The end

--Originally published at Let’s talk security. – Rudy's Corner

The semester is done, my 8th semester studying ISC came to an end and I don’t know how to feel about it, but that is not what this post will be about. I will talk about what I learned throughout the Security course. This won’t be a huge blog post, I’ll just point out a few things that I am taking from this course.

  • Update, the importance of keeping all my devices updated so that I have the latest security.
  • Backup, keep a lot of different backups in case something fails with the computer you won’t lose the data.
  • Layers, it is of great importance to have as many layers of security as possible, so it becomes harder and harder to break into your system.
  • Trust no one (or almost no one), check who your giving permission to see your social media, who sees what and why they see it.
  • Stay up to date, keep checking the new things that come up, the new technologies, the new threats.

And those are the things that I learned more from this course, thanks for reading it has been a great ride!

Bye.

YouTube’s way of flagging videos

--Originally published at Let’s talk security. – Rudy's Corner

In the last months, right after the series of Apocalypse that YouTube faced, YouTube decided to create a new algorithm to flag videos that weren’t “advertiser friendly”. This new system worked, well kind of, depending of who you ask. According to the Google CEO this new system removed over 8 million videos from YouTube, of that number 6.8 million were first flagged by the computers, which is about 76% of the total.

Now the question is, does it really work? Does it actually just flag bad content, or does it also take down content that follow YouTube’s policies? And that is the core of the problem, because the system is not perfect (nothing really is) but YouTube is leaning a lot in a system to catch the “bad” videos. I

am sure that a lot of the videos that gets flagged are actually non advertiser friendly. But a fare share is okay.

Here is where we get to machine learning and if it will be good or not. No matter how much we try to, we won’t be able to program emotions or common sense to a computer (or at least any time soon). So, how much should we depend on a computer to do work where there is a lot of common sense involved? Yes the systems do the work for us, but at what cost?

In my opinion, we should keep a check on it, monitoring their behavior, us the humans making sure that the computer actually does what is supposed to do without damaging others, just as YouTube is trying to do. I am a little scared of what a system like that could do unchecked, but I hope it never happens.

WiFi on Airplanes

--Originally published at Let’s talk security. – Rudy's Corner

Have you ever used a wifi service while traveling on an airplane? Well, you might not want to do it again after reading this; or if you still really want to do it, I’ll give you a tip on how to be safe.

First of all we can all agree that the speed of the internet is not that good, we can’t really do much with it, it is very basic. But that is not what I’ll be talking about. I’m going to focus in the security of it.

I’ll start with a personal experience, I was flying from Dallas to GDL, just finished my book, and had nothing to do. So I connected to the wifi, but it wasn’t working. Because I was bored, and I had nothing better to do, I decided to see if I could connect to the router. To my surprise I saw that the router administration credentials were: username “admin” and password “admin”. I was in pure disbelief, like, how hard is it to just change the password? That was my first try and I got it right.

Once I landed I decided to look up if more people have tried what I have (and yes they did!). And that’s how I stumbled to Shannon McMahon’s article of Why You Should Never Use In Flight WiFi. On it, she touches upon some points, but most important she mentions two things: it is not secure and thus, someone could be watching. And yes, if they are watching you and you log in to something that doesn’t have such great security, they could see your password.

That is also something Michael Horowitz talks about: the security in the planes suck. Horowitz found that the main network is wide open! Imagine, completely wide open. I

Continue reading "WiFi on Airplanes"

Trust the Security Experts

--Originally published at Let’s talk security. – Rudy's Corner

The other day I was on Twitter (I’m always on Twitter if I’m being honest) and I stumbled across a rant from Brian Krebs ( @briankrebs ) and oh my! His first tweet was this:

Screen Shot 2018-04-05 at 11.08.34.png

Afterwards he goes on an incredibly long rant about Panera and what they did. If you want to see all the tweets I recommend you go and look at them, I’ll give a brief description of the timeline.

It all started because Brian ran a story about Panera and the leaked customer records. That same day Panera issued a statement to Fox News that the breach only impacted 10k customer accounts. Interesting enough, Panera told Brian they had no numbers for him, that’s when the show started.

Brian then goes to criticize Panera, telling them they haven’t fixed the issue and that the 10k isn’t really 10k, but a number much much higher… somewhere around 37M. The next thing he does is pretty much yell at Panera for not trusting the security experts (a.k.a. people like himself). He then criticizes them a little bit more for not admitting what they did and asking a security expert for help.

The moral of the story is trust the security experts! Don’t downgrade them, don’t think the truth won’t come out, c’mon it’s the internet, everything come to the light at one point or another, if not, ask Cambridge Analytica.

