Tag: Sin categoría

Now… Let’s talk about the other kind of hackers…

--Originally published at Mr. Robot's Imaginary Friend

 

Anyone can become a hacker, you may just be someone who spends too much time with computers and suddenly you find yourself submerged in the world of cyber-security. There are three types of hackers that I will be talking about, the first one is the black hat that.

bh-wh

Black hat hackers have become the most known image of all hackers around the world. The world hacker for most of the computer users has become a synonym for social misfits and criminals. This is just an injustice created by our own interpretation of the mass media, so it is important for us to learn what a hacker is and what a black hat does.

Black hat is a term used to describe a hacker who breaks into a computer system or network with malicious intentions and uses his skills with criminal intent, for example cracking bank accounts, stealing information to be sold in the black market or attacking computer networks of an organization for money.

Some famous cases of black hat hacking include Kevin Mitnick who used his skills to enter the computer of organizations such as Nokia, Fujitsu, Motorola and Sun Microsystems, Kevin Poulsen, who took control of all the phone lines in Los Angeles in order to win a radio contest for a Porsche.

There are professionals that have knowledge about security and vulnerabilities in many platforms and applications, and their goal is to identify and fix their potential threats on their system, those are the ethical hackers or white hat hackers. An ethical hacker attempts to bypass system security and search for weak points that could be exploited by black hat hackers, then this information is used by the organization to improve their system security trying to minimize or eliminate any potential attacks.

For hacking to be

Continue reading "Now… Let’s talk about the other kind of hackers…"

Wiser decisions with Risk IT

--Originally published at Allow Yourself to fail and learn… and hack

Diego's Password

In business today, risk plays a critical role. Almost every business decision requires executives and managers to balance risk and reward. Effectively managing the business risks is essential to an enterprise’s success.

IT Risk Management Frameworks, large concept right. Let’s brake it down in order to understand it. Risk, “a situation involving exposure to danger.” pretty simple. Management, “the process of dealing with or controlling things or people.” in this case risks. Framework, “an essential supporting structure of an object.” We think its getting a bit more clear. Concluding, there are information technology risks or danger situation in which people, in this case managers need to take decisions based on their analysis. Here’s where “framework” comes in. A program that evaluates these risks and helps with the process of taking a decision in the area of technology. Hope you liked this blog post!

giphy.gif

Ok… there’s more than that. We are going to…

Ver la entrada original 382 palabras más


Mythology risks

--Originally published at Allow Yourself to fail and learn… and hack

Diego's Password

tumblr_mhhv7oRsbv1rjl16lo1_500.gif

Risk assessment mythologies, haha funny right… Methodologies. What could it mean…

The evaluation or estimation with of the nature, quality or ability of someone or something.

So is the actual quantification of a risk, being quantitative or qualitative. How could we even count or grade a risk; well, that’s when the mythologies comes in. Normally two factors are taken into consideration, the consequences and the probability. The consequences being all the potential loss, counted either monetary or by a given parameter and the probability being the actual percentage, the likeliness of happening or occurring.

giphy.gif

He’s probably right, but first we need to learn how to analyze a risk and take a wise decision. There’s a really interesting articule written by the GIAC. I’ve written about them before, I’ll link the post here. This post will be based on that article.

There are three mythologies… haha enough. Three methodologies used…

Ver la entrada original 224 palabras más


We are as strong as our weakest link

--Originally published at Allow Yourself to fail and learn… and hack

The Hitchhiker's Guide to information security... according to me!

Achilles, the mythical Greek hero, son of a king and a nymph, invulnerable in every part of his body except the heel… Seriously, the lamest part of the body. But Greeks have something very important to teach us and it’s that there’s always a week spot in something. Even though it may seem unbreakable, unstoppable or impenetrable we’re not looking carefully enough. And it’s when we find that weakness that we now have control. As it is, we are as strong as out weakest link. So we need to be harder, better, faster, stronger when it comes to information security and what will be a better place to start than the network of our organization.

DEFINITION I CHOOSE YOU! Network security refers to any activity that will protect the integrity, availability and consistency (CIA coff coff) of the physical and logical assets from any threats or prevent the breach from…

Ver la entrada original 456 palabras más


My mama said that it was ok

--Originally published at El Machetero Blog´s

IT it´s a common profession in companies, but are IT people aware of all the power that it´s in their hands, and as we all know

great-power-great-respinsibilities

One big problem is that contrary to other branches of study in IT it´s not common to take ethical courses, some people don´t even take courses, they´re just self learning people, and there is not a certain guideline or book to know how to proceed in certain cases or if something is bad or not and as a result of this they´re more prone to do something unethical without knowing.

