Informática Forense
Follow
Find
23.9K views | +4 today
 
Scooped by Javier Pagès López
onto Informática Forense
Scoop.it!

USA - Copyright y política: podrían empezar a cambiar las tornas

USA - Copyright y política: podrían empezar a cambiar las tornas | Informática Forense | Scoop.it

Interesantísimo el cambio de actitudes que se está viviendo en la política norteamericana al hilo de los resultados de las últimas presidenciales: los republicanos se dan cuenta de que necesitan imperiosamente apelar a votantes jóvenes y de una base racial más amplia si quieren evitar ya no futuras derrotas, sino una eventual disolución del partido, y están encontrando en la reforma del copyright un tema perfecto para aproximarse a esa generación de “nativos digitales” usuarios de la red y con puntos de vista muchísimo más abiertos en ese sentido. Los demócratas, por otro lado, perciben también la deriva en la opinión creada por la nueva generación de votantes, y encuentran difícil seguir justificando que su postura sobre el copyright siga siendo un “lo que sus amigos de Hollywood digan” cuando existe ya otro fortísimo lobby de opinión y apoyo económico, el de Silicon Valley, diametralmente enfrentado con Hollywood en sus posturas sobre el copyright.

more...
No comment yet.

From around the web

Informática Forense
Todo sobre las evidencias informáticas, lucha contra la ciberdelincuencia, seguridad informática, etc.
Your new post is loading...
Your new post is loading...
Scooped by Javier Pagès López
Scoop.it!

15 Reasons to be Optimistic about ICS Security in 2015

15 Reasons to be Optimistic about ICS Security in 2015 | Informática Forense | Scoop.it

This is the companion article to our 15 Reasons to be Pessimistic about ICS Security in 2015 that we ran on Friday. On Wednesday I'll lay out what to look forward to in 2015 

based on these two contrasting articles.

Many of the items below come from experiences with clients, peers and ICS community friends. They are not as visible as most of the pessimistic items, but they are activities going on in real companies making real progress on these issues.

 

1) Many large asset owners, those with 10, 50 or 100 ICS spread around the world, are deploying ICS security programs across all sites with required security controls and metrics that management is tracking.

2) The mainstream press remains hot on ICS security stories.

3) Multiple high quality ICS security training options are available.

4) Application whitelisting deployed on ICS computers with and without vendor blessing.

5) Some universities are now performing true ICS security research.

6) More ICS vendors are implementing an effective security development lifecycle (SDL).

7) The NIST Cybersecurity Framework is launching C-level discussions and programs.

8) Governments around the world are now engaged in this problem. Varying approaches, different results.

9) Peer pressure … multiple examples in 2014 where ICSsec projects were launched because competitor/peer was doing it.

10) Virtualization is becoming a mainstream deployment option.

11 Greater acceptance of the need for an inventory, data flow diagrams and other basic documentation.12) Leaders in wide variety of sectors beginning ICS security efforts. It’s not focused on electric, petrochem any more.13) Wait … we are still running Windows XP? Management awakening to state of cyber maintenance neglect and finding it unacceptable.14) Vendors are, admittedly still slowly, adding security posture acceptance tests to FAT and SAT.15) Large consulting practices, i.e. IBM, PWC, …, are creating ICS security teams.
more...
No comment yet.
Rescooped by Javier Pagès López from SME Cyber Security
Scoop.it!

The Web's #1 Hacking Tools Directory - with tutorial videos!

The Web's #1 Hacking Tools Directory - with tutorial videos! | Informática Forense | Scoop.it
Learn about the hackers tools of choice and what makes them so lethal when in the wrong hands. You are only as good as your usage of these tools...

Via Roger Smith
more...
No comment yet.
Rescooped by Javier Pagès López from War, Cyberwar, Geopolitics
Scoop.it!

Russia to establish new cyberthreat response centre

Russia to establish new cyberthreat response centre | Informática Forense | Scoop.it
A new state centre for cyberthreat response is being established in Russia this year, expected to be formally approved in March according to a Russian Parliament spokesperson talking to SCMagazineUK.com.

