Home / Blog / Filter / Blog
Subscribe to CERTSI - Blog RSS


Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: Software
OS X security model (I)

OS X security model (I)

Posted on 02/11/2016, by INCIBE
Security measures in OS X have been incorporated into the operating system base, with functions added and improved upon as different versions are published. Together,these measures form a layered model that reinforce the basic outline of typical POSIX permissions and provides a mechanism covering various aspects of protection against security threats. Let’s see how this system works. First line...
Let’s Encrypt: The democratisation of SSL certificates

Let’s Encrypt: The democratisation of SSL certificates

Posted on 02/02/2016, by Antonio Rodríguez (INCIBE)
There are still a great number of websites that do not use SSL/TLS certificates to encrypt their connections; this has been a problem in web communications security for years. There are various reasons for this; however, perhaps the most important is the fact that historically, having an SSL certificate was unviable economically, particularly for personal websites, SMEs, or small online shops...
Access denied

Basic Access control mechanisms in Systems Security

Posted on 11/27/2014, by Antonio López (INCIBE)
<p>In any IT system, especially if it’s multiuser, the access control of users and resources is fundamental for its security. That’s why it’s very important to have mechanisms that provide an appropriate segregation of privileges and user permissions, along with the administration of these and related elements.</p>
Navaja Negra Conference

Merovingio: Deceiving Malware

Posted on 11/06/2014, by Adrián Pulido (INCIBE)
At the most recent Navaja Negra conference held in Albacete on 2, 3, and 4 October, I had an opportunity to present a tool that INCIBE has been working on for months. This tool, Merovingio is an applications analyser that determines whether these are legitimate or malicious.