Computer Virus Protection

--Originally published at Sebastian Luna




Virus Protection


Conceptual Overview

Imagine having contact with many human beings, getting certain level of connection with every single one of them, every single day of your life. You can imagine that, eventually, you will get sick if you don’t have some precautions (washing your hands, getting your vaccines, keeping your distance, etc.).
When computers interact with other computers, some of them can have a Computer Virus, so they too can get infected, just like us! (sort of).
A Computer Virus is software with malicious intent that replicates itself by modifying other computer programs and inserting its own code. There are many methods in which a computer can get a virus, and there are different Computer Viruses that can have different negative effects on a computer, like accessing private information (your credit card too!), corrupting data (say goodbye to the pictures of your kids), spamming your e-mail contacts, or leaving your computer useless.

Available Methods

Some methods that can help you clean your computer from Viruses, or just to protect it against getting one are:
·         Keep your software up to date
o   Sometimes software has bugs that can be exploited by hackers, which could be used to infect your computer.
·         Don’t click/respond to strange emails
o   I’m sorry to tell you, but the Wife of the President of Uganda isn’t contacting you to give you 100 million dollars; you also didn’t win the Bill Gate’s foundation for 50 billion dollars.
·         Use an antivirus software
o   It’s a program designed to detect and remove viruses from computers and other threats.
·         Use a Firewall
o   A system designed to prevent unauthorize access to or from a private network.
·         Download only from verified places

PROBLEM: Interval of Times

--Originally published at Sebastian Luna


The problem

Your company built an in-house calendar tool called HiCal. You want to addd a feature to see the times in a day when everyone is available.
To do this, you’ll need to know when any team is having a meeting. In HiCal, a meeting is stored as an instance of a Meeting structure with integer member variables startTime and endTime. These integers represent the number of 30-minute blocks past 9:00am.
typedefstruct{
unsignedstartTime;
unsignedendTime;
}Meeting;
For example:
typedefstruct{
unsignedstartTime;
unsignedendTime;
}Meeting;


Meeting meeting1 ={2,3}; // meeting from 10:00 – 10:30 am
Meeting meeting2 ={6,9}; // meeting from 12:00 – 1:30 pm
Write a function mergeRanges() that takes an array of meeting time ranges and returns an array of condensed ranges.
For example, given:
[{0,1},{3,5},{4,8},{10,12},{9,10}]
Your function would return:
[{0,1},{3,8},{9,12}]
Do not assume the meetings are in order.The meeting times are coming from multiple teams.


Write a solution that's efficient even when we can't put a nice upper bound on the numbers representing our time ranges. Here we've simplified our times down to the number of 30-minute slots past 9:00 am. But we want the function to work even for very large numbers, like Unix timestamps. In any case, the spirit of the challenge is to merge meetings where startTime and endTime don't
Continue reading "PROBLEM: Interval of Times"

How to get a job in Computer Science

--Originally published at Sebastian Luna

Today I'll give you a step by step guide on how to get a job in the industry:

  1. Buy the book: Cracking the Coding Interview
  2. Memorize every problem and its solution
  3. Go to an interview
  4. Play dumb when they give you a problem you already know
  5. Give the solution

You like to solve problems without having memorized solutions? You enjoy thinking about the problem and finding out different solutions? You want to show your real skills even if that means not being able to solve a given problem?

Some of us do, but that's not how the cool kids do it nowadays...


congratulations, you're hired

CATFISHING

--Originally published at Tc2017-security

Catfishing is when in social media they steal an identity and fake they are someone else. A lot of people have been victims of this people. Some of them have been lucky and found out, before getting hurt, but there are others not so lucky that have fallen in the lies of this people. There are cases where the victim falls in love with ths people and has given them money, or even worse been kidnap. We have to take precaucions and don’t accept or be fooled by any user you don’t know. If you don’t know the user don’t give any of your personal information. In your profil make sure everything is private or that the information you are displaying is alright for you.

