Tag: Sin categoría

Computing Ethics

--Originally published at Computer and Information Security

Oh, hey reader! You are again here, it’s pretty cool that I keep getting your attention. This time I’m going to talk about the code of ethics in computing. Around the web there are a lot of documents, information and infographics that try to show what are those codes of ethics in computing, but  if you really want to know about computing stuff, you should always go to the official ACM (Association for Computing Machinery) web page, since this is the official organization that represents the computing community (Click here to get into the ACM web page).

As you know, all the present and future professions require a couple of rules of behaviour, like all humans do in society, in order to have a peaceful life and community, where we all look for each other like the good human beings we are. This means that by law we have to act with ethics and moral. In this case I’m going to show you the basic rules or behaviour, we, computing scientists or developers are forced to obey and accomplish, in order to have a good computer community:

1. PUBLIC – Software engineers shall act consistently with the public interest.

  • 1.01. Accept full responsibility for their own work.
  • 1.02. Moderate the interests of the software engineer, the employer, the client and the users with the public good.
  • 1.08. Be encouraged to volunteer professional skills to good causes and contribute to public education concerning the discipline.

2. CLIENT AND EMPLOYER – Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest.

AIC Triad

--Originally published at Computer and Information Security

 

Hello reader! Is nice to know that you keep looking at my posts. This time I will talk about the AIC (Availability, Integrity and Confidentiality, some sites or information around the globe refers to this as CIA, yes like the Central of Intelligence Agency in the USA, but this has nothing to do with that).

Formally this is how most IT security practices are ruled, this three words are the fundamentals of security, let me explain to you what each one means:

  • Availability: Everything should be up and running, no matter what happens, the service or system should always respond.
  • Integrity: Nothing can be altered in terms of the information that is used in the service or system without detection.
  • Confidentiality: All information or data used should never be shared with third or unauthorized parties, since all of that is personal and literally confidential.

This three concepts are commonly applied into databases, since all information and data processing is stored by a company, so, you reader, are always in touch with this concepts everyday, because is possible that you use an app or something in the cloud that involves data sharing, text messaging or anything were you have to upload something to the network and read or download something from someone else, for example, whatsapp, e-mail, facebook, twitter and many more. Therefore, when you accept the privacy and security conditions (those little letters that pop up in a window where you click accept), you are accepting his own AIC rules, but obviously, they are regulated by a certification, they can’t fully change them for their benefit, because, this rules are made to benefit the user or customer. And that’s why you should always read this bunch of words in a small window.

Going back to the AIC Triad, if

Continue reading "AIC Triad"

CIA, yeah I know, as the Inteligence Agency

--Originally published at Security

For the rest of the blog I will call the CIA triad as the AIC triad because in the other way I can only think about conspiracy and is ironic the term “privacy” that the AIC assures.

Resultado de imagen para cia gif

This triad is a guide to satisfy information security inside an organization. First lets explain what I understand with the terms: confidentiality, integrity, and availability. Confidentiality can be translate into privacy (it’s a coincidence that I spoke about it on my essay), this means that it is important to ensure confidentiality to prevent that sensitive information can be reach by the wrong people. There are some methods used to protect it: data encryption, two-factor authentication, biometric verification (check my blog entry about it at: http://bit.ly/2itQSGq), security tokens and more.

Integrity stands for maintaining the trustworthiness of data over its entire life. One must be sure that data its not change in transit by unauthorized people. These measures include file permissions and user access controls. In addition, backups or redundancies must be available to restore the data. Availability depends more on the hardware, it’s important have system upgrades and maintain adequate bandwith.

As I read on a “Tech target article” the Internet of Things is a big challenge for this triad. Why? because as you may know the IoT consist on enabling many devices to be interconnected, so there are more “entry doors” for a possible attack. Furthermore, as I mention in the availability concept, the software updates are really important to ensure security, and the more devices we have connected, it is more difficult to have necessary updates on each one of them.

 


Security ACI

--Originally published at Título del sitio

Since I was in high school I always believed that computer security was a very important part of the computer science, entering Tec de Monterrey always wanted to get to the subject of computer security. Well now is the time to know if this little curiosity that I have becomes complete in a future and as Bruce Schneier says develop that taste.
I have read several topics and articles about hackers and the tools they use for managing information, but I have not seen anything to put it into practice.
The finally having that matter and knowing the elements of AIC security I realize how solid this is, without these fundamentals and apply them during this semester i will be a challenge.
We will have to obtain data of the users, to create statistical data of the activities obtained within the application that we are going to realize.
It still sounds fairly simple in terms of security, but it will have to be polished and developed very in detail to expand it and make it better.


Bloggin is coming!

--Originally published at Computer and Information Security

Howdy reader!

I Hope you are having a great day, because this has just started. I’m really excited to start this blog series about computer security, since I have always followed technology stories related with this topic but also because, nowadays the technology is revolutionzing  the way we live, it is becoming our second home (A digital home), I can make a lot of analogies between the real and digital world, but you get the idea. Being said that, security in the digital world is really important, since as there is bad people in the real life, there is in this new and big world of possbilites.

My interest in this topic began from a short story I will be sharing with you in the next post, this was like around 7-8 years ago, while I was still a computing geek child. With this story I hope you understand how important is to take in account security and try to learn everyday new stuff about this topic, to prevent catastrophic events, which could threaten your life.

So, go grab something to drink, eat and a couple of eye drops, because pretty good stories are coming, but also, pretty good articles about security.


