10/28/2014

Apple has already one million creditcards in its Pay systems that work with hackable NFC

read and enjoy 

The NFC trouble 

Permalink | |  Print |  Facebook | | | | Pin it! |

why is the battle in Lebanon so important for the rebels in #syria ?

"A battle between Lebanese troops and Muslim militants in northern Lebanon was widely expected after members of the Islamic State group and al-Qaida's branch in Syria, the Nusra Front, launched several attacks over the past weeks in areas on the border with Syria.

Sunni militants inspired by the Nusra Front and the Islamic State group have killed and wounded several soldiers in a string of attacks in recent months in Tripoli and nearby areas.

Lebanese army commander Gen. Jean Kahwaji said in comments published this month that the militants from Syria want to ignite civil war and create a passage to Lebanon's coastline by linking the Syrian Qalamoun mountains with the Lebanese border town of Arsal and the northern Lebanese town of Akkar, an impoverished Sunni area.

http://bigstory.ap.org/article/3203da1b8d79480fa9d542c057...

Why does Putin want Crimea and now Mariupol ? And why is Syria so important to him, expect that it has his last Russian military fleetbase ? 

Access to the sea means that there is a way to get weapons, fighters and other material by sea 

but this is not the FSA but AlQaida so this battle is lost because nobody has an interest in it, except for Al Qaida, but that is not in the interest of anybody - and surely not FSA

Permalink | |  Print |  Facebook | | | | Pin it! |

remember the Afghan rebels shooting down Russian helicopters ? #Isis does....

"BAGHDAD — From the battlefield near Baiji, an Islamic State jihadist fired a heat-seeking missile and blew an Iraqi Army Mi-35M attack helicopter out of the sky this month, killing its two crew members.

Days later, the Islamic State released a chilling series of images from a video purporting to capture the attack in northern Iraq: a jihadist hiding behind a wall with a Chinese-made missile launcher balanced on his shoulder; the missile blasting from the tube, its contrail swooping upward as it tracked its target; the fiery impact and the wreckage on a rural road.

The helicopter was one of several Iraqi military helicopters that the militants claim to have shot down this year, and the strongest evidence yet that Islamic State fighters in Iraq are using advanced surface-to-air missile systems that pose a serious threat to aircraft flown by Iraq and the American-led coalition.

http://www.nytimes.com/2014/10/27/world/middleeast/missil...

that is why they need US helicopters who have defenses against such attacks 

this is not just a bunch of guys with machine guns, Isis is an army so you have to battle it like an army

Permalink | |  Print |  Facebook | | | | Pin it! |

those who thought that Russia had no end-game and that the game in #ukraine was over, it only started (again)

Yep the Ukrainans have their elections and the results have been accepted by Moscow 

Yep there is something of a cease-fire but that will be ended soon as the Russianheld territories need Mariupol and the airport to have something of a real region - even if they don't have the whole regions

Yep there are no great movements of Russian military but every day new Russian tanks and soldiers are crossing the border - under the radar of the international news organisations (100 tanks is a better title than 10 russian tanks cross the border)

and now, we are back at where it all started - a referendum in the two seperatist russian occupied regions (that is why it is a pity the Ukranian army didn't push into Donetsk when it should) 

yep a referendum in a region in which everybody who is opposed to the occupation is send to cellars they don't come out of again 

yep a referendum where there are no other parties or press than those of the occupiers

yep a referendum that will be as legitimate as the one in the Crimea 

so all those believers that you had an agreement with Putin, that Peace was on your way,

you are chamberlain after all (but we knew that from the beginning)

meanwhile if you are into (cyber)security prepare for the possbility of a new cold war or local wars and skirmishes and troop buildups and incidents and all the rest (the possbility that this will happen has just increased with 1000 percent)

Permalink | |  Print |  Facebook | | | | Pin it! |

the FBI sets up waterholing webpages since 2007

waterholing webpages are pages or sites that look legitimate but have software installed that will 'mark' or infect the visiting computer 

it is a normal procedure of real attack against a person or organisation 

"The FBI in Seattle created a fake news story on a bogus Seattle Times Web page to plant software in the computer of a suspect in a series of bomb threats to Lacey’s Timberline High School in 2007, according to documents obtained by the Electronic Frontier Foundation (EFF) in San Francisco.

 

The deception was publicized Monday when Christopher Soghoian, the principal technologist for the American Civil Liberties Union in Washington, D.C., revealed it on Twitter.

