It’s time to vote


Once again the prestigious annual Bitacoras Awards voting start. Last year we had the honor of being ranked 23rd in the category of best computer security blog, above many reference blogs. The truth is that this encouraged us to continue even with

Applications of cybercrime legal framework (II)


In this post we will summarize the resolution 161/2010 of the Criminal court number two of Salamanca where the absence of criminal liability is settled on a denial-of-service attack to a web server of the Cancer Research Center, that at

Hardening binaries (III) – ASan


In previous posts we’ve talked about GCC options that make our executable safer , in this posts we present compilation options that generate reports, warning of errors in the code. AddressSanitizer (Asan) is an option for Clang (> = 3.1) and GCC (> =

Autoscaling trend: Microservices and Docker


In the previous post we mentioned the potential of cloud computing thanks to the virtualization layer. For years we have been using Virtual Machines (VMs) to house multiple “copies” of the same service. This allows you to add or remove instances,

go run summer.GO


We recognize it, we have sinned. We are playing Pokemon GO. We have decided to ignore the privacy issues, battery drain, DoS attacks to servers and we have taken the streets. It has also helped us to discover the sunlight, which

Security Research (V) – 4 errors, 1 failure


In this series of posts on how to start researching in system security, we have seen the first steps on how to choose topic, director, as well ad doing the first workplan and how  a scientific contribution is done in

Applications of cybercrime legal framework (I)


Given the wide case mix that make up the jurisprudential doctrine of this type of crimes, we thought it is appropriate to bring up curious and instructive cases. STC (2nd Penal Chamber) 7 November 2011, facts: The defendant gives brought his computer

Exploit kits, loved and hated in equal measure


Exploit kits are the cause of a large percentage of malware infections that occur nowadays. Depending on the side where you are, you will consider exploit kits a godsend or a hellish curse. They are toolsets to automatically exploit vulnerabilities on the client

Hardening binaries (II) – PIE


Following the classic compilation options of GCC to try to have more robust binary, in this post we will discuss the options and -fPIE -fpie that allows to compile executable as “Position Independent Executables” and makes their sections to be loaded in random

Autoscaling with Scryer from Netflix


More and more companies decide to host their services in the cloud. The advantage of a cloud providers is the hability to use only the resources we need at all times, rather than paying the cost of a fixed number of