--Originally published at Allow Yourself to fail and learn… and hack

Authentication is a big issue when talking about security. If there’s an access control it means there’s information we are protecting and we have a huge responsibility to make sure this door to info maintains closed to people not allowed to open it, not even peeking on it to see what’s on the other side.

To make sure we are providing maximum security there are ton of methods to prove access. Some of the methods are based purely on software, sometimes validating on the side of the server, sometimes on both, and sometimes requiring also of extra hardware. To give some example I’m going to show you the most commons out there.

There exist the common authentication of the user providing the username and password, followed by the server verification of the correctness and existence of the input. There are more fancy methods such as double authentication provided by the client and the server simultaneously.

Two steep authentication

SMS: using a cellphone a code is sent to the user to warrant its identity.

Email: same as previous but sending the code through electronic mail.

App notification: uses the connection with an app to send the code and provide  access.

Hardware authentication

This double step authentication is one of the more popular out there. Most of the bank companies use this method to provide access to their online services. Can be achieved thanks to the use of those tiny devices with a screen refreshing a code every 15 seconds.

Biometric access control?

Yeah nowadays that is a thing, unlocking devices and log in to services by using your retina or your fingerprint is not only a sci-fi movie thing anymore, many smartphones and computers use this authentication as the main authentication method. It has proved not only that is more secure but also

Continue reading "Let me in" →

--Originally published at Allow Yourself to fail and learn… and hack

Imagine you’re a super awesome hacker who can access any network, bank account, database and security system in the world. You have so much power in your hands and you can do anything you want with it. What would you do?

Lets just say you’re the Robin Hood kind of guy, you take from the rich and powerful and give to the poor and weak. You take money from the bank account of celebrities and big companies and give it to poor countries or communities that have nothing to eat. You also disclose all of the secret information of all the governments to the public because transparency and freedom of information, right?

You are the savior of the people, the vox populi, the hero, the nightmare of evil… or so you thought, but the money you gave to the poor was not used for food but on drugs and the information you disclosed was used by terrorist organizations to make a more organized attack or you just started World War III. You’re not looking so good now aren’t cha? Or maybe you’re just the Tyler Durden kind of guy and you go straight to WW3 without the poor people part, are your action good, bad, maybe both just to be safe?

Ok, maybe I went a little bit too far with my example so let’s just put a real life one because I know you love them. You’re the chief of IT security within an organization and your job is that unwanted people don’t get in and confidential information doesn’t go out and you can do anything to achieve this (within the legal boundaries). The easiest way to keep information from going out is to spy on worker’s emails and key logs. Would you do it knowing that there are

Continue reading "The thin line" →

--Originally published at Allow Yourself to fail and learn… and hack

Do you recall about those bad guys I talked about before. Well I am sorry to say, this guys are really creative, and the way we can be attacked varies in formats, sources and damage.

 

Malware are the tools they use to infect our devices and steal information, destroy data or damage our hardware and software. but what does Malware means? Malware is an abbreviation from Malicious Software… and as it sounds this is no bueno. Worst of all, is not as if we could be protecting from a single kind of malware. There are tons of them and they vary on its objectives and the way they are spread among devices.

Some of the most infamous malware we can found are the ones bellow:

Virus

Same as a real biologic virus this malware spread among unprotected computers. Its objective  is to damage the health of our devices. modus operandi: create files, erase files, consume computer resources till it achieves damage. Worst of all, virus can duplicate and travel to other devices. Most common virus  spread is found through USB data sharing, and infected e-mail attachments.

Worm

Same as real not technologic world, worms found their way through difficult places. making its way through memory same way a regular worm would do through soil. This malware does not damages or create files as a virus does, however; they can multiply themselves so much they can end up requiring all of your existing computer memory. Leaving you with a useless and slow computer. Super ability: this guys are almost invisible, so its hard for antivirus to detect them..

Trojan horses

If you know the story or have seen the movie Troy,  pretty much it is what you might be thinking. Trojan horses are master of disguise, they masquerade as regular programas, such as anything you could

Continue reading "Malware… Malware everywhere!" →

--Originally published at Allow Yourself to fail and learn… and hack

--Originally published at Allow Yourself to fail and learn… and hack

By now you should be worrying more about security. Fortunately you are not left alone in this world. There exist a security model focused on achieve progress in three main goals Also known as CIA triad, or AIC in case you don’t want to confuse it with the Central Intelligence Agency.

Computer security has 3 main core components: Integrity warrants that the information is trustworthy , Availability is a guarantee of reliable access to the information, and Confidentiality which is about rules limiting the access to information.

now going deeper into each of these elements:

Integrity

Integrity is about securing the information and make it “impossible” to be modified by unauthorized access.  Incorrect data is useless and delicate, therefore integrity has a great weight on protecting .

Best practices to maintain this element healthy are the following:

• Encryption
• hashing received message with original message to compare
• Backup availability
• user access control

Availability

This section is about making sure that everyone authorized has access to the information whenever they need. Information’s value depends among other things on the users being able to access his data at any time they want. Nowadays you don’t only have to be worried wanted about other people accessing to your information, but also about other people not letting you access to it. DDoS attacks have become very common lately, but that information will be available on a blog post anytime soon. So back to the security triad…

Best practices to maintain this element healthy are the following:

• rigorously maintain all hardware
• systems’ and components’ updates
• backup in a geographically-isolated location.
• redundancy control
• provide adequate bandwidth

Confidentiality

This one is probably the most important and the easier to understand, as the name suggest is about keeping your data and all the delicate information away from people unauthorized to see it. Information has

Continue reading "Holly trinity of security" →

--Originally published at Allow Yourself to fail and learn… and hack

Why should we study computer security?

Technology has greatly advanced among these years. Internet access is available everywhere with numerous kind of devices. We can access to internet from our computers, smartphones, tv, video games consoles, tablets…. nowadays is even possible to access from a refrigerator (why tho)!!

Through internet now we are able to do almost anything: from surfing in the web receiving news updates; talk to any of our friends, family and colleagues; sharing important documents with school and working peers; send personal information for acquiring services; buying and selling whatever from wherever… among other many things. The amount of personal information going through our computes and mobile devices is ridiculous, and if no precautions or safe practices are taken we are putting ourselves and others in danger. Out there exist bad people who might find security vulnerabilities and won’t hesitate to take advantage of it.

So having the freedom and privilege of being connected everywhere at anytime gives us also some restrictions about what we should and shouldn’t do. And that’s the reason knowledge about security is so important. To understand the way we might be attacked  by others; what can we do to defend and protect our information; and all the consequences of an irresponsible use of internet.

Stay tune for more computer security related posts!
hopefully it might prevent you from a hacker attack, hopefully you might learn new things!