If you want to change your employees’ security habits, don’t call their will, modify their environment instead

Wednesday, March 13, 2019

You’re in a coffee bar and you need to connect your smartphone to a Wi-Fi, so you check your screen and see the following options. Imagine that you know or can ask for the key, in case it were requested, which one would you choose?

Wi-Fi networks image

Depending on your security awareness level, you will choose the first one: mi38, that seems to have the best signal; or v29o, that has not such a bad signal but is secured and requests a password. Imagine now that you are in the same coffee bar, but in this case you have the following list of Wi-Fi networks on your smartphone screen. Which one would you choose now?

Don’t confuse the frequency of an incident with the ease you remember it

Monday, March 4, 2019

Imagine that there have been a few robberies in two parks of your town that have got all the attention for days. This afternoon you would like to go running around the park next to your home, so these incidents will quickly come to your mind, and this fact will make you think about the probability of being a victim of a robbery (or something worse) in that park. Your mind will make the following association:

Park = Danger!!!

The images you have watched on the TV and the Internet will make you overestimate the probability that you may be the next victim in any other park from a different town. As a consequence, you could avoid going running around the park near your home (or any other park) until the media echo ends. Only when you stop thinking "Park = Danger!!", you will frequent parks again.


GSMA IoT Security Champion: Award to our IoT Security team

Wednesday, February 27, 2019

We have a lot to be happy about! Our IoT Security team, dedicated to cybersecurity specialized in the increasingly relevant world of the Internet of Things, has received a well-deserved award for its contribution to the dissemination and application of the IoT security guides of the GSMA, an entity that represents the interests of the most important mobile operators around the world and is in charge of the Mobile World Congress events around the world, among which is the Barcelona event that takes place this week.

The hugest collection of usernames and passwords has been filtered…or not (II)

Monday, February 4, 2019

Over the last entry we focused on analyzing the content of these files from a critical point of view, this is: on clarifying that when a massive leak freeing millions of passwords is announced, the reality is not entirely what it seems to be. After all, what it has been filtered is the collection of leaks, gathered over time by a certain group of people or by someone.

The leak we have examined has 640 Gb of content. We must clarify that it is not just the leak called "Collection #1" or the subsequent "Collection #2" and so on (the best-known ones). These types of collections are on the Internet, on several forums or uploaded on servers where anyone, with some patience, can access.

The post-quantum future is around the corner and we are still not prepared

Wednesday, January 30, 2019

Post-quantum future image

Every year we have more powerful computers with a higher calculation capacity, is that fact good or bad? Think twice before giving an answer. 

It depends. Because if global information security is based on the computing complexity of some functions, then the fact that computers are becoming ever faster will be very bad news.

In fact, the sword of Damocles is hanging over our public-key encryption systems: RSA, DSA, ECDSA. Their security relies on the difficulty of achieving certain mathematical problems currently considered as untreatable, such as factoring large integers or solving discrete logarithms. The quantum computing big promise is that these mathematical problems will be rapidly solved. Is cryptography mortally wounded? Is there a hope for the world? Will we be able to continue communicating securely after the first quantum computers? Let’s see it step by step.