Via Pierre Levy
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

La resurrección del DNI electrónico: el modelo 3.0 incorpora NFC - Noticias de Tecnología

La resurrección del DNI electrónico: el modelo 3.0 incorpora NFC - Noticias de Tecnología | Informática Forense | Scoop.it
La resurrección del DNI electrónico: el modelo 3.0 incorpora NFC El lanzamiento del nuevo documento se ha iniciado en Lleida, desde donde se extenderá al resto de España. Mejora la seguridad y permite la lectura sin PIN
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

El TJUE y los sistemas de videovigilancia de particulares que captan la vía pública | Abogacía Española

El TJUE y los sistemas de videovigilancia de particulares que captan la vía pública | Abogacía Española | Informática Forense | Scoop.it

A raíz de la reciente Sentencia de 11 de diciembre de 2014  recaída sobre el asunto C‑212/13 Sr. Ryneš vs Agencia Checa de protección de datos que había declarado que el Sr. Ryneš había cometido varias infracciones de la normativa de protección de datos, surgen varias cuestiones al respecto.


El supuesto encausado trae base de la instalación y utilización de una cámara fija situada bajo los aleros del tejado de la vivienda familiar. Dicha cámara no se podía girar y captaba imágenes de “la propia vivienda, de la vía pública y de la entrada a la vivienda situada enfrente”. Las imágenes se guardaban en un disco duro que al agotar su capacidad de almacenaje sobrescribía sobre las grabaciones más antiguas, no disponía de monitor por lo que no existían imágenes en tiempo real y solamente el Sr. Ryneš conocía las claves de acceso a sistema.



more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever

A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever | Informática Forense | Scoop.it
The attack marks only the second confirmed incident in which a wholly digital hack created physical destruction of equipment.
The post A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever appeared first on WIRED.
more...
No comment yet.
Rescooped by Javier Pagès López from SME Cyber Security
Scoop.it!

Why It's Time For A Board-Level Cybersecurity Committee

Why It's Time For A Board-Level Cybersecurity Committee | Informática Forense | Scoop.it
Just the past 12 months have seen one massive corporate security breach after another. Major retailers (Target, Home Depot, Neiman Marcus, Sony Pictures), e-commerce sites (eBay), and financial institutions (JP Morgan) have all been victims.

Via Roger Smith
more...
Ewa K.'s curator insight, January 17, 10:51 AM

Artykuł opisujący ataki hakerów na popularne strony internetowe. Autorka opisuje jakie działania prewencyjne przed atakami powinien podjąć zarząd oraz dyrektor w celu ochrony sieci komputerowej swojej firmy.

Rescooped by Javier Pagès López from 21st Century Learning and Teaching
Scoop.it!

World's Biggest Data Breaches | Selected losses greater than 30,000 records | Learning basics of CyberSecurity

World's Biggest Data Breaches | Selected losses greater than 30,000 records | Learning basics of CyberSecurity | Informática Forense | Scoop.it
Data visualization of the world biggest data breaches, leaks and hacks. Constantly updated. Powered by VizSweet.

 

Learn more:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

 


Via Gust MEES
more...
Iva Santos's curator insight, January 5, 7:55 PM

Segurança e educação devem andar juntos.

 

Oksana Borukh's curator insight, January 7, 2:15 AM

Nice visualization of data breaches by year, by type, by industry etc.

Wron Ga's curator insight, January 18, 1:46 PM

Ukazuje wizualizacje najwiekszych danych,sztuczek oraz przecieków  dotyczacych róznych premier danego producenta

Rescooped by Javier Pagès López from War, Cyberwar, Geopolitics
Scoop.it!

Cyber Espionage Malware Taps Smartphones, Sends Chills - IEEE Spectrum

Cyber Espionage Malware Taps Smartphones, Sends Chills - IEEE Spectrum | Informática Forense | Scoop.it
Sophisticated malicious code hasn't gotten the notice that the Sony hack has, but that's the point

Via Pierre Levy
more...
No comment yet.
Rescooped by Javier Pagès López from War, Cyberwar, Geopolitics
Scoop.it!

A Few Thoughts on Cryptographic Engineering: On the new Snowden documents

A Few Thoughts on Cryptographic Engineering: On the new Snowden documents | Informática Forense | Scoop.it

Via Pierre Levy
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Los hackers se defienden ante la RAE: “Somos expertos en seguridad, no delincuentes”

Los hackers se defienden ante la RAE: “Somos expertos en seguridad, no delincuentes” | Informática Forense | Scoop.it
La inclusión de palabras como ‘hacker’, ‘intranet’, ‘tuit’ o ‘wifi’, propias de la era de Internet, no ha supuesto, sin embargo, una verdadera modernización del contenido del Diccionario de la Real Academia.
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

The Sneakiest Way Prosecutors Get a Guilty Verdict: PowerPoint | WIRED

The Sneakiest Way Prosecutors Get a Guilty Verdict: PowerPoint | WIRED | Informática Forense | Scoop.it
In Washington state earlier this month, an appeals court threw out a murder conviction based on shoddy work by the defense. But the court also took the prosecutor to task for something even stranger: a bad PowerPoint presentation.
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Hackers are a 'serious threat' to aircraft safety, say aviation chiefs

Hackers are a 'serious threat' to aircraft safety, say aviation chiefs | Informática Forense | Scoop.it
The International Air Transport Association and the International Civil Aviation Organisation recently signed a global cyber security agreement, formalising their front against cybercrime.

