Stay safe on the web

--Originally published at TC2027 – Miguel 101

“El que nada debe, nada teme”

“If you have nothing to hide, you have nothing to fear” it’s a very common phrase (my parents use it a lot), and when it comes to our daily lives on the web, it’s used a lot (specially by the government).

We all know about those cases like the dispute between Apple  and the FBI on the San Bernardino attacks. A judge asked Apple to provide “reasonable technical assistance” by helping them unlock the attacker’s iPhone.
At the time, the only way to do this was to write some kind of master key capable of unlocking the device (and every other iPhone too). Obviously, Apple refused because creating such a powerful backdoor into their devices would have easily fired back to they customers (either by hackers finding a way to replicate this master key or straight ahead by being used by the government for surveillance. Looking at you, NSA).

Whenever these kind of news rise up to the mainstream media, again, you get your typical internet user making use of that phrase I started this post.

“Why are iPhone users so against this backdoor the FBI is asking for?
It’s gonna help them get the bad guy! If they have nothing to hide they shouldn’t have nothing to fear!”

But if you stop for a second and think about it, this famous phrase doesn’t even make sense. As Edward Snowden would put it:

“…Privacy isn’t about something to hide. Privacy is about something to protect. That’s who you are. That’s what you believe in. Privacy is the right to a self. Privacy is what gives you the ability to share with the world who you are on your own terms. For them to understand what you’re trying to be and to protect

Continue reading "Stay safe on the web" →

But why, tho?

--Originally published at TC2027 – Miguel 101

So my whole semester has been about computing security.
I’ve been listening weekly and very faithfully Security Now’s podcast, learning about all the new risks on security in our today’s world and my mind has been kinda focused on that since I started listening to that podcast.

And at the middle of this security obsession I stumbled upon a very striking question on the mastery topics of my TC2027 course.

Why should we study computing security?

Heck! Why should we even bother in the first place?!

I know you all got that one friend or family member (if not more than one) that when you bring up a good security advice or tell them about a new breakthrough on security tech (as the good cautious geek you are) they’ll call you a tinfoil hat lunatic.
“I gotta do all that?! What a pain in the butt!”. “Are you seriously telling me I cannot repeat my passwords? How do you expect me to remember all of them if I got 100 different ones?!”. “What’s so urgent about updating the firmware of my smartCameras on my home? If it ain’t broken it, don’t fix it. I won’t waste my time doing so.”

And there you got your why. Those kind of people are the reason Security it’s so important. More importantly, the amount of people who think like that it’s what makes Security such a critical field to be studied.

Because people always put commodity over security we need to study and make our security technology almost perfect. This convenience over security is what made The Reaper IoT feasible on the first place! People don’t want to waste time updating the firmware on their IoT devices, cause that’s extra work for them.

But that’s no the worst

Continue reading →

Shields up

--Originally published at TC2027 – Miguel 101

I’m a networks nerd. I love it as much Information Security (field in which I’d like to have a job someday). Yet, the only thing I’ve done at my home’s network is change the SSID and it’s password. Humans, right?

So maybe you’re a nerd like me who likes security, or maybe you’re a regular person who wishes to secure it’s home’s network. Here you have the how.

SSID and password

The basics first. Please, do not use the default settings your ISP hardware comes with, they’re publicly known. Change your SSID and password of your wifi, but more important, make sure you’re using WPA2 as your security protocol. It may not be the most compatible with all devices, but it is the safer one.
Whatever you do, do not use WEP.

More defaults (remote access thingys)

Get rid of the default login password for your router. Again, it’s publicly know and therefore not secure.
You also want to disable remote access and UPnP. Remote access is supposed to be there to help you, and to help your ISP give you support, but it’s also an external door to your router, which can obviously be used for evil purposes.

WPS is bad guy too. Yes, it’s comfortable to just push the WPS button and connect to your wi-fi without having to type the crappy password your router comes with, but it’s not the most secure thing to keep on. Besides, if you’re following these steps, you already changed your network’s password to one you do remember, so get rid of WPS.

Update router’s firmware

Just as your iPhone, your router has updates every now and then. When a device gets and update, it’s usually to improve it’s performance and it’s security, therefore, you should always keep your devices

Continue reading "Shields up" →