But what lead IT people to do bad things, well the thing is that they have access to if not all, a big part of the company and employees information, and something that may not seem bad could turn out to be so wrong or it wasn´t bad at the beggining, but little by little you start doing other things and end up falling through the slippery slope all the way down to bad things.

slipery-slope

What would you do if you see info in an employee computer about him/he selling info about the company, stealing data?

Maybe you notice that the company is doing ilegal things, they may ask you to be quiet about certain topic, or even tell you to do something that it´s  unethical. Is it wrong if you do it? Will somebody else do it if you don´t? You could lose your job if you disobey, what would you do in that situation?

The problem lies in all the power they have, with administrator access it´s possible to get into any device in the system, which lead to access to sensitive data, but everyone hopes and trust you won´t do anything stupid, so try not to disappoint them and ask for permission when you

permission
simio-no-mata-simio
Continue reading "My mama said that it was ok"

Because on the network, no one can hear you scream

--Originally published at (Not so) Random talk

The network can be a Universe of its own. Vast, full of things that are or can be unknown. And just like in Sci-Fi movies, it is plagued with dangers. Hackers, malware, etc. Everything is there. As like in some movies, you need to learn to protect yourself.  If not, you might be just like those victims, getting eaten by that unknown thing.

I’ve already mentioned the basics some, if not many times, in the past, but here they come again, plus some new tips in order to browse safely, dearly from me to you:

Update your browser

Everyday thing: Have an antivirus or antimalware and keep it updated too, obviously.

Basic protection:  Use firewall if you are not on an expertise level please do not lower firewall. Your computer comes with firewall by default and it helps you filter bad stuff from the web (want to learn more about it read my past post).

Not everything clickable should be clicked: really, just don’t. If something popups, mostly common in not very safe sites, don’t click on it, close it immediately. Those can be gateways for the alien to filter into your spaceship.

24685000

Public doesn´t equal good: Don’t go into public open networks without some sort of security, or even better, don’t get on them at all. By doing so, you are probably literally leaving your info in the air for someone to grab it.

Buy smart, buy safe: Just do online shopping from trusted and well recognized sites, preferably using platforms like Paypal.

 

Free software can come with a price: not all software out there is good, that’s why you should only download / install certified software.

If your browser recommends you against it, don’t insist: Don’t play with fire. If your browser is already doubting on

Resultado de imagen para password 8 characters long meme
Resultado de imagen para goodbye gif
Continue reading "Because on the network, no one can hear you scream"

Certifications in Computing Security

--Originally published at Mr. Robot's Imaginary Friend

Credentialing is the process of establishing the qualifications of licensed professionals, organizational members or organizations, and assessing their background and legitimacy.

In the Computer security or Information security fields, there are a number of tracks a professional can take to demonstrate qualifications. Four sources categorizing these, and many other credentials, licenses and certifications, are:

  • Schools and Universities
  • “Vendor” sponsored credentials (e.g. Microsoft, Cisco)
  • Association and Organization sponsored credentials
  • Governmental (or quasi governmental) body sponsored licenses, certifications and credentials.

Quality and acceptance vary worldwide for IT security credentials, from well-known and high quality examples like a master’s degree in the field from an accredited school, CISSP, and Microsoft certification, to a controversial list of many dozens of lesser known credentials and organizations.

In addition to certification obtained by taking courses and/or passing exams (and in the case of CCSP , demonstrating experience and/or being recommended or given a reference from an existing credential holder), award certificates also are given for winning government, university or industry sponsored competitions, including team competitions and contests.isc2-ccsp


Hey wait, that was supposed to be private

--Originally published at Mr. Robot's Imaginary Friend

The ethics are a really important factor when it comes to the computer security because they often have access to confidential and knowledge about users and companies’ networks and systems, so obviously that power can be abused even unintentionally , would you like all your information or the informations from your bank account spread all over the internet?

It is amazing that most of the jobs from this area of  IT don’t really need a training, in fact most of them don’t even realize that their job involves ethical issues, and the training they get is only focus on technical knowledge.

There are known histories about “black hat” hackers, this is a term used to refer the hackers who use their skills to break into systems and access data without permission of the owner, I will talk about this subject in another blog, who got jobs in big companies by showing them how does they attack them and where their security is failing, this in my opinion comes in a little of a gray area.

