Nothing is true. Everything is permitted.

Throughout my soon-ending school experience, I always thought that getting good grades was the only way to learn. I hadn’t had trouble with that until 2012, the year I became a University student. My grades dropped, I started failing subjects, my scholarship was reduced and, consequently, I had a personal crisis. It seemed obvious to me that I was becoming a failure and my life would suck forever because I just couldn’t get my average to what I wanted. My brain was going into shock and I couldn’t soak in any knowledge. I can summarize said experience with this song:

Many students believe that their grades define who they are and who they will become. If you have good grades you’ll be successful and get a good job, if they aren’t you suck. Thus, “I Must Impress My Professor” becomes a hymn.

It wasn’t until less than a year ago that I started seeing things differently. I started loving my degree and my subjects, I began feeling happy about myself and what I had accomplished. Who cares about grades when I have so much more to offer? I clearly remember a few months ago when I called my mum and told her “I think I’m finally getting the hang of school”. She laughed and said “Well, better late than never!”. It literally took me 19 years to understand what school was all about, or at least what it should be about.

A huge part of this change of mind I had, I owe to Ken Bauer and every other teacher that focused on helping students learn instead of showing off and acting as a deity. It’s because of you that I understood that everyone has their own learning process and it’s OK to take longer to understand something and it’s OK not to be as fast or as optimal as someone else. You are your own standard and your own competition. To all of you, thank you.

mvp

To all of the teachers and educators that read me, I believe it’s time to change things. It’s unfair to have the exact same expectations from every person, the situation worsens even more when we talk about children. Do we really want robots who are able to shout at the top of their lungs the right answer for every math and logic problem? Or do we want conscious citizens that change things and innovate towards building a better world? We need to help them discover what they’re passionate about and let them evolve in whatever area they want to.

To parents out there, your little girl can use tools and play in the mud, your little boy can learn how to cook and play with dolls; none of those things will take their femininity or masculinity away. They’re kids, that doesn’t matter to them and it shouldn’t matter to you either. The worst thing you can do as a parent is limit your child’s hopes and dreams. Pink is not just for girls, blue is not just for boys.

gems

The Crystal Gems don’t follow gender roles (they’re technically gender-less) and rock big time. 

And finally, to all students and regular people out there, dare yourself to learn. Try new methods, do new things, learn from every single breath you take; I promise it’s worth it.

Sorry, I’m dead

Today, October the 21st, the world has gone mad due to many sites being “down” or “not loading”. This isn’t quite what happened. The internet doesn’t just stop working and hackers don’t just turn a service down. There is method in madness and I’m here to explain it to you.

What happened today was a DDoS attack to a DNS. Sounds like I’m speaking in another language, right? It’s actually rather simple. A DDoS attack is a Distributed Denial of Service attack. This can be explained with a simple analogy. (The analogy was provided by Rubiology, so special thanks to him).

Imagine you are in a taco stand, there is only one person making the tacos and there are many others surrounding the stand to make their order. A DDoS attack is when there are a lot of people yelling “I want 3 tacos!” at the same time and the taco-maker gets stressed out, says “I’m not giving any tacos to any of you!” and storms out.

taco

These is how real tacos look like, by the way. Gif obtained here

Much like a taco-maker, an internet server has a limited capacity and when that capacity is reached, it crashes.

Now, a DNS is a Domain Name System. This is like a phone directory (sorry, Digital Natives, you’re gonna have to ask your parents what that is) for the web pages. It assigns their IP address. So, when you shut down a DNS and a web page has no other way of giving clients the IP address, it simply won’t display anything and your browser will say something like this:

dns_probe_finished_nxdomain-error-message

Image obtained here

What happened today is that hackers combined the two and attacked the DNS provider via a DDoS. This is why none of us were able to access the affected pages. The company’s name is Dyn and some of the pages and services that suffered this attack were Twitter, Spotify, Netflix, Paypal, Airbnb, Reddit and many more. I almost collapsed when I wanted to tweet about what was going on but couldn’t due to it.

