Tuesday, June 23, 2015

Don't trust your antivirus too much

Today, we say goodbye to two myths: the antivirus security and the anonymous browsing through proxies. The first one is the most worrying and unexpected,a Pandora's Box opened last week when the company Kaspersky reported an attack against them, possibly by a government. We'll talk about it, as well as the sell in black markets of SCADA systems and an analysis about the most vulnerable points of automobiles against a cyberattack.

The National Security Agency and the British secret services might be attacking the companies which produce the antivirus, as "The Intercept" has unveiled, based on the files stolen by Edward Snowden from the NSA. The intention of the agencies would be, on the one hand, to obtain intelligence from the spying information these companies have and, on the other hand, to make virus which can not be detected by the antivirus. Just in the middle of all this stuff, we find a basque, Joxean Koret, who's internationally famous for having noticed this error: "For one year I researched 17 antivirus engines, finding vulnerabilities in 14."       
The case is not closed and still may be much talked about. Whereas, the Austrian researcher Christian Haschek warns against the proxies supposedly free: he investigated 443 in order to establish that 79% don't have any encryption in their home pages, what means that their owners can see clearly the traffic and stole credentials. Not to mention the proxies which include advertising in the browsing. The solution: to work with serious proxies, with HTTPS enabled.

We continue with a frightening advertisement: in the Internet black markets have been detected selling offers of SCADA systems. These systems control the correct working of critical infrastructures such as electric energy plants, the nuclear ones, traffic control, trains, etc. Specifically, they have detected a system in France which could control an hydroelectric generator, IP addresses and VPN passwords from three more systems, also placed in France, but whose veracity has not been proven yet.

We finish with our daily recommendation about reading. This time, an article which details the well known attack vectors against the most modern automobiles: through the website of the vehicle administration, with the applications for remote services or third party ones, and the most dangerous: the impersonation of the code which is installed in the car. It deserves a look, specially if you're thinking in a new car,

We take advantage of this opportunity to wish our readers a very happy San Juan's fanfare.  


Post a Comment