CATFISHING

--Originally published at Tc2017-security

Catfishing is when in social media they steal an identity and fake they are someone else. A lot of people have been victims of this people. Some of them have been lucky and found out, before getting hurt, but there are others not so lucky that have fallen in the lies of this people. There are cases where the victim falls in love with ths people and has given them money, or even worse been kidnap. We have to take precaucions and don’t accept or be fooled by any user you don’t know. If you don’t know the user don’t give any of your personal information. In your profil make sure everything is private or that the information you are displaying is alright for you.

Here is an example:

Y4PT

--Originally published at Tc2017-security

La imagen puede contener: 2 personas, personas sonriendo, interior

Two weeks ago I came back from a hackaton in Dubai due a competition we won last october(the prize was participate into the Dubai’s Mobility Hackaton by Youth For Public Transport). We flew 24 hours from Guadalajara to the event, then we were developing our product(business model, prototype, slides, pitch) and we presented the project to some Dubai’s authorities such as the Dubai Prince, CEO of Careem, CEO of RTA, head of Y4PT among others. Our project was a virtual assistante to move through the city in a clean, fast and sustuinable way, with this we won the 3rd place. It was such an amazing experience to meet people from around the globe and share ideas and see different ways of thinking about the global problems we are living in. After this we presented the project in an expo, in the Dubai World Tarde Centre for a couple of days. It was great to have won a price, but it is more important to me the experience, the possibility to aquire a new global vision and have fun with this amazing experience. We are looking forward to win the next edition of this event next year in Sweden!

La imagen puede contener: 2 personas, personas sonriendo

Aaron Swarts

--Originally published at Tc2017-security

Aaron Swarts was born in Chicago in the year of 1986.

At the age of 12 years he developed open source systems for Oracle. At age 14 he co-authored RSS 1.0, making XML to share internet content.

He studied at Stanford University. In his early years he created Infogami, a way to create attractive websites. He collaborated with the founders of Reddit and Y Combinator to support the Open Library project. Later it was merged with Reddit. Later he created a company called Jottit, a markdown system to generate content.

In 2008 Watchdog.net was launched on the web, where information about politicians was released. He also wrote a circular called “Guerrilla Open Access Manifesto” where he created a famous quote that says “There is no justice in complying with unjust.” It is time to come to light and, following the tradition of civil disobedience, to oppose this theft deprived of public culture. ” Deaddrop development, a secure communication platform between journalists and information sources.

He created Demand Progress in 2010, a group to take action and positively influence political leaders and Congress. He developed studies on political corruption.

Stop the online Hacking Act is one of the main activists against the SOPA law. He was an active member of wikiLeaks, possibly filtering information. In 2011 he was arrested for downloading files from an MIT Open database. With the months the federal crimes against him were added, for charges and violations in the line and “Act of Fraud and Computational Abuse”. On January 11, 2013, he had a fine of 4 million dollars and was sentenced to 50 years in prison. That day he committed suicide by hanging himself in his room.

 

Recovered from:

https://es.wikipedia.org/wiki/Aaron_Swartz

https://hipertextual.com/2015/09/aaron-swartz-perseguido

http://www.bbc.com/mundo/noticias/2013/01/130113_aaron_swartz

Rubber Ducky

--Originally published at Tc2017-security

Resultado de imagen para rubber ducky hack

So most of us don’t know what a ruuber ducky is. A rubber ducky is a malicious code hiden in a USB and when pluged it runs a code that could give the Hacker acess to your computer and all your information.

There have been various companies that have been hacked with a rubber duckie. Companies and users shoud be causious on what they insert into their computers. For precausion you should do the following:

  • Don’t insert any USB found on the floor.
  • Don’t insert any USB by a stranger or someone you don’t know.
  • Don’t buy any USB from someone that isn’t certified to sell you this stuff

Being hacked by a USB is really easy. For example, I could just leave a USB laying around and I’m sure that someone would grab it and insert it into their computer or even worst their company computer.

Talent Land

--Originally published at Tc2017-security

So this week I participated in a hackathon in one of the biggest events of technology in Mexico. The hackathon was organized by BOSCH and they wanted us to create something creative and inovative way to optimize the public transport and help the environment. I love the idea that many companies are starting to find some way to help society by creating an enterprise. I trully believe that busnisses should be both sostainable and sustainable to be able to work and give back to society.

Resultado de imagen para social businesses

We had an idea of more or less an idea of what we wanted to do, but if it weren’t for Francisco from Kio, we wouldn’t even be able to find the client, jaja. He helped us create a valor proposition, he helped us find our client and helped us to empathies with them.  I loved my experience with this hackathon, and I loved learning new things. I never thought I could learn that much in a week from various diferent companies, and I’m relly thankful.

Resultado de imagen para thanks

Blockchain

--Originally published at Tc2017-security

Now a lot of us understand what bitcoin is, but most of use don’t know what is blockchain.

Blockchain is a way to secure your network. Basically what it does is it encrypts your data and sends it to everybody in the network. This means that everybody has a copy of what you’ve just send. So when sombody else tries to modify that information and send it. Everybody knows in the network knows that the information is not rue and will restore the correct data to that computer.

Blockchain is trully a great way to identify a person and really see if the person you are talking to is him or her.

Here is a short video that explains what blockchain is:

SQL INJECTION

--Originally published at Tc2017-security

So the first thing is what is sql injection. For does people that don’t know what sql is, sql is a programming language to help you save up information, for example:

The banks save up all customer information about their names, ssn, credit cards, etc.. in a sql table, which is kind of like excel.

SQL injection happens when a company dind’t sanities data and are able to get into the compañies data base.

Resultado de imagen para sql injection png

What a hacker does is find the vulnerabilities and when they have they can either:

 

  • Control the application’s behavior that’s based on data:
    • For example, show information that the company doesn’t want others to know.
  • Alter data in the database:
    • For example, erase or create new users that don’t exist.
  • Access data without authorization:
    • For example, give a user access to personal data of other people.

What can you do to defend yourself from this vulnerability:

  • Discover SQLi vulnerabilities, you can do so by using a special software to check how secure your code is.
  • Avoid and repair SQLi vulnerabilities by using parameterized queries.
  • Remediate SQLi vulnerabilities
  • Mitigate the impact of SQLi vulnerabilities, you can do so by only allowin certain access to user to a certain part of the data base or by using certificates.

Here is a really cool video of an example of this vulnerability: