has unveiled, based on the files stolen by Edward Snowden from the NSA. The intention of the agencies would be, on the one hand, to obtain intelligence from the spying information these companies have and, on the other hand, to make virus which can not be detected by the antivirus. Just in the middle of all this stuff, we find a basque, Joxean Koret, who's internationally famous for having noticed this error: "For one year I researched 17 antivirus engines, finding vulnerabilities in 14."       

Monday, June 22, 2015

"The university is essential in the future of the cybersecurity"

Juan Troncoso-Pastoriza. Researcher from Universidad de Vigo. Speaker in the summer course Innovation in security applied to the protection of digital identity.

Juan Troncoso-Pastoriza achieved in 2005 the prize as the best graduated student from the Ministry of Education and Science. He also reached a prize for the best doctoral thesis from Universidad de Vigo and the  Instituto de Ingenieros de Telecomunicaciones (COIT). During his brilliant career, he's participated in several national and european projects related to the security of the information and the protection of privacy, an area where he has written many articles in international magazines, taking part in lectures as well. Besides, he also owns some international patents. His interests include the safe processing of signals, the privacy protection, multimedia security and the modeling of images.    

"We focus too much on solving problems with patches"

Fermín J. Serna, Information Security Engineer at Google.

What can we say about Zhodiac. He left anonymity in the 90s to get into a group, JJF Hackers Team, that went from others' jokes to make history. He imported to Spain the term "white hacker", an invention of the hackers beginning to set up their own security companies in the US. And he launched the first public security / hacking event in this country, No cON Name, if venerable Securmática gives permission.

Zhodiac jumped to the Premier League thanks to !Hispahack, then continued playing hard when the community was at its lowest moments, and  was there in the revival, with Sexy Pandas and Capture The Flag competitions. Zhodiac life, alias Fermin J. Serna ;) from Madrid, 36, two daughters and another on the way, engineer, technician founder of S21Sec, 4 years at Microsoft, now Google, is a microcosm of the history of the hackers as it was told at the Cybercamp event. And there are people so good that the "under" tag is small for them and, like it or not, light hits them.

Friday, June 19, 2015

Summer course: Innovation in security applied to the protection of digital identity

Summer University URJC Courses 
'Innovation in security applied to the protection of digital identity #CIGTR2015
From 6 to 8 July
In Madrid (Campus of Aranjuez, URJC)

Innovation in security applied to the protection of digital identity is the suggestive title of the summer course, from 6 to 8 July, placed in the Campus de Aranjuez from the University Rey Juan Carlos (URJC). This course is part of the 16th edition of the Summer Courses of the Fundación Universidad Rey Juan Carlos, organized by the Research Center for Technological Risk Management (CIGTR in Spanish) and sponsored by BBVA since 2011.

Thursday, June 18, 2015

One grandma cuts a wire and leaves Armenia offline

Sometimes we forget that, in IT security, it’s also very important the physical component. Here’s a 75 year old woman to remember us that this impressive assembly called Internet can fall like a house of cards with a simple sabotage of its wired structure. Today we also pay attention to a study that breaks the myth of people who gives its personal data in return for free services, an article about the upcoming end of the passwords and an analysis about the cybercriminal group DD4BC. 

A woman from Georgia was robbing copper to sell it when she cut an optical fiber wire. It was so unluckily that Armenia was offline more than five hours, also affecting part of Georgia and Azerbaijan. We don’t know if the poor grandma justified herself against the media with a sentence such as “I shake it up”, but they already called her “the shovel hacker”. This should remind us the importance of the physical security.

Wednesday, June 17, 2015

600 million of mobile phones at risk

Be careful, whoever with a Samsung Galaxy, especially the S6 and S5 models. An attacker might be monitoring your camera and microphone, reading your messages and installing malware. Things aren’t better in the iOS side. We’ll talk about it, as well as a recent study over corporate security related to mobile phones. At last, to avoid speaking only about mobile phones, we’ll finish with an interesting initiative which will provide us free digital certificates.    

