How can you wire when you are wireless?!? Security wise, obviously.

--Originally published at lazynesstothemax

So. Wireless Security is very important, you get me. Everything is wireless and we cannot everything if everything is not secure. You feel me. So…. how can we wireless secure? You may ask me.. then…


I collabed with Rodolfo Padró and created that beauty above.

You have activated my Trap card!

--Originally published at lazynesstothemax

A very important part of our education in Information Security for us up and coming security experts is to learn about security countermeasures. A countermeasure is an action, process, device or system that can prevent or mitigate the effects of threats to our systems.

Countermeasures can take form of hardware, software or procedures. In these sense lets just list some possible countermeasures one can take against those meany mean threats out there in the world:

In the software department we can see countermeasure as:

  • personal firewalls
  • application firewalls
  • anti-virus software
  • aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhh
  • aiuda esto se va a descontrolar
  • pop-up blockers
  • spyware detection/removal programs

In the hardware department, apart from preventing the IP address of all users visible in the internet, we can also do:

  • biometrics authentication systems
  • physical restriction of access to computers and peripherals
  • intrusion detectors
  • alarms

And finally procedures we can take countermeasures as.

  • frequent deletion of stored cookies and temporary files from Web browsers
  • regular scanning for viruses and other malware
  • regular installation of updates and patches for operating systems
  • refusing to click on links that appear within e-mail message
  • refraining from opening e-mail messages
  • staying away from questionable web sites
  • regularly baking up data on external media.


There are also many particular scenarios that need special treatment, some of them are:

  • Encrypting data that is not used and is just resting in our databases for future use.
  • Administrate access management with different powers in different accounts as in manager and employee and such.
  • We can encrypt the network layer in order to prevent unwanted queries of our information
  • We have to frequently patch our existing programs in order to fix flaws in our systems


There are also many things that we may have missed, but for that we need to keep studying and researching the ever

Continue reading "You have activated my Trap card!"

How to detect those risky risks in this risky world!

--Originally published at lazynesstothemax

There are many risks in our imperfect Cyber Security world. The fact that technology only moves forwards and hackers innovate in the ways that they operate is good enough for us to know that our systems, our networks will never be absolutely safe. We need to innovate in our ways of protecting our systems too, but that will obviously take sometime. For the meantime we need to also prepare in case of an attack or a security leak. We need to be on a watch 24/7 for the integrity of our systems to be safe. That’s why we will talk about risk assessment and how can we prepare for the worst.

Risk assessment is the determination of quantitative or qualitative estimate of risk that is found in a well-defined situation recognized as a threat. In order to assess quantitatively a risk we are required to do calculations of two main components of said risk: the magnitude of the potential loss and the probability that the loss will occur. An acceptable risk is the risk that is well understood and tolerated. This risk may be allowed to exist because the cost or difficulty of implementing an effective countermeasure for that vulnerability exceeds the expectation of loss.

There are different ways to approach risk assessments and to prepare for these risk to happen. This is a list of steps that one usually takes to confront a risk:

  1. Understand what information you need to protect: The first step in assessing an organization’s cyber risk is to understand which of the company assets you are trying to protect and why. Which are the most important assets in the company that need your most attention?
  2. Identify the threats that you need to be aware of: When talking about threats, you have to ask yourself some
    Continue reading "How to detect those risky risks in this risky world!"

Our Books Cover is very Important too! (Security Certificates)

--Originally published at lazynesstothemax

In the world of Information Security, the ways the people with malicious intent operate constantly change as they come with new ways to attack and try to steal information from others. This requires IT experts to update their knowledge and methods to new ones that are able to keep up with the criminals out there lurking and seeking an opportunity to attack.

When it comes for a company to evaluate possible candidates to a Computational Security positions, certificates are an easy way to see if someone is capable of doing the job right. Companies need to protect their information and their system as best as possible and only the best candidate with the best certificates on his/her belt will be offered the position in order to get the job.

There are many certificates out there available and they are provided by universities, organizations like Cisco or Microsoft or by the government. In this post we are going to look at the best five security certifications in 2016 according to tom’sIT PRO website:

  1. CompTIA Security +: There are more than 250000 holders of this certification and it is a well-respected credential. This credential is vendor-neutral and those who have it are recognized as “possessing superior technical skill, broad knowledge and expertise in multiple security-related disciplines” (tom’sIT PRO).
  2. CEH, Certified Ethical Hacker: This is an intermediate level credential that is given by the International Council of Electronic Commerce Consultants. This credential is all about ethical hacking. Hackers in general are innovators and they’re always looking for new ways to attack networks and systems. Sometimes what a company needs is to use this ability in their advantage. To get a “White hat hacker” that will use the same tools of those of a normal hacker and identify system vulnerabilities and ways of
    Continue reading "Our Books Cover is very Important too! (Security Certificates)"

Are there good hackers in the world?

