Reuben Paul, el niño de 11 años que hackea ositos de peluche y ya tiene su propia empresa de ciberseguridad – El Mostrador

Este joven estadounidense, un prodigio de la informática, se llama a sí mismo “ciberninja” y a través de su propia empresa quiere “educar a la gente, enseñarles cosas nuevas” sobre la seguridad en el mundo cibernético.

Fuente: Reuben Paul, el niño de 11 años que hackea ositos de peluche y ya tiene su propia empresa de ciberseguridad – El Mostrador


With authoritarianism and state surveillance on the rise, how can civil society be protected from digital threats?

Policymakers have given a great deal of attention to the cyber security of governments, critical infrastructure, military targets and commercial enterprises. But civil society groups are also under threat, including human rights defenders, environmental activists, political watchdogs, and other groups promoting the rule of law and democracy.What can be done about these digital threats to civil society around the world?

Fuente: With authoritarianism and state surveillance on the rise, how can civil society be protected from digital threats?


Google and Microsoft in war of words over bug disclosure | Technology | The Guardian

The bug, which allows privilege escalation in Windows, was discovered by Google on 21 October. An attacker can use it to access things they should not be able to, and according to Google, it is already being actively exploited in the wild.

Fuente: Google and Microsoft in war of words over bug disclosure | Technology | The Guardian


DDoS attack that disrupted internet was largest of its kind in history, experts say | Technology | The Guardian

The cyber-attack that brought down much of America’s internet last week was caused by a new weapon called the Mirai botnet and was likely the largest of its kind in history, experts said.

Fuente: DDoS attack that disrupted internet was largest of its kind in history, experts say | Technology | The Guardian


Ex-Yahoo Employee: Government Spy Program Could Have Given a Hacker Access to All Email

Contrary to a denial by Yahoo and a report by the New York Times, the company’s scanning program, revealed earlier this week by Reuters, provided the government with a custom-built back door into the company’s mail service — and it was so sloppily installed that it posed a privacy hazard for hundreds of millions of users, according to a former Yahoo employee with knowledge of the company’s security practices.

Fuente: Ex-Yahoo Employee: Government Spy Program Could Have Given a Hacker Access to All Email


Payments networks battle new breed of criminals in cyber attacks – FT.com

Payments networks — whether Swift or the latest peer-to-peer money transfer app — are only as trustworthy as their weakest link. Even if data are encrypted in transit, each bank or individual on a network must be able to reliably prove who they are — and authentication in payments still has a way to go.

Fuente: Payments networks battle new breed of criminals in cyber attacks – FT.com


Someone Is Learning How to Take Down the Internet – Schneier on Security

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.

Fuente: Someone Is Learning How to Take Down the Internet – Schneier on Security


Google Chrome Will Start Shaming Unencrypted Websites in January | Motherboard

Starting in January of 2017, Google’s Chrome browser will start flagging some websites that don’t use web encryption as “Not Secure”—the first step in Google’s eventual plan to shame all sites that don’t use encryption.

Fuente: Google Chrome Will Start Shaming Unencrypted Websites in January | Motherboard


Amistosa Caja Anti Vigilancia | Derechos Digitales

Con mucho orgullo y de manera oficial, Derechos Digitales presenta hoy la Amistosa Caja Anti Vigilancia, un conjunto de herramientas y consejos prácticos que te ayudarán a resguardar mejor tu información personal y la de otros. Pareciera ser que hoy más que nunca es necesario proteger nuestros datos, pues siempre hay alguien intentando acceder a ellos: empresas privadas, cibercriminales y el mismo Estado.

Fuente: Amistosa Caja Anti Vigilancia | Derechos Digitales


Hackean grupo de espionaje de la NSA y subastan información por 1 millón de bitcoins | CriptoNoticias – Bitcoin, Blockchain y criptomonedas

Un grupo de hackers vinculado a la Agencia de Seguridad Nacional de los Estados Unidos, mejor conocida como la NSA (National Security Agency), ha sido hackeado recientemente y sus herramientas de espionaje, recolección de información, malware y más, han sido puestas en venta por 1 millón de bitcoins (más de 550 millones de dólares al momento de la publicación).

Fuente: Hackean grupo de espionaje de la NSA y subastan información por 1 millón de bitcoins | CriptoNoticias – Bitcoin, Blockchain y criptomonedas


¿Son estas las armas de espionaje de la NSA? | Derechos Digitales

Un grupo de hackers dice haber obtenido información confidencial de Equation Group, un conocido y sofisticado grupo de ciber atacantes ligado a la NSA. Parte de la información publicada permite por primera vez echar un vistazo a las herramientas utilizadas por la agencia de seguridad estadounidense.