The problem, which concerns to no more and no less than 600 million of Samsung cell phones, lies in the default keyboard updates and its languages. Researchers have proven that it’s possible to impersonate the server which sends the update and replace it by malware. The exploit, shown in the BlackHat conference, also works despite we’re not using this keyboard, which can’t be uninstalled by the user.     

Tuesday, June 16, 2015

Be careful with virus containing images

Today is one of these days to be gloomy in terms of IT security. We can’t trust anymore in e-mail or web images because a hidden banking trojan has been discovered. Maybe that’s the way followed by the virus which attacked the personal computer of the German Chancellor Angela Merkel. So here’s the problem: if they can hack a world leader who has all the IT security resources available, what can they do with us?

Dell researchers have discovered a virus, called Stegoloader, which has been spread hidden in .PNG images. Specifically it’s a banking trojan, being a forward line, according to the researchers, of a new form of virus spreading which uses steganography and javascript in order to be not detected. Stegoloader is not an experiment: it’s being already sold in the black market. Be very careful about that!  

Monday, June 15, 2015

Snowden: the hacked hacker

Can a cyber attack be a threat to the lives of British and north American spies? The answer is affirmative, at least if you steal classified files from the secret services. Documents stolen by Edward Snowden from the National Security Agency which now Russia and China have robbed him. What a mess! Today, we’ll also talk about a new attack against chinese dissidents, although they use Tor, we’ll be surprised with another hack against Uber and finally we’ll see an interesting infography about the cybersecurity in Spain.   

The newspaper "The British Sunday Times" has published the beliefs of the British Government, which suppose that Russia and China could have hacked the almost two millions of the classified data which had been stolen from the NSA by Snowden. This fact might have threatened the lives of the secret agents who work in Russia and China, forcing to abort several operations. 

Sunday, June 14, 2015

"I prefer tingling of pentesting to giving a lecture"

Pablo González Pérez, cyber security divulger and co-founder of Flu-Project 

Judging by his initials, Pablo Gonzalez Perez was predestined to be devoted to computer security. His Linkedin's resume is synonym of respect: he has written six books, has given a lot of lectures and classes, is the expert in Metasploit, coordinator of Hack & Beers event in Madrid... and he is only 28 years! P.G.P. Claims to be "a simple person", but his eyes shine like the restless boy he was when at age 4 knew load games on his brother's Amstrad, who "was surprised when he saw that little child turning on computer, tinkering with it and then leaving it in its site and not breaking it. "

Friday, June 12, 2015

You are your best antivirus

Possibly it would be a robot in the future. But now the one in front of a computer is mainly a human being., with its conscious and unconscious mind, its traumas and its virtues, a whole inner world which has a huge influence on infosec. That was the subject of a congress we will talk about. Today we have walked on the teaching side, so we´ll explain how to securize our mail, what can happen if we leave the hard disk opened and how to act when facing a ciberattack.

An interesting workshop has taken place in Washington this week. "Security and human behavior", with selected speakers form infosec sector who have shared talks with psychologists and anthropologists. Together they have debated about the design of  cybersecurity systems from a psychological and perception point of view, about the problems related with living in permanent risk environments and, of course, about the attacks which use social engineering. It´s worth to have a look to the resumes.

Thursday, June 11, 2015

Have you been hacked? Proclaim it from the rooftops

Managing a cyber crisis is a subject taught in growing enterprise environments. But yesterday Kaspersky company gave a live lesson: notify customers, provide comprehensive and clear information on the incident, for all profiles, and turn it into an opportunity to show how well do you know your job. We will  talk about Stuxnet, made by the same attackers, notify about a serious hole in iOS and we´ll announce an interesting security meeting tomorrow in Barcelona.

