The importance of language, binary diffing and other "One Day" stories


This article was originally published on INCIBE security blog.

The role of language in a profession is important. Any discipline generates its own technical language as it evolves and becomes more complex, and it is a mechanism by which professionals in the same field can share knowledge and interact concisely, accurately and unambiguously.

Disciplines can even have their own sub-disciplines, as is the case with IT, which encompass so many different things that it is necessary to create specializations, each with its own technical language.

Our discipline is information security, a field as complex as it's jargon.

However, this specialization has increased in interest and complexity over a very short period of time, thus creating a problem: it becomes a trend, making its proper development difficult. "Where marketing prevails over technological development".

Given that expressions such as "computer attacks, hackers, information leaks or espionage" are commonly the subject of media …

The issue of biometrics as an authentication method


This article was originally published on INCIBE security blog.

With the announcement of the new fingerprint sensor in the latest smartphone from Apple, the iPhone 5S, biometric sensors are again under scrutiny among information security professionals.

Especially because the use of these technologies is becoming popular for consumer grade electronics, and its use use could become ubiquitous for something made to protect sensitive data, like information found in any mobile phone nowadays.

Recently, Chaos Computer Club (CCC) has been able to circunvent the sensor on iPhone 5S, just two weeks after the official presentation of the new phone (Source: CCC breaks Apple TouchID).

Using a digital camera, it is possible to obtain a high-resolution (2400 dpi) pciture of a fingerprint on an object (for example, the phone screen itself); manipulate it with a photo editing software, and once the contours are isolated, print them as a negative on a transparent …

Mechanical brute force


This article was published on Security By Default.


Last month, our friend Lorenzo Martínez showed us how to always beat Mezcladitos intercepting communications between the game and the server.

Well, maybe is cheating, but at least we're not hacking the system ;)

This is just a harmless demonstration of mechanical brute force. When we think about brute force, often comes to mind the "trial and error" software to encrypt random passwords and check if they are valid. However we can apply brute force mechanically to all kinds of things: virtual keyboards, physical keyboards, dials, etc

In this demo I played Facebook version of Mezcladitos, but if I had had some handy servos and an arduino I would have been playing directly on the iPhone screen (with a simple mechanical "typer").

The first thign to do was to create an algorithm that solves the grid, brute forcing all possible words using a …