This type of attacks are very common and incredibly easy to create. However you need a lot of computers and processing power to kill a DNS as big as that one. As a hacker, I can say the attack was brilliant and very impressive. As a user, I can only say, HOW DARE YOU?!. Below you can see how the attack looked like.

ddos

Gif obtained here

So now you know what happened and you can go ahead and brag about it using my fancy terms. You’re welcome.

They say flowers can open new paths

As long as I can remember, I’ve been a girl. I was fortunate enough to have an amazing and very supportive family that has always believed in me and in my dreams. When I wanted to be a scientist, they bought me a “scientist kit” (which consisted of a cheap microscope and several things to observe such as a leaf, grass, blood, and even a small piece of human brain); when I wanted to be a mathematician, they bought me children’s math books (“El Diablo de los Números” was a huge influence in my life and I learned binary since I was 10. Not two, ten); when I wanted to be a chemist, my grandfather sat with me and taught me how to “make” polyurethane and taught me how to create safe chemical reactions, he was also the one that taught me how to use a computer. I’ve always been an empowered woman, to be quite honest.

Despite my family’s best efforts, I was never exempt from sexism. When I was a kid, I was often teased for “not being pretty enough” or for having a “weird nose” while my male classmates got none of that. I heard mock-comments like “you run like a girl” or “don’t be a girl” (this is a common saying in my country that means not being a coward ) and I always questioned it “Why is being a girl a bad thing? Am I wrong? Am I weak?”. When I started developing as a woman is when it started to get real. To this day, every time I walk by myself or ride my bike I get catcalled at least once (I wish this meant people thinking I’m an actual cat and being freaked out about it, it’d be waaaay better). I have been groped in public transport several times and at first I was too shocked to be able to say or do anything, the first time this happened I was eleven years old. I’ve been called a tease for not wanting to date someone. I’ve been called a whore for talking openly about my sexuality. I’ve also been called a tomboy and have heard people complaining about me not being feminine enough for not wearing makeup everyday and not liking dresses (“You’d look so beautiful if you cared a bit more about yourself” What does that even mean?). I’ve been diminished and not taken into account just because “I’m a girl”. And of course, if I’m in a bad mood it must be because I’m on my period. All of this along with the things people have said behind my back and I haven’t noticed and the things I’m not comfortable discussing here.

harassment

Gif obtained here

It sounds like a lot, I know. But this is not even a fraction of what other girls go through on a daily basis. In Mexico 1 in every 5 girls has been sexually assaulted by a family member or a family friend. According to the UNICEF, 31 million girls don’t attend to school because their purpose is supposed to just be becoming a wife and a mother. There are girls kidnapped every day and sold to be raped, mutilated and/or killed. In over 30 countries female genital mutilation is still a common thing, many girls don’t survive this process because it’s often done without anesthesia and with shards of glass, oxidized metal or stones. In some countries girls are not allowed to leave their house while on their period because it’s considered to be disgraceful. Girls are still forced to be married as young as eight years old and those girls start having babies at thirteen. Girls aren’t educated about sexuality because they are to remain pure until marriage and when they get pregnant they become the official family let down. In some cultures having a baby girl is still considered a failure and some are even left to die. Considering all of this, I’ve been very lucky.

I want to take this opportunity to empower girls and women to follow their dreams and not depend on anyone other than themselves. Below is one of my favourite feminists quotes said by none other than my role model and personal hero, Wendy Corduroy from Gravity Falls. (I made the gif and I feel so proud of myself).

women

Gif obtained here

Today, as well as being the International Day of the Girl, it’s Ada Lovelace’s Day. She was a wonderful lady who happened to be the first computer programmer. Two other fantastic women that worked in this area are Grace Hopper and Margaret Hamilton. Grace was a navy rear admiral and a computer programmer, she invented the first compiler for a computer programming language and was one of the first high-level programmers. She was better known by her nickname “Amazing Grace”. Margaret, on the other hand, worked for NASA on developing in-flight software for Apolo 11. Here she is standing next to the code she helped create.

