Tag: TC2027

Make Your Online Identity Safe Again (8) – On Data Integrity

--Originally published at ISC de día, intento de cinéfilo de noche.

We'll start this post by defining what is data integrity. It is the maintenance, assurance of the accuracy and consistency of  the entire data life-cycle. It should be considered as a critical point in the design, implementation and usage of any application which uses data (a.k.a. any system).

We ordered the information we're managing by using a relational database, using MySQL. Our system in general is pretty simple, we used JavaScript to fetch all the information, and we used a linear regression algorithm to predict some possible outcomes of the students. Our database is pretty simple. We just have the name of the students, their password, school number, their birthday, their past grades and the results they might achieve while playing the game. The primary key is their school number, we won't actually show that to them, because we think that they could forget it.

We made the sign in very kid-friendly. They will be able to sign in by using their names, and a password that will not be posted here ( haha ). As I've written before, all the information is mounted on an Amazon Web Services Server.

I really hope no one tries to attack our software, but if they try to, if won't be easy for them.

Make Your Online Identity Safe Again (7) – Application of computer security to STATs

--Originally published at ISC de día, intento de cinéfilo de noche.

Computer security is defined as the protection of a system from damage and theft of their hardware, information and software as well as the wrong usage of the service that one provides. This includes physical security from people such as actual burglars, and protection from cyber attacks, and viruses. The IT team is also in charge of protect the information from accidental leaks.

As of today our project Misión: Marte is all mounted on AWS. We are putting our trust on that provider, so we really don't have much saying on the physical security of our information. We chose this server because we know it is trustworthy.

As for the protection of our software, we decided to encrypt all the information, because we wouldn't like it to be easily accessed by someone without out permissions. We have also created different privilege levels, so not everyone can see all the information, we wouldn't like that a student could see the progress of another student, It wouldn't be useful.

As for protection from malware, we decided to update all our libraries. We are using Phaser JS for the development of our app, and we were using an older version that was very well documented, but we decided that safety came first, so we moved on to the newer one.

We found out that our application can be accessed through mobile as well, so we are taking advantage and covering the risks that this improvised feature might bring us.

Make Your Online Identity Safe Again (6) – Applying the Three Goals and Golden Rules.

--Originally published at ISC de día, intento de cinéfilo de noche.

I was chosen to become a part of the first Semestre-i of ISC at the Tec de Monterrey Campus Guadalajara, and at the same time, the Security course was proposed to be one of the pillars of the project. Right now we're developing a web application for a primary school, the motive is to help them to reinforce the math course they take with their teacher, by using a computer lab they got at their school.

When we discovered that we were going to work with actual information of REAL kids, we decided to up our game and we tried to develop an app that is as safe as we possibly could. We updated the JavaScript library we were using (Phaser) to their newer version, even though it is not very well documented, just to have our frameworks updated.

We reduced our risks of losing the information by having the information on an Amazon Web Services server, encrypted by the library PassportJS and in a MySQL database. And I know it is not likely for our app to be attacked or mined, but we like to take our data to be safe!

We also made a Terms of Service Document and a Privacy Policy. We are thinking big! Right now it is a social project for one school, but maybe in the future it could grow. Right now you can access to it, and it is available at www.misionmarte.net thanks to our friend Edgar Javier (a..k.a. Killua). All the information is in Amazon Web Services.

We haven't have integrity problems, but I will dedicate a blog entry just for that, so we'll leave that topic for now.

This blog entry is part of a mini series called: What we did on semestre-i on the topic of security.



Review of TC2027

--Originally published at Barros Creations LLC

Working on a blog post on how a school should grade its students is very complicated primarily because I’m a student and one desire is to get 100’s in all my classes. But to think of it once as a graduating candidate you realize grades are not everything but more of the experience obtained in my classes. One doesn’t remember a number one remembers experience.

TC2027 or better yet Informatic Security is a course that will stay with me for all my computer systems engineering career. To think of all the vulnerabilities and lack of security there is in all systems gets me very worried that as systems evolve so does its problems. This is both a concern but also an opportunity of mine since one can easily prevail in this topic on a business level. Security is very well paid.

Back on the topic I think it’s great to have a moral/independent compass in which as a student we not obligated as a student to learn. We are free to learn as much as we can and to research as much as we can. To think about it, at a school were each class costs about $600, well at least for me that’s enough motivation to work my butt off each class. Not to mention the great opportunities given to me in such an independent class.

Every programmer knows and has its methodologies and its imperative that this continues because as any artist we can have two that do the same, we need diversity. In our programming community we are taught equally and expected that each and every one of us give the same results when that is impossible. Every programmer must be given the opportunity to do something different this way our community will grow and create job opportunities

Continue reading "Review of TC2027"

Unintentional Security Issues

--Originally published at Computer and Information Security

Easy the users and admins are humans and humans made mistakes 

There were many times that because a mistake made by a human the system fail an thats a real issue when for example that human works at AWS and unintentionally breaks the internet of half of USA.

It’s human to make errors but thankfully these errors can be 100% prevented. A mixture of strategies may help to prevent human errors from turning into security incidents.