--Originally published at lazynesstothemax

Cyber security is a very important aspect in our systems, networks and data. When you want to become a security professional you will have the tools and knowledge to protect your systems but you will also be able to do harm to it and to other systems. Studying cyber computer is looking at the world as a criminal and then to learn how to defend yourself from these attacks. Therefore is it a delicate topic when you wonder if all hackers are security professionals or all security professionals are hackers. In the end, it is all about the person. Someone with good values and ethics will use his/her knowledge to do a good job and not harm anyone in the process.

All this said, Ethics is a very important part in the cyber security world. Companies go throw very rigorous processes in order to select a professional to work with sensible data. They will have very high standards in order to entrust their data to someone that will be able to access it and to “protect” it.

Ethics is something that we learn from an early stage of our lives. We cannot just go to a one day course to acquire good ethics. Our ethics are defined by our education provided by our parents and by our friends when we were young and still forming our character and acquiring values from society. So in conclusion, everyone has their own ethics, their own definition of what is good and what is bad. It is very hard to learn about the ethics of a person but very important if we are going to give that person access to data that cannot fall in the wrong hands.

dr evil austin powers -  "Ethical Hacker"

When we are in the world of cyber computing, without considering our specific values and ethics,

Continue reading "Are there good hackers in the world?"

The Golden Rules of Cyber Security

--Originally published at lazynesstothemax

All cyber security programs or protocols follow three rules and have to address at least one of them. These are:

  • Integrity
  • Availability
  • Confidentiality

Security professionals, when creating a procedure, must consider them in order to successfully protect the computer, network or system they are working on.


Cyber Integrity

As time goes on, hackers get more knowledge and tools that help them get access and alter data from the systems they attack. This may leave corrupted data or changed programs on their trail. This affects the functionality of the system as well as the safety and profitability of it. For that reason, Cyber integrity is very important, and a security professional has to have the tools and programs necessary to check if the programs weren’t altered or modified from a desired state to a non functional or not secure state.

There are different ways to attend this matter and to mentions some of them, there is the inventory management, policy enforcement, backup and recovery, analytics and reporting.

Inventory management refers to have a monitored way of checking all files and programs and checking the creators, editors and dates that the file changed. This way you can have a closer look to the meta data of the files and know if there were unwanted changes or if files are missing.

Policy enforcement can refer to keeping good standards that apply to all files in order to know if the file follows said standards and can be considered as a good file and not an altered one by an unknown author.

It is good to always have backups of the state of the system, and if a node fails in the integrity standard then to restored it with a desired previous state.

It is always good and useful to have analytic tools that

Resultado de imagen
Resultado de imagen
Resultado de imagen
Continue reading "The Golden Rules of Cyber Security"

Cyber Security? Can you eat it?

--Originally published at lazynesstothemax

Cyber Security in short is the protection of computers, networks, programs and data that may be manipulated without authorization or with the intention of changing the access, destroying the integrity of the object or stealing information.

Nowadays internet security is becoming essential and not having a good and secure framework may tear down whatever system you may have and put your information at the risk of being destroyed or stolen by someone out there, maybe from the same city or from the other side of the planet.

For more information I did a more elaborate blog about this topic with a group of friends. You can find this post here.

Why is it not Buenware? :B

--Originally published at lazynesstothemax

Malware comes from Malicious Software.This is a concept very common when we talk about Cyber Security. Malware is a program or a piece of code meant to do something bad to our system. Malware is made to harm the integrity of our system or to make it malfunction. When we talk about Malware there are many types of it, and there are as follow:

  • Virus: Viruses are programs that are created to infect other files and programs in our system. This programs may also exist to destroy parts of our files for them to malfunction. Viruses infect other programs by inserting lines of code into the file, most of these files targeted are executable so that these lines of code run and do bad stuff to our system.
  • Adware: This software is created to display publicity in our browsers or in our computers. This application insert lines of code in our display software and browsers or add extensions to show popups or images in the side of our pages. This applications keep track of the user information.
  • Backdoors: This applications seek for entrances and vulnerability to our system to have access to them and do as the creator pleases to them. This programs are made to have computers available for  future use.
  • Botnet: This kind of software make use of  computers that have been successfully infected by backdoors and make use of these “robots” or “zombies” for their resources. Botnets make a network of the victims and make them work for their own purposes.
  • Worms: worms are similar to viruses but they don’t need an initial file or program to be executed in order to infect the victim’s files. They come in from other ways like local networks, email, instant messages, usbs and social media.
  • Hoax: Hoaxes are chains
    Continue reading "Why is it not Buenware? :B"