Is not about you…is about me

--Originally published at The shield of the world

So when we talk about Computer Security there is a topic that some of us really think about. How to ensure the ethical and legal responsibilities, why this? Because when someone has the knowledge about this topic is easy to go from white to black hat in a matter of seconds.


There are some other professionals whose jobs duties affect others’ lives and they receive a formal training, to address ethical issues and how to deal with them. In the case of the IT security personnel they have access to confidential data and knowledge about individuals’ and companies’ networks and systems that give them a great deal of power. That power can be abused, either deliberately or inadvertently. But there are no standardized training requirements for hanging out your shingle as an IT pros are beginning to address the ethical side of the job, but again, there is no requirement for IT security personnel to belong to those organizations.


This is something related to what happened to Tec de Monterrey, when the institution was growing and becoming important in the country as a quality education institution, their mission was to deliver a god tier prepared technicians to the professional world. And they did, but they all lack of ethical values and were some of the critics that the institution received as feedback from the enterprises that hire the graduates from Tec.

Nowadays the institution has more courses related to ethical challenges and how to deal with them, debating about the best solution with a global perspective of the affected ones. As a technical related career we, with the help of the professors are developing an ethical guidelines. Is something when everybody should be related to.

So the main responsibility is to respect the privacy of the information an IT or

Continue reading "Is not about you…is about me"

Do you have this hat in white?

--Originally published at Don't Trust Humans, Trust Computers



Those vicious guys that are trying to break in into your computer and get all your personal information and sale it in the black market…well that’s what most of the people think when they hear the word “hacker”. But what if I tell you that the hacker isn’t the bad guy, and instead it is the hero that came to save the day. You may thing that I am talking nonsense; that ALL hacker are bad because that’s what you saw on tv or movies. But in reality not all hackers are bad (even tough there are bad hackers) and these hackers provide an HUGE amount of help to a company’s system. To those hackers that help companies check if there are threats in their systems or computers, we call them ethical hackers and to the action of doing this we call it ethical hacking.

Ethical hacking is a very important action that every company should go trough. It is important because thanks to that, companies can check the vulnerabilities that their systems have, and with that they can make changes to them. This concept of ethical hacking comes from the idea of “thinking like a thief”, to be one step ahead of those who will try to harm any system or computer. To those hacker that we consider bad, we call them black hat and to those we consider good we call them white hat.


This white hackers do various test to check the vulnerability of the system, and this kind of tests are called penetration testing or intrusion testing. A penetration testing gives an scenario of how secure the system is and it shows things like:

Born to be bad!

--Originally published at The shield of the world

Policía bueno o policía malo? Hemos escuchado mucho esta frase gracias a Hollywood y a las series televisivas. Pero toma un significado especial en el área de la Seguridad Informática.


Un Hackeo ético o Hacker ético, son los términos utilizados para referirse a un ataque de seguridad realizado por una compañía o persona. Este ataque tiene como fin intentar sobrepasar el sistema de seguridad y buscar por accesos no protegidos que podrían ser utilizados para robar información por hacker no éticos.

Ahora, antes de continuar, ¿por qué mencioné un policía bueno y uno malo? Básicamente, el hacker ético es el policía bueno y el hacker no ético o malicioso es el policía malo. Al final ambos hackers buscan lo mismo, dar a conocer los puntos débiles en seguridad de una empresa. Uno los encuentra, cierra todo a su paso e informa a la compañía y el otro llega a hacer negocios con la información que ha conseguido, hacer daño.


Hay ciertos puntos para considerar cómo ético un atentado a la seguridad de una compañía, por eso quien realiza el “hacking” debe obedecer una serie de reglas…

  1. Permiso explicito para realizar pruebas de red y atentados de romper la seguridad para detectar fallas de seguridad.
  2. Respectar la privacidad de la compañía.
  3. Cierras el camino por dónde entraste, para evitar que alguien más lo pueda utilizar después.
    1. Se podrían definir los pasos de un ejercicio de “ethical hacking” de la siguiente manera.
      1. Reconocimiento
      2. Escaneo
      3. Obtener acceso
      4. Mantener el acceso para obtener información
      5. Cubrir el rastro
  4. Obviamente, hacer el aviso correspondiente a los desarrolladores  o manufactureros acerca de las vulnerabilidades de seguridad.


Es un tema bastante delicado, pues hay quienes aseguran que hackear es  hackear y que darle el término ético es cinismo pues continúan siendo criminales. Sin embargo, el trabajo realizado por

Continue reading "Born to be bad!"