Open source maintainer burnout as an attack surface

Wednesday, December 26, 2018

Software development has evolved greatly in the last decades. It is leaning towards an scenario based in third-party modules, components and libraries that help accelerate the development of our own software solving effectively frequently used tasks so that we do not need to reinvent the wheel.

While It is straightforward to see the advantages of this approach we need to realise that coupled with them comes a series of risks that need to be handled as well. To use a better known pattern that comes from the cloud computing world there’s a shared responsibility model regarding vulnerabilities and potential attacks as we can see in its different flavours: IaaS, PaaS or SaaS.

Foca Files Finder, our new Chrome extension to feed FOCA

Tuesday, December 25, 2018

Our Chrome extension is really simple. It takes advantage of the Bing technology (already used by FOCA) to perform a search of documents on the domain being visited at the moment with Chrome. This list (limited to 50) is quickly accessible from your browser. You can export it to a TXT file which can, in turn, be used by the FOCA.

Among the available options, you can choose what kind of documents you wish to search. Moreover, you can perform an automatic research, so you will not need to press the extension button. By doing so, every time you visit a domain, on the FOCA icon it will appear an indicator with the potential number of documents found.

New report: Twitter botnets detection in sports event

Thursday, December 20, 2018

New report: Twitter botnets detection in sports event imagen

We all know that a botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform DDoS attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using C&C software.

AuthCode: Our award-winning continuous-authentication system, jointly developed with the University of Murcia

Tuesday, December 11, 2018

Continuous-authentication systems aim to identify users’ behavior through interactions with their device. The main advantage of this type of authentication is that it improves users’ experience when using services or apps of their mobile device, free from intrusions. Fruit of a joint research with the University of Murcia, we were able to develop AuthCode. This project reached such a stage of maturity that we could present it over the Security Innovation Day 2018. Furthermore, it has won several awards and prizes. Let’s explain what AuthCode is in further detail.

In most cases, continuous authentication avoids using passwords, access patterns, biometric recognition, etc. when the user wish to have access to an app or service requiring authentication. In this sense, permanent authentication increases users’ security regarding the operations executed on the device. Moreover, we can take advantage of this continuous trust status to make user app interactions much simpler and more fluent by doing so, users’ experience gets better.

The Confirmation Bias: we seek the information that confirms our decisions, refusing their opposed evidences

Monday, December 10, 2018

Imagine yourself in a lab over an experiment. You’re asked to analyze the following number sequence:
2, 4, 6

This sequence follows a rule. What do you think the rule is? You can propose more three-number sequences to the experiment leader, who will tell you if the sequence proposed follows the rule or not. You can propose as many new three-number sequences as you wish. As soon as you discern the rule, announce it to the experiment leader for you to know if you got it or not. 

So, which is the first three-number sequence that you would propose to discern the rule followed by the sequence 2,4,6? Please, try to think about it before reading on, which three numbers would you use? 

Think about it a little more..., don’t read the answer yet...