It’s me, open up!

--Originally published at #TC2027 #CParravirgen

Sooooo, before my coffee power runs out, I’ve got to finish this post, so, buckle up and prepare for a not so wild, not so boring and very instructional reading. Don’t worry, I’m not that a great writer so it won’t be long, just long enough to prove I know what I’m  typing?

Kids, this is the story of “how I met your mother”, no, actually it’s not about how I met her, but sounds like an interesting post, or TV show to make, oh wait…

Since the “how I met your mother” has been already taken, lets see what we can say about authentication. Why?, you ask, why going from super cool to super-boring? well kids, it’s because of our security blog, eventually I’ll write about more interesting things, but for now, lets keep with authentication and security, shall we?

So, authentication and security basic goals (like the 101 of security):

  1. Keep unauthorized persons from gaining access to resources
  2. Ensure that authorized persons can access the resources they need

Therefore, you can imagine it is important to know who is knocking at our door before we open it (only in Mexico we open up the door by just saying “It’s me, open up!”


So, we know how insecure Mexico is (and yes, I can say that because I’ mexican, I live in Mexico and I care about it, any complains please refer them to your hand and the Mexican government, thank you); even though is not because we open the door without proper authentication, the computer and network world can’t work like that.

How can we protect data from people who is not authorized to see/have it but still make it available to those who should and depend on it. Keeping it under the mattress is not an

Continue reading "It’s me, open up!"

My powerful cryptosomething

--Originally published at #TC2027 #CParravirgen

Hardware VS Software

There are some kinds of HW encryption…

Whole disk, this refers to the encryption of an entire physical or logical disk. While this is currently done mostly in software, hardware based disk encryption is a growing technology which is expected to surpass software products for whole disk encryption over the next few years.

This form of encryption secures the entire content of a disk or volume and decrypts/encrypts it during use after a key has been given. It would not protect the information if you send it over the network…


but it helps if you lost it!

Now let’s get into some heavy technical encryption. Let’s talk about PGP.

PGP combines some of the best features of both conventional and public key cryptography. PGP is a hybrid cryptosystem.

PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient’s public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.

Keys are stored in encrypted form. PGP stores the keys in two files on your hard disk; one for public keys and one for private keys. These files are called keyrings. As you use PGP, you will typically add the public keys of your recipients to your public keyring. Your private keys are stored on your private keyring. If you lose your private keyring, you will be unable to decrypt any information encrypted to keys on that ring.

A digital certificate consists of three things:

So your Uber driver doesn’t become a moto-thief!

--Originally published at #TC2027 #CParravirgen

Why study computer and information security? Actually, there are many reasons, from both sides, as a programmer and as a user, we should all, at least, be aware of what the heck can happen to us when we stand up from our chair and don’t lock the computer, or our cellphone, or our hard drive.



Many can say, “well, I’m not really anybody important with million-dollar secrets”, and yes, its not like we are protecting the formula to make the Coke, we are protecting something even bigger and with more value (maybe not according to the insurance companies, but still): OURSELVES!!!!!


So, quick story before you click to go back and stop reading this post. I was on Facebook reading my news feed (nothing fancy there), when I get to an interesting post that you can find here. Basically, what is says is that on August 11, the daughter of Ana Marcela Chavez (person who made the post) ordered an Uber to get back home. As usual, she got a text saying that her Uber had arrived. When she came out, 2 guys in a motorcycle were waiting for her instead of the Uber. They threatened her with a knife and she got robbed. The Uber never came. Mrs. Chavez tried to get in touch with someone from Uber but she never got a reply from them (but she did get a receipt and a charge for the trip that her daughter never took, by the way). Now, I am not saying this was a digital security breach, maybe the driver was an accomplice of the thieves and he alerted them of the girls location so they could assault on her. However, lets believe that the driver was not an accomplice and he just got his Uber phone stolen and

Continue reading "So your Uber driver doesn’t become a moto-thief!"