25 de febrero de 2018 Tiempo de lectura ~ 2 minutos
ESCRITO POR Paula

Security Sprint: Week 12 - What I learnt in a CTF

For the ones who are not close to security related slang, Catch The Flag is an online hacking game that consist in hacking stego, web, network, etc in order to get passwords (the flags) and catch them all before the rest of the contestants. So through three days, I played one of those organized by my university, with a team mostly dedicated in Network and Forensic study. I won’t be explaining all the process here, but I want to point out all the tools I used (most of them brand new for me) for solving the problems.

4 de febrero de 2018 Tiempo de lectura ~ 2 minutos
ESCRITO POR Paula

Security Sprint: Week 10 & 11 - Bluetooth hacking experiment and open tools

I’ve been quite in many things lately, which didn’t allow me to study all I wanted to. I’m mainly in two things, distributed ledger experiments and hardware. But I’ve had in mind a hacking experiment for quite a long time, and finally I decided to try it. It’s a Man In The Middle attack (or sniffing) over bluetooth connections using a python repository, I think I will omit for what I wanted to know that.

Anyway, what I want to do here is to catch a connection between two nodes using bluetooth....

20 de enero de 2018 Tiempo de lectura ~ 4 minutos
ESCRITO POR Germán

El Spectre, el Meltdown y la Libertad

Mucho se ha hablado últimamente de las vulnerabilidades Spectre y Meltdown que se han encontrado recientemente en una gran cantidad de microprocesadores modernos (como el artículo de nuestro amigo Hartek de Follow The White Rabbit). Aunque estas vulnerabilidades han afectado a procesadores de todo tipo, hay una empresa que ha quedado especialmente señalada: Intel.

Intel (al igual que la mayoría de fabricantes) no te proporcionan una versión accesible del código del software que se ejecuta en el interior de su hardware y sin el que el mismo no puede funcionar, generalmente para esto se alegan “motivos de seguridad”....

16 de enero de 2018 Tiempo de lectura ~ 1 minuto
ESCRITO POR Paula

Security Sprint: Week 9 - Privacy politics and the Internet

By chance I discovered an old World Wide Web consortium (W3C) project that has been abandoned for a while. Platform for Privacy Preferences Project (P3P) is supposed to be a protocol which gives the opportunity to declare the intended usage of collected information of web browser users in specific pages, in order to make a standardized way of protecting user privacy. At first I thought this was a wonderful idea, and reminded me a lot of the cookies policies problems. This should be an example of syntax of statements for policy (taken from Web Privacy with P3P by Lorrie...