Friday, December 30, 2016

Did you are achieve your goals for 2016?

The best of the week in Cyber Security

Something that we repeat every year is that typical phrase: "This year I'm going to the gym" or "This year I'm going to learn a new language". December 31 is already here and you are asking yourself if you are already an expert in yoga or a expert on the theory of Marcel Mouse about the condition of returning gifts, a topic during these dates. You look back sadly and admitting: "At the end I didn't fulfilled the purposes for this 2016".

A year ago we wanted to take cybersecurity more seriously, and reviewing the most important news of the week, we can see that the results have been quite different from what we expected.


Wednesday, December 28, 2016

Better safe than sorry

The report of the week

Stuck in the last stages of the year, the cold has arrived and so the regrets, colds and flu to the cities.
For that reason, before our health turned weaker we will always need to have a good coat, hat, gloves... and of course, a good acetaminophen just in case. And if something teaches us medical advances is that, it's better to prepare for the worse than suffering and get sick.

However, the US medical industry could take their own advice, talking about cybersecurity, since a recent study by Trap X Labs reveals that in 2016 US health institutions have suffered 93 major attacks, 63% more than last year.


Friday, December 23, 2016

It's cinema time!

The best of the week in Cyber Security

Finally, you get to see that film you have been waiting for the whole year, but with the rush you have not been able to buy food to eat during the two hours that you have ahead. You look to your right and see how a stranger offers you his popcorn, smiling in a suspicious way. Your stomach growls, you are so hungry… Would you accept it?


When you’ve lost count of how many delicious and salty popcorn you’ve swallowed already, you look at the package. It says: ‘Popcorn Time’. Oh no! You have just received a ransomware what will take control of your computer and sooner all your files will be encrypted. Nobody in real life is going to give you some popcorn for free. It’s the same in the digital world!


Thursday, December 22, 2016

A Christmas cyber-carol

The report of the week

Once upon a time, there was a grumpy and greedy old man who hated Christmas. He didn’t like cyber security either and when his neighbours, with their best intention, told him to be careful with ransomware, phishing and malware at this time of the year, he put on his coat angrily, took his stick and went away grumbling: “Cyber-humbug!”. That gentleman’s name was Ebenezer Scrooge. 


On Christmas Eve, three ghosts visited him in his bedroom: the Ghost of Christmas Past, the Ghost of Christmas Present and the Ghost of Christmas Yet to Come. Each one carried a specific mission, but the three of them shared a common purpose: to open his eyes and make him discover the dangers and all the things he could lose because of his stubbornness.


Tuesday, December 20, 2016

Between past and future

Today, one year ago...

'Back to the future' (1985) is a science fiction film written and directed by Robert Zemeckis and produced by Steven Spielberg. It is about a teenager who is sent back in time to the period when his parents met. After altering the events in 1955 and finding out that if they don’t marry, he will disappear, the young Marty McFly will try to reunite them again to assure his own existence. 

Every time we take a tour through the news from last year, we feel like jumping into the DeLorean, Doc’s time machine, which has the shape of a car. Thus, driving/flying at the speed of 88 miles/hour , we could time travel to warn people about all the security breaches that are about to come, the back doors that someone placed in Juniper firewalls or the discovery of a vulnerability on Instagram that was never rewarded.


Friday, December 16, 2016

Secrets you shouldn't share

The best of the week in Cyber Security

“I’m going to tell you a secret, but don’t tell anyone…”, that’s you starting a conversation with your best friend. That’s a mistake! The first thing that person is going to do is run to tell another. And that person to another and that one to another and another… We are not questioning the strength of your friendship, but seriously, if you don’t want something to be known, don’t tell, don’t write it down…

...And do not send it by private message on Facebook Messenger either. “But it’s protected by point-to-point encryption, like Whatsapp!”, you reply, very sure of yourself. What if we tell you that a researcher has found a bug that allows an attacker to access Facebook Messenger and get your photos, files and ‘private’ chats? This week Redes Zone informed about it on their website. They explain how the hacker exploits this vulnerability: by convincing he victim to click on a malicious link. 


Wednesday, December 14, 2016

Be careful with your phone

The report of the week

Imagine this situation: you are going to work by public transport, you check your pocket to get your new smartphone and… Surprise! It’s not there. Then you look for it everywhere, desperately: in your other pocket, your bag, the floor… And you stare at people, trying to find some complicity, someone that could say: “I’ve seen the thief, it’s the one over there”. But nobody looks back at you. Then you realise you are not going to see your mobile again.