 

Ruben Santamarta, a consultant with cyber security firm IOActive, said he discovered the vulnerabilities by 'reverse engineering' - or decoding - highly specialised software known as firmware, used to operate communications equipment.

In theory, a hacker could use a plane's onboard Wi-Fi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications.

This could interfere with the aircraft's navigation and safety systems, Mr Santamarta said.



Read more: http://www.dailymail.co.uk/sciencetech/article-2869827/Hackers-threat-aircraft-safety-Aviation-chiefs-warn-devastating-consequences-cyber-attack.html#ixzz3McdeuUTv ;
Follow us: @MailOnline on Twitter | DailyMail on Facebook

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Ten Commandments of Disaster and Business Continuity Management

Ten Commandments of Disaster and Business Continuity Management | Informática Forense | Scoop.it

As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that can meet those needs.

Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.

Keep Updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.

Be aware of current events: Understand what is happening around the enterprise - know if there is a chance for weather, sporting or political event that can impact the enterprise's operations.

Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.

Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.

Centralize information - Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal, helps avoid the need to hunt for documentation, which can compound a crisis.

Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing - silo testing alone does not accurately reflect multiple applications going down simultaneously.

Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.

Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.

Define metrics and create score cards: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.
more...
No comment yet.
Rescooped by Javier Pagès López from Technology in Business Today
Scoop.it!

Hacking as a Service Hits the Mainstream

Hacking as a Service Hits the Mainstream | Informática Forense | Scoop.it
A fledgling website created last fall connects hackers with clients willing to pay for their services. Nearly 50 hackers have listed their services on Hacker's List so far, for tasks including data recovery, penetration testing and computer forensics. More than 500 hacking jobs reportedly had been out to bid as of last week, with prices ranging from $100 to $5,000.

Via TechinBiz
more...
vinarack's curator insight, January 20, 10:28 PM

hacking as a service hít the mainstream

Roger Smith's curator insight, January 21, 4:23 PM

Once again a paradigm change in tactics from the criminals

Emlyn Davies-Cole's curator insight, January 21, 11:47 PM

Nice, creates more jobs, and now you can get that specialized and ultimately customized service you always wanted.

Scooped by Javier Pagès López
Scoop.it!

La Policía Científica, colapsada: los jueces tienen que esperar hasta dos años para los análisis forenses

La Policía Científica, colapsada: los jueces tienen que esperar hasta dos años para los análisis forenses | Informática Forense | Scoop.it
Los jueces están hartos de los recortes del Gobierno que han afectado a la Policía Científica y un grupo de jueces ha hecho circular por internet su queja, denunciando que los juzgados deben esperar hasta 24 meses para que empiecen a realizarse los análisis forenses que los juzgados solicitan....
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

15 Reasons to be Pessimistic about ICS Security in 2015

15 Reasons to be Pessimistic about ICS Security in 2015 | Informática Forense | Scoop.it
If this is too depressing, wait for Monday's article 15 Reasons to be Optimistic about ICS Security in 2015.

 

1) Almost all ICS protocols are still insecure by design with no end in sight. Access to ICS = Compromise.

2) Most potentially influential organization, US Department of Homeland Security (DHS), still will not say critical infrastructure ICS need to be upgraded or replaced. Playing small ball with little or no impact.

3) No legitimate or reasonably honest and objective Automation Press to reach engineers and technicians.

4) ISASecure stamp is still being put on insecure by design PLC’s and other embedded devices.

5) Influential ARC Advisory Group saying 20-something controlling the plant from his basement is inevitable and focus on securing it.

6) SCADA Apologists still dominate the ICS security thought leader / guru / industry and government expert positions.

7) Admiral Rogers NSA/US Cyber Command testifies that our lack of defense is why we need to have a strong offense in ICS security.

8) Malware targeting ICS applications and protocols.

9) ICS vendors seeing no negative financial impact to vulns/insecure by design product offerings. They are fearlessly saying our product offers no security.

10) The Internet of Things is confusing ICS security efforts.

11) “Nothing will change until something really bad happens” mantra.

12) Even when an ICS vendor has well documented security controls, the ICS vendor or integrator more often than not installs the ICS in most insecure/easiest to install configuration.