Fuente: ¿Son estas las armas de espionaje de la NSA? | Derechos Digitales


Bulk data collection vital to prevent terrorism in UK, report finds | World news | The Guardian

The bulk collection of personal data by British spy agencies is vital in preventing terrorist attacks, an independent review of draft security legislation has found.David Anderson QC, the independent reviewer of terrorism legislation, concluded that laws giving MI5, MI6 and GCHQ the right to gather large volumes of data from members of the public had a “clear operational purpose”.

Fuente: Bulk data collection vital to prevent terrorism in UK, report finds | World news | The Guardian


El pionero satélite cuántico chino que puede revolucionar las comunicaciones del mundo – El Mostrador

Se trata de un millonario y ambicioso proyecto apodado QUESS, que pone al gigante asiático a la cabeza de una revolución tecnológica: crear nuevas redes de comunicación globales a prueba de hackeos.

Fuente: El pionero satélite cuántico chino que puede revolucionar las comunicaciones del mundo – El Mostrador


Edward Snowden’s New Research Aims to Keep Smartphones From Betraying Their Owners

National Security Agency whistleblower Edward Snowden has been working with prominent hardware hacker Andrew “Bunnie” Huang to solve this problem. The pair are developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. They argue that a smartphone’s user interface can’t be relied on to tell you the truth about that state of its radios. Their initial prototyping work uses an iPhone 6.

Fuente: Edward Snowden’s New Research Aims to Keep Smartphones From Betraying Their Owners


La grave falla que afecta a 900 millones de teléfonos Android y cómo saber si el tuyo es vulnerable – El Mostrador

La firma de seguridad Checkpoint detectó varias fallas de seguridad que pueden dar a potenciales atacantes acceso a los datos en más de 900 millones de dispositivos Android. ¿De qué se tratan? ¿Y cómo puedes averiguar si te afectan?

Fuente: La grave falla que afecta a 900 millones de teléfonos Android y cómo saber si el tuyo es vulnerable – El Mostrador


Cyber experts warn of hacking capability of drones – FT.com

Hackers could employ flying drones to buzz office buildings and intercept corporate communications, cyber security researchers have warned ahead of the industry’s annual gathering.A simple drone can be used to attack WiFi, bluetooth and other wireless connections such as those used in contactless payment cards, making it as easy to intercept information in a private building as it is in a public café.

Fuente: Cyber experts warn of hacking capability of drones – FT.com


Security Tips Every Signal User Should Know

Although Signal is well-designed, there are extra steps you must take if you want to maximize the security for your most sensitive conversations — the ones that could be misinterpreted by an employer, client, or airport security screener; might be of interest to a snooping government, whether at home or abroad; or could allow a thief or hacker to blackmail you or steal your identity.

Fuente: Security Tips Every Signal User Should Know


Take that, FBI: Apple goes all in on encryption | Technology | The Guardian

The new feature is just the latest move towards more widespread encryption in consumer technology products following Apple’s standoff with the FBI earlier in 2016, in which it refused to help the agency weaken its own security processes to access information on an iPhone belonging to a terrorist. Facebook and Google both pledged support for Apple during the fight, and both are subsequently reported to be planning encrypted versions of their messaging apps.

Fuente: Take that, FBI: Apple goes all in on encryption | Technology | The Guardian


FTC’s chief technologist gets her mobile phone number hijacked by ID thief | Ars Technica

In a scenario that’s growing increasingly common, the chief technologist of the US Federal Trade Commission recently lost control of her smartphone after someone posing as her walked into a mobile phone store and hijacked her number.

Fuente: FTC’s chief technologist gets her mobile phone number hijacked by ID thief | Ars Technica


El celular de 16 mil dólares que ofrece seguridad militar a los famosos – El Mostrador

El nuevo celular de la startup londinense Sirin Labs se jacta de ser el mejor en lo que a seguridad se refiere: tiene un sistema de cifrado “nivel militar”.

Fuente: El celular de 16 mil dólares que ofrece seguridad militar a los famosos – El Mostrador


SS7 Attack Circumvents WhatsApp and Telegram Encryption – UPDATED

Mobile networking experts from security firm Positive Technologies revealed last week a new attack that uses the SS7 mobile telecommunications protocol that allows attackers to impersonate mobile users and receive messages intended for other people.