Nervous, you start thinking… You have lost all your pictures, you left your social networks open, the bank application had your password on it, your personal and work emails with confidential information were there…

By the way, one question: Was your phone locked with a security PIN? If the answer is “Yes, it was”, the disappointment is less. You report the theft, make a card duplication and then the previous one becomes unusable. But this fact that seems so obvious, it’s not that obvious for 1 in 5 people, who leave their smartphones without that protection, especially if we are referring to work phones.


Monday, December 12, 2016

"Soul of a jug"

Today, one year ago...

If you call someone “alma de cántaro” in Spanish, you mean something like “soul of a jug”, pinhead, like he is a fool and people make fun of him easily. The stories that happened a year ago are starred by people who were too innocent. It’s good to remember them and not repeat what they did. Otherwise, you will have to learn the lesson in a hard way.


The first testimony is about a white hat hacker who had been to The Phone House at a Media Markt in the Netherlands to buy a new smartphone and discovered some naive souls along the way. First, the hacker was surprised to see a piece of paper pasted on the computer screen, visible to all visitors, with the password on it: “media321”. Ok, we can accept that your password is obvious and easily hackable, but please, please, please, do not write it down on a post-it on the monitor, in front of everybody!


Friday, December 9, 2016

Damned pictures

The best of the week in Cyber Security

Some aboriginal tribes of America and Australia refused to be photographed by explorers because they thought those strange devices -cameras- could steal someone's soul. Even today, there are towns all over the world that keep this belief and don’t allow even a single photo to be taken. Perhaps, seeing their own faces reflected on a piece of paper is like an act of witchcraft for them; something inexplicable than can only be the work of black magic. Like when you hear about steganography for the first time.

Steganography is the study of techniques that hide messages within others. It comes from two Greek words: steganos (hidden) and graphs (writing). The idea is to establish a covert channel of communication in a way that is unnoticed for third parties. This science is not new, it was born a long time ago. But with the development of computer science, many cybercriminals like using it to hide messages or malicious files.


Wednesday, December 7, 2016

I've been hacked, and you?

The report of the week

I’m 40 years old, I’m a virgin and I’ve never been hacked…”. What? Haven't you ever been hacked? Are you sure? Well… You must be one of the privileged few people who have not suffered hacking and lost their passwords and emails… yet. In a few years time, instead of the question: “Do you study or work?” when flirting in a pub people will start saying: “I have been hacked, and you?”. If you don’t believe it, give time to time.

Last Monday we were talking about the security breach at Shiseido, the Japanese cosmetics company, with 420,000 customers affected, today, it’s the turn of one of the largest online video platforms on the Internet: Dailymotion, with 85 million accounts leaked. Nobody is safe here! Linkedin, Dropbox, Yahoo, Tumblr, Opera, Weebly, AdultFriendFinder are just a few companies that have realised their systems were not as secure as they thought.


Monday, December 5, 2016

The lurking worm

Hoy, hace un año...

One of the most unpleasant creatures that Mulder and Scully had to face was an alien worm that had been frozen in the Artic ice for thousand of years. Apparently harmless, the tiny organism had been able to cause the death of the first expedition. The parasite provoked hatred and paranoia in the hosts, making them want to kill each other. The two FBI agents had to solve the case before the bug infected them as well. Undoubtedly, this episode is one of the most mythical ones in the series The X-Files. Moreover, this is a tribute to the film The Thing (1982), by John Carpenter.

365 days ago we were talking about a worm’s birthday: Conficker. It has been active for eight years now and it still installed on thousands of computers, without the owners suspecting a thing. The peculiarity of this virus is that it can adapt to the environment, camouflage and evolve, transforming itself into new variants. Designed to attack Microsoft Windows systems, it has spread in 190 countries and has infected more than 11 million devices.


Friday, December 2, 2016

"Shut up and dance"

The best of the week in Cybersecurity

A timid boy who works at a fast food restaurant. A family man who is going through the 50s crisis. At first glance, they seem to have nothing in common. However, if we look closer, we can see their faces of concern. They are hiding something. Something bad of what they are ashamed of. And there is someone on the other side of their computers who knows exactly what it is and is planning to make them pay for it.


How far would you be willing to keep something disgraceful of yours as a secret? This is the premise of the third episode in the last season of Black Mirror, a Netflix series that presents a shocking future related to technology. With no intention of making a spoiler, we will just say that the episode is about different cases of “sextortion”. The word refers to a type of sexual blackmail in which sexual images or videos are used to extort money from others.