hamilton

Picture obtained here

Nowadays, girls are too afraid to enter a “man’s world” and choose other majors due to the fear of being judged or feeling uncomfortable. I can completely understand that. When I switched majors many believed I did so because I wanted to have classes with my boyfriend (who’s also studying computer systems engineering). And as soon as I entered, I found out why many girls dropped out. 90% of the students were men and “men talk” could be heard all the time. By men talk, I mean entering a classroom and watch a bunch of guys in front of a computer stalking a freshman girl and talking about how hot she is. I also mean all sorts of penis jokes and an immeasurable amount of curse words said by the minute. I’m used to this already and can counter everything they try telling me. I know most times it’s a joke, but the fact that some of us know it’s a joke and are able to take it as such, does not mean that other girls will understand this or won’t get offended by it. And you know what? They have a right to be offended. Because they deal with sexist comments and prejudice on a daily basis. Their major should not be another place to feel threatened or annoyed.

So, to my fellow male colleagues, stop being sexist. Not only in the classroom, but in life. Let’s make this major a great major in every way possible. And, to my fellow female colleagues and to any girl interested in computer science, be brave and dare to try! You learn not only about computers and algorithms (which are fascinating), but you also learn about people, there is room to be artistic (I believe every code is a piece of art, unmatched and original) and you can code literally anything you set your mind to. Exploit your intelligence and your ideas. Don’t be afraid of being in a “men’s world”, make it a woman’s world too, make it an everybody’s world.

And finally a small piece of advice to you, dear reader. Be inclusive, be respectful and follow your dreams. Also, thank you for reading my super long feminist rant, I had a lot to say.

feministrant

Gif obtained here

By the Gods, what have I become? (Part 1)

This week I decided to sneak in to a digital identity course that’s being taught by my security teacher Ken Bauer. My reasons behind this were to basically know what “regular” people  (by this I mean non-tech savvy people) are afraid of, what their doubts about the internet are and the reasons why they don’t feel safe online. This will give me a better perspective on what to talk about in this blog and how to talk about it.

Today’s day one and I’m writing this as we take the course, so I’ll talk a bit about the experience. We had a talk with Dave Cormier and people dared to ask several questions. Interestingly enough, all the questions so far have been completely related to security. Will hackers get me? Is my information safe? What do people generally steal from internet users? Will I ever get hacked?

questions

The answer to all of this was: you are always at risk.

Since the course is about digital identity, I will also talk about that. First of all, what is digital identity? It’s basically the way you represent yourself online. It’s how people will see you on social media. You may think “but it’s the internet, I can be whomever I want to be!” to that I say, of course you can! However be ready to face the consequences of that. Digital identity is similar to a tattoo. You choose the design and ink it in your body forever and ever. So, like a tattoo, be sure to create something you like, something that represents you and preferably something you aren’t ashamed of.

tattoo

Once you realize everything you do can be found by literally anyone, you can start worrying about all those terrible, terrible pictures from middle school. That bad hairdo will be haunting you till the end of your digital days. And you may even start asking yourself: who am I? This, I believe, is the best question to ask. When you find out who you are and who you want to be, is when you can start taking steps into becoming that person. This is vital to create your digital identity.

But back to my research. Although everyone in this course (including myself) is part of the Millennial generation, we’ve been witnesses to technology’s drastic XXI century revolution. We think we know how stuff works when in reality we don’t. Due to this, we are incredibly afraid of what might happen if we share too much or too little. I’m pretty sure at least 50% of all the people here have been scammed, phished, cyber bullied or tricked while on the internet. My advice is to always be aware that the whole world can see what you post, if you feel confident about it after that thought then feel free to post it! Just remember you’re never anonymous (unless you really, really know how to do so, expect posts about that for my security blog posts in the future).

regretnothing

I’m eager to know more about how my generation thinks and how I can potentially help them as well as learn more to become a better computer systems engineer (and hacker).

Stay tuned for more.

All gifs obtained from http://giphy.com/

The cake is a lie

Ah, the internet. Our generation’s favourite place to be. It gives us everything we could possibly want or need. You can watch videos, listen to music, play games, communicate with friends or family, research things, write documents, share information, meet people, you can even buy cake! But beware, my friends, for the cake is a lie.

