Stela FileTrack protagonist of the 6th Security Innovation Day Edition

Tuesday, November 13, 2018

Stela FileTrack protagonist of the 6th Security Innovation Day Edition imagen

The Telefónica’s Cybersecurity Unit helds its 6th Security Innovation Day, under the motto Game Is Never Over.

  • Stela FileTrack, a new solution to protect organization’s sensitive documentary information.
  • The Telefónica’s SOC located in Madrid, a highly-qualified incident response team available 24x7.
  • Faast for WordPress and mASAPP Online, focused on online sales, are put on the market.
  • New IoT security services, based on Telefónica’s SOCs strengths.

You are less rational than you think when you take decisions under uncertain conditions

Thursday, November 8, 2018

I propose you the following game of luck:
  • Option A: I give 1,000 € to you with a probability of 100 %
  • Option B: Let’s leave it to heads or tails: if it’s heads, you will win 2,000 € but if it’s tails, you will win nothing
Which option would you choose? A sure profit or the possibility to win twice more (or nothing)? If you think like 84% of the population, you may have chosen option A: a sure profit. Ok, so now I will propose you another scenario. You must pay a fine and you can choose how to do it:
  • Option A: You pay 1,000 € for the fine with a probability of 100 %
  • Option B: You flip a coin to decide it: if it’s heads, you will pay 2,000 € for the fine but if it’s tails, you will pay nothing
Which option would you choose now? Would you pay the fine or would you flip a coin, considering that you may pay nothing (or twice more)? In this case, if you are like 70 % of the population, you may have chosen option B. So, are you doing it well or not? Ok, let’s analyse what’s happening here purely from a rational point of view.

The State of Cyber Risk in Spain

Monday, November 5, 2018

In Spain, cybersecurity is becoming more of a priority among businesses across all industries. One way to quantify these cybersecurity postures is by looking at Spain’s security ratings across all markets in comparison with Europe. In Spain, Bitsight Security Ratings are on average 119 points below Europe as a whole. The highest performing industry is Real Estate, which has a security rating of 71 security rating points better than the European average. The lowest performing industries are Financial Services and Insurance, which are more than 200 security rating points lower than the average European rating. Given the sensitive data financial services companies possess, this report suggests there is a need for additional investment in cybersecurity and cyber risk management. As companies invest in digital transformation programs, their exposure to risk increases and requires an increased investment in risk management across their organization.

DNS over HTTPS (DoH) is already here: the controversy is served

Recently, the IETF has raised to RFC the DNS over HTTPS proposal. In other words, this means resolving domains through the well-known HTTPS, with its corresponding POST, GET and certifications exchange for authentication and encryption. This new is more important than it may seem. For two reasons: firstly, it’s a new resolving paradigm that shakes network foundations. Secondly, because the support of having RFC combined with the interest shown by browsers (greedy for the power granted by this) has led them to start its implementation in record time. It is said that privacy is granted, ok, but… Is it a good (or bad) idea?

DoH (DNS over HTTPS) is really simple. Instead of going to port 53 of a server (for instance, the well-known 8.8.8.8) and asking for a domain through an UDP or TCP packet, DoH standardizes the construction of a GET or POST to a HTTPS domain, so the answer will be the A and AAAA records (the RFC doesn’t specify other records) with the IP. It has more details, such as the clever solution of turning the heading cache-control into the TTL. Everything encrypted carefully, of course. Do you remember when in a hotel you could tunnel the HTTP browsing via the DNS protocol (often unrestricted) to avoid paying the Wi-Fi? So now it’s the other way around.