Fuente: SS7 Attack Circumvents WhatsApp and Telegram Encryption – UPDATED


¿Hasta qué punto son seguras las telecomunicaciones cifradas? – El Mostrador

Con la mirada puesta en la anhelada meta de la privacidad, la universalización del cifrado para la seguridad de las telecomunicaciones en internet se perfila ya como un camino sin retorno, avalado por los últimos movimientos de populares plataformas en el sector, aunque teñido de sombras.

Fuente: ¿Hasta qué punto son seguras las telecomunicaciones cifradas? – El Mostrador


San Bernardino iPhone: US ends Apple case after accessing data without assistance | Technology | The Guardian

With the court filing, Silicon Valley and Washington are poised to return to a cold war over the balance between privacy and law enforcement in the age of apps

Fuente: San Bernardino iPhone: US ends Apple case after accessing data without assistance | Technology | The Guardian


Government keeping its method to crack San Bernardino iPhone ‘classified’ | Technology | The Guardian

Revealed: After postponing a court hearing with Apple, the FBI is testing a new technique which Apple says they will pressure government to reveal

Fuente: Government keeping its method to crack San Bernardino iPhone ‘classified’ | Technology | The Guardian


Facebook, Google and WhatsApp plan to increase encryption of user data | Technology | The Guardian

Spurred on by Apple’s battles against the FBI, some of tech’s biggest names are to expand encryption of user data in their services, the Guardian can reveal

Fuente: Facebook, Google and WhatsApp plan to increase encryption of user data | Technology | The Guardian


Wanting it badly isn't enough: backdoors and weakened crypto threaten the net / Boing Boing

As you know, Apple just said no to the FBI’s request for a backdoor in the iPhone, bringing more public attention to the already hot discussion on encryption, civil liberties, and whether “those in authority” should have the ability to see private content and communications — what’s referred to as “exceptional access.”

Fuente: Wanting it badly isn’t enough: backdoors and weakened crypto threaten the net / Boing Boing


Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On | WIRED

The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation.  In the interest of clarifying the facts and correcting some misinformation, we’ve pulled together a summary of the issues at hand.

Fuente: Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On | WIRED


We cannot trust our government, so we must trust the technology | US news | The Guardian

Apple’s battle with the FBI is not about privacy v security, but a conflict created by the US failure to legitimately oversee its security service post Snowden

Fuente: We cannot trust our government, so we must trust the technology | US news | The Guardian


Cómo empezar a utilizar el navegador anónimo Tor, paso a paso

Tor es una de las mejores herramientas para conectarse a Internet de manera segura (si no la mejor). Aunque no es perfecta, configurarla es tan sencillo que cualquier persona que acceda a la web con frecuencia debería tenerla instalada y lista para usarse. Te explicamos cómo hacerlo. Dejando a un lado el apartado técnico, conectarse […]

Fuente: Cómo empezar a utilizar el navegador anónimo Tor, paso a paso


FireEye bulks up for ‘cyber arms race’ – FT.com

FireEye, a cyber security company, has bought threat intelligence start-up iSight Partners, as it seeks to compliment its machine learning with data gathered by humans who watch hackers in the darkest corners of the internet. With the acquisition,

Fuente: FireEye bulks up for ‘cyber arms race’ – FT.com


Intel Security’s Chris Young tells cyber sector to go on offensive – FT.com

Intel Security’s Chris Young tells cyber sector to go on offensive – FT.com.

 

Hacker; Cyber Security

The president of Intel Security has admonished the cyber security industry for being “too reactive” and focusing on the symptoms of attacks rather than the underlying causes.

Chris Young said that the sector had become “bogged down” in data while cyber attackers get better funded, more innovative and improve their skills.

“In security we’re chasing the symptoms like malware and vulnerabilities when we’d be smarter if we knew the context of attacks, who the attackers are and why do I care about them.”“We are swimming in symptoms but we don’t really understand the problem in many cases. To use a human analogy, I’m sneezing, I can’t breathe easily, I have a runny nose: do I have a cold, flu or allergies?” he said.

Mr Young told the Financial Times at the RSA cyber security conference that President Barack Obama’s new information sharing proposals, announced in the State of the Union speech, risk creating a flood of new data on attacks that few companies are skilled at processing. The US House of Representatives could vote on the bill this week.

 


Wi-Fi hack creates 'no iOS zone' that cripples iPhones and iPads | Technology | The Guardian

Wi-Fi hack creates ‘no iOS zone’ that cripples iPhones and iPads | Technology | The Guardian.