13) CSET.

14) Continued fascination and focus on vulnerabilities that matter little to critical infrastructure ICS risk.

15) Widespread misuse of defense-in-depth principle, just put up more security perimeters, as the solution for ICS security issues.

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

EL MUNDO, blanco de un 'ciberataque'

EL MUNDO, blanco de un 'ciberataque' | Informática Forense | Scoop.it

Las páginas web de las principales cabeceras de Unidad Editorial sufrieron este miércoles un ataque informático que afectó a su normal uso, según han confirmado esta mañana los especialistas de la Guardia Civil. El ciberataque provocó la caída de los servidores en las ediciones digitales de EL MUNDO, Marca, Expansión y Telva. Las plataformas en internet de estas publicaciones recibieron una afluencia anormal de tráfico basura que colapsó su funcionamiento, lo que se conoce como un ataque de denegación de servicio.

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

El CCN-CERT defiende el patrimonio tecnológico español en sus jornadas

El CCN-CERT defiende el patrimonio tecnológico español en sus jornadas | Informática Forense | Scoop.it

El Centro Criptológico Nacional (CCN) celebró los días 10 y 11 de diciembre la octava edición de sus jornadas de ciberseguridad, en las que se dieron cita expertos del sector para debatir sobre los riesgos y amenazas cibernéticas a las que se enfrentan las Administraciones Públicas y las empresas de interés estratégico.

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Spam Nation: Cybercrime and spam are far bigger security threats than you think

Spam Nation: Cybercrime and spam are far bigger security threats than you think | Informática Forense | Scoop.it
In Spam Nation, cybersecurity expert Brian Krebs investigates Russian spammers and seeks to educate users about how valuable their assets are to cybercriminals.
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Una vulnerabilidad crítica en los routers ADSL de Movistar compromete la seguridad de sus clientes

Una vulnerabilidad crítica en los routers ADSL de Movistar compromete la seguridad de sus clientes | Informática Forense | Scoop.it

Una vulnerabilidad crítica en los routers ADSL de Movistar compromete la seguridad de sus clientes.

 

Se ha descubierto una grave vulnerabilidad en el router Home Station ADB PDG A4001N que instala Movistar a sus clientes de ADSL. El problema de seguridad permite acceder a la configuración del equipo desde el exterior tan solo sabiendo la dirección IP pública del cliente.

 

El nuevo dispositivo que está instalando la operadora en sus líneas ADSL dará que hablar en los próximos días. Un grave fallo de seguridad descubierto por Eduardo Novella permite leer código HTML desde el exterior sin ningún tipo de restricción  por parte del dispositivo. Un atacante podría acceder al cifrado de la conexión, SSID de la misma o datos críticos que comprometen la conexión del abonado.

 

El equipo llegó al mercado en 2012 y fue diseñado Telefónica I+D para incorporar funciones que hasta el momento no proporcionaban los equipos de la operadora. Fue el primer router  en Movistar con WiFi N, y DLNA para acceder a contenidos multimedia. También fue el primero en incorporar conexión vía 3G para las situaciones en las cuales el ADSL no funcionaba.

 

Tanto Movistar como el fabricante Pirelli deben lanzar una actualización urgente que corrija este problema. 

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

USA - Securing the electric grid

USA - Securing the electric grid | Informática Forense | Scoop.it

New regulations put utilities on the clock for physical security improvements.


Electric substations need to be secure and the Federal Energy Regulatory Commission undertook the creation of regulations for physical access and security.

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Diez consejos para comprar 'online' de forma segura estas navidades

Diez consejos para comprar 'online' de forma segura estas navidades | Informática Forense | Scoop.it
Un año más, las compras online se presentan como la alternativa más interesante a pasarse largos minutos haciendo cola tras un mostrador.
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Cinco medidas de seguridad clave para la Navidad

Cinco medidas de seguridad clave para la Navidad | Informática Forense | Scoop.it
El mayor uso de los equipos informáticos y dispositivos móviles exige revisar la protección antivirus, los permisos de apps y utilizar el sentido común al dar datos personales.
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Fotos robadas y espionaje masivo: así fue 2014 en el mundo de la tecnología - Noticias de Tecnología

Fotos robadas y espionaje masivo: así fue 2014 en el mundo de la tecnología - Noticias de Tecnología | Informática Forense | Scoop.it
Fotos robadas y espionaje masivo: así fue 2014 en el mundo de la tecnología La revista MIT Technology Review selecciona las tecnologías más rompedoras de un año en el que los ataques informáticos y el espionaje han proliferado...
more...
No comment yet.