Basics of computing security

--Originally published at How to HACK

tenor

Gif from tenor

       Let’s be clear. I am not an expert in computing security. Actually, I have never studied about this before… BUT, is the subject I have been waiting since I began my studies as Software Engineer. And now, in my 7th semester, I am writing about it for my computer and information security class with Ken, a flipped-learning teacher, but more important I am writing about it to learn with you, whoever you are.

       For this first entry I am talking about, according to Ken, three key concepts in the computing security which together create the CIA in computer security: availability, confidentiality and integrity.

 Let’s start with confidentiality, maybe the most easy of the concepts to get and the easiest for me to explain. Is something we all know about computer security or, at least, maybe it’s what we give more importance to. You will understand better what I am talking about after Margaret Rouse explanation: Confidentiality is roughly equivalent to privacy. And privacy is a concept we all understand well because is something that really matters for us. Maybe I am generalizing, but we all need our space, a space where we can keep our secrets, our thoughts without the fear that someone will found out. In my experience, I am a person who is very open to other people about my personal life but I am actually living second life that 99% of people I know are not aware and that’s because we humans can have privacy, a very secure one.

tenor_privacy.gif

Gif from tenor

In the other hand, we have computers, smartphones, apps where we share all of our information on the internet but that doesn’t mean we don’t want to keep secret things secret. That’s why we have a password in our

?
?
no-trust
Continue reading "Basics of computing security"

Do you lock your smartphone?

--Originally published at Security

One may think that people who lock their smartphones is because they have something to hide, or even one is cheating his/her couple… JK!!!

Locking your phone is a big deal, almost everyone has their lives in those small devices, we have photos, contacts, mails, social media, notes, locations, calendar & schedule, and sometimes even our bank accounts, that is the real reason why we must have our smartphone locked minimum with one locking system. Even so, I admit that sometimes introduce a PIN number or do a pattern is annoying, that’s why I really love actual smartphones which has finger print scanner or even irises scanner, but do we really know which one is the safest method? Let me tell you…

Google has introduced a suit of Smart Lock options available for unlocking Android devices: Trusted Places (unlock at a specific location), Trusted Devices (unlock when connected to a specific Bluetooth device), Trusted Face (facial recognition), Trusted Voice (voice recognition) and On-Body-Detection. As you may see, all of this has the purpose of making faster the process of unlocking, but having the security as a disadvantage, the only one of those that I use is the Trusted Devices because I use it when my phone is connected to the car and I need to unlock it in a fast way.  Apple has Touch ID and PIN code which has been proved that are safer than the “new” Google’s Smart Lock options, but last year when the Samsung’s note 7 was presented, the Korean company shows a new and different way of unlocking smartphones, irises scanner. Both options are safe, but not perfect.

There is a case of the German defense minister Ursula von der Leyen, in which a hacker was able to fake the minister’s fingerprints based only on

Continue reading "Do you lock your smartphone?"

Everything to hide

--Originally published at Security

As I promised on my last post here is my essay about security, yes, is in Spanish, but I hope that you enjoy it!

Daniel Alejandro Jiménez Gómez

A01225375

Todo Nada que esconder

En este escrito se abordará una problemática presente de gran importancia, la invasión a la privacidad. Para esto se tienen dos personajes principales, el gobierno y las empresas tecnológicas. El primero busca por medio de las leyes tener control y conocimiento de las conversaciones, fotos, mensajes o videos de la población bajo la “excusa” de velar por el bienestar de los ciudadanos, mientras que las compañías quieren asegurar una imagen de confianza y seguridad para sus usuarios. Se comenzará exponiendo la situación actual respecto al tema y posteriormente se expondrá el objetivo del texto, la hipótesis, la relevancia para el desarrollo social y la dignidad humana y los argumentos que la sustentan. En un mundo en el que casi todo y todos estamos conectados es de esperarse que las personas se cuestionen si los avances tecnológicos amenazan la privacidad de los mismos, además si añadimos las ya famosas revelaciones del analista de la CIA y la NSA, Edward Snowden, en donde reveló la existencia del sistema de vigilancia PRISM, es más que entendible que desconfiemos de cuán segura está nuestra información. El objetivo de este ensayo es convencer al lector que ninguna empresa ni gobierno puede ni debe transgredir su privacidad, siempre y cuando este no sea culpable de algún delito que atente contra el bienestar de sus semejantes. Por consiguiente, yo pienso que existen antecedentes suficientes para que las leyes de vigilancia sean reformuladas, prohibiendo la escucha y grabación de información de masas, pero permitiéndolo en sospechosos o culpables de crímenes y atentados. Lo anterior se buscará probar a través de distintos casos de compañías

Continue reading "Everything to hide"

Welcome!

--Originally published at Security

Hi lovely reader, this is going to be my blog about security. I’m not a fan of this topic, but it’s interesting because nowadays almost no one is exemp to expose his / her personal information. It is really important to know how much and which data we are sharing with other social media trough, our Google searches and even when we bought something on Amazon or we drive to certain place with Waze.

The last semester for my “Applied Ethics” class I wrote an assay about the importance of privacy. I will upload it here later, but the main reason that I mention this is because there is an expression that grinds my gears and I have heard it from many people before: “Why should I care about privacy if I have nothing to hide?” OMG, say this is like state “Why do I need freedom of speech if I have nothing to say”. Its really nonsense for me.

Well, I hope you enjoy what I’m going to be posting here, and welcome again!