Friday, November 11, 2016

The change of millennium

The best of the week in cybersecurity

If something describes the change of millennium is technology. And if there is something in common between all those who were born in the last two decades of the last century is their relation with technological advances. Some people call them ‘millenials’ and there are a lot of articles and reports about them. In some ways, social networks, such as Facebook, Twitter and instant messaging apps  like Whatsapp or Telegram, determine their interactuation with the world.

David Zuckerberg is one of them. He knows that an account in a social network can be everything. This week we have found out that Facebook has bought passwords in the black market to keep their users’ accounts safe. The security chief of the company said that account safety is about more than just building secure software. Apparently, when passwords are stolen en masse and traded on the black market, it becomes apparent just how many of them are the same: “123456”. Using these type of easy-to-remember passwords makes them more vulnerable to being compromised. And this is something Facebook is keen to prevent.
Something very different seems to be happening with some Signal Messaging companies. A recent audit by a group of experts from the International Association for Cryptologic Research checked and proved that Signal is a secure application. Whatsapp and Google Allo, also Facebook Messenger and Cryptocat, all of them use an encryption algorithm that would maintain security among the connections, and the information between sender and receiver would travel without anyone interfering. This would solve the risk of attackers compromising communications.  

The company responsible for supplying this security services is called Open Whisper Systems, and although the audit didn’t find weaknesses in the protocol code, the auditors did find some elements that were not entirely secure. Among them, poorly documented code, opaque servers, private code and private APIs, problems that could cause other types of vulnerabilities.

This week we have also found out that Google announced harsher measures against the website operators that abuse its Safe Browsing system to distribute malware. Google will start blocking these sites that have fake download ads. Safe Browsing will ban repeated offenders for 30 days, and started on the 9th November. 

In short, companies that have settled in this new millennium seem to be concerned about their users’ safety. At least that’s the image they are projecting. Although it will never be enough if users don’t do their part.

Original image: Freeimages


Post a Comment