Here is an example:

Y4PT

--Originally published at Tc2017-security

La imagen puede contener: 2 personas, personas sonriendo, interior

Two weeks ago I came back from a hackaton in Dubai due a competition we won last october(the prize was participate into the Dubai’s Mobility Hackaton by Youth For Public Transport). We flew 24 hours from Guadalajara to the event, then we were developing our product(business model, prototype, slides, pitch) and we presented the project to some Dubai’s authorities such as the Dubai Prince, CEO of Careem, CEO of RTA, head of Y4PT among others. Our project was a virtual assistante to move through the city in a clean, fast and sustuinable way, with this we won the 3rd place. It was such an amazing experience to meet people from around the globe and share ideas and see different ways of thinking about the global problems we are living in. After this we presented the project in an expo, in the Dubai World Tarde Centre for a couple of days. It was great to have won a price, but it is more important to me the experience, the possibility to aquire a new global vision and have fun with this amazing experience. We are looking forward to win the next edition of this event next year in Sweden!

La imagen puede contener: 2 personas, personas sonriendo

Authentication

--Originally published at Computer and Information Security

Each day, we log into many different webpages, they ask for authentication. We need to prove that we are us, but why is it so important? Also, how does it works? Authentication is needed to access to personal information, social media, at work, unlocking the phone, anywhere. It is almost a requisite to join every webpage to access to certain content. Regarding security, it is the way to block your information for the resto of the world. There are many different ways to prove that you are really you. Commonly, sites ask for a password, but they aren’t the only option. The next video uses interesting examples to explain the importance of authentication.

  • Knowledge factors: sometimes, the service that is asking for authentication can ask for names, specific questions, PIN numbers, or the password itself. Those are known as knowledge factors.
  • Possession factors: these are the ones that the user has in possession, such as ID cards, one-time password tokens, specific codes, or any artifact that can prove your authentication.
  • Inherence factors: this authentication factor covers the biometrics of the user, such as fingerprint scans, facial recognition, voice recognition, retina scans, iris scans, between others.

mobile-security-laptop-fingerprint-730x442.jpg

A modern way to authenticate the user is its location depending on the cellphone. This also has to do within its device activity and many other complex factors. Nowadays, it is recommended to use at least two factor authentications at the time per each account. For example, it is possible to activate an account with password and with a pin provided by the service company via cellphone.

There are may authentication tools in the market. It is important to be secure and also to protect your personal information. It can be annoying to unlock the accounts with more than 1-factor-authentication, but sometimes it is necessary Continue reading "Authentication"

CIA triad

--Originally published at Computer and Information Security

Confidentiality, integrity and availability is also known as the CIA triad. CIA triad is a model that establishes some principles for information security, it can be seen as an organizer. These three principles are considered as the most importan principles for security. They aren’t the only ones, but they can be seen as the three pillars of security. The following video explains very well these three principles:

Confidentiality

Confidentiality can be defined as a series of rules that are responsible for preventing information from reaching the wrong hands. That is, confidentiality is in charge of the access. This access must be restricted for those that don’t have the authorization to see the information. One way to prevent a leakage is to create levels. Most of the time, information is categorized depending on the impact it would have if the specific information was stolen.

Integrity

Integrity is an important pillar to security, it is in charge of the accuracy, consistency and trustworthiness of the information all the time. It is crucial the security of the data. Information can’t be corrupted or edited by a third-party without the autorizaron. Also, while sending data, it must be delivered and received without any modification in between. Software can be involved in order to check the integrity of data that is traveling  from one place to another.

Availability

Availability is mainly in charge of the hardware. If there are complications between services or any damage, there must be a resource in charge of fixing it. Also, it needs to be updated all the time and there has to be one that establishes de communication between the different services. There must be an adaptive recovery if it is necessary. It is important to have a way out of problems, even without a person in charge for it.

CIAtriad-copy1.png

In Continue reading "CIA triad"

DNS Spoofing con el WiFi Pineapple

--Originally published at Toledo

¿Qué es el DNS?

