O objetivo desse Blog é apresentar essa fantástica e importante tecnologia, de forma simples, para que pessoas que não dominam aspectos técnicos também possam acompanhar a evolução da adoção da Certificação Digital e o universo que gira ao seu redor:
Certificado Digital para Assinatura e Sigilo, Certificado de Atributo, Carimbo do Tempo, Documentos Eletrônicos, Processos Eletrônicos, Nota Fical Eletrônica, TV Digital, Smart Card, Token, Assinador de Documento, Gerenciador de Identidades etc..Este Blog publica matérias e artigos extraídos da mídia que expressam a opinião dos respectivos autores e artigos escritos por mim que expressam, exclusivamente, minha opinião pessoal sem vínculo a nenhuma organização.
Certificado Digital para Assinatura e Sigilo, Certificado de Atributo, Carimbo do Tempo, Documentos Eletrônicos, Processos Eletrônicos, Nota Fical Eletrônica, TV Digital, Smart Card, Token, Assinador de Documento, Gerenciador de Identidades etc..
Matérias organizadas por data de publicação
- Não compartilhamento de Certificados Digitais
- Brasil precisa fazer o dever de casa em segurança ...
- Nova era da certificação digital é aqui!
- Compre na web com segurança/ Entrevista com Mercad...
- Quando os hackers brincam com a imprensa!
- Hackers do Bem
- Certificados digitais são usados para legitimar ma...
- Como hackers russos colocaram uma bomba digital na...
- Manifestantes pressionam governo brasileiro para d...
- Certificação Digital avança no segmento de saúde
- Porque Apple vai adotar NFC em sua próxima versão ...
- CASE - DIPLOMA ELETRÔNICO
- ▼ 07/20 (12)
- ► 2013 (174)
- ► 2012 (133)
- ► 2011 (427)
- ► 2010 (302)
segunda-feira, 21 de julho de 2014
Como hackers russos colocaram uma bomba digital na NASDAQ?
Four years ago, NASDAQ servers were compromised by Russian hackers, who were somehow able to insert a "digital bomb" into the systems of NASDAQ stock exchange, which would have been able to cause several damage to the computer systems in the stock market and could bring down the entire structure of the financial system of the United States.
Till now, identities of the hackers have not been identified by the agencies who are investigating the whole incident from past four years. However, it has been identified that the intruder was not a student or a teen, but the intelligence agency of another country.
The Hackers successfully infiltrated the network of NASDAQ stock exchange with customize malware which had ability to extract data from the systems and carry out surveillance as well. However, a closer look at the malware indicated that it was designed to cause widespread disruption in the NASDAQ computer system.
MALWARE EXPLOITS TWO 0-DAY VULNERABILITIES
According to a magazine cover story, the malware that was actually used by the hackers to infect NASDAQ servers exploited two mystery zero-day vulnerabilities.
The attack on the NASDAQ stock exchange was reported by Bloomberg Businessweek in its investigative cover story, "The Nasdaq Hack", which detailed the incidents took place at the NASDAQ leading up to the discovery of the inserted digital time bomb.
According to the magazine, it all started in October 2010, when the FBI was monitoring the Internet traffic in the United States and noticed a signal coming from NASDAQ, which indicated a malware infection. The most troubling part was that the malware was actually an attack code, which was created to cause significant damage, from another country’s foreign intelligence agency.
In February 2011, NASDAQ stock exchange confirmed the breach to its network and notified its customers.
The feds alerted and warned NASDAQ officials, who already knew about a compromise in their systems but had neglected to bother and inform anyone about it. The U.S. National Security Agency (NSA) was called in to help investigate the hack attacks against the company that runs the NASDAQ stock market.
After a five-month investigation by the FBI, NSA, CIA and US Treasury Department, it was uncovered that the malware used two unnamed Zero-day security flaws, for which there were no patches existed. Rather, it is unclear that the hackers targeted which software, and whether the hackers used these zero-day vulnerabilities to infect NASDAQ systems or to exfiltrate data.
In fact, one of the forensic investigators described the NASDAQ servers as “the dirty swamp,” because very few records were available that would have revealed daily activities on the servers and helped retrace the steps of the intruders.
"The agents found little evidence of a broader attack. What they did find were systematic security failures riddling some of the most important U.S. financial institutions. It turned out that many on the list were vulnerable to the same attack that struck Nasdaq. They were spared only because the hackers hadn't bothered to try."
Further analysis of the attacking code indicated that the malware attacked the NASDAQ systems was similar in design to the malware written by the Russian Federal Security Service for the purpose of spying and, NSA agents says, had the ability to seriously disrupt the exchange's activities.
But it is also possible that the malware which had been used belongs to another country, Bloomberg notes. China was a primary suspect, for both its intrinsic features and its ability to confuse an investigation.
Nasdaq spokesperson says that the malware did not reach the stock exchange, as originally stated in the cover story headline. "The events of four years ago, while sensationalized by Businessweek, only confirmed what we have said historically: that none of Nasdaq's trading platforms or engines were ever compromised, and no evidence of exfiltration exists from directors' desks," said NASDAQ spokesman Ryan Wells.
Formada em Publicidade e Propaganda pela PUC Rio, trabalhou em importantes agências de propaganda nas áreas de pesquisa de mercado, planejamento estratégico, atendimento à clientes especiais e planejamento de mídia.
Dirigiu a área comercial de uma produtora de vídeos internacional e trabalhou em duas redes de televisão: TV Globo e Bandeirantes.
Dirigiu sua empresa de marketing político por 6 anos e desde 1995 se dedica ao comércio eletrônico junto à clientes corporativos e varejo em especial no segmento da
CERTIFICAÇÃO DIGITAL.Regina Tupinambá - CCO – Chief Content Officer - Instituto CryptoID.
Se dedica ao comércio eletrônico e em 1999 entrou para o universo da certificação digital.
Dirigiu diversas áreas da Autoridade Certificadora Certisign entre elas: Marketing, Comercial, Produtos, Treinamentos, Suporte Técnico, Licitações e SAC.
Desenvolveu o mercado de SSL no Brasil e criou o mais completo programa de cursos sobre Certificação digital.
No âmbito da ICP-Brasil acompanhou a criação da AC Raiz, além de participar diretamente da homologação de muitas Autoridades Certificadoras e Autoridades de Registro. É autora do Blog Certificação Digital desde 2010.
No momento é CEO da Insania Publicidade e como CCO do Instituto CryptoID, dirige a área de conteúdo do Portal.