I’m going to finish this blog with something Brian said and companies (or no one really) has to do: “most companies respond to breach notifications like they would a stranger telling them they have a cold sore on their lip”. Please don’t be that guy, and Panera, next time don’t mess with Brian.

tumblr_n8eipyPolE1qd9dz2o1_500.jpg

Facial recognition glasses in China

--Originally published at Let’s talk security. – Rudy's Corner

On Monday, China announced that their police will have facial recognition glasses , so that they can spot people traveling under false pretenses, some Chinese media outlet  featured a policewomen wearing a pair of those. This is huge news, because the glasses are connected to a police database that has over 10,000 suspects . And it analyzes everything in under 100 milliseconds. Imagine that, having a pair of glasses (or sunglasses) capable of analyzing such amount of information in such few time. This could very much help when trying to identify suspects with large crowds.

But also imagine if someone puts your picture on the database. That would just be terrible, the police officer would think you’re actually a suspect of something, he/she would arrest you, send you to the police station and wait for everything to be sorted out. Or also imagine if someone spies on the connection between the glasses and the database, and can actually see everything the glasses see, plus all the pictures that are on it. Yeah sure, they were made for helping police officers. But what if the technology gets in the wrong hands, and they create a database of their own, I don’t know, downloading pictures from Facebook, from, let’s say, kids of wealthy people, or them themselves. And they use the glasses on their help on kidnaping someone, so that they can identify the target easily on a crowd. I mean, it is just a thought.

And that is the just the first step on a long road to trying to make the world “safer”. The sad part is that all technology that is made for us to be safe can be used against us. But this is not a blog about guns or weapons or anything like that, so let’s get back Continue reading "Facial recognition glasses in China"

Happy Safer Internet Day!

--Originally published at Let’s talk security. – Rudy's Corner

Today is the Safe Internet Day 2018, and because of that Naked Security posted two articles: one talking about 3 things you can do for your social network, and the other side of the coin 3 things your social network can do for you. On those articles the authors talk about  three important things: 2FA, behaving in the web and logging off.

Two of them are pretty self explanatory. You need to behave while being online, just as you would if you were in the “real world”, and the Social Networks should monitor and punish those who aren’t following the rules and standards that are set. Logging off is a concept all of us know, but few people actually follow, must of us (myself included) leave our accounts logged in in our computers/phones/tablets, because it is way easier to just open the app or the browser and be there, there are quite a few reasons why we shouldn’t stay logged in, the first one if someone takes your phone they can just impersonate you, or when you are logged in the Social Networks track your movements around the web; to the Social Networks we ask to make it a little easier to log off to the different apps, so that we can automatically set it to log off when we’re not using it.

The third one, 2FA, stands for Two-Factor Authentication , and it pretty much means to add an extra layer of security. How it works is pretty simple: you add your phone number or there’s an additional app and with that a code is sent to you so you can put in after putting your usual password. With this, hackers won’t be able to access your account even if the have your username and password. The sad

SID_Thunderclap_(2).png
Continue reading "Happy Safer Internet Day!"

Updating is a must.

--Originally published at Let’s talk security. – Rudy's Corner

Earlier this week Brian Krebs published an article about the first “Jackpotting” attacks in the U.S., he mentions that the U.S. Secret Service quietly began letting ATM operators know that their ATMs were being targeted in the United States, for the first time ever. He then goes to talk about how this can happen, but I won’t go in full detail about it. If you want to read all about it I recommend going to his article where he explains everything perfectly. By the end Brian mentions that the reason this hacks were possible is because ATMs were still running on Windows XP, yes the same Windows that was released in 2001, 17 years ago!

This begs the questions: Why haven’t they updated their operating system? Why are they still using a software that was first released so long ago? It’d be as if the download speed of your intent is the same as it was 17 years ago, or if you were still using the same T.V. you bought at the beginning of the millennium.

This+was+my+rich+kid+tv+in+2000+built+in+_471406e1298636884b6482ebd2125064

Yes, this is a TV from the 2000.

Still the question remains: Why not change it? There is no clear action, but I’m sure that it goes along the lines of: “commodity”, “I didn’t think they could hack it”, “it is too difficult to change it”, “it would take too much time and effort”. But to that I can just ask: Have you updated the hardware of the ATMs in the last 17 years? Because, if they have, why not do the software too.

And now let me ask you a question: Have you been updating your softwares during the past year, month, week, day? Because if you haven’t, you’re more likely to be hacked. Check your computer, phone, tablet,

Continue reading "Updating is a must."

Welcome everyone

--Originally published at Let’s talk security. – Rudy's Corner

Hello! And welcome to this new part of my blogs, in them I will be talking about different  aspects about security regarding the internet, computers, technology in general. If you were looking for something about self defense or that kind of security this won’t be of much help.

I’ll try to post regularly, hope you enjoy the ride with me! Feel free to leave any comment,  I’ll make sure to read them.

PD: I’ll bring back all the GIFs.