Older generations love saying how bad the internet is, complaining about how we spend all our day sitting in front of a computer or looking at a cell phone instead of “socializing” and “being productive”. We all know that we don’t socialize because we don’t want to, not because the internet is holding us hostage. However, people from the internet may literally hold us hostage by using this tool. Fortunately, I’m here for you to explain the most common attacks and dangers of the internet, as well as give you tips and tricks on how to protect yourself and your loved ones. We’ll start with the ugly part first.

The following video was created in August 2015 to show mainly parents the dangers of social media and the internet as a whole. It’s a fantastic example of how people can and will be manipulated into believing something they cannot corroborate.

 

As we can see, it’s very easy making someone believe anything when you’re hiding behind a screen. Most times people will gain your trust or trick you into believing you’re in an official web page so that they can obtain your data. Whether you believe it or not, your information is important and can be sold for hundreds, thousands or even millions of dollars. The buyers of said information can either be people you know or people you don’t which makes it so much scarier. This information can then be used in many other ways, the most common are:

  • Identity theft
  • Selling your information
  • Using your bank accounts and credit cards
  • Sharing private photos or information on social media

By doing this, you’re vulnerable to frame-up, theft, kidnapping, blackmail and even homicide. But what to do to be safe, then?

fish

First of all be sure to check the URL of every page you visit, also don’t trust any links that take you to a “bank” web page. But most of all, be careful with what you do on social media and who you talk to.

Facebook, Twitter, Instagram, Snapchat, and all social media are all great ways of keeping in touch with friends and family, they’re ways to express what we think and let humanity know a bit more of us, but mostly they’re fun. I’m all in for being active on the internet and sharing your experiences, thoughts and even photos. However, you have to be careful with what you say and post.

erase-ron

You must assume that every single thing can and will be used against you. We have all heard at least one case of cyber bullying caused by private pictures being spread across the internet, it’s unfair and those who do it should be punished, but the reality is that things like that can happen. So pretty please, be careful with what you do, think before you act.

Now, if you love livin’ la vida loca and usually connect to wireless WiFi networks, STOP DOING IT. It’s extremely easy for hackers to steal passwords and information when you’re connected to said networks. If you have no other choice but to do it, at least encrypt all your passwords and preferably use a virtual machine.

If you’re a millennial and have all the Internet of Things things, read every single instruction to know exactly how it works and always change the default passwords. Most importantly, make sure they’re connected to a separate network, this way no one will have access to your things unless you let them.

When chatting, be sure that your way of communication is safe. According to the Business Insider the following are the most secure messaging apps:

  • TextSecure
  • Signal
  • Telegram (secret chats only)
  • Silent Texts
  • Gliph
  • Crypto Cat
  • Bleep

I personally would add Whatsapp because in their recent updates, have done a lot to protect their user’s data. You are safe there too, don’t worry. For more information on how to chat safely, check out Rubiology’s post on end-to-end encryption.

Finally, although it may sound stupid and exaggerated, put a sticker, piece of paper or whatever in front of your computer’s camera. It’s scary how easy it can be for someone to hack into your camera and watch your every single move (even if that means watching you binge watch a Netflix series, eat junk food and occasionally chuckle at some meme).

Be paranoid if you must, just be aware of the dangers you’re exposed to while discovering the multiple marvels of the internet. Now, proceed to enjoy one of my favourite internet wonders.

All your passwords are belong to us

Passwords, the ones that keep our stuff safe. Or do they? In this particular blog post, I’ll be discussing the most known/common methods for cracking passwords. For information regarding password safety, check Rubiology’s post here.

magic word

It’s not uncommon for us to hear someone complaining about how an account of theirs was “hacked”. What they usually mean by that is that someone gained access to their profile and changed stuff while being there. In order to gain access into any system, you need to first crack the password. The following are 10 methods for obtaining someone’s password:

Brute-force

This is the most common method of them all. It consists of trying several alpha-numeric combinations until you get the right one. It’s simple to program, but it can be very slow if your GPU isn’t your ally.