We have been bombarded with news about a hacking intrusion into one of the major security companies in the world, Kaspersky, using an advanced malware, the second part of another well-known: Duqu-2. It runs in memory, use encryption and compression algorithms to hide and exploits various 0days. Possibly is a work of a government which would have the same bug attack other targets, including Iran. Israel has denied any possible involvement. And in the middle of the mess, the World applauds communication management made by Kaspersky about the attack.

Wednesday, June 10, 2015

MDMA is the most sold drug on Internet black markets

Swedes, Poles and Norwegians are the best customers of the drugs black  market on the Internet acording to the statistics shown on the "Global Drug Survey 2015" which devotes a large section to this new consumer habit. We will discuss these statistics and will talk about what can earn a computer criminal, iCloud photos theft  and its use for blackmailing and how the FBI might be about to hunt down those responsible for the CelebGate. Here we go.

According to the Global Drug Survey, 5.8% of drug users worldwide have purchased in the Dark Net, the most purchased drugs in these markets, mainly MDMA powder (37.2%), followed by LSD (30 , 3%), MDMA pills (26.5%) and Cannabis (17.8% and 14.9% in cannabis resin). Buyers come mainly from Sweden (18%), Poland (13.9%), Norway (11.7%), Denmark (11.6%), UK (12.2%) and Spain would be around 3,3%.

Tuesday, June 9, 2015

Fake copies of Windows10 contain a virus

Windows operating system has been  historically the best business for cybercriminals. When used by millions of people, any attack against Windows has a chance of success. If only 1% of users fall it is still a good deal. They have thought those who are distributing fake copies of Windows 10 with a virus as a gift. Another very insecure environment are the routers offered by ISPs to their customers, we will talk about it, like the recent theft of data to the US government, and we´ll end up with an interesting reflection on APTs.

Windows 10 will not come to market until 29 July, but  there are messages on social networks offering copies already, a scam in which many users are falling. Actually they are fake copies installing viruses and stealing data. Youtube videos, with  Microsoft logo design and explain how to get a copy and install it. To perform the download you have to register from a Google+ account, Facebook or Twitter, whose credentials go straight to the criminal´s sack.

Monday, June 8, 2015

Cyberwar is bursting, and it is no joke

It's scary. Real fear. Because the guru among security gurus, Bruce Schneier, had always been weighted in this regard. But last week, in the event Infosecurity Europe, he launched apocalyptic words to the audience: "We are on the threshold of a global cyberwar". And if Schneier says, absolute credibility. We will talk today about how a selfie led to the bombing of ISIS barracks, about a company which wants to make money mediating between hackers and companies and a beautiful story by the Washington Post: how the Internet became so vulnerable.

Schneier said in London that more and more nations are working for cyberwar "and now we all are in the explosion radius". He particularly highlighted the attacks of Israel and the United States against Iran using the Stuxnet virus in 2010, attacks by Iran against the Saudi oil company Aramco, the role played by China in the recent bombing against GitHub and the assault by North Korea against Sony Pictures. "I'm afraid we are out of hand," he said.

Sunday, June 7, 2015

I coded a virus, but no one got infected

Bernardo Quintero, founder of VirusTotal
Bernardo Quintero is one of the most discreet hackers out there. He created, along with Antonio Ropero, the mythical security bulletin "One-A-Day" due to a bet - someone told them they could not do it, drinking some beers. After that, he created Hispasec.com to host the newsletter and, by popular demand, eventually it became one of the first companies dedicated to cybersecurity in Spain. He created later VirusTotal, a free service that brings together dozens of antivirus engines to analyze suspicious files and URLs. In 2012 Google acquired VirusTotal and a condition of the deal was that the team could continue living in Malaga, where Google set up an office with garden, pool and views of the bay.

Friday, June 5, 2015

What does China seek by stealing millions of US citizen's data?

