Make Your Online Identity Safe Again (10) – I Will Tell You A Secret.

--Originally published at ISC de día, intento de cinéfilo de noche.

The confidentiality concept of the app is also very important. The user must feel like we are respecting its privacy, he/she has to feel protected and that his/her information will remain on secret for the rest of the world. It is true that you leave a trace when you are on the Internet, deleting your browsing history will not erase the fact that you entered a website. Imagine that your trace is like walking on wet cement, your steps will stay there forever.

But that is way different than keeping Confidentiality. Privacy is helping the user to feel comfortable giving those steps, and that only trust worthy people have access to see them, at the end of the day, we have to walk to make our lives worthy.

We encrypted the footsteps, so if anyone tries to look through them, they will not see human footsteps, they could end up seeing pterodactyl steps or something like that. The kids and the teachers will have access to the app by using their IDs and passwords, and we'll have a back up for the information. saved under key.

I really hope my analogy helped to understand confidentiality a little better.

Make Your Online Identity Safe Again (9) – Open and Free.

--Originally published at ISC de día, intento de cinéfilo de noche.

Ken asked us to take a picture of what open meant to us. I believe that the Internet is the most open door we have. It gives us the opportunity to express ourselves, to research about any topic in the world. The problem with a door being open, is that you can pass through it both ways, let's be careful when entering to it.



Make Your Online Identity Safe Again (8) – On Data Integrity

--Originally published at ISC de día, intento de cinéfilo de noche.

We'll start this post by defining what is data integrity. It is the maintenance, assurance of the accuracy and consistency of  the entire data life-cycle. It should be considered as a critical point in the design, implementation and usage of any application which uses data (a.k.a. any system).

We ordered the information we're managing by using a relational database, using MySQL. Our system in general is pretty simple, we used JavaScript to fetch all the information, and we used a linear regression algorithm to predict some possible outcomes of the students. Our database is pretty simple. We just have the name of the students, their password, school number, their birthday, their past grades and the results they might achieve while playing the game. The primary key is their school number, we won't actually show that to them, because we think that they could forget it.

We made the sign in very kid-friendly. They will be able to sign in by using their names, and a password that will not be posted here ( haha ). As I've written before, all the information is mounted on an Amazon Web Services Server.

I really hope no one tries to attack our software, but if they try to, if won't be easy for them.

Make Your Online Identity Safe Again (7) – Application of computer security to STATs

--Originally published at ISC de día, intento de cinéfilo de noche.

Computer security is defined as the protection of a system from damage and theft of their hardware, information and software as well as the wrong usage of the service that one provides. This includes physical security from people such as actual burglars, and protection from cyber attacks, and viruses. The IT team is also in charge of protect the information from accidental leaks.

As of today our project Misión: Marte is all mounted on AWS. We are putting our trust on that provider, so we really don't have much saying on the physical security of our information. We chose this server because we know it is trustworthy.

As for the protection of our software, we decided to encrypt all the information, because we wouldn't like it to be easily accessed by someone without out permissions. We have also created different privilege levels, so not everyone can see all the information, we wouldn't like that a student could see the progress of another student, It wouldn't be useful.

As for protection from malware, we decided to update all our libraries. We are using Phaser JS for the development of our app, and we were using an older version that was very well documented, but we decided that safety came first, so we moved on to the newer one.

We found out that our application can be accessed through mobile as well, so we are taking advantage and covering the risks that this improvised feature might bring us.

Make Your Online Identity Safe Again (6) – Applying the Three Goals and Golden Rules.

--Originally published at ISC de día, intento de cinéfilo de noche.

I was chosen to become a part of the first Semestre-i of ISC at the Tec de Monterrey Campus Guadalajara, and at the same time, the Security course was proposed to be one of the pillars of the project. Right now we're developing a web application for a primary school, the motive is to help them to reinforce the math course they take with their teacher, by using a computer lab they got at their school.

When we discovered that we were going to work with actual information of REAL kids, we decided to up our game and we tried to develop an app that is as safe as we possibly could. We updated the JavaScript library we were using (Phaser) to their newer version, even though it is not very well documented, just to have our frameworks updated.

We reduced our risks of losing the information by having the information on an Amazon Web Services server, encrypted by the library PassportJS and in a MySQL database. And I know it is not likely for our app to be attacked or mined, but we like to take our data to be safe!

We also made a Terms of Service Document and a Privacy Policy. We are thinking big! Right now it is a social project for one school, but maybe in the future it could grow. Right now you can access to it, and it is available at www.misionmarte.net thanks to our friend Edgar Javier (a..k.a. Killua). All the information is in Amazon Web Services.

We haven't have integrity problems, but I will dedicate a blog entry just for that, so we'll leave that topic for now.

This blog entry is part of a mini series called: What we did on semestre-i on the topic of security.



Make Your Online Identity Safe Again (5) – My Necessary Post On Net Neutrality.

--Originally published at ISC de día, intento de cinéfilo de noche.

I know I'm not American, and that this doesn't affect me right now but when it comes to politics and services Mexico likes to copy the practices of the USA.

As far as I understand, right now the Internet is protected by the US government, and when you get a service, no matter which one it is, you will have access to all the sites no matter who is the owner of the site or what content it is displaying, and your service provider cannot interfere with it.

The Net Neutrality War has been fought several times in the past, but now more than ever is looking that it is going to die. I will leave a link to a video where the whole topic is better explained and let's hope this doesn't escalate. It would be a very sad day for the Internet.


Make Your Online Identity Safe Again (4) – Let’s see how you get pass this!

--Originally published at ISC de día, intento de cinéfilo de noche.