When looking at attacks today, most people think external attacks are the biggest problem for organizations and where they need to focus most of their energy. However, it is important to distinguish between the source of an attack and the cause of damage. While the source of most attacks is absolutely external, the cause of damage is often the accidental insider. Adversaries recognize that it is too hard to directly break into servers and compromise an organization externally. It is much easier to target an insider, trick that person into opening an attachment or clicking on a link through social engineering, and then leverage his system as a point of compromise.  In many cases, the activity that is used to compromise an insider typically revolves around executable attachments, macros in office documents and HTML embedded content. What can an organization do to properly protect itself against insider threats? Most organizations believe greater security awareness is the answer to minimizing accidental insider attacks; this means ensuring employees better understand the dangers and exposures. While I am a big fan of awareness, organizations have to remember that no solution will solve every problem.  Awareness is good for basic attacks where there is something visibly wrong with the email or information received by the user. However, with advanced adversaries and more sophisticated phishing attacks, the Continue reading "Unintentional Security Issues"

TC2027 – Computer and Information Security

--Originally published at tc2027 – Ney González Blog

I’m going to talk a little about my Computer Security course this semester.

The Content

We would get to really good discussions about security tools, news and the like. I learned a lot by just talking with the rest of the class. Also, I think the Security Now podcast was really interesting and I personally started watching it on my own time.

I found that the Tools Challenges were a pretty good guidance of things we should be practicing regarding the course. I found time to do the PGP, Encrypt your Drive and SSH Keys, the other two are still in my backlog.

Quality

I found the quality of the course to be good but with room for improvement like with any  course. I would do more WSQs and probably do some Tools Challenges together. Overall I think the quality of what we discussed during the course was good but I would work out how activities should play a part in the course. Kin Lane’s talk was really good too.

Suggestion

Ken, in this particular course I think that at the cost of removing grading there should be a policy that encourages doing certain activities like completing all WSQs and Challenges for getting the chance to attend a talk or be part of a small after-hours workshop.
I think this goes hand in hand with your idea of having the university reward students for answering the ECOAs.

 

Thank you

Thanks Ken for taking the time to teach us about security, pedagogy, and lots more about life. After this course I have changed many personal views for the better, I hope this blogging thing finally sticks.

Thank you! See you around the campus.


Make Your Online Identity Safe Again (5) – My Necessary Post On Net Neutrality.

--Originally published at ISC de día, intento de cinéfilo de noche.

I know I'm not American, and that this doesn't affect me right now but when it comes to politics and services Mexico likes to copy the practices of the USA.

As far as I understand, right now the Internet is protected by the US government, and when you get a service, no matter which one it is, you will have access to all the sites no matter who is the owner of the site or what content it is displaying, and your service provider cannot interfere with it.

The Net Neutrality War has been fought several times in the past, but now more than ever is looking that it is going to die. I will leave a link to a video where the whole topic is better explained and let's hope this doesn't escalate. It would be a very sad day for the Internet.


Make Your Online Identity Safe Again (4) – Let’s see how you get pass this!

--Originally published at ISC de día, intento de cinéfilo de noche.

Recently Blizzard gave us an animation that inspired the name of this blog entry. The character Mei is an interesting data analyst who hyper-slept for 0 years. I'll leave the link to the video at the end of the post. It is worthy of watching.

So we're gonna talk about authentication. Right now there are only 3 ways for a computer to know that you are IN FACT you. Apple has given us a lovely example of this with their new iPhone X.

The most common way to authenticate is by testing the knowledge of the user. This can be used by asking for a password, just as Facebook, or a NIP, like an ATM. By asking the user for a specific piece of knowledge, the application can trust some rights to the person trying to access it. That's why it is so important for you to NOT share passwords, and to be very unrelated to you.

The next method is a little bit more secure but actually can be more problematic as well. In Walt Disney World, there exist something called a Magic Band. It is a bracelet that every member of a family must have on themselves through all their stay. The parks react to the band, so they can give you a more personalized experience, you can also access to your the parks and hotel room with it. You can even connect your credit card to it and you can pay for food and souvenirs inside the Walt Disney World with it. The system knows who you are, and gives you access to everything you paid within easy reach of your wrist. The big problem about this is that you COULD lose your Magic Band and someone COULD access to your room, park tickets, and credit card Continue reading "Make Your Online Identity Safe Again (4) – Let’s see how you get pass this!"

Malware. GRRR!! Spooky!

--Originally published at Eric tries to write down cool things

 

Malware… OH MALWARE! The fantastic and exotic creation of some people that just want screw other for money, for pride or for FREAKING FUN!

 

Yes, there are teenagers that mess up with the government just because they are able to do it and get away with it. Anywayyyyysssss.

Malware is a type of software that does harm a user. This malware was not born from magic dust and hopes of people, some guy decided to create it with a single purpose: Get the best out of people.

Malware is usually detected before doing any harm and it’s removed safely, but there are certain occasions where users insist into screwing themselves up by getting into unsafe sites! And clicking god know where to get screwed!!! DAMN PEOPLE, IT’S SO EASY TO AVOID ALL OF THESE REALLY!

 

Anyways, if the malware manages to get into your system, it will be camouflaged until the attacker decides to activate it and retrieve something from you. May it be raw information, passwords, accounts, credit cards or your family trip to Thailand from 5 years ago! WHO CARES?! This guy already has you grabbed by the p**** and he can do whatever he wants with your info if you don’t catch it before he gets out.

How to avoid this?

DAMN Firewalls!

DAMN not clicking on random stuff!

DAMN not downloading illegal stuff from random places!

DAMN not installing unsecured thinguies here and there!

It’s so easy I want to kiss the people who allow it to be easy :*

 

 

Play safe kids, PEEEACE