Andres Galarza

Credit Crunch: Detailed Financial Histories Exposed for Thousands

December 2, 2017 by Andres Galarza Leave a Comment

https://www.upguard.com/breaches/credit-crunch-national-credit-federation

Coming only months after the revelation that the personal information of over 143 million Americans had been stolen from the systems of credit agency Equifax, the UpGuard Cyber Risk Team has discovered a new, damaging exposure from within a financial firm, which, beyond revealing critical internal data, also exposes customer information compiled by all three major credit agencies. This highly concentrated level of exposure, thoroughly revealing customer credit history several times over, serves to highlight the myriad dangers a single exposure can unleash.

First US Federal CISO Shares Security Lessons Learned

December 2, 2017 by Andres Galarza 1 Comment

https://www.darkreading.com/attacks-breaches/first-us-federal-ciso-shares-security-lessons-learned

As the first CISO of the US federal government, and with an extensive background in government cybersecurity and the military, Touhill has several stories of his own. Drawing from years of experience, the Cyxtera president shared his own lessons learned to kick off an event created to bring cyber defenders together so they can discuss problems and challenges.

Sex toy company admits to recording users’ remote sex sessions, calls it a ‘minor bug’

November 10, 2017 by Andres Galarza 2 Comments

https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-surveillance

Today, a Reddit user pointed out that Hong Kong-based sex toy company Lovense’s remote control vibrator app (Lovense Remote) recorded a use session without their knowledge. An audio file lasting six minutes was stored in the app’s local folder. The users says he or she gave the app access to the mic and camera but only to use with the in-app chat function and to send voice clips on command — not constant recording when in use. Other users confirmed this app behavior, too.

Do you need a VPN?

November 4, 2017 by Andres Galarza 1 Comment

I thought this post by Mozilla was easy to understand and fairly comprehensive. This, combined with a post on either Reddit or Hacker News about the topic also brought up the alarming fact that some people pay for VPN apps on the Apple Store of Google Play Store without doing any research!

The Internet Worm of 1988

November 4, 2017 by Andres Galarza Leave a Comment

On the evening of November 2, 1988, a self-replicating program was released upon the Internet (1) This program (a worm) invaded VAX and Sun-3 computers running versions of Berkeley UNIX, and used their resources to attack still more computers (2). Within the space of hours this program had spread across the U.S., infecting hundreds or thousands of computers and making many of them unusable due to the burden of its activity. This paper provides a chronology for the outbreak and presents a detailed description of the internals of the worm, based on a C version produced by decompiling.

Facebook security boss says its corporate network is run “like a college campus” (Autoplay Video)

October 22, 2017 by Andres Galarza Leave a Comment

http://www.zdnet.com/article/leaked-audio-facebook-security-boss-says-network-is-like-a-college-campus/

Alex Stamos is Facebook’s Chief Security Officer and he essentially says that the organization isn’t where he’d like it to be from a network security perspective. He goes on to say that Facebook’s threat profile should be more akin to a defense contractor (Raytheon, Lockheed Martin, etc.) but currently their posture is closer to that of a college campus.

I deleted my Facebook profile about a year ago. Personally, I don’t get enough value out of the services.

Movies for Hackers

October 14, 2017 by Andres Galarza Leave a Comment

https://github.com/k4m4/movies-for-hackers

Another light post that I found courtesy of Reddit.

The Science Behind “Blade Runner”’s Voight-Kampff Test

October 8, 2017 by Andres Galarza 1 Comment

http://nautil.us/blog/the-science-behind-blade-runners-voight_kampff-test

Lighter read in the spirit of Blade Runner 2049 being released.

‘Daily Stormer’ Termination Haunts Cloudflare in Online Piracy Case

October 1, 2017 by Andres Galarza Leave a Comment

Cloudflare’s CEO is quoted below.

“I woke up this morning in a bad mood and decided to kick them off the Internet,” he announced.

Though there’s nothing especially troubling about kicking professed white supremacists off the internet, this is going to open up Cloudflare up to a lot of, “But what about, that?” lawsuits.

Post a boarding pass on Facebook, get your account stolen

September 23, 2017 by Andres Galarza 2 Comments

Article, courtesy of Hacker News

The article this week is about the dangers of posting too much information online. A gentleman shared a picture of his boarding pass for an upcoming trip. A friend of his was able to use the information posted on the pass to view/modify details like a passport number and travel dates.