Wednesday, July 1, 2015

Why do you want encryption if you don´t know how to apply it?

The American expert on encryption, Jonathan Oseas, holder of several patents and author of  several books, used to say that there are plenty of ways to implement encryption, the majority wrong. Another guru, Adi Shamir, often reminds his audience that nobody attacks the encryption algorithms: they go around. Today we recommend an interesting report about how bad the encryption is implemented, we will also talk about Windows 10, a new trojan spy named Dino and the entry into force of the reform in Penal Code in Spain.

The complexity of cryptographic libraries, coupled with the lack of experience on the part of developers, who are being trained by universities about the algorithms, but not about how to implement them, have led to this situation: security holes related to poor encryption implementation are the second most common vulnerability in programs. To make things worse, some developers decide to create their own algorithms, which is usually intended for pure failure.

Windows 10 and its disturbing Wi-Fi Sense

Others who seem to be doing weird experiments are the creators of Windows 10. We know today that one of its new products, Wi-Fi Sense, shares our Wi-Fi passwords with our contacts from Outlook, Skype and even, if you authorize it, Facebook. Microsoft's intention is good: let two friends to share Wi-Fi but, as in the case of cryptography, implementation can lead to serious security risks.

Dino,  the most animal cyber espionage

We change of pace to turn our attention to the French secret services, specifically the Animal Farm group, author of several Trojans designed to spy on governments: Casper, Bunny, and now we discover Babar Dino aimed at Iran. ESET dissects and praises it, technically speaking. Animal Farm is definitely a group of experienced programmers. Remember that not a long time ago France complained because U.S.A had cyber spied them!

To prison for sharing a virus

We finish  highlighting the discomfort which today fills the Spanish social networks, caused by the adoption of the "Gag Law" which censorships political protests. Along with this law, today also takes effect a Penal Code reform which criminalizes cybersecurity professionals, by prohibiting sharing or storing samples of malicious code, publishing details of a vulnerability or creating a Metasploit module... and  violators will be imprisoned. We thank the community of the list RootedCON for this information.

Hopefully the blood will not reach the river. Spend a happy Wednesday dear readers.


Post a Comment