Tag: security

What does VPN means?

--Originally published at Computer and Information Security

Before we start, I’ll recommend you to see the following video regarding Virtual Private networks:

 

So what is a VPN?

A VPN is a connection between the computer and a server. The server is operated by the VPN service and it creates a secure connection between both of them by a tunnel. This connection makes the user to be part of the company’s network, as if the computer was on it. The tunnel hides the traffic until it leaves the tunnel. One of the main goals is to hide the IP address of the computer.

There are a lot of advantages while using a VPN, its important to notice that the number of functions of a VPN is interesting. I’ll mention three of them.

Advantages

  • It prevents anyone that is on the same network access point from intercepting your web traffic in a man-in-the-middle attack.
  • It makes harder for advertisers, or spies, or hackers to track you online.
  • Avoid censorship, but it could be against the law.

I think that one of the most remarkable ones is the first one. Using a VPN to avoid or prevent a interception from another person is a very useful took. It is important to mention that the VPN doesn’t protect your information entirely, but it can make it harder for people to track your online information. As an example, we can see this useful feature as a shield that protects your information from a man-in-the-middle attack.

Avoiding censorship might be illegal in some countries, maybe in most of them, but it can be very practical. We can see this as a tool for a journalist. A journalist needs to find information for his or her research, but maybe the country blocks this information for many reasons. In this case, a journalist

Screen Shot 2018-02-08 at 3.37.34 PM.png
Continue reading "What does VPN means?"

Choose the white hat!

--Originally published at Paco's adventures

No, I’m not telling to buy one (unless you really want one, then go for it!). What I’m saying is that, if you want to be a hacker, be a white hat hacker; yes, you can use a white hat if you want, but that’s not the real meaning of it.

white_balck_hat

You might not know but there are 3 types of hackers and they are represented by a hat with a certain color: Black, Gray and White. The black hat hackers are those who break into networks or other systems and do harmful stuff like taking down a website or service or steal and sell passwords, bank account or data in general.

The white hats are those called ethical computer hackers and they use their skills in security to help companies or the goverment to find possible security flaws that could be explode by black hats. Some black hats had turned to the white side after the goverment/company offer them a job because of their prowess in security. Some of the most known white hat hackers are:

  • Dan Kaminsky
  • Tsutomu Shimomura
  • Kevin Mitnick (former black hat)

The gray hats are the ones in the middle. They generally don’t have malicious intentions but they act illegally and they do what they do because they can, not because they want to earn money. If they get some kind of data, the way they use that data comes down to the hacker’s moral code.

Now you know that not all hackers are bad, some of them are here to help us. If you want to know more about  hackers, other security stuff or simply you liked the post leave a comment. Thanks for passing by!

Malware

--Originally published at Paco's adventures

You have heard about viruses, worms other things you may not know like ransomware, adware, etc. But, do you know the difference between them? Do you know what exactly are and they do to your computer? Well, let me tell you.

Firts, let’s define what is a malware. Malware, or Malicious Software, is a software design to cause harm to the computer and the user and this can go from stealing data to take control of the user’s computer. There are a lot of them, let me give you a brief explanation of some of them:

  • Adware: This downloads and displays advertisements in the user’s device. It usually doesn’t steal data but it is irritating because it forces the user to see ads and sometimes it creates pop-ups that you can’t close.
  • Bots and botnets: A bot, in terms of security, is an infected device that causes it to do something harmful without the owner’s knowledge; and a botnet is alrge group of those bots. Atackers use them for spam, phishing or DDoS attacks (Distributed Denial of Sevice).
  • Browser hijacker: This one changes the behavior of the browser, sending you to other web pages and sites you didn’t intend to visit or installing toolbars.
  • Keylogger: A keylogger keeps track of all the keys the user uses (passwords, emails, documents, etc.). You can infer that with this the attacker can access your network and accounts.
  • Phishing: It is an email attack that tries to trick the user into give out passwords, download something or visit a website that’s going to install a malware.
  • Ransomware: Here, the attacker encrypts the user’s data and files and will demand for money (in bitcoins). If the user doesn’t accept, the attacker will delete all the user’s data or publish it if it is something Continue reading "Malware"

Hi everyone!

--Originally published at Paco's adventures

Welcome all of you to a new section of my blog! Here I’ll be talking about a topic I’m really excited and one of my favorites: Cyber security. That’s right, I will post things about computer security, internet security, how to defend yourself and what you have to watch for.