A woman uses her iPhone while waiting to cross an intersection in Beijing, China, 28 January 2015. A woman uses her iPhone while waiting to cross an intersection in Beijing, China, 28 January 2015. Photograph: Rolex Dela Pena/EPA

A newly revealed bug in iOS lets attackers force iPhones and iPads into restart loops, repeatedly crashing and rebooting, using nothing but aWi-Fi network.

Once the user has entered what its discoverer, security researchers Skycure, dubs the “no iOS Zone”, there’s no way to fix their phone other than escaping the range of the malicious network; every time it reboots, it crashes almost immediately.

The basis of the attack uses a “specially crafted SSL certificate”, typically used to ensure a secure connection, to trigger a bug in the operating system that crashes out any app using SSL.

“With our finding, we rushed to create a script that exploits the bug over a network interface,” the researchers wrote. “As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”

But in addition to crashing individual apps, the bug can be used to crash the underlying operating system as well. “With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless.

“Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state as shown in the video.”


Hacker-fighting prowess on show at cyber security conference – FT.com

Hacker-fighting prowess on show at cyber security conference – FT.com.

A man types on a laptop computer in an arranged photograph taken in Tiskilwa, Illinois, U.S., on Thursday, Jan. 8, 2015. U.S. officials are discussing whether new standards should be set for government action in response to hacks like the one suffered by Sony Pictures Entertainment, such as if a certain level of monetary damage is caused or if values such as free speech are trampled, National Security Agency Director Michael Rogers said in an interview with Bloomberg News. Photographer: Daniel Acker/Bloomberg©Bloomberg

When cyber security start-ups set out their stalls at the industry‘s largest annual conference on Monday, they will be looking to show off their hacker-fighting prowess not just to buyers of security products, but also to Wall Street investors.

A new generation of cyber security companies is preparing to go public, as analysts predict a rise in security spending by boards desperate to protect themselves from becoming the next Sony Pictures, Home Depot or Target.

Dan Ives, an analyst at FBR Capital Markets, says investors will be flocking to the RSA Conference in San Francisco this week because cyber security is a $15bn-$20bn market opportunity in the next three years.

“Seven or eight years ago you could hear a pin drop at RSA,” he said. “Now it is going to be like a Bon Jovi rock concert.”

“It is the seminal event in cyber security: the new year’s eve, the wedding, the bar mitzvah,” he added.

VC funds have been flooding into cyber security, surpassing $1bn for the first time in the first quarter of 2015, according to data from private company research firm PrivCo. VC funding for security software start-ups hit $2.3bn in 2014, up more than a third from the year before. Just four years ago, less than $1bn was raised by cyber security companies for a whole year.

 


Microsoft olvida un ‘bug’ de hace 18 años que hace vulnerable a todas las versiones de Windows – BioBioChile

Microsoft olvida un ‘bug’ de hace 18 años que hace vulnerable a todas las versiones de Windows – BioBioChile.


AFP

AFP

Publicado por Eduardo Woo

El grupo de seguridad informática CERT ha reportado esta semana un error (o bug)en Windows que permite robar contraseñas desde cualquier versión, incluido Windows 10, servidores y tabletas.

El problema afecta ya a más de 30 empresas, las que han comenzado a ser asesoradas por el equipo especializado, quienes notaron que la falla existe desde hace 18 años.

Este bug se ha bautizado como “redirección a SMB”, debido al protocolo Server Message Block implicado, según informa el diario español El Confidencial.

De momento se desconoce una solución a la amenaza, la que debiera ser corregida por Microsoft mediante un parche, que aún no llega a las distintas versiones.


Cyber criminals lead race to innovate – FT.com

Cyber criminals lead race to innovate – FT.com.

 

Devices to simulate cyber crimes are displayed at Interpol Global Complex for Innovation (IGCI) at its newly built building during the inauguration opening ceremony in Singapore on April 13, 2015. The Interpol Global Centre for Innovation opened its doors with officials hoping it will strengthen global efforts to fight increasingly tech-savvy international criminals. AFP PHOTO / ROSLAN RAHMAN©AFP

Cyber criminals are advancing faster than companies can defend themselves, with denial of service attacks worsening, ransoms on the rise and data breaches targeting more high-profile retailers, according to two widely followed reports from cyber security companies.

Five out of six large companies were targeted by an advanced hacker last year, up 40 per cent from the year before, according to a report compiled by Symantec, the internet security company.

