The thin line

collaboration post made with the great Edy Gtz

Imagine you’re a super awesome hacker who can access any network, bank account, database and security system in the world. You have so much power in your hands and you can do anything you want with it. What would you doLets just say you’re the Robin Hood kind of guy, you take from the rich and powerful and give to the poor and weak. You take money from the bank account of celebrities and big companies and give it to poor countries or communities that have nothing to eat. You also disclose all of the secret information of all the governments to the public because transparency and freedom of information, right?

You are the savior of the people, the vox populi, the hero, the nightmare of evil… or so you thought, but the money you gave to the poor was not used for food but on drugs and the information you disclosed was used by terrorist organizations to make a more organized attack or you just started World War III. You’re not looking so good now aren’t cha? Or maybe you’re just the Tyler Durden kind of guy and you go straight to WW3 without the poor people part, are your action good, bad, maybe both just to be safe?

Ok, maybe we went a little bit too far with this example so let’s just put a real life one because we know you love them. You’re the chief of IT security within an organization and your job is that unwanted people don’t get in and confidential information doesn’t go out and you can do anything to achieve this (within the legal boundaries). The easiest way to keep information from going out is to spy on worker’s emails and key logs. Would you do it knowing that there are other ways to achieve the same that may take some extra work? The decision is entirely up to you and workers know their mails may be spied on, but does consent mean your action are good? When does the line between privacy and security meet?

Another example will be the case of Edward Snowden disclosing NSA’s classified information. He is portrayed by some as hero and by others as a traitor. He gave this information to some American journalist because he thought that the people should know they were being spied on, heavily compromising the security of the people he wanted to inform, oh the irony… Were his actions good or bad? I can hear kantians and utilitarians fighting in the distance.

This blog post brings a lot of question, not much answers, but many real and hypothetical examples. The nature of this is that we are dealing with ethics. The purpose of ethics (or at least how we see it) is to find that each individual can answer these questions by themselves.

Every day security managers need to deal with difficult decisions that involve may strong ethical conflicts. This has created the need on companies to instruct people with this job positions with a courses and numerous exams on ethics. The need to to promote practices that will ensure the confidentiality, integrity, and availability of organizational information resources.

Some recommended practices found in many companies and organisations are these:

• Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles;
• Promote generally accepted information security current best practices and standards;
• Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;
• Discharge professional responsibilities with diligence and honesty;
• Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of or is detrimental to employers, the information security profession, or the Association; and
• Not intentionally injure or impugn the professional reputation or practice of colleagues, clients, or employers.

It’s a tough job and no matter how well prepare you are for this profession, there’ll always be situations that requieres difficult decision making. At the end the best thing to do is maintain a set of high values and ethics to get the better possible solution .

Malware… Malware everywhere!

Do you recall about those bad guys I talked about before. Well I am sorry to say, this guys are really creative, and the way we can be attacked varies in formats, sources and damage.

 

Malware are the tools they use to infect our devices and steal information, destroy data or damage our hardware and software. but what does Malware means? Malware is an abbreviation from Malicious Software… and as it sounds this is no bueno. Worst of all, is not as if we could be protecting from a single kind of malware. There are tons of them and they vary on its objectives and the way they are spread among devices.

Some of the most infamous malware we can found are the ones bellow:

Virus

Same as a real biologic virus this malware spread among unprotected computers. Its objective  is to damage the health of our devices. modus operandi: create files, erase files, consume computer resources till it achieves damage. Worst of all, virus can duplicate and travel to other devices. Most common virus  spread is found through USB data sharing, and infected e-mail attachments.

Worm

Same as real not technologic world, worms found their way through difficult places. making its way through memory same way a regular worm would do through soil. This malware does not damages or create files as a virus does, however; they can multiply themselves so much they can end up requiring all of your existing computer memory. Leaving you with a useless and slow computer. Super ability: this guys are almost invisible, so its hard for antivirus to detect them..

Trojan horses

If you know the story or have seen the movie Troy,  pretty much it is what you might be thinking. Trojan horses are master of disguise, they masquerade as regular programas, such as anything you could find in your computer. But on the inside its only pure evilness code. Since they disguise as normal programs they are able to acquire enough permissions to damage your devices. Luckily this guys don’t replicate and the only way they can achieve damage is through permission.

spyware

last but not least we have spyware. as the name suggest this malware is about spying our computer. this malware can capture confidential and delicate information such as web browsing, passwords, messages, and other delicate information that we are so used to irresponsible type on our devices. Of course this data will be latter been transmitted to others over internet.  Since this malware doesn’t affect s performance, nor files, sometimes is hard to detect them.

besides these examples, there are tons of other malware that can be found. hopefully there are ways we can protect ourselves. First of all by knowledge so we can behave a more responsibly use while browsing through internet. Also very important by using antivirus software. just make sure you are using official distributions, otherwise its pretty likely that sooner or later you would be dealing with an instant karma supply of malware.