I’ll try to post regularly and I hope you enjoy the content. Leave a comment if you want, I will read all of them and also if you have a question or want me to post about a topic in specific write it in the comments or send me an email.

Basic security principles

--Originally published at Stories by Dennis Kingston on Medium

1.- Imagine you’re in a foreign country and you need to access the internet to reply an email. What you do is try to connect your mobile phone or computer to a wifi right? so in this foreign country while searching for a wifi you find that there is a network that doesn’t have a password. Do you access it? The answer is NO! You never do that because it might be full with malware.

2.- Backups. You must have a backup of all your information in case it gets corrupted, or lost.

3.- Update all your systems, that’s one of the most important principles so that you can be more safe.

4.- As long as you can, encrypt all your data and try messaging through applications that encrypt all your messages.

5.- Install an anti-virus never install two or more because they will fight for resources and in the end they won’t be able to work good.

6.- Most people don’t know that it is very important that you don’t repeat the same password with every account you use. Try using different passwords and install a password manager like LastPass so that you don’t have to remeber every password you use.

Basic security principles

--Originally published at Stories by Dennis Kingston on Medium

1.- Imagine you’re in a foreign country and you need to access the internet to reply an email. What you do is try to connect your mobile phone or computer to a wifi right? so in this foreign country while searching for a wifi you find that there is a network that doesn’t have a password. Do you access it? The answer is NO! You never do that because it might be full with malware.

2.- Backups. You must have a backup of all your information in case it gets corrupted, or lost.

3.- Update all your systems, that’s one of the most important principles so that you can be more safe.

4.- As long as you can, encrypt all your data and try messaging through applications that encrypt all your messages.

5.- Install an anti-virus never install two or more because they will fight for resources and in the end they won’t be able to work good.

6.- Most people don’t know that it is very important that you don’t repeat the same password with every account you use. Try using different passwords and install a password manager like LastPass so that you don’t have to remeber every password you use.

Two factor authentication

--Originally published at Stories by Dennis Kingston on Medium

During the last month, I’ve been learning a lot of things about security, and I’ve been amazed on how many ways you can be fooled by people that want to get access to your personal information, such as your bank account.

Since the first class, our teacher told us about authentication, but more specifically, about two factor authentication. Some doubts came up to my mind because I hadn’t heard a lot about it.

Two factor authentication, is a way to ensure, that the person that is trying to access, is the real person that is allowed, and not some other that wants to crack your data. As the name says, it uses two methods to authenticate. The methods must be a combination like asking for a password and giving a token to type in, or any form of biometrics like an eye scanner or fingerprint scanner.

As an example, banking systems use this way of authentication because it really makes a difference when it comes to security. Most of the banking systems ask you for your password, and a token so that they can make sure that you’re the one trying to access to your own account.

All in all, it is pretty good to use this methods to authenticate, but if the webpages you visit doesn’t support this type of authentication, I recommend to use different passwords and have a password manager like LastPass.

IOT and botnets

--Originally published at Security – Hermes's Blog

Internet of things is the name that people give to whatever device that is not a pc (a microwave, a fridge, a pan, etc.) and is connected to the internet. Its purpose is to provide the device with useful functionalities that are only possible when you have the amount of data that is available on the internet, and to be able to comunicate with other devices.

The problem is, these kind of devices are super vulnerables becacuse they are never updated. Every now and then new security issues in protocols and implementations are discovered, recent examples are the dirty cow, krack attacks, meltdown and specter. These devices basically provide an army for hackers, they can infect Iot devices and take control of them whenever they want. Infected Iot devices can even propagate the infection to other nearby devices.

And so, a botnet is capable of DDoS attacks, since all their own IP addresses are unique and usually non related.

And now, the solution is, companies should update their devices, but there’s a problem, these companies are not usually very involved in tech, I mean, Google does not manufactor microwaves (though it would be cool). These companies usually stop suporting a device as soon as a new version of the device arrives to the market. I think a more realistic solution is, users should think about what they buy, do they really need a baby monitor connected to the internet? That’s super creepy if you ask me.

Source:

https://www.forbes.com/sites/bernardmarr/2017/03/07/botnets-the-dangerous-side-effects-of-the-internet-of-things/#4c826c713304

Keybase

--Originally published at Stories by Dennis Kingston on Medium

The last class of security, some colleagues made a presentation about cryptography which was pretty interesting because we learned some new things like the public and private key and how they work so that you can send data in a very secure way. We used an application called Keybase which is a secure chat based on GPG which is based on the RSA algorithm. This gives you the confidence that no one’s going to see what you are talking except the other person you are talking to.