When do we establish the line? What’s wrong? What’s right?

By this time, we all know about the big scandal about NSA having access to all our information, conversations, emails, etc, that we have online or we at some point send, this obviously with purpose of trying to keep the citizens save, but this is really the way? I mean they have so much information at their disposal that is almost impossible to actually go through all that data.

giphy

Another type of ethical problem that the persons in charge of the computer security have to deal with is the budget, what would you do if your boss tells you to cut off some of the security measures that you recommended and this will cause that

Continue reading "Hey wait, that was supposed to be private"

Why should we study computing security?

--Originally published at GG Guazaman

Finalmente hemos llegado al ultimo blog de esta clase, más adelante planeo seguir con los blogs así como mejorar la calidad de los que ya están. Contando este son 20 blogs que publique tanto en el mio, como colaboraciones que hice con amigos de la clase #TC2027.

Quise dejar este tema al final, ya que a pesar de ser el primero de una lista proporcionada por el profesor, me parecía no entender la importancia del mismo y que no lo haría hasta que escribiera los otros 19 blogs.

Así que,

¿Por qué deberíamos estudiar seguridad informática?

  • A lo largo de este curso entendí que la seguridad informática no es tema que le concierna solo a personas del área, si bien algunos de mis blogs tenían cosas demasiado técnicas, también algunos son muy simples de leer, con el propósito de que aquellos que no estén relacionados con algunos conceptos, aun así pueden protegerse en la Web y entiendan un poco más todo lo pasa al rededor de los dispositivos que usan día a día.
  • Todos deberíamos estudiar seguridad informática simplemente porque ya es parte de nuestras vidas cotidianas, ya no es raro tener siempre con nosotros el celular, tableta, laptop, etc. Prácticamente son nuestra vida o contienen una buena información sobre ella. Al final de cuentas protegernos en la web, es proteger nuestra identidad, evitar estafas, suplantaciones, etc.
  • Si pertenecemos al área de las tecnologías con mas motivo, ya que es una de las oportunidades del futuro, son cosas que siempre se necesitaran en cualquier lugar y podrían ayudarnos a conseguir trabajo o bien, a proteger el nuestro. Ademas que es una especialidad donde siempre hay que mantenerse actualizado porque cada vez existen más formas de ser vulnerable.

Reflexiones finales

No somos machos, pero somos muchos

--Originally published at GG Guazaman

f15de7736e5794bd9eac9de46b394121a2712713f0dd3798e61dc69774f5ddaa

Una frase curiosa para titular este blog post, pero tiene sentido, porque en esta ocasion hablaremos de los ataques DDoS.

Primeramente y como ya es costumbre empecemos con la pregunta esencial.

¿Qué es un ataque DDoS?

DDoS significa “Distributed Denial of Service” en inglés, y traducido al español se conoce como “ataque distribuido de denegación de servicios”. Este tipo de ataque consiste en un grupo de sistemas comprometidos (también conocidos como “ordenadores zombie”) que atacan a un solo objetivo para causar una denegación de servicios a los usuarios que sí son legítimos.

Se crea un enorme flujo de mensajes y solicitudes que se lanzan al objetivo para que este se sobrecargue y sea forzado a cerrase; como resultado, se le niega el servicio a los verdaderos usuarios.

¿Qué tan malo es?

¿Cómo afecta un DDoS a una web?

Depende del ataque y del servidor. Los servidores se pueden proteger contra estos ataques con filtros que rechacen los paquetes mal formados o modificados con IPs falsas, de forma que al servidor sólo le llegan los paquetes legítimos. Por supuesto, las medidas no son infalibles y el servidor siempre puede acabar saturado si el ataque es suficientemente masivo y está bien preparado.

¿Y qué ocurre cuando el servidor se satura?

Simplemente deja de estar disponible durante un tiempo hasta que el ataque para. Es muy difícil que se produzcan daños físicos en el servidor. Además, el DDoS por sí sólo no permite entrar en el servidor: para ello es necesario aprovechar alguna vulnerabilidad, y eso no es nada fácil.

Así que, básicamente, un DDoS sólo puede provocar la caída de la web, nada más. Dependiendo del tipo de web esto puede ser una catástrofe o no. Si la web genera dinero (venta online, publicidad), el propietario deja de ganar dinero mientras esa web

606217e7de6ab4c681e3b915e8fae87fc4cbc5dc00300015928766f098f7d700
Continue reading "No somos machos, pero somos muchos"