 

In an interview, Soghoian called the incident “outrageous” and said the practice could result in “significant collateral damage to the public trust” if law enforcement begins co-opting the media for its purposes.

http://seattletimes.com/html/localnews/2024888170_fbinews...

Permalink | |  Print |  Facebook | | | | Pin it! |

Yemen is just such a mess no wonder alqaida feels at home

"FIghting in central Yemen between Houthi rebels and a tribe in the town of Radda has killed at least 250 people in the last three days, security officials said Monday.

 

The Houthis — a political and religious rebel group named after a former commander, Hussein Badr al-Din al-Houthi — captured Sanaa on Sept. 21 after weeks of anti-government protests focused on fuel price rises. The group signed a power-sharing agreement with other political parties soon afterward, a deal that was sanctioned by President Abd-Rabbu Mansour Hadi. But this has not deterred the Houthis from pushing into other parts of the country. Their leaders say they want a more representative national government that can combat corruption and secure the country. http://america.aljazeera.com/articles/2014/10/27/official...

if you understand something, you know more than I but this looks like a real mess in which you will never know who will do what to who 

failed state is their name

Permalink | |  Print |  Facebook | | | | Pin it! |

POS (POINT of sales) hardware connected to the internet is a new goldmine for hackers

yep, they are doing it again

connecting things to the internet without the big defenses for it (proxies, vpn, ....) so you can't get to the machine itself (that costs too much)

no, you connect for maintenaince your Point of Sales hardware directly to the internet so it can be directly updated and managed from the internet (easy it looks and everybody is doing it)

now that they have laid of all that staff that was giving technical support to their POS because they did it 'over the internet' they are paying dearly for this 'cheap' solution 

in fact they are paying millions every month because thousand and thousands of systems are infected (and how are you going to clean all that without all the technical staff that you have laid off, brother ?) 

and if at the same time you don't encrypt the data from end to end and the technical staff that has access to those systems use default or bad passwords and doesn't react to all those securityalerts for months (because not enough staff for too much work doing all those things over the internet, and hey it is not in my job description (which is right, you need some-one doing nothing else but looking at all those things happening everywhere) 

than you lose millions of data and millions of dollars and what is even worse you lose enormously much money to clean up the mess and your stock takes a hit and according to a survey last week more than half of all customers won't go to the chains that were impacted by the latest attacks on their POS infrastructure (maybe you should install big moneymachines in those shops so people can get the cash out and pay with cash as they don't trust your POS infrastructure for their cards and accounts)

and they have any reason to worry because it now seems that what the banks and financial institutions were saying in the beginning that they didn't see any fraud with those thousands or millions of financial data that was lost, is not true anymore. It looks as if the data has been sold to some operators or that some accounts are only attacked or emptied right now (when maybe everybody is losing attention because it is already some time ago)

and meanwhile the attackers have learnt so much and have so much money in their pockets (and that of their women who are very happy about their naughty boys) that they can now bypass any firewall or antivirus and can only be stopped by ..... threat intelligence. Ohlalalala this means that you need people who watch, who analyse and that the big economy you think you were going to have in the first place is now also up in smoke because you will have to pay enough people enough money to look every day every moment at logs and events and check and doublecheck and investigate thinks. If you think that this can be done by a computer or robot, think again. Programs can help but they can't stop the attackers. 

and so to keep themselves rich and their women happy they are now attacking in full force the POS installations and software because it is the biggest moneyfarm that is available for free now and that is not being defended as it should be - why make life difficult with hacking banks if you can get the same information just by those POS installations of some supermarket chain (and know what, once you get into one, you can get in all of them because they have set them up all the same way - economies you know)

Permalink | |  Print |  Facebook | | | | Pin it! |

why #ISIS has to control cities and road to have a steady income (next to oil)

"Extortion and illicit taxation systems are also a significant source of income for ISIS, and potentially one of the most sustainable. Prior to capturing Mosul, ISIS was already earning $12 million a month in the city alone. This is now being replicated, though in a more organized manner, across ISIS-controlled territory and covertly in other areas under its partial influence. However, it should be recognized that this ‘extortion’ and taxation is not always done unilaterally and solely in ISIS self-interest. For example, a sophisticated ISIS taxation system on the main highway between Jordan and Baghdad has been developed which replaces the government’s import tax by charging reduced rates for the transport of goods into the Iraqi capital. The trucking business across western Iraq is primarily controlled by Sunni tribes, and therefore, by imposing lower taxes ISIS earns a steady income but offers its tribal guarantors an opportunity to increase their earnings.  Similar systems are in place elsewhere in western Iraq and eastern Syria, with an overriding emphasis place upon this dual focus of earning money while retaining a ‘buy-in’ from tribes that ISIS existentially relies upon for its societal survivability.

