--Originally published at Computer Security

Every day millions of applications are being used by a lot of people around the world, but how much do we know about the usability of the app, the terms and conditions, the privacy policy and the use of our personal data? How sure are we  about some application is tracking our activities or collecting our data for personal benefit, like selling our data?

There exists a code of ethics for software engineers. In this code of ethics there are some principles that talks about usability of the app, relation with the clients, as well as the use  and the protection of the personal data of the users. Every company or freelance programmer that designs an application or system has the responsibility of follow the code of ethics to guarantee developing the system in the more ethical way possible without affecting the society.

One point that caught my attention and seems interesting for me is the one that talks about the protection of the personal data. Since some applications deal with sensitive data, the programmer must always encrypt it to ensure security and hence letting the user know that his informations is secure and protected, thus it ensures confidence. There exists a lot of established encryption methods, is not a good practice write our own. The smaller the company is, the lower possibility to get attacked by non-ethical programmers, but because the company is small, it exists the possibility that the security protocols are weak because it doesn’t invest a lot of money on security. If we’re using a web application, we will always have to ensure that it uses an encrypted connection (HTTPS).

All apps must have established its privacy policy and terms of conditions, and letting the user know when these documents have some modifications. (Even nobody read

Continue reading "Code of Ethics" →

--Originally published at Computer Security

Cryptography has been in use since a lot of time ago, mainly in the form of encrypted messages, and these ones were used in some important wars to communicate between allies and teams, sharing a key to decrypt them. A common example is the Enigma Machine, used in the World War 2 and decrypted by Alan Turing, this is known as the start of the modern computer era.

Nowadays Cryptography is a must in computer systems and the Internet, because a lot of personal and sensitive data is shared between websites and servers. The most common data that is encrypted are passwords and billing information, but all the data should be encrypted. There are a lot of encryption algorithms with its own complexity and security.

Some of the most popular are:

• RSA – Rivest-Shamir-Adleman
• AES – Advanced Encryption Standard
• Blowfish
• Twofish
• MD5
• SHA – Secure Hash Algorithm

If a website owner deals with sensitive information, like users personal information, billing data, all of this must be encrypted to ensure security and protection from hackers.

The objectives of cryptography are:

• Confidentiality – Information is accesible for authorized users. It uses codes and cipher.
• Integrity – Guarantees the correctness and completeness of the informations. It uses hash algorithms.
• Authenticity – Is the assurance that the sender of a message is who they say they are. It uses hash functions and zero-knowledge proof.

 

--Originally published at Computer Security

Right now there are millions of websites and this number increases every day, so all of these sites have to be concerned about the security if the deal with some sensitive information, because there’s hackers. If some website owner has a security hole in the website, maybe he runs lucky and some white hat hacker (“the good one”) tells him about  it and the owner fixes it. unfortunately, there are more black hat hackers (“the bad ones”) on the Internet, so if the owner doesn’t want to deal with them or doesn’t want the data to be stolen, he has to pay for security.

A bad web security scenario is when a curious hacker, the one that looks into developer tools and plays with the url, can break the security of the website.

A nice practice is to encrypt everything, and for everything I mean EVERYTHING. Passwords, users, files, etcetera and be sure to use established encryption algorithms, is really a bad practice write your own. In the website always will be a security hole, because no website is 100% secure, that doesn’t exist, that’s an utopia. So if you wanna be  the nearest possible to that 100%, be sure to pay for some security specialist. And one important rule. TRUST NO ONE, even your website administrator, be sure not to grant all the permissions to your employees because one day maybe the won’t be your employees, and the will still have the access to your data.

Be sure yo write your security policy, privacy policy and terms and conditions, even knowing that 95% of the people won’t read them.