Security and STATS (not security stats)

--Originally published at Alfonso reviews…

I know this is not the way to start a blogpost, but this post is going to be a long one, and yes, you’ll get a potato.

You may or may not know what I mean when saying STATS, for those wondering, STATS is a project where I’ve been working for the last 15 weeks, and it involves a web app, elementary school kids, and math.

Basically at the start of this semester, when creating my schedule, all my subjects were gone, and I got this notification saying, do you wish to register the STATS package, and I thought to myself, “do I get to choose?” Long story short, the answer was NO and I ended up in an interesting way of learning and developing as an ISC. No homeworks, no exams, just us developers, and the project at hand, that was the promise, some teachers respected it, some others didn’t, but that’s another story.

My team, which I think is the best team where I’ve worked ever, (If you guys are reading this, thanks for this semester) and I decided to make it happen, and we created a web app featuring an adventure of a spaceship on its journey to the Red Planet, math here and there and funny stuff.

The app intended audience/users are kids in elementary school, and their respective teachers as administrators of the system, the kids would play the game, and we would be collecting data, analizing it, and sending it to the teachers helping them with their work…

Data… Security… I wonder if those two should be related in any way, oh, yeah, they should be like father and son, like wolves and the moon, and like that bubblegum in your shoe.

With that being said, lets start our ride on how security

Continue reading "Security and STATS (not security stats)"

Code of Ethics with pictures

--Originally published at Surviving CS


Ken Bauer being an awesome teacher.

Personal Integrity

Bending the rules.


Trusting others with your personal information: Leap of Faith.

Laws and Policies

Treat with care


Show other interests and find a new way to communicate them to others.

System Integrity
Outdoor networking devices: respect them.

New ways to learn


Responsibility to Computing Community
Computing is not the only community that exists.


Social Responsibility
Follow the rules

Ethical Responsibility

Source: Every picture belongs to Toatzin Padilla

Excuse me, who are you?

--Originally published at Don't Trust Humans, Trust Computers

Each person in this planet has something that identifies him/her. It could be a physical characteristic, like nose shape, eye color, hair, a scar, etc., or it could be a non-physical thing like voice tone, name, the way you speak, and so on. We even have legal documents that verify who we are in a society. No matter in what part of the world we are, we are someone and we can probe that we are the person we say we are. But if the pass from the physical world into the digital one. In the digital world, we can be any one and there’s no one that is checking if we are really who we say we are, or maybe there is? The truth is it depends on how you see it. Because there are websites, like Tumblr that ask you for a user and a password, so there is really someone checking that the user and password match, but once inside Tumblr is another story. If you came to realize, there are many places in the digital environment that ask for a user and password, and that is important matter in the security aspect.


Authentication and access control are two complementary topics that go on hand in hand. Most of the time you want this type of security in any system you are in to protect the information that is inside a system. And of course, it affects which user access the system. Authentication is the process of verifying if you are really the user you say you are. This process there are two key elements: the identifier and the authenticator. By identifier we mean the user, that tells who you are and the identifier is commonly known as the password that verifies that is truly you who is

Continue reading "Excuse me, who are you?"

Security Countermeasures

--Originally published at Don't Trust Humans, Trust Computers

We live in an era, where everybody has some kind of digital device. Most of us have at least 2 of this devices, if not more. We interact with them in a daily basis; in our work, in our home, at the school, at entertainment centers, etc. This gadgets are taking over the world, but most importantly our lives. And if this devices are being an essential part of our lives, well… we are very likely to have some security threats on our way. In our lives, we are always expose to some kind of threat, even if we like it or not, and if we have a digital device, we are expose to a different new kind of threat, that it didn’t exist before.

Security concept: Closed Padlock on computer keyboard background

There exist so many cyber security threats out in the world, and we need to be prepared if we encounter one. So here I am going to list you some of the most common threats and some countermeasures to those problems.

  1. Spoofing user identity.- using a fake authentication to gain access to a system.
    • Countermeasures:
      • Do not store passwords in files.
      • Use a strong authentication.
      • Do not send passwords over the internet.
  2. Tampering with Data.- unauthorized modification of data.
    • Countermeasures:
      • Use digital signatures.
      • Use data hashing and signing.
      • Use strong authentication.
  3. Information Disclosure.- unwanted exposure of data.
    • Countermeasures:
      • Use strong encryption.
      • Use strong authentication.
  4. Phishing.- making use of a fake email or webpage so user can put personal information
    • Countermeasures:
      • Delete suspicious email.
      • Enter to verify websites.
      • Look for digital signatures.
  5. Malicious Code.- software that cause malfunctions inside a system.
    • Countermeasures:
      • Turn off automatic downloading.
      • Block malicious websites.
      • Stay current with OS updates.
  6. Weak and Default Passwords

I can’t read you message

--Originally published at Don't Trust Humans, Trust Computers

In 2014, a movie called “The Imitation Game” was released. This movie is about Alan Turing, one of the fathers of computer science. He build a machine capable of figuring out the secret message the Germans where transmitting to each other, back in the WWII era. The messages the germans were sending and receiving, were encrypted messages that only they know how to decrypted them. Turing was clever enough to build a machine that could decrypt those message, and thanks to that the Allies gained a great advantage against the Axis. Of course, it took a lot of Turing’s patience and time, to be able to build this machine. I bring this movie, because in it is about cryptography.


For those who doesn’t know what cryptography is, well, is the process of securing information from other people. In other words, is about making text unreadable to persons for who’s the message doesn’t concern at all. Like for example, let’s say you want to send a message in class to your friend, but you don’t want anybody but your friend to understand the message. So you and your friend plan to have a secret code so the text you and him write could only be deciphered by you.

In cryptography, there are two main processes, the first one is encryption and the second one is decryption. Encryption is all about making a normal plain text into something unreadable, just converting a text into random letters. And decryption is the other way around, is the process of converting the unreadable text into an understandable text again.


There exists many algorithms that will do encryption and decryption, some of them are pretty simple, while other are more complex. To these algorithms we called them ciphers. Some of the most famous ciphers are:

Classic Security Architecture Models

--Originally published at Don't Trust Humans, Trust Computers

In a past post , I talked about security policies and how are they made; but I didn’t said how they are put in action. The policies only tells you how things need to be organize and how are they suppose to function. They are the sets of rules in the system. There are some security policies that are behaviors that people need to have inside a company, and there are other policies that specify the behavior of the system. If the security policies only say how things are suppose to be, then how can we make sure they are being follow correctly? For that reason there exist security models.


A security model is the representation of the security policy. The security model abstracts the goals of the policy and makes them a reality in the system, by creating the necessary code inside the system. The security model is the concrete way of how the policies are going to be fulfill in the system. Lets see the policies as the goals or the end results and the models as the way of how we are going to achieve does goals. There some very well known models, that many people use. These models are:

  • State Machine Models
    • Bell-LaPadula Model
    • Biba Model
    • Clark-Wilson Model
  • Information Flow Model
  • Noninterference Model
  • Brewer and Nash Model

State Machine Model

This model focuses by using “states” that will say if the system is secure or not. In here we check the instance of subjects accessing objects and checking if the state is safe. When we use the word state, we address it as a moment in time in the system. When a system is moving form one state to another we call it state transition. The purpose of the state machine is to always stay in safe

Continue reading "Classic Security Architecture Models"