Monday, May 30, 2016

Alberto Hernández: "Our priority must be the protection of children"

Alberto Hernández Moreno. Director de Operaciones de INCIBE

When we asked this interview, we imagined the baggage of Alberto Hernández Moreno, 42, Operation Director of the Spanish Cyber Security National Institute  (INCIBE) was heavy. But, looking closer, it has exceeded all our expectations. Alberto lead all the operative activity of an organization with an annual budget of almost 21 million euros: "The CERTSI, the cyber security services for children, families, professionals, companies, etc., the technological development, the own company systems and all those initiatives we have to support the development of the national industry, the talent promotion and management, the support to national I+D+i and initiatives like CyberCamp".

From Madrid, although he seems from the south because for his wittiness, he live since two years ago in Leon, where he enjoys of the mountain hikes . He seems a quiet man, measure on his words as we'll see in the interview and passionate about his work, as the child you still can see in his eyes if you look the photos. Alberto studied Telecommunication Superior Engineer in the Madrid Technical University. Who could guess that, 24 years after, he would be participating as expert on missions of the American States Organization for cyber security matters, just to put an example.

Friday, May 27, 2016

Most read of the week: on prison for warn of a hole

We thought, at this point, all of us we had understood who warn of a hole in our system deserves, at least, our gratitude or even a gift. But the story hasn't got a happy end for a Slovenian student who discovered failures in the Police communication protocol. He reported them and he was judged and sentenced to prison. Today is something "incredible", as it's sad the informer Pierluigi Paganini, who has been by far our most read recommendation.

The student, 26, called Dejan Ornig, was accused by "attack an information system, falsify documents and audio records" by his investigation about the TETRA protocol, used by the Slovenian police, as well intelligence services, the army and penitentiary administration of this country that, according to Ornig, it was poorly implemented.  To top that, the investigation was part of a scholarly project. The sentence was of 15 months in prison, that he won't start in exchange of not hack on 3 years.

Tuesday, May 24, 2016

Guidelines to understand and counterattack the cybercrime economy

In the last years the cybercrime has passed from the "little mafia" format to become in a real industry, many times with the same structures and problems as in an international corporation. A HP Enterprise research dissect these cybercriminal organizations and invite to companies to use the knowledge of how work these organizations to put problems on their organizational structures, to end the attack risks and contribute to finish with the cybercrime problem. 

"Cybercriminals are highly professional, have robust funding, and are working together to launch concentrated attacks" has ensured Chris Chriastiansesn, Program Vice President, Security Products and Services of IDC. Indeed, the cybercriminal organizations have the same elements and working than a normal company and those are the clearest cases:

Monday, May 23, 2016

A year of interviews

The interview section landed on the blog of the Research Center for Technological Risk Management just over a year. Today we want to have a stop on the way to celebrate this first anniversary and to list all the names you have seen through this year. For months, the interviews were posted on Sunday and a few weeks ago, sincee our content restructuring, they are now available on Mondays.

Throughout these little more than 365 days, we have talked to great experts on computer security, from the first at this section, the great educator Angelucho, to the last one last Monday, the maker of Capture The Flag contests Javier Marcos. There have been media stars as Chema Alonso, great hackers like Rampa, RomanSoft or Leonardo Nve, the organizers of the most important Spanish security conventions as Roman Ramirez, Nico Castellano or Pepe de la Peña and Luis Fernández Delgado, and women who broke our ratings, as lawyer Ruth Sala or the police officer Silvia Barrera, our most read our interview.

Friday, May 20, 2016

The good news against cybercrime exist too

We really search it. Energetically. Sometimes ignoring yellow new what we could gave us more audience. On CIGTR we are compromised with goodness, good energy and bring every day the most positive news we can found on cybersecurity specialized media. But there are mornings our compromise is a mission impossible, because the evils and attacks dominate the cybersecurity present. But we keep trying. Really. And sometimes we achieve it.
The main good new of the week has bee the deactivation of the TeslaCrypt ransomware. For some reason, their authors have abandoned the ship and left, available to investigators, the keys to decode all the files encrypted of darkness and malice. An applause for them.

Wednesday, May 18, 2016

Are you sure your passwords are safe?

Are you sure your passwords are safe? According to a CyLab study, University Carnegie Mellon Security and Privacy Institute, our perceptions about security passwords not always are adjust with reality. Create a good password isn't only fix number, letters and symbols. We have to see another aspects many time we forget. 

"Although many users create predictable passwords, the grade the extent to which users realize these passwords are predictable is not well understood", ensure in its presentation the study, investigating "the relationship between users' perceptions of strength of specific passwords and their actual strength". This is achieve asking to participants qualify the relative security of juxtapose pair, for example ieatkale88 against iloveyou88.

Monday, May 16, 2016

Javier Marcos: "Red Team always wins"

Javier Marcos. Security engineer and CTFs master.