He said the cyber world was similar to the business world, with criminals selling more ways to attack companies to meet demand, and copying their rivals’ most lucrative tactics.Kevin Haley, director of Symantec’s security response product and an author of the report, said the threat continued to rise because criminals had been so successful.

 


Qué es y cómo usar PGP en tu vida diaria – FayerWayer

Qué es y cómo usar PGP en tu vida diaria – FayerWayer.

El sistema de cifrado PGP cifra tus correos y comunicaciones de forma segura, de persona a persona.

Cuando Edward Snowden y Laura Poitras lograron ponerse en contacto y burlar a las agencia de seguridad estadounidenses y sus aliados gracias a que una de sus primeras comunicaciones fue encriptada. En ese correo electrónico Snowden le pedía a Poitras que aumentara el nivel de seguridad de su correo con una nueva llave más segura ya que la NSA es capaz de generar un trillón de contraseñas por segundo.

 

Snowden, Poitras y millones de personas ahora usan cada día cifrado para proteger sus comunicaciones. No se trata de hacer más difícil a la NSA saber qué dices, se trata de proteger cualquier tipo de información persona de cualquier otra persona, organización o sistema exterior que intenta espiarte.

 

PGP es uno de los sistemas de cifrado más comunes y usados del mundo, también uno de los más seguros. El acrónimo de Pretty Good Privacy es un desarrollo original de Phil Zimmermann, que hoy en día tiene sus esfuerzos puestos en Silent Cirle, una empresa que quiere crear sistemas seguros para comunicaciones globales cuyo primer producto físico fue BlackPhone, que recientemente se actualizó en su segunda edición Blackphone 2.

 

PGP es un criptosistema que cifra el contenido de un texto comprimiéndolo buscando patrones repetitivos en el texto, de la misma forma que por ejemplo la compresión de un archivo JPEG busca patrones repetitivos en la imagen para hacer más ligero el archivo.

 

¿Por qué cifrar tus comunicaciones?

 

No se trata de que tengas algo que esconder, si no de que tienes comunicaciones que no tienen porque ser escuchadas o leídas por otras personas.

El cifrado de mensajes es algo que hoy por hoy es tedioso y que requiere que un mínimo de dos personas tengan llaves públicas para poder enviarse un correo cifrado y no fallar en el intento. Pero como muchas de las tecnologías que se veían complicadas, poco a poco hay más aplicaciones y servicios que ponen la seguridad por delante, ya sea haciendo extremadamente fácil el cifrar un email como lo hace Yahoo, o integrando en una aplicación cifrado por defecto.


Passphrases That You Can Memorize — But That Even the NSA Can't Guess – The Intercept

Passphrases That You Can Memorize — But That Even the NSA Can’t Guess – The Intercept.

Featured photo - Passphrases That You Can Memorize — But That Even the NSA Can’t Guess

It’s getting easier to secure your digital privacy. iPhones now encrypt agreat deal of personal information; hard drives on Mac and Windows 8.1computers are now automatically locked down; even Facebook, which made a fortune on open sharing, is providing end-to-end encryption in the chat tool WhatsApp. But none of this technology offers as much protection as you may think if you don’t know how to come up with a good passphrase.

A passphrase is like a password, but longer and more secure. In essence, it’s an encryption key that you memorize. Once you start caring more deeply about your privacy and improving your computer security habits, one of the first roadblocks you’ll run into is having to create a passphrase. You can’t secure much without one.

For example, when you encrypt your hard drive, a USB stick, or a document on your computer, the disk encryption is often only as strong as your passphrase. If you use a password database, or the password-saving feature in your web browser, you’ll want to set a strong master passphrase to protect them. If you want to encrypt your email with PGP, you protect your private key with a passphrase. In his first email to Laura Poitras, Edward Snowden wrote, “Please confirm that no one has ever had a copy of your private key and that it uses a strong passphrase. Assume your adversary is capable of one trillion guesses per second.”

In this post, I outline a simple way to come up with easy-to-memorize but very secure passphrases. It’s the latest entry in an ongoing series of stories offering solutions — partial and imperfect but useful solutions — to the many surveillance-related problems we aggressively report about here atThe Intercept.

It turns out, coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you’ll probably do a bad job of it. If you use an entirely random sequence of characters it might be very secure, but it’s also agonizing to memorize (and honestly, a waste of brain power).

But luckily this usability/security trade-off doesn’t have to exist. There is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. The method is called Diceware, and it’s based on some simple math.