--Originally published at Computer and Information Security

Julius Caesar was a roman politician and general who used ciphers in his private correspondence, this type of encryption is one of the simplest and most widely known encryption techniques.

It is based on the substitution of letters by a fixed number of position on the alphabet, this cipher is used as the base of other, more complex ciphers such as the Vigenère cipher. In this cipher a keyword is used and the message to be encrypted is shifted the value of the corresponding letter of the keyword in the alphabet.

This cipher remained unbreakable for 3 centuries. Here is the Java code of both ciphers.

--Originally published at Computer and Information Security

Just like in the real world where people requiere a way to identify themselves, like a passport or a driving license, in computing, organizations and computers also need a digital certificate in order to be able to exchange information securely through the internet.

A digital certificate must provide information to identify the owner and it must be issued by a trusted and official entity.

A certificate must contain this information:

• The name of the entity that is being certified (That’s you in your driving license).
• A serial number.
• An expiration date.
• The certificate of the holder’s public key (Used for encryption and digital signatures).
• The digital signature of the entity that is issuing this certificate.

Since this certificates contain the digital signature of a trusted authority, operating systems and browsers have lists of this certificates in order to verify the authenticity of the certificates.

There are 4 types of digital certificates:

• Personal Certificates.
• Server Certificates.
• Software Publisher Certificates.
• Certificate Authority Certificates.

--Originally published at Computer and Information Security

 

Computers have become an essential part of our lives, they allow us to keep in touch with people around the world and also grant us access to information of anything with just a few clicks.

However, what most people don’t know is that the internet is a dangerous place and they don’t take the required precautions to avoid being at risk, this causes unintentional security risks since it is caused by human error or the environment.

Here are some examples of unintentional security risks:

Browsing the internet with JavaScript enabled.

Since Javascript controls the setting of a web browser, a malicious website can disable the security settings of the browser allowing malicious software access to your computer.

Believing you antivirus will keep you safe.

While an antivirus program protects you from certain risks it is not invincible, you must be careful of which sites you visit or what types of files you download.

Keep clicking “Remind me later.” on every security update.

Software providers such as Microsoft and Adobe are constantly fixing security issues on their products and sending updates to address them, however if you don’t keep your software up to date those security threats remain open to be exploited by others.

Clicking “I accept” when you shouldn’t. (IT’S A TRAP)

Have you ever installed something and later on you start receiving a lot of spam on your mailbox? Maybe that program you installed said in very small words that you agreed to share your information with third parties. But who knows, you didn’t read them!

Hell yeah, free Wi-fi!

Just because it’s free doesn’t mean it’s good, free Wi-fi is insecure and can easily be penetrated and all your information compromised, so think twice before connecting to a free Wi-fi.

--Originally published at Computer and Information Security

Week 12 – 19 Sept

• Unintentional Security Issues
• Certifications in computing security

Week 19 – 26 Sept

• Classic Security Architecture Models
• Security Policies

Week 26 – 3 Oct

• Ethic and legal responsibilities in computer security
• IT Risk Management Frameworks

Week 3 – 10 Oct

• Risk Assessment Methodologies
• Authentication and Access Control

Week 10 – 17 Oct

• Cryptography
• Security Countermeasures

Week 17 – 24 Oct

• Security on the Web (User Perspective)
• Operating System Security

Week 24 – 31 Oct

• Network Security

Week 31 – 7 Nov

• Denial of Service

Week 7 – 14 Nov

• Wireless Security

Week 14 – 21 Nov

• Potpourri for $500

--Originally published at Computer and Information Security

Malware is short for malicious software and it refers to programs that intend to damage or perform atrocious actions on a computer system. There are different types of malware and in order to protect ourselves from them we need to understand how they work.

The types of malware are:

Viruses

There are programs that self-replicate themselves. They also may have another unpleasant function but what distincts a virus is the self-replication and rapid spread. Any virus that spread rapidly can reduce the functionality an responsiveness of a network.

Trojan Horses

These is a term for programs that look benign but actually have a malicious purpose. When you open them they do something else than what you expected them to do. Activities that go from installing harmful software to deleting files.

Adware

These programs’ function is to place advertisement through pop-ups, embedding them in programs, even if you are playing games, writing a document, listening music or anything.

Spyware

Programs classified as spyware send information about the user and the computer, this can range from the addresses from sites you visit and terms you search to the programs you have installed, email address books, logins and passwords and credit card numbers. Spyware usually works with toolbars, it normally integrates to a program that is always running.

Hijackers

These programs attempt to control parts of your web browser such as the home pages, search pages and search bar. They can redirect you to certain sites or prevent you from accessing them, they may also redirect you to their own search engine.

Toolbars

Toolbars plug in into a web browser and provide different functionality such as search forms and pop-up blockers, however some toolbars simulate this functions while in reality they have characteristics of other malware categories.

How can we protect ourselves from

Continue reading "Malware = BAD" →

--Originally published at Computer and Information Security

There are 3 crucial components of security: Integrity that guarantees that the information is accurate and correct, Availability, that it can be accessed by the authorized people and Confidentiality that limits the access to the information.

Confidentiality prevents information from reaching the wrong people but it also must allow access to authorized individual. There are many methods to achieve and increase confidentiality, some of them are:

• Data encryption.
• Two factor authentication.
• Security tokens.
• Biometric verification.

However, the users are also responsible for the confidentiality of data, they can improve it by minimizing the appearance of the data and its transmission.

Integrity assures that the data is consistent, accurate and correct. This means that data can’t be changed by unauthorized people or when it is moved. Some technologies used for integrity are:

• File permission.
• Access control.
• Version control.
• Checksums
• Backups

Integrity also must be able to endure accidents such as EMPs or crashes.

Availability is achieved by giving adequate maintenance to the hardware, having a correctly functioning OS, using an appropriate bandwidth and preventing bottlenecks. Other methods include the use of RAID systems and having a disaster recovery plan.

--Originally published at Computer and Information Security

It is important to know about computing security since nowadays we use computers and the internet for almost everything, from playing video games to flying an aircraft or launching satellites.

This is a great achievement for humanity and it provides us with knowledge and resources that our ancestors could never imagine having, however, we are also subjected to many risks since we give lots of information about ourselves to the internet.

Since the internet is very big and we don´t know who is out there we need to be really careful about the information we give and share, this is why computer security is necessary for our safety in the internet, we must know which technologies are safer but also we, as users, must know which good computing practices exist to safeguard our information as much as possible.