Elections Analyzer 2018 – Week 4 Premortem

--Originally published at Blog | Cesar Arturo Gonzalez

This week I’m motivated to finish the connection to the database to create the raw_tweet implementation and begin analyzing this raw_tweet. I think this week is just continue to implement the same things that last week before the presentation, so in this blog post I’m gonna introduce you to our team.

Elections Analyzer 2018 – Week 3 Postmortem

--Originally published at Blog | Cesar Arturo Gonzalez

This week we worked on getting all together for the presentation with the teacher. Mike developed a basic database connection that allowed us to get the tweets Alex and I were mining and store it in a MySQL table that will be the bridge to analyze stuff later on and clear the information, do the …

Elections Analyzer 2018 – Week 3 Premortem

--Originally published at Blog | Cesar Arturo Gonzalez

The weekend I worked on the Makefile of the project so everybody can install dependencies and the devOps work is fully done with space for test, install and run the project in developer mode and in production. This was hard for me because I needed to be sure that it worked in both Unix and …

Hacking adventures (Story 2)

--Originally published at Computer and Information Security

Yo, reader! I’m glad you keep an eye in my blog. Today’s story, is about the new GeForce Now service from Nvidia, which is only available currently for mac users since it is in beta. In this service you can log in to one of their virtual computers on the cloud, to be able to play video games through your steam account.

I tested this new gaming service and I can say that this is a pretty good way to play. Before Nvidia launched this, there was another one called OnLive, the Netflix for gaming, you were able to rent a game for a certain amount of time or even buy it, but it was a copy of the game and it was never yours. It used their self-made interface, it means that I couldn’t see anything but just what they allowed me to see with their own design. Which was identical to the windows tablet or phone theme, like squares or windows. A long time ago I tested this service, I was most of the time logged in and playing games since I couldn’t afford a gaming PC and when they closed it, like around 3 years ago, I got really sad. Anyways, when I heard about Geforce Now I remembered the old times in OnLive, but this time it was different, the gaming process was through your steam account and not by renting or buying the game through a custom menu, it was actually a windows 10 virtual machine. As you know, I’m a pretty curious person, therefore I decided to click anywhere to check if I could get into the desktop menu, but as you already know, everything was locked up. But I never gave up, actually I managed to install chrome, through the internet explorer

Continue reading "Hacking adventures (Story 2)"

Risk Management Framework

--Originally published at Blog | Cesar Arturo Gonzalez

Risk Management Framework provides an structured process that integrates information security and risk management activities into the system development steps.   Categorize: The information system and the information already processed or stored by the system needs to be categorized based on the impact analysis. Select: We need to choose security controls for the data and information based on the categorization …

Security Architecture and Policies

--Originally published at Blog | Cesar Arturo Gonzalez

Security Architecture In order to have good secure bases for our system the first thing we need to do in the planning process is defining a security architecture. To define this you need to think about the potential risks that the system may have establishing the different scenarios from the beginning of the planning stages. …

Cryptography and Network Security

--Originally published at Blog | Cesar Arturo Gonzalez

What is Cryptography? Crypto == “hidden or secret” Graphy == “study of writing” So with this breakdown of words we can conclude that cryptography is the study of writing something hidden or secret. Cryptography has been around for centuries with the creation of the Caesars cipher created by Julius Caesar. Before modern times cryptography was used …

Web Security

--Originally published at Blog | Cesar Arturo Gonzalez

IF Security == “The state of being protected or safe from harm”. THEN Web Security == “Keep a web server and its applications protected or safe from harm”. A web server is always vulnerable to all sort of attacks because it is out there on the internet. If you don’t follow any security standards or …

Security for Operating Systems

--Originally published at Blog | Cesar Arturo Gonzalez

An operating system or OS is a software that enables the connection of the hardware with the software. If the OS didn’t exists there won’t be any programs like the ones we have today, and if they were, they will be hard to code and install. Because this software controls the interaction of the user with the hardware is …

WT… is Denial of Service?

--Originally published at Computer and Information Security

Hi reader! I hope you are enjoying my posts, this time I am going to talk about DoS (Denial of Service). So, in simple words, this is a common and most used technique by hackers and people that want to see the world burn, it occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.

This type of attacks usually send a lot of information, data or traffic to a server, through a bunch of other helpers called zombies, in order to staturate the network in that server or victim resources and make it impossible for the victim to use the service properly.

Some characteriztics of this attack are:

  • Degradation in network performance, especially when attempting to open files stored on the network or accessing websites.
  • Inability to reach a particular website.
  • Difficulty in accessing any website.
  • A higher than usual volume of spam e-mail.
  • Hard to play a videogame since there is a lot of lag or traffic from the nework.

Resultado de imagen para DoS attack

To restore the normal use of the service in those cases, a reboot of the system fixes the DoS attack, but there are a lot of different types of this attack that can more difficult to recover from:

  • Buffer overflow attack: Is a catchall description most commonly applied to DoS attacks that send more traffic to a network resource than was ever anticipated by the developers who designed the resource. One example of such an attack sent, as email attachments, files that have 256-character file names to recipients using Netscape or Microsoft email clients; the longer-than-anticipated file names were sufficient to crash those applications.
  • DDoS attack: The attacker may use computers or other network-connected devices that have been infected by malware and made part of a botnet. Distributed denial-of-service attacks, especially those using botnets, use command-and-control (C&C)
    Continue reading "WT… is Denial of Service?"