Javier Marcos is a true hacker warrior and a warriors master, struggled in dozens of battles now called Capture The Flag (CTF). Security Engineer at Facebook, he has just released a free platform that facilitates the organization of CTFs, that is what he talks about in this interview, neither the first nor the second one in his career.

Javier, 32 years and alias Javuto, is a kid of mountains and a village, Vegacervera. Even when at 4 years his family moved to Leon, mountain 'bravura' is still intact in him. Once achieved the title of computer engineer he reached the conclusion to go on "by land, sea or air", so he emigrated first to Portugal, then Ireland and then California, although his Twitter assures he lives in the land of the Brave.

Friday, May 13, 2016

Some things never change on cybersecurity

Program failures, malware and data thefts occupy, week after week, the main cybersecurity news. This week isn't an exception, proving although the complexity of the hardware and software security and how we implement them increase, the struggle is still focused on the malicious code, closing holes and seeing how the bad guys steal all they can, being passwords or financial information. And we think we are moving forward very fast, but sometimes it's only a quantum illusion.

This week our  Microsoft Security Intelligence Report sum has got a great success among our readers. Between another interesting information, it explains Asia is more and more on the cybernetic world, with its benefits and evils, being among these last ones that Asia is the main victim and root of malware cyberattacks. And by far: 49% of all the attacks came from Asia according to Microsoft.

Wednesday, May 11, 2016

Asia is a malware drain according to Microsoft

The last  Microsoft's Security Intelligence Report , referring to 2015 has been just published. The main change of this report has intelligence data from the Microsoft's cloud servers, like the Azure Active Directory or the Office 365 corporate version. Thanks to this data the report can say the 49% of cyberattacks came from Asia, being also this continent the one with more malware on their computers than rest of the world.

The origin of the attacks, according to the Microsoft Security Intelligence Report,
is distributed in the following way: 49% Asia, 20% Latin America, 14% Europe, 13% North America and 4% Africa. Moreover, the most attacked countries by malware are Pakistan, Indonesia, Palestinian territories, Bangladesh and Nepal. The least attacked are Japan, Finland, Norway and Sweden.

Monday, May 9, 2016

María José Montes: "I would add a subject, TICs security"

María José Montes. Security Consultant and Securízame´s Training Manager.

I discovered María José Montes, as many others, when I was writing for "Hackers & Developers Magazine" a short but intense life magazine", an idea from the Argentinian Hacker Eugenia Bahit in which the writers were mostly women, something very unusual in this professional area. I kept watching her to see this woman from Cordoba, app development Technician, was as active as loved in the most leading Andalusian communities, as the Hack&Beers collective, the ConectaCon  and Qurtuba conventions or the National Ethical Hacking Professionals Association, in which she is a founder member. 

I saw she did not only take my interest but also the interest of cracks far away from her land, as the Flu-Project, the HigSec project, in which she is a member, and the interest of the Securízame company, which hired her last year and she is still working there. Knowing that María José is mother of two child, 8 and 4 years old, was the final straw of my curiosity: How can somebody who is in minority, not only for being a woman, but a mother too, to stand out on the absorber world of infosec and, having time to speak at congresses and solidarity events.

Sunday, May 8, 2016

The banks robbers assault the network

It isn't the first time we compare the cybersecurity on Internet with the Wild West. An old West which was full of bank robbers and today they are still existing. There's no week we don't discover at least an attack against the financial system. The banking trojans have been along much time the kings of the place, but today the white-collar cybercriminals leave the clients and they focus on breaking the cybernetic walls of the bank. 

The most important news of this week: on one hand, the last reactions to the Bangladesh Central Bank assault, a "fine work" which has compromised the SWIFT system. On the other hand, the confirmation of an intrusion on the Qatar National Bank and the data robbery going back to no more and no less than July 2015.

Wednesday, May 4, 2016

The cyber insurance services launches on Spain

The cyber-insurance sector is currently expanding worldwide and also on Spain, according a recent study calle "Cyber-insurance, the Spain cyberisk transference", made by the THIBER's Think Tank. According to INCIBE numbers, on Spain the product business volume is 500 million euros per year, with an 12% increase each year. By the moment it had been focused to big companies, but now  it started to be focused on SMEs.

The cyber-insurance market is adapting its offer to the particular realities and needs of small and medium-sized enterprises, ensures the study "Cyber-insurances, the Spain cyberisk transference". The sector's distinctive characteristics, which should be noticed by the insurer, would be: "a limited experience in the management of these risks, a growing exposure to cyberattacks and the need of following a regulatory framework increasingly strict in data protection matters".

Monday, May 2, 2016

Luis Fernández: "The Spanish SMEs are drifting on cybersecurity"

Luis Fernández Delgado. SIC Magazine Director and Securmática Congress co-organizer

The Securmática 27th edition has just closed, gathering the most important of the Spanish cybersecurity
as always. Administration, big companies and good professionals assist, because all of them know being in SIC and Securmática is good for their business image. Today as yesterday, our curiosity asks itself: how two musicians dressed as journalists have achieved that?