Recently Blizzard gave us an animation that inspired the name of this blog entry. The character Mei is an interesting data analyst who hyper-slept for 0 years. I'll leave the link to the video at the end of the post. It is worthy of watching.

So we're gonna talk about authentication. Right now there are only 3 ways for a computer to know that you are IN FACT you. Apple has given us a lovely example of this with their new iPhone X.

The most common way to authenticate is by testing the knowledge of the user. This can be used by asking for a password, just as Facebook, or a NIP, like an ATM. By asking the user for a specific piece of knowledge, the application can trust some rights to the person trying to access it. That's why it is so important for you to NOT share passwords, and to be very unrelated to you.

The next method is a little bit more secure but actually can be more problematic as well. In Walt Disney World, there exist something called a Magic Band. It is a bracelet that every member of a family must have on themselves through all their stay. The parks react to the band, so they can give you a more personalized experience, you can also access to your the parks and hotel room with it. You can even connect your credit card to it and you can pay for food and souvenirs inside the Walt Disney World with it. The system knows who you are, and gives you access to everything you paid within easy reach of your wrist. The big problem about this is that you COULD lose your Magic Band and someone COULD access to your room, park tickets, and credit card Continue reading "Make Your Online Identity Safe Again (4) – Let’s see how you get pass this!"

Make Your Online Identity Safe Again (3) – One Code To Rule Them All.

--Originally published at ISC de día, intento de cinéfilo de noche.

We live on a society, and one of the responsabilities we have is to follow a set of rules for the greater good. The Code of Ethics is no different from this rules. In my opinion, this are the most essential baselines we all have to follow just because we are human beings. The code of ethics at Disney World is extremely long a specific, I had a set of rules to follow on almost every single scenario I worked at.

Mission and vision are present in almost every code of ethics I've read. Most of them are looking forward to create a better society. It makes sense for them to be placed there, because those are the goals of the company. If a company knows what and how it wants to reach its goals, it will do great. 

As a worker, you have to be completely trustworthy to you client. They have to feel confortable giving you the information you need to develop a project. I think this may be one of the most important values at Disney World, you have to be approachable to children that may be lost or that just want to ask you something about the park.

Most codes of ethics include respect on their pages. There's a popular phrase on my native language that says "A donde fueres, haz lo que vieres". It means that if you are traveling to another country or working with someone that has different values than you, you have to follow that set of rules and conducts. Respect is the key to a better society. 

PS:  I just re-applied to work at Disney World, I'll keep you posted about it.

Image result for disney world gif

Make Your Online Identity Safe Again (2) – Don’t Let Your Risks Be Risks!

--Originally published at ISC de día, intento de cinéfilo de noche.

I had the opportunity to work for Walt Disney World on 2016, and I realize that I keep relating things I learn there with every single topic we've covered on this course, so I might just share them with you as well for you to easily understand  them.

Every single thing we do in this world has its risks. Waking up has its risks. You may get off of bed and slip on the floor and get hurt, or you could wake up late because you didn't hear your alarm. When we take this concept to computer science, the moment you turn on your computer for the first time, and connect it to the Internet, you are a target and you are taking the risks of going online.

I am a not interesting target, and surely, our knowlegde as computer science engineers make us more difficult targets because we are aware of lots of the problems we have on a daily basis. But an enterprise is a great target to attack. You could control their finances, the information of their employees and clients and God knows what else they could do with all that data. Luckily, someone tought and registered a way to manage this risks: They created frameworks for risk management.

The U.S. (I'm assuming) Government adopted the NIST Framework: It includes 6 basic steps that can be cycled as many times as needed.

  1. Categorize Information System
  2. Select Security Controls
  3. Implement Security Controls
  4. Access Security Controls
  5. Authorize Information System
  6. Monitor Security Controls
In Disney World, I also had to follow some "frameworks". For example, if we saw a bag forgotten on a place, we first have to wait to see if anyone claims it. If not, you have to call security because it could be a bomb or
Continue reading "Make Your Online Identity Safe Again (2) – Don’t Let Your Risks Be Risks!"

Make Your Online Identity Safe Again (1) – The Other CIA.

--Originally published at ISC de día, intento de cinéfilo de noche.

It is common to think on the U.S.A.'s Central Intelligence Agency when we hear the "CIA" name. It even makes more sense when we are talking security, but SURPRISE! There is another CIA!

I still don't know what format will I use for this series, so for this special ocassion I will talk about something that we all students from the Tec de Monterrey have suffered of: "Las Inscripciones" (a.k.a. that period of time where all the students have to make their schedules at the same time)

So, you may be wondering, "What does CIA mean to you?". When we are talking about computer and information security, one of the most important concepts is the CIA Triad, three components to measure how protected your information is. "C" stands for Condifentiality, "I" for Integrity, and "A" for Availability.

So let's talk class registrations. Why are they always a mess? Imagine that the Tec de Monterrey HAS to fulfill the Triad before you create your schedule. The first thing you have to do, is to enter to your account. By doing these, the ITESM can manage that ONLY YOU can see your information. You can manage your payment, insurances and courses to take there, this is an example of what confidentiality is.

By the way, here's a Top 10 list of words that shouldn't be your password:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. football
  6. qwerty
  7. 1234567890
  8. 1234567
  9. princess
  10. 1234
So, please, if you have one of these on your bank account, make youself a favour and change it!

Going back to our subject, let's say you already chose your courses, and you are happy with your schedule (this has never happened to me, by the way), but suddenly, when you want to show it off to your friends, Continue reading "Make Your Online Identity Safe Again (1) – The Other CIA."