Friday, October 28, 2016

Online payments

Cybersecurity: the best of the week

In one of the last scenes of the dramatic comedy Inherent Vice (2014), based on the novel by Thomas Pynchon, in order to restore the true identity of a spy that has been working for “the system”, what they return is not his identity card, it is his credit card. Bank cards changed the way we shop. Nowadays, the online payment systems can be the target of constant cyber attacks. 

Paypal is one of them. This week we found out that the company has repaired a bug in the authentication system. The error allowed the attackers to take control over the accounts. According to Henry Hoggart, from InfoSecurity, the cyber attackers would have just needed the username and password to generate a kind of chaos within the payment system.

Wednesday, October 26, 2016

The innovation paradox

One of the first things we learnt when we were in elementary school was to make a string phone. It was a way to understand the origin of the world of communications and the mechanics of the phone. We just needed two plastic cups with a hole in the base of each one and a rope. In a few minutes you could have a conversation with a classmate who was some meters away.

Technology has developed so fast in the last years that the analog phones look like museum objects. However, techonological development brings other difficulties. In the past few days we have seen how Rowhammer took control of the attacks towards Android mobile phones. Unlike other threats, Rowhammer can exploit a flaw in the hardware.

At first, smartphones shouldn’t worry too much about this type of attacks because they require advance memory components that are not yet present on mobile phones. But this week, researchers have discovered that Android phones can be victim of Rowhammer.

The list includes LG Nexus (4, 5, 5X) LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xioma Mi 4i and Samsung Galaxy (S4, S5, S6). Researchers estimate there could be millions of possible affected devices and announced that they could do a test, through an app they have developed, to check which phones are infected. The app is expected to be on Google Play soon. Not all the phones would be equally vulnerable because, the attack is focused on hardware flaws, so the variation of the chip would be a determining factor.

This week we have heard that the generation 2G of phones can also be hacked, in just seconds. The work, done by the Agency for Science, Techonology and Research (A*STAR) has proved that it’s possible to break the A5/1 stream cipher implemented by 2G by using commodity hardware. This type of threats have been done since 2009, but nowadays they have discovered that it is much easier.

When making the string phone, the threats were that the rope or the plastic cup broke, nowadays digital threats develop almost at the same time as technology itself. In the case of the cyber threats it’s not just an interference in communication, it is more complex. Telephones now, are more complex too. And they are not just for communicating.

Monday, October 24, 2016

The final countdown in cybersecurity

Today, one year ago...

In the spring of 1986, and against the initial will of the members of the Swedish band that had composed the song: the single ‘The Final Countdown’ was released to the world. This song has become a cultural icon in many places around the world, especially Western Europe. The “final countdown” by the group Europe, tells the journey of a space trip in the obligation to leave the Earth, and this serves us as a hook for our particular countdown in our Monday review about the issues that were in the news one year ago. Three, two one… Ignition!

Because like a countdown, one year ago we had a “Three, two, one…”. Three pieces of relevant news were about data leaks, two about cryptography, and one issue about Asterix the Gaul. Let’s go by parts and focus on the first one: the British Internet provider TalkTalk suffered a theft of up to 4 million records of critical customer information. A robbery in which we find everything: from names and telephone numbers to credit cards, and a lot of information non-encrypted, as the company admitted. 

Friday, October 21, 2016

Protection on the network

Cybersecurity: the best of the week

In the last film starring Antonio Banderas, ‘Security’, a bodyguard’s mission is to protect a court witness who has been threatened by a criminal gang which aims to end his life. As in the film ‘The Bodyguard’, where one of the main actors, Kevin Costner, has to protect the other protagonist, Whitney Houston, life and death seem to hang by a very thin thread.

When we talk about cybersecurity, generally speaking, financial and economic issues are at risk (in the case of cyberterrorism, life can also be at risk). Very often, users and companies have to take action, or precaution, as if they were bodyguards. Prevention is essential. This week we have found out that people’s health could also be the victim of cyber attackers. Helpnet Security reports that security will spend triple in medical devices by the year 2021. 

Wednesday, October 19, 2016

Invisible violence

The first film by Quentin Tarantino, ‘Reservoir Dogs’, tells the story about a group of criminals who plan to rob a bank and get the money. Since that first film, Tarantino has shown his predilection for violent scenes, bad words and blood. 

But one of the most striking things about this film is that the viewer never sees the assault. In other words, all the entire first part of the film tells the story of how these thieves prepare the robbery. The second part begins when the assault is over and they are escaping. Something similar could happen with certain malwares that are used to attack banks. Cyberattacks have made invisible the old method of entering a bank with a gun and hear thieves shouting “Hands up!”. Some time ago, the Trojan Dyre caused more than a headache and big economic losses to banks in the United States, England and Australia.

Monday, October 17, 2016

Cybersecurity: an extreme sport

Today, one year ago...

