--Originally published at Computer Security

I’ve always been interested in how things work in computing and in the world in general, so I got the chance to take a Compute Security course in my last semester of my bachelor’s degree. Truth be told, as I’m about to graduate , my courses where light and I got lazy so I didn’t get involved with the class as much as it was needed, no excuses here. The thing is, I just expected the course to be an introduction to something I want to learn in the near future but it was so much more than that, for real.

Professor Ken has a “disruptive” idea for education called flipped classroom, I had read about it before but never implemented it, as some of my classmates I couldn’t completely adapt to it and ended up doing almost nothing, but even if I didn’t perform class activities still learned from those around me. In flipped classrooms you study at home and reinforce that knowledge by doing activities in class, it is disruptive because it’s not the traditional way and for the same reason it’s really difficult to implement in an environment like Tec, even though Tec has changed a lot its teaching methodologies; it is an awesome effort from Ken, I realized some professors are really looking into the future and preparing accordingly, I hope ITESM don’t let these kind of things slip away.

About the class in general, I think is too soon to implement flipped classroom as it is (it wasn’t the case), we are too accustomed to the traditional way of learning. Class discussions were excellent, I think it was my favorite thing but some people didn’t get involved never, I was to blame sometimes because I didn’t participate enough. I think the class was too theoretical but

Continue reading "This is (not) Farewell" →

--Originally published at Computer Security

Ok ok, the title is a bit too fancy, it was just to catch attention and I apologize beforehand for the repercussion it could have, I’m thinking of changing it later. The machine (computer) is some kind of god for people involved and not involved (mostly not involved but fanatic) in technology. Computers comes in all sizes and shapes, they are in the most recondite places of the world, they can answer almost every question a normal person is able to formulate, and can makes the things we imagine come true.

But this is not some post about why computers are so awesome we can compare them to some kind of god, it’s about denial of service and how to approach an attack of this nature, just like christian people have their counterarguments when other deny god, we security students must be ready when someone is trying to deny services within our system.

First, what’s denial of service (DOS)? It is an attack which consists in stop the functionality of a service provided by some server. Have you ever heard about Anonymous? Some time ago, I watch some post where you entered a page to send packages of information to a governmental web page with the objective of overthrowing it, that’s exactly like DOS works.

Now I’ll present a guide I found to answer effectively to a DOS attack:

First step – Preparation
I moved from a small town to a big city some years ago, I had heard a lot of stories about the common the assaults are here so from the moment I arrived I was expecting an attack at any time, kind of paranoiac. An amount of paranoid it’s OK, one must be prepared for a DOS attack, we have to have complete knowledge of our system

Continue reading "Denial of God" →

--Originally published at Computer Security

Today I’ll talk about a topic really new for me, CIA, yep like the Central Intelligence Agency, and like this agency, computer security CIA look to assure security to people. CIA stands for Confidentiality, Integrity and Availability, they are security’s fundamental pillars, every computer service/system connected to Internet wants to assure at least one of them.

Now let’s explain every one of these security agents:

Confidentiality
I’m sure all of us have some secret which we guard jealously, something we don’t want anyone to know, something highly CONFIDENTIAL. I think a secret is no secret if more than one person know about it, but let’s say you tell your bff, you AUTHORIZED him/her to know, you give him/her ACCESS to the secret. Words in capital are key to the term, confidentiality assure that non-authorized users don’t have access to the data unless the get permission.

Integrity
People changes through time, we get old, wiser, etc. But history remains unchanged, no matter what we tell, (for now) there’s no way to alter the past. I love history as a subject and there’s a phrase which state “winners write the history”, that might be true, some times we read a distorted history in books, it does change our knowledge but doesn’t change history itself. Computer security fights for history to remain as it really is no matter the victor of a war, well, history is an analogy for DATA. Integrity assures the DATA has not been deleted, modified nor copied.

Availability
Who doesn’t hate when Facebook or Twitter is down? Or gamers who are playing happily and then the game kick you out and can’t access to it? Or even people in general looking for tacos at 5 am and there’s none? Availability is the agent of CIA in charge of stopping this issues

Continue reading "Agent 003" →

--Originally published at Computer Security

Martial arts are are codified systems and traditions of combat practices, they require a lot of discipline, effort and perseverance. Nowadays, most martial arts have spread to the entire world and they are even considered as a sport, people around the world practice them mainly because of self defense. Now, I’m sure more than one of you have seen Karate Kid (if not, google it), it’s a movie that tells the story of a young guy (Daniel-san) who is bullied by stronger boys and then a Japanese old man (Miyagi-sensei) teaches him karate so he can defense by himself, a classic.

Well, this is some blog for computer security, why am I talking about Karate Kid? I just felt like talking about it. OK no. Look, as Daniel-san learnt karate for self defense, we should be learning karate too, IT’S A DANGEROUS WORLD!

