Tricking online tracking: disinformation as a means of protection
Light is regularly shed on news about espionage involving particularly prominent or high-profile individuals.
Audit and consulting
This section provides content of interest to professionals who understand and audit legal and regulatory compliance in cybersecurity, risk management, internal policies management and compliance, or are responsible for internal training in cybersecurity.
Logjam and other vulnerabilities in Spanish domains
After the discovery of several vulnerabilities associated related to the SSL/TLS protocol in 2014 and the first trimester of 2015, in the middle of last May “Logjam”, was disclosed, a new vulnerability that affects the security of Internet communications. Let's analyze its impact in Spanish domains
What is a correlation? And data analysis tools
When information of a dataset are analysed, whose origin or “feed” may be a database, information of raw files, logs, spreadsheet data, etc. one of the most powerful tools for drawing conclusions is to carry out correlations.
In the post “The importance of language, binary diffing and other “One Day” stories”, we highlighted that the term “correlation” has begun to be heard frequently. However,...
The importance of system hardening
Complaining is part of human nature. When it rains, why is it raining? When it is hot, why is it hot? When Real Madrid wins, why does Barcelona not lose, and vice-versa? The issue is that we complain. However, we do not always think what we can do to change or improve the causes of our complaints. Of course, not everything is under our control or in our hands, but we can do a lot, beginning...
Study of the security in cloud storage services: Analysis of Dropbox and Mega
Cloud storage services are receiving increasing popularity. But, how to choose among al the available alternatives? In this study, the main factors affecting security are described, creating a common framework for their analysis. Subsequently, these principles are applied for analyzing two of the main current solutions: Dropbox and Mega.
Use and Abuse of DNS
DNS is a protocol present in almost all network communications and therefore very attractive as a tool of attack and / or distribute malicious software such as viruses, botnets and malware. In this article some both offensive and defensive strategies based on the use of DNS are briefly outlined.