Ok but… Should I worry about it or it doesn’t matter whatever I do? This question is on people’s mind regarding the Internet. As usual, both extremes are dangerous, although cybersecurity is to digital like an extreme sport to health. Like every Monday, we look back over a year ago, to run into the news that then, as today, demanded our awareness. And no paying attention involves taking risks.

For instance, one may think that if the CIA director can be hacked, it doesn’t matter as many barriers as you want to put, they will be useless. “I’m not the CIA director”, you may say. That’s fine, but if you lower your defenses, the overall experience on the network is more insecure, and an unauthorized access to the most powerful person in the world could have started in your own computer, used like a zombie device to launch all kinds of attacks and make all kinds of evil.

Friday, October 14, 2016

More risks for the biggest ones

The best of the week in cybersecurity

With no doubt, one thing that has changed our shopping habits has been Amazon’s arrival. Since it was launched, there have been many detractors. In the book selling business, for instance, there was a whole war against publishers and conventional booksellers. Even now there are small libraries that still feel threatened.

But Amazon has a threat that small booksellers don’t have: cybercriminals. Actually, large companies are more attractive to hackers than the small ones. This week we have heard that Amazon may have suffered a possible cyberattack. Although the company has not confirmed it yet and denies it, according to Softpedia, the company has reset users’ passwords “just in case”. 

Thursday, October 13, 2016

The doors

“The Doors of Perception”, by Aldous Huxley, published in 1956, emphasized the idea that the human brain is a filter of reality that doesn’t allow all the images and impressions that can’t be possible to process. Huxley wanted to test his theory with mescaline while taking notes of his experiences. Years later, Jim Morrison, would borrow the title of his book to name his band: The Doors. In fact, the song ‘Break on through to the other side’ talks about the book and the idea of being able to transfer those doors of perception. 

If we think in computer terms, we could ensure that the cybersecurity world is nothing but doors that open and close constantly. The more doors you open, the more complicated is to control them. And somebody will have to close them in order to avoid possible damages. Or create doors that take their enemies to other places, exactly where they want them to be. The National Security Agency (NSA) knows this and is considering the idea of putting trapdoors (false doors), undetectable and hidden in millions of codebooks. 

Monday, October 10, 2016

Miraculously saved

Today, one year ago...

A fast-paced action plot, set in one single day, and in which only a miracle could save a family from the murder by the revolutionaries. This is the summary of the film ‘No escape’, with Owen Wilson, Lake Bell and Pierce Brosnan, that came to the big screen one year ago now. As in the fiction, in the world of cybersecurity there are many events that can stir up the scene, and stay safe could be a question of miracles.

Friday, October 7, 2016

A matter of age

Cybersecurity: the best of the week 

Generations can be an indicator of many things. They can determine presidential elections or consumer trends. In the 20s, in the United States, young people loved jazz and alcohol (forbidden at that time). They were seen as libertines by the elders. But those young people, forty years later, looked at young hippies and rock and roll lovers with the same distrust during the 60s.

This week we have seen that age can also be a determining factor for the cyber attackers on the network. The older generations of today have proved to be a good target for cyber criminals. According to Kaspersky Lab and B2B International, people older than 55 are an easier prey for cyberattacks. The report says that they don’t tend to protect their mobile phones, although they usually do with their computers. Unlike younger users, they don’t worry so much about security in the privacy settings of their social networks.   

Wednesday, October 5, 2016

Dress Code

How to get dressed to get into to a place? There are certain areas where a dress code is mandatory, places where you can’t get in if you are not dressed as they say. In some pubs in Berlin, for instance, if you don’t wear extravagant clothes, the doorman doesn’t let you in, it doesn’t matter if you had been waiting for one hour or two in the queue. In Barcelona, it’s usually to see a latex-lover festival where all the assistants look like Batman or Catwoman.

DressCode is also the name of a malware for mobile phones that has just been discovered by a group of researchers from Trend Micro. According to Security Week, this malware has infected more than 400 apps that were uploaded on Google Play. Researchers believe, however, that the number could be higher, and they talk about more than 3,000 infected apps, distributed by several well-known Android mobile markets.

Tuesday, October 4, 2016

Internet and the rain: why do you get wet?

When it rains, the only way of not getting wet is to stay home. If you decide to go out, it doesn’t matter if you wear a waterproof because there’s always the possibility of getting wet. In the cyberworld it’s the same: the only way to prevent the hacking storm is to be disconnected and not get outside: no smartphones, not going online… Can you do that? The point here is not to avoid the rain, but to get dry in time and evade waterspouts (DDos), large puddles (ransomware), open clothes (data gaps) or to stay under the rain in the open field (malware).

In our Monday review about what happened one year ago, we find some cyber storms on the same dates in 2015. To begin with, we have two well-known companies called T-Mobile and Patreon. The first one suffered a data breach of 15 million files and the second one, a data breach of an undetermined number of records with names, emails, publications and billing information.