How thefts clone our cards & purchase stuff?

--Originally published at Renato Gutiérrez Blog

Have you ever wondered how our bank detects when our card has been cloned?

This is what I experienced the last week, my credit card was cloned and used in an online store that I never bought and never knew about it, immediately my bank contacted me telling me the issue and canceled my card. But how does the thefts cloned my card and used to bought things on a online store, as far as I know at this point, they need to have my credit card number, CVC (three digits at the back), are these are stores un-encrypted on sites that I bought from?

To solve this question, we need to make a little research on how thefts steal the information of ours cards, this is commonly called card fraud. Since we are know all connected thanks to the Internet, we’re all potential targets for fraudsters, but Sanders says that it’s far easier to guard against fraud if we are aware of the different types of scams and know the warning signs to look out for, for example, when we enter to a site, specially when we are buying stuff, it is a must that we check if on the left of the url (top-left corner of our browser) is a green-clock, similar to this:

Regards of the ways / approach that thieves get hold of our card details, here are three basic ways:

Get hold of your actual card; either through picking a pocket, distraction thefts or more direct approaches.
Is to read your card then either clone it or use the details. Card skimmers – that read and record the data on your card, are most frequently used on cash machines, ofthen accompanied with a camera or someone standing nearby to see your PIN.
Is from a

Continue reading "How thefts clone our cards & purchase stuff?" →

Release of a personal experience “hacking” famous site

--Originally published at Renato Gutiérrez Blog

Hi, how are you?

I write this post to share with you the release of my personal experience “hacking”; as a curious action due to my Software Engineer instinct, a site commonly used by teenagers that are searching for a roommate to share with. I had shared a preview of it in a post some weeks ago (here), I forgot to mention that this experience is focused on the ethical perspective of a Software Engineer of “what to do” in the scenarios where you have the ability and access to restricted or sensitive information. I had titled this document as “Tengo el poder, ¿que hago?, which means “I have the power, what do I do?

Here is the document, hope you liked and try to take the correct action when you face this kind of situations.

Document (Spanish Version): Tengo el poder, ¿que hago?

Security on the Financial Sector

--Originally published at Renato Gutiérrez Blog

Through time, technology has been playing a critical job in the financial sector, due to the high demand of transactions each day that creates an invisible world where billions of US dollars are exchanges each millisecond. This size of demand is not humanly possible to manually transact.

For a trading venue, the faster and more efficiently it can carry out a deal and the more up to date information it can store and retrieve, the more attractive it is to investors, since these investors want to buy or sell shares quickly, to prevent changes in price during the transaction.

These keywords are very important, so is critical to handle them the best form possible, this is where algorithmic trading became, that includes security efforts to try to automate and secure all the transactions made in the stock market, but security is a little tricky, since if we apply a simple approach, you can be vulnerable, on the other hand, if you apply too much, then you are paralyzed and cannot respond quickly to the fast-paced financial environment. This is more commonly seen in the government processes, is too bureaucratic.

There is a simple action you can have in mind when you are transacting in the stock market:

If you are making securities transactions over the internet, make sure your brokerage is using high-end encryption (process to scramble data so that only the intended receiver can use it).

One key on encryption is that the higher the number of bits in an algorithm, the more sophisticated the encryption. A 128-bit algorithm is the encryption level used by most online brokerages. It’s the highest level of security currently allowed by U.S law.

Source:

http://www.computerweekly.com/news/2240083742/The-evolution-of-stock-market-technology

https://www.lseg.com/areas-expertise/technology/infrastructure-solutions-services/information-security-solutions

https://www.fool.com/investing/brokerage/is-online-trading-secure.aspx

http://www.marketwatch.com/story/how-vulnerable-are-the-us-stock-markets-to-hackers-2015-07-31

When to use reverse-encryption algorithm or not

--Originally published at Renato Gutiérrez Blog

Most of the applications that are developed today are focused on being visible at a global level from any platform, choosing 100% the cybernetic environment of the internet.

Sometimes, we need to restrict access to certain information, or if necessary, we want to customize the user experience, showing you things that really matter to you, for that we usually manage accounts for each of them, and in ” some “side must store the credentials of the users for their access, the question is, how to save in a simple but safe way ?. If you decide on the simplest approach, which is to save the credentials in a database, but protecting them in a simple way, we chose to encrypt them, for which there are different algorithms, the question is which to use?

md5
Sha-2
Base64
Base36
Caesar cipher
etc

Algorithms are more secure but can be “so safe” that there is no way to get their original value to the use of each one will depend on a certain part if we want to give it “reverse” and get the original value.

For this very common example case, I personally believe that it would be convenient to apply a non-reverse algorithm since, for reasons of both ethics and “saving” of resources, the non-reverse ones are more convivial.

An example of this type of algorithms is md5, which once you encrypt your value and there is no way to get it in its original form, which in this case is not relevant since we can apply the following approach to check if a user successfully entered their credentials.

Save your credentials with md5
User tries to enter their credentials
1. Convert credentials to md5
2. Compare guess md5 with saved in database
3. In case of success, let the user pass, otherwise deny
  
  Continue reading "When to use reverse-encryption algorithm or not" →

Nor is Computer Security exempt from ethical dilemmas

--Originally published at Renato Gutiérrez Blog

I recently had the need to look for a roomie to share experiences during my last term in college, because of this I went on a search to find my ideal roomies, so I enrolled in a couple of specialized pages to find roomies.

Everything was fine, until “oh surprise”, my nerd instincts led me to find; without much effort, personal information of about 345 people; among his information that I can visualize is his full name, profile photo, telephone number, home address.

I immediately deleted my account from that particular site, for obvious reasons, I would not want my personal information to be public.

Due to this surprising real case, I decided to write a little more about it through a small essay, which I try to focus on the ethical issue of this case, which I titled “I have the power, what do I do?”

Here are some censored screenshots of this case:

The available actions:

Contact the company about the issue
Sell the information
Create a solution for that public to help find their needs

What would you do?

Currently developing to finish the last points, if you are interested in knowing a little more about this case I invite you to read it; note: this document is written in Spanish.

Tengo el poder, ¿que hago?

An interesting video of searching a roommate: https://www.youtube.com/watch?v=k3fqVtV2HY0

Is computer security important in nowdays?

--Originally published at Renato Gutiérrez Blog

Today we live in a world almost; not to say, totally connected thanks to the different communication systems, from the classic like the telephone calls and instantaneous text messages, through the messages of Whatsapp to a whole universe of applications lodged within the internet, like the networks social, digital newspapers, business systems, among others.

In addition, access to the internet was recently considered a human right, since it is considered that a person who does not have access to it, is almost uncommunicated and could present a disadvantage to compete (UN in Expansion, 2011).

Because virtually all of us have access to information through the Internet and its derivatives, it is of the utmost importance to protect the information and/or resources that we are interested in keeping in private and consistent information that is not altered (integrity). confidentiality and above all we could be interested that it is always available for your use.

These three concepts attack them in a precise and in depth way the subject of computer security, so it is useful to us at least to know that there are different tools to protect our resources from some malevolent hands. At the end of everything, in this world, we are not alone and it would be convenient to safeguard the security of our resources, which in some cases may represent an advantage over our competitors; in the case of a company.

Source:

UN in Expansion. (2011). La ONU declara el acceso a internet como un derecho humano. Retrieved from http://expansion.mx/tecnologia/2011/06/08/la-onu-declara-el-acceso-a-internet-como-un-derecho-humano