Examples of programs that use this methodology are:

  • Wfuzz
  • Medusa
  • Rarcrack

hacker glove

Dictionary

As its name says so, this method uses a file which contains words typically stored in a dictionary (and some others like the most used passwords) to search for the real password you’re trying to crack. While it’s faster than the brute-force method, this one’s calculating time may vary from immediately to billions of years. This depends on the password’s length, combination and character usage.

Examples of programs that use it are:

  • Cain and Abel
  • John the Ripper
  • L0phtCrack

Rainbow Tables

Rainbow tables are a very elegant way for cracking a password. They consist of a series of lists of pre-compiled hashes (click the link to read more about hashing). These lists are the hashes of all possible password combinations for any hashing algorithm. It takes way less time than the two previous methods, however it requires a LOT of GPU power. If a password is salted (with random extra characters), it may be impossible for a Rainbow Table to crack it.

Programs that use them are:

  • OphCrack
  • RainbowCrack

giphy

Phishing

We’ve all heard of this. Phishing is when a hacker creates a mirrored site and steals information from it. This means that the hacker creates a site that looks and behaves exactly like a bank’s webpage, a social media log in or your e-mail account log in. The user rarely realizes it’s fake until it’s too late and have already given their data to the hacker.

Social Engineering

A hacker in disguise. They make the user believe they’re talking to the IT department or to an authority figure in order to get their data. If you can get a password without having to do anything at all, why bother?

Malware

Another popular term. Malware is, by definition, malicious software; it finds its way into your computer and browser files and steals as much information as it finds. Malware can also install key loggers and screen scrapers to see what the user is typing all the time.

hackers mainframe

Offline cracking

Surprisingly, this is the most common way of obtaining someone’s password. It’s rather simple: when a system is compromised (eg: when your phone’s unlocking attempts have exceeded the limit and it blocks itself), hackers are able to physically access the system servers, user password’s hash files, etc (normally through a third party). Once there, they can take as much time as they want until the password is cracked.

Shoulder surfing

Pro hackers in disguise. They enter a company by looking just like another employee and taking notes of everything they see. Many, many people stick post-it’s to their computers’ screen with their username and password in order to never forget them. If you ever do this you must know that hackers never forget either.

surf

Spidering

Corporate passwords usually are made up by words connected to the business. If a hacker informs him/herself of the common in-company lingo, he/she will include these words into their dictionary file, their Rainbow Table or try to brute-force the system into letting them in.

Guess

When in doubt, just take a guess. If you get to know your target a bit better, you’ll discover potential passwords with every word they say. Social media is the place to be when trying to guess a password, everyone unconsciously talks about them.

Other types of password cracking exist, they use networking protocols such as HTTP, SSH, SMTP, FTP, Cisco standards, etc. The most famous and efficient of them has to be THC-Hydra. Just by reading its name you can tell it’s a mean program. It’s really fast and has included so many protocols, it makes password and IP cracking a walk through the park. You can find this software at your own risk here.

It’s scary how easy it is to crack some passwords. The following is an info graphic that shows how long it takes to crack passwords depending on their length and their usage of lowercase/uppercase letters as well as numbers and symbols.

As you see, cracking passwords isn’t really complicated if the password isn’t correctly created. Like I said before, for information on how to create a proper password and more safety tips go to Rubiology’s post! He’s got tons of methods for preventing attacks and, if you weren’t convinced already, he’s also got Tom Cruise.

For more information on how each method works and what programs exist check these pages out (it’s were I got most of my info from):

Welcome, stranger.

You can call me Miss F. This is by no means a private/incognito blog, my name is Fredele but is often found to be unpronounceable, so I’m making it easier for you. You’re welcome.

The main purpose of this blog is currently to post about computer/information security for  Ken Bauer‘s #TC2027 course. However, due to my genuine passion for the topic, I may or may not continue this blog after the course has ended.

Without further ado, I officially declare this blog inaugurated.

PS: This is the first blog I run, I don’t really know what I’m doing, bear with me.

PS2: If you wish to read my daily rants and adventures, follow me on Twitter here!

giphy

Giphy gif found here: giphy.com/cheezburger-hello-waving-IBMavwmu4KEEw