Por sus siglas en inglés DNS, Domain Name System, es un sistema en internet que funciona como directorio. Cuando intentas acceder a alguna página, digamos google.com, lo que sucede por abajo del agua es que la computadora va y pregunta la dirección IP en la que se encuentra el servicio de google.com, ir a consultar dicha dirección. La cual en mi caso es 172.217.9.14.

Screen Shot 2018-05-08 at 3.19.34 AM

¿Qué es el DNS Spoofing?

Tambien conocido como DNS Poisoning. Es un tipo de ataque que se aprovecha de las vulnerabilidades de DNS. Con la configuración correcta, quizá un ataque de man-in-the-middle de por medio, es posible personificar servicios conocidos. Puedes direccionar a tu víctima a un servidor de DNS del que tu tengas control, y podrías modificar las direcciones IP de los dominios que consulte.

WiFi Pineapple: DNS Spoofing

Antes que nada es necesario terminar la configuración del WiFi Pineapple. En éste blog doy una breve introducción al WiFi Pineapple y explico cómo setearlo.

Lo siguiente es tener un sitio de pruebas fake. Como demostración, voy a utilizar el paquete de http.server de python 3 para levantar una paqueña página.

Creamos un archivo llamdo index.html en un directorio nuevo con el contenido:

<head>
<\head>
<body>
 <h1>Fake Page</h1>
 <p>WiFi Pineapple rocks!</p>
<\body>

Con la terminal en dicho directorio. Ejecutamos el servidor con python3:

python3 -m http.server 8080

Con ésto deberíamos poder ver nuestra página si utilizamos nuestro navegador para ir a la dirección http://localhost:8080/

Screen Shot 2018-05-08 at 3.51.12 AM

Consultamos nuestra IP y le guardamos para utilizarla en los siguientes pasos. Tambien podemos acceder a nuestra página a tráves de ella.

Screen Shot 2018-05-08 at 3.54.19 AM.png

Ingresamos a la interface web del WiFi Pineapple. Por suerte para nosotros, ya hay software desarrollado para el Pineapple para todo tipo de ataques. El DNS Spoofing

Screen Shot 2018-05-08 at 3.56.36 AM
Screen Shot 2018-05-08 at 3.56.45 AM
Screen Shot 2018-05-08 at 3.56.56 AM
Screen Shot 2018-05-08 at 4.18.58 AM
Screen Shot 2018-05-08 at 4.22.20 AM
Screen Shot 2018-05-08 at 4.29.22 AM
Screen Shot 2018-05-08 at 4.27.37 AM
Screen Shot 2018-05-08 at 4.27.24 AM
Screen Shot 2018-05-08 at 4.27.16 AM
Continue reading "DNS Spoofing con el WiFi Pineapple"

Denial-of-service attacks

--Originally published at Computer and Information Security

Have you ever feel that a webpage is loading too slow compared to other times, a poor network performance while trying to retrieve s file from a cloud server, an increasing amount of time in order to reach an specific service from the internet? It’s obvious that there are many factors that can influence the weak performance from the network, but it is important to take into account that it could be a denial-of-service attack. It’s not that easy to spot the problem, but first, what is a denial-of-service attack?

We can define a a DoS attack as a planned attack to a server in order to disrupt an organization’s network to complicate the entry of their user to their services. The attack can limit the access to the network or even to deny the access. The main point is to prevent any online activity through the servers that are being attacked.

There is also a Distributed Denial-of-Service attack, where the attacker also infects the computers that get connected to the infected servers and now these new computers are used to infect more users. These new infected computers are known as zombies. Zombies are the computers that are controlled by the attacker. With the control of all of the computers, the attacker can use their power to overload the services, such as mail, internet, and network services.

Also, there are three specific categories in which the hackers focus their attacks:

  • Networks
  • Systems
  • Applications

Distributed-Denial-of-Service-Attack-Greets-Forked-Bitcoin-Gold-on-First-Day.jpg

Mainly, all of them create requests to overload the servers until there is no response or until they create an error on the system. One of the main goals is to consume as much bandwidth as possible in order to create slowdowns in networks. Hackers also focus on hardware, such as routers and devices that need network Continue reading "Denial-of-service attacks"