Security on the Web (User Perspective)

--Originally published at Computer and Information Security

OMG! Reader, you keep looking at my posts, I’m so flattered. This time I will talk about how you can prevent get in to the wrong website.

The first thing that you should check, when you visit a website, no matter what type of website, but please, if you need to visit a payment website is really important that you first check their SSL certficate, I think nowadays Chrome tells you when a website is not secure. So, once the browser tells you that the browser is not secure, immediately leave it and don’t type or click in anything, you don’t know that scripts or dirty code lives there.

Resultado de imagen para ssl

Another recommendation of how you can avoid this is by visiting official pages, if you want to buy tickets for a concert and you know that a certain retailer has a valid webpage to buy them, then buy them there, don’t trust those website that post something cheaper, only because is in their website, that doesn’t guarantee it is true.

Resultado de imagen para ticketmasterThis is not a sponsored post, just as an example of an official retailer

One more advice I can give you is that never click those nonestop ads in any webpage, you could get into a website that could officialy infect you computer with stuff downloaded. With a simple click, your computer could be finished.

Resultado de imagen para finish him

That’s it folks, see you in the next post!

References:

https://www.google.com.mx/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwiMmMWYourXAhUJxoMKHe_eCOIQjRwIBw&url=http%3A%2F%2Fwww.globaldots.com%2Fneed-ssl-need-now-google-will-love%2F&psig=AOvVaw3Z5axg7Nj2JkcYjXjvTbKS&ust=1512267662935228

https://www.google.com.mx/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjPhqCSourXAhWh6IMKHUfXAMkQjRwIBw&url=http%3A%2F%2Fmediatelecom.com.mx%2F~mediacom%2Findex.php%2Ftecnologia%2Fempresa%2Fitem%2F107204-llega-la-competencia-de-ticketmaster-a-m%25C3%25A9xico&psig=AOvVaw2tvawCh_iulhQ9zaqwotNC&ust=1512267649862313

https://www.google.com.mx/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwiCk5_8oerXAhUE94MKHePVC8cQjRwIBw&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D5e3Dks50TMc&psig=AOvVaw2COjHkaRRj5utP4ZLbnoQj&ust=1512267601842048


How thefts clone our cards & purchase stuff?

--Originally published at Renato Gutiérrez Blog

Have you ever wondered how our bank detects when our card has been cloned?

This is what I experienced the last week, my credit card was cloned and used in an online store that I never bought and never knew about it, immediately my bank contacted me telling me the issue and canceled my card. But how does the thefts cloned my card and used to bought things on a online store, as far as I know at this point, they need to have my credit card number, CVC (three digits at the back), are these are stores un-encrypted on sites that I bought from?

To solve this question, we need to make a little research on how thefts steal the information of ours cards, this is commonly called card fraud. Since we are know all connected thanks to the Internet, we’re all potential targets for fraudsters, but Sanders says that it’s far easier to guard against fraud if we are aware of the different types of scams and know the warning signs to look out for, for example, when we enter to a site, specially when we are buying stuff, it is a must that we check if on the left of the url (top-left corner of our browser) is a green-clock, similar to this:

 

Regards of the ways / approach that thieves get hold of our card details, here are three basic ways:

  1. Get hold of your actual card; either through picking a pocket, distraction thefts or more direct approaches.
  2. Is to read your card then either clone it or use the details. Card skimmers – that read and record the data on your card, are most frequently used on cash machines, ofthen accompanied with a camera or someone standing nearby to see your PIN.
  3. Is from a
    Continue reading "How thefts clone our cards & purchase stuff?"

Release of a personal experience “hacking” famous site

--Originally published at Renato Gutiérrez Blog

Hi, how are you?

I write this post to share with you the release of my personal experience “hacking”; as a curious action due to my Software Engineer instinct, a site commonly used by teenagers that are searching for a roommate to share with. I had shared a preview of it in a post some weeks ago (here), I forgot to mention that this experience is focused on the ethical perspective of a Software Engineer of “what to do” in the scenarios where you have the ability and access to restricted or sensitive information. I had titled this document as “Tengo el poder, ¿que hago?, which means “I have the power, what do I do?

Here is the document, hope you liked and try to take the correct action when you face this kind of situations.

Document (Spanish Version): Tengo el poder, ¿que hago?


Security on the web (User Perspective)

--Originally published at TC2027 – Surviving CS

On this post I’m going to focus on free wi-fi because any wireless network that can be accessed by anyone comes with any number of security risks.

The risks

You access a free wi-fi because it comes free, no authentication needed to establish a connection. This makes it desirable for for hackers because they can access any device that is connected to this free network.

One threat is known as the Evil Twin where the hacker position himself between you and the hotspot so instead of talking to the hotspot you create a connection with the hacker. The hacker can now monitor your activity and every bit of data you send is being received by the hacker instead of the hotspot.

Another popular threat is Man in the Middle where the hackers can hijack your connection and then redirect you to webpages that force you to install a software that contains a malware. This webpages are disguised as system updates or pop-ups that tell you that you just won a prize.

The solutions

What is the best way to protect yourself against this type of threats?. Some of this security tips can get you started:

  • Don’t use public wi-fi to access financial institutions, shops or other sites ever.
  • Implement two-factor authentication in any website that has it or where you have sensitive data, so if your password gets stolen they won’t be able to log in because they need another piece of code to access your data.
  • Use a VPN (virtual private network) to encrypt your data and create a network within a network.
  • Keep wi-fi off when you don’t need it or turn off the automatic wi-fi connection so your device can’t connect automatically to hotspots.
  • Only visit sites that are secure with HTTPS.

 

net20security20fpga