 

Mr. Niceguy

A collaboration post i made with awesome guys

Turn your thoughts into code

Hackers, those evil dudes that steal all the money of your bank account number while sitting in an Starbucks table zipping from a frappuccino. Also, the inspiration of so many movies, videogames and tv shows like Watchdogs and Mr. Robot, but do we actually know what the heck does hacking mean? No, it’s not clicking violently 1’s and 0’s into the command terminal of a computer. It goes deeper… way deeper.  

//giphy.com/embed/obAMTQ7SeWqPK

Let’s start with some background. Ethics, the core of our beautiful society, are a system of moral principles that dictate how decisions are taken and in general how to live life, it includes our rights and responsibilities and what is right and wrong, and surprisingly, they exist in the computer world too. Can you believe it?!

There are four areas of computer ethics:

1. Computer crime:
2. Responsibility for computer failure:
3. Protection of computer property:
4. Privacy:

Now straight to…

Ver la entrada original 786 palabras más

Holly trinity of security

By now you should be worrying more about security. Fortunately you are not left alone in this world. There exist a security model focused on achieve progress in three main goals Also known as CIA triad, or AIC in case you don’t want to confuse it with the Central Intelligence Agency.

Computer security has 3 main core components: Integrity warrants that the information is trustworthy , Availability is a guarantee of reliable access to the information, and Confidentiality which is about rules limiting the access to information.

now going deeper into each of these elements:

Integrity

Integrity is about securing the information and make it «impossible» to be modified by unauthorized access.  Incorrect data is useless and delicate, therefore integrity has a great weight on protecting .

Best practices to maintain this element healthy are the following:

• Encryption
• hashing received message with original message to compare
• Backup availability
• user access control

Availability

This section is about making sure that everyone authorized has access to the information whenever they need. Information’s value depends among other things on the users being able to access his data at any time they want. Nowadays you don’t only have to be worried wanted about other people accessing to your information, but also about other people not letting you access to it. DDoS attacks have become very common lately, but that information will be available on a blog post anytime soon. So back to the security triad…

Best practices to maintain this element healthy are the following:

• rigorously maintain all hardware
• systems’ and components’ updates
• backup in a geographically-isolated location.
• redundancy control
• provide adequate bandwidth

Confidentiality

This one is probably the most important and the easier to understand, as the name suggest is about keeping your data and all the delicate information away from people unauthorized to see it. Information has value, especially nowadays (credit card numbers, personal information, delicate work documents, etc). Therefore being SO important and juicy for the bad people everyone tries to attack it.

Best practices to maintain this element healthy are the following:

• Encryption
• strong password build
• two steeps authentication
• enforcing file permissions and access control list
• keep system’s algorithms secret

Conclusion

 

The CIA model helps us to guarantee the right amount of security we want to have. It all depends on what we are working on, some products might need an expense use of the three of them, some others may need more from confidentiality rather than accessibility. it varies based on the user needs.

Security is an important issue

Why should we study computer security?

Technology has greatly advanced among these years. Internet access is available everywhere with numerous kind of devices. We can access to internet from our computers, smartphones, tv, video games consoles, tablets…. nowadays is even possible to access from a refrigerator (why tho)!!

Samsung family hub technology presented in CES2016

Through internet now we are able to do almost anything: from surfing in the web receiving news updates; talk to any of our friends, family and colleagues; sharing important documents with school and working peers; send personal information for acquiring services; buying and selling whatever from wherever… among other many things. The amount of personal information going through our computes and mobile devices is ridiculous, and if no precautions or safe practices are taken we are putting ourselves and others in danger. Out there exist bad people who might find security vulnerabilities and won’t hesitate to take advantage of it.

So having the freedom and privilege of being connected everywhere at anytime gives us also some restrictions about what we should and shouldn’t do. And that’s the reason knowledge about security is so important. To understand the way we might be attacked  by others; what can we do to defend and protect our information; and all the consequences of an irresponsible use of internet.

Stay tune for more computer security related posts!
hopefully it might prevent you from a hacker attack, hopefully you might learn new things!