Today all the media, large and small, are teeming with the same news: the US government reports the data theft of 4 million of its officials and attributes it to China, who has been quick to deny it. We will try to interpret it in its context and we'll also talk about the new documents which showed a shocking reality: the NSA spies on alleged hackers without a warrant. We will stop too in a guy's story who made a program to create ransomware and we will end up with an interesting Fire Eye report on a group dedicated to elite attacks.

It's not the first time the Federal Bureau of Investigation, and other agencies of the US government, accused China of stealing data from their citizens en masse. China also is attributed an intrusion into two large insurance companies, Anthem and First, where personal data of millions of people were robbed. What would China attempt with this? According to "The New York Times", they could be trying to create a huge personal information file for later use in identifying persons of interest.

Thursday, June 4, 2015

Are cyber criminals as clever as it seems?

Most relevant news today allow us to do something quite unusual: a monograph. Specifically, a monograph on cybercriminals intelligence. Are we overestimating them? Could it be that their tactics work because we are playing the fool? We will value it while we read an interview with the manager of a black market bazaar, inquire into the online life of a cybercriminal, analyze the poor 'cybersec' habits at work, and get to know about a 'made in Spain' hack.

When we think on Deep Web's black market we imagine a world controlled by powerful and terribly intelligent mafia organizations worldwide. But, a few days after the sentence to life imprisonment to the creator of the Silk Road bazaar, we find an interview with the administrator of another bazaar, more modest, where you can buy from exploits to drugs. The black market is a murky place where the gangs are fighting one another in DDoS battles, where kids and not so kids try to make a populated village and take off someday with the benefits. Are they ready and serious? Nothing. Rather cunning and thieves.

Wednesday, June 3, 2015

There´re new winds blowing from the West

Inevitably we open the informative pill today with the announcement of the end of the USA Patriot Act, one of the legal axis which gave legal power to massive spying by American intelligence agencies like the NSA. And  we continue with one of the most talked about vulnerabilities of our encryption protocols, with a smart way to secure passwords, and the danger to all owners of an older Mac.

The news of the day, and predictably of the month: The US Senate votes to restrict the collection of massive data by NSA. The USA Patriot Act, a law created specifically after the terrible attacks of September 11, 2001, passes to be out of circulation, and minimizes the scope of agencies such as the NSA, which have to ask permission and defend case by case any attempt to monitor a citizen or group of citizens. It is expected, however, that the USA Freedom Act comes into force shortly. A more conservative law for citizens, which would provide enough power (not so much, it must be said) to this agency.

Tuesday, June 2, 2015

The FBI looses Megaupload and Megavideo because a mistake

They are definitely on the list of most popular domains of Internet history. Megaupload.com and Megavideo.com belonged to entrepreneur Kim Dotcom, whom the FBI arrested three years ago and seized his domains. But federal made a big mistake ... We will talk about it and also about a free VPN service which was not so, another attack devised by two Spaniards to steal money from credit cards and a strange story about the latest fashionable ransomware,Locker.

The FBI forgot to renew the domains which were seized from Kim Dotcom and soon dawned on websites full of "adware", rogue security programs, fraud, or redirecting visitors to porn sites. The good image of these domains among Internet users and their number of visits made them very attractive to fraudsters, according to researchers residing in a Gibraltar company. The FBI has recovered domains and closed access.

Monday, June 1, 2015

Dangers come from where you do not expect

Thanks to the Internet we are more connected than ever. And this is so transcendent that has forever changed the communication model of our specie, and therefore the other facets which affect the future of our existence. Including technological risks have gone from being purely anecdotal to our daily bread, even displacing traditional industries crime as settled as drug dealing or theft.

So, one morning you wake up and you realize that anyone, having or not  technical knowledge, is able to create harmful computer products to earn money. We see it with Tox, a tool which allows to create an average ransomware to infect victimsto quickly, in a free and easy way. The creator of the tool (anonymous, of course), will retain 20% of transactions and the resting 80% will go to the cybercriminal, if the security forces do not catch him before.