The point is, digital world it’s also a dangerous world full of bullies waiting to attack us, if we show weakness then we are screwed, we should learn computer security for self defense, and who knows maybe we could protect others too. Miyagi-sensei would approve.

We could make a completely analogy between martial arts and knowledge of computer security; if you know how to defend, you know how to attack but you won’t because of your values and ethic (read Web Security Apostles entry), if you are good enough you won’t be easily harmed and you could expand protection to others, if you at least know the risks you will avoid them. Finally, if you haven’t watch the movies, watch them, like right now, great movies, you’ll learn good stuff from them

--Originally published at Computer Security

If you look for a definition to evil, the concept refers to an inclination to do evil things, not very educational right? Well evil is the antonym of good, and you can’t go deeper than that, being evil means you don’t have any good. In example an object, lets say a stone, we can describe it like hard, or by its shape and color but we can’t define it like good or bad because it doesn’t have intention, but someone can take the stone and hit people with it; same happens with software, the code by itself doesn’t represent any harm to people, but people themselves decide what to do with it. Every single person has an ethical conscience which tell us the way to act through life situations.

There are mystical people with an ethical conscience which impulse them to safeguard the web, I called them security apostles but the name is hacker. Well, in some cases they look for money and recognition but they’re still doing good, OK? Humans are humans (non perfects beings). The term hacker in some cases is related to criminals -blame the media- but at the begging of computer science, the word hacker was used to describe a person with a creative passion and who loves to learn from others. There exists the hacker ethics, described as the belief that sharing information is a powerful positive good, and the hackers’ ethical obligation is to share their knowledge through free code, grant the access to information and computational resources as far as possible. Also, it establishes that the cracking of systems is ethically correct while the hacker doesn’t commit theft, vandalism or violates confidentiality.

The hacker’s ethics principles take credit thanks to the actions of hackers themselves, most of them look for sharing their

Continue reading "Web Security Apostles" →

--Originally published at Computer Security

If engineers, scientists or even common computer users were in a camp around a fire, every one of them would have a horror story about how they were attacked by a malicious software and the struggle they had battling it, some might have win the battle, others perish with their system (I did). So, lets imagine we are around that fire, I’ll share my own personal battle.

Everything started when I was around 10 years old, by that time I had some experience surfing the internet and had some knowledge about dark things around the cyber world, viruses and stuff. But I was a little kid with almost no experience in security besides built-in antiviruses and firewalls. Around that time I was really interested and music nut there weren’t a lot of access to it like nowadays, then I discovered Ares, a magic platform were people around the world shared their music files for other to download them (now I know it was p2p). Everything seemed nice until my machine started to have some weird behavior, toolbar were installed in my web browser, I was receiving emails from unknown sources or advertisements showing up out of nowhere, my computer was infected by all kind of malware: adware, viruses, Trojans, etc.

Well, the people in the net is not as kind as my 10 years old mind thought, I got to know that people do bad stuff, sometimes just for fun. How did I solve the problem? I performed a system recovery. Thankfully, at that time I didn’t have important data stored in my computer, it could had been a lot worse; from then I started being a lot more cautious with the things I download from the web, or even the suspicious link I click on, unless I’m desperate enough I won’t

Continue reading "Malware Horror Story" →

--Originally published at Computer Security

Software encryption

Software encryption programs are more prevalent than hardware solutions today. As they can be used to protect all devices within an organization, these solutions can be cost effective as well as easy to use, upgrade and update. Software encryption is readily available for all major operating systems and can protect data at rest, in transit, and stored on different devices. Software-based encryption often includes additional security features that complement encryption, which cannot come directly from the hardware.

But encryption is moving to lower levels (hardware, quantum, etc.). Main reason, software encryption is vulnerable for brute force attacks, this is basically bombing the system with passwords until one hits; computer tries to limit the number of decryption attempts but hackers can access the computer’s memory and reset the attempt counter, sad thing. Even so, cryptography -as technology- is being developed continuously, unless is to protect government, military or enterprises, software encryption is more or less enough, most of us are not worthy enough to be attacked.

Dark applications

The idea of self encrypting polymorphic viruses gained popularity in the early 1990’s and brought to life generators of polymorphic code – in early 1992 the famous “Dedicated” virus appears, based on the first known polymorphic generator MtE and the first in a series of MtE-viruses; shortly after that there appears the polymorphic generator itself. Polymorphic viruses are a kind which modifies themselves every time they make a copy; imagine you have a plague of cockroaches and you have to use a different insecticide for every single one, fortunately anti-viruses are complex as well.

--Originally published at Computer Security

Well, first blog in my entire life. I’ll be publishing about computer security; I’m new on it, so let’s have fun and learn a lot with this. FYI Jordinhi is the name I use for online forums and videogames since I began using internet, so I actually feel it like being my real name in this world…

To finish my introduction and start at once:

Internet might feel (and in fact, be) another world, but it’s connected to the physical one, so whoever you are here, so you are there, just keep it in mind.

That’s all folks!