Crypto… what?

--Originally published at Computer and Information Security

Hey reader! Welcome once again to my blog, is good to have you here. Today I will talk about cryptography. Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it.

You might have an idea about cryptography, since you have watched the Davinci’s code or have seen the egypcians hieroglyphics. The word is derived from the Greek kryptos, meaning hidden. The origin of cryptography is usually dated from about 2000 BC, with the Egyptian practice of hieroglyphics. These consisted of complex pictograms, the full meaning of which was only known to an elite few. The first known use of a modern cipher was by Julius Caesar (100 BC to 44 BC), who did not trust his messengers when communicating with his governors and officers. For this reason, he created a system in which each character in his messages was replaced by a character three positions ahead of it in the Roman alphabet.

But let’s explain this in computing science terms. The meaning and functionality is the same, it consists of hidding or cover a message so that only the reader with a valid key can descypher the message and read it, the computing science stuff gets involved in the process of how the message is encrypted and how to generate a key to share it with someone.

Modern cryptography concerns itself with the following four objectives:

  1. Confidentiality: The information cannot be understood by anyone for whom it was unintended.
  2. Integrity: The information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected.
  3. Non-repudiation The creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information.
  4. Authentication: The
    Continue reading "Crypto… what?"

WT… is Denial of Service?

--Originally published at Computer and Information Security

Hi reader! I hope you are enjoying my posts, this time I am going to talk about DoS (Denial of Service). So, in simple words, this is a common and most used technique by hackers and people that want to see the world burn, it occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.

This type of attacks usually send a lot of information, data or traffic to a server, through a bunch of other helpers called zombies, in order to staturate the network in that server or victim resources and make it impossible for the victim to use the service properly.

Some characteriztics of this attack are:

  • Degradation in network performance, especially when attempting to open files stored on the network or accessing websites.
  • Inability to reach a particular website.
  • Difficulty in accessing any website.
  • A higher than usual volume of spam e-mail.
  • Hard to play a videogame since there is a lot of lag or traffic from the nework.

Resultado de imagen para DoS attack

To restore the normal use of the service in those cases, a reboot of the system fixes the DoS attack, but there are a lot of different types of this attack that can more difficult to recover from:

  • Buffer overflow attack: Is a catchall description most commonly applied to DoS attacks that send more traffic to a network resource than was ever anticipated by the developers who designed the resource. One example of such an attack sent, as email attachments, files that have 256-character file names to recipients using Netscape or Microsoft email clients; the longer-than-anticipated file names were sufficient to crash those applications.
  • DDoS attack: The attacker may use computers or other network-connected devices that have been infected by malware and made part of a botnet. Distributed denial-of-service attacks, especially those using botnets, use command-and-control (C&C)
    Continue reading "WT… is Denial of Service?"

Computing Ethics

--Originally published at Computer and Information Security

Oh, hey reader! You are again here, it’s pretty cool that I keep getting your attention. This time I’m going to talk about the code of ethics in computing. Around the web there are a lot of documents, information and infographics that try to show what are those codes of ethics in computing, but  if you really want to know about computing stuff, you should always go to the official ACM (Association for Computing Machinery) web page, since this is the official organization that represents the computing community (Click here to get into the ACM web page).

As you know, all the present and future professions require a couple of rules of behaviour, like all humans do in society, in order to have a peaceful life and community, where we all look for each other like the good human beings we are. This means that by law we have to act with ethics and moral. In this case I’m going to show you the basic rules or behaviour, we, computing scientists or developers are forced to obey and accomplish, in order to have a good computer community:

1. PUBLIC – Software engineers shall act consistently with the public interest.

  • 1.01. Accept full responsibility for their own work.
  • 1.02. Moderate the interests of the software engineer, the employer, the client and the users with the public good.
  • 1.08. Be encouraged to volunteer professional skills to good causes and contribute to public education concerning the discipline.

2. CLIENT AND EMPLOYER – Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest.

AIC Triad

--Originally published at Computer and Information Security

 

Hello reader! Is nice to know that you keep looking at my posts. This time I will talk about the AIC (Availability, Integrity and Confidentiality, some sites or information around the globe refers to this as CIA, yes like the Central of Intelligence Agency in the USA, but this has nothing to do with that).

Formally this is how most IT security practices are ruled, this three words are the fundamentals of security, let me explain to you what each one means:

  • Availability: Everything should be up and running, no matter what happens, the service or system should always respond.
  • Integrity: Nothing can be altered in terms of the information that is used in the service or system without detection.
  • Confidentiality: All information or data used should never be shared with third or unauthorized parties, since all of that is personal and literally confidential.

This three concepts are commonly applied into databases, since all information and data processing is stored by a company, so, you reader, are always in touch with this concepts everyday, because is possible that you use an app or something in the cloud that involves data sharing, text messaging or anything were you have to upload something to the network and read or download something from someone else, for example, whatsapp, e-mail, facebook, twitter and many more. Therefore, when you accept the privacy and security conditions (those little letters that pop up in a window where you click accept), you are accepting his own AIC rules, but obviously, they are regulated by a certification, they can’t fully change them for their benefit, because, this rules are made to benefit the user or customer. And that’s why you should always read this bunch of words in a small window.

Going back to the AIC Triad, if

Continue reading "AIC Triad"

Bloggin is coming!

--Originally published at Computer and Information Security

Howdy reader!

I Hope you are having a great day, because this has just started. I’m really excited to start this blog series about computer security, since I have always followed technology stories related with this topic but also because, nowadays the technology is revolutionzing  the way we live, it is becoming our second home (A digital home), I can make a lot of analogies between the real and digital world, but you get the idea. Being said that, security in the digital world is really important, since as there is bad people in the real life, there is in this new and big world of possbilites.

My interest in this topic began from a short story I will be sharing with you in the next post, this was like around 7-8 years ago, while I was still a computing geek child. With this story I hope you understand how important is to take in account security and try to learn everyday new stuff about this topic, to prevent catastrophic events, which could threaten your life.

So, go grab something to drink, eat and a couple of eye drops, because pretty good stories are coming, but also, pretty good articles about security.