http://www.brookings.edu/blogs/iran-at-saban/posts/2014/1...

so without troops on the ground to attack ISIS and to develop a sense of security so that nobody thinks that they have to pay to ISIS to be sure that their livehood and business will not have any risk of being killed, ISIS will be sure to have at one side enough resources to pay its combatants and at the other side have secured the continued commerce in the territories that she controls so that 'everything looks normal' and people can 'get on with their lives' (they think)

and neither the Iraq army nor the Iraq leadership are showing any real willingness to go to a real war with ISIS because they are holding back (and the US and the socalled alliance is NOT giving them the military hardware and operations they need to make a real difference)

Permalink | |  Print |  Facebook | | | | Pin it! |

the situation can become much worse in Iraq and the region if #ISIS takes Anbar (but who cares over here?)

"So far, Iraqi military and security forces in Anbar report they are receiving supplies and light arms from the government, but not the heavy artillery and tanks they say they need to push back Islamic State gains.

 

“The general perception is that the Iraqi government doesn’t believe Anbar as a whole to be important,” says Ahmed Ali, an Iraqi researcher with the Institute for the Study of War based in Washington. “It sees parts of Anbar to be important, but it’s clear the government’s priority is to secure the [outskirts] of Baghdad first.”

 

Similarly, US-led airstrikes have shifted away from targets in and around cities in Anbar in recent weeks. Instead, coalition planes are more often protecting key points of Iraqi infrastructure like the Mosul Dam and Bayji oil refinery.

 

Ali says beyond the province’s symbolic value, there will be dramatic strategic consequences if Anbar falls out of government control. One of those consequences will be that Islamic State militants will be better positioned to launch attacks on Shia holy sites in Karbala. One such devastating attack, Ali argues, could spark an all out civil war in a manner similar to how the 2006 al-Askari Mosque bombing in Samarra unleashed a torrent of sectarian violence. http://www.mintpressnews.com/isis-making-strong-gaines-in...

war is not sending 9 or 20 times a plane to drop a bomb or 4 - how precise and massive they may seem

war is not only giving small arms to soldiers who are facing an enemy with tanks, rocketlaunchers and heavy artillery 

war is not standing by and saying everything is lost even if we have done everything we could (we say) 

Permalink | |  Print |  Facebook | | | | Pin it! |

these are the best/worst mediapirates websites (thanks MPAA)

if you don't find it here, it will be very hard to find (and it will surely not be in Google)

networks from firms should control that access to these sites is blocked to limit their responsabilities, if they have a proxy there should be some categories that would allow this. Allowing P2P traffic in a netwerk is just asking for huge legal and securityproblems (and sometimes networkproblems) 

MPAA is spending millions to find them, calculate their importance and hunt them down to get at least their links out of Google as fast as possible (this is the reason for the renewed popularity of the sites that only have links to pirated content - which is illegal in Belgium under some conditions and maybe illegal in your country too, so be careful before you want to jump on the bandwagon)

some sites are really located in astonishing places of which you would have thought that it would be easy to take them down using the copyright laws (Sometimes the FBI and now the London Police take down hundreds of websites in sweeps but those yearly actions aren't very effective because the search only goes to other places) 

at another note, there is also some evidence that when there are professional, global and great alternatives like spotify and netflix the amount of illegal downloading reduces enormously 

Direct Download and Streaming Cyberlockers:
VK.com – Russia
Uploaded.net – Netherlands
Rapidgator.net – Russia
Firedrive.com – New Zealand
Nowvideo.sx and the “Movshare Group” – Panama/Switzerland/Netherlands
Netload.in – Germany

Peer-to-Peer Networks & BitTorrent Portals:

Kickass.to – Several locations
Thepiratebay.se – Sweden
Torrentz.eu – Germany/Luxembourg
Rutracker.org – Russia
Yts.re – Several locations
Extratorrent.cc – Ukraine
Xunlei.com – China

 

Linking Websites:
Free-tv-video-online.me – Canada
Movie4k.to – Romania
Primewire.ag – Estonia
Watchseries.lt – Switzerland
Putlocker.is – Switzerland
Solarmovie.is – Latvia
Megafilmeshd.net – Brazil
Filmesonlinegratis.net – Brazil
Watch32.com – Germany
Yyets.com – China
Viooz.ac – Estonia
Cuevana.tv – Argentina
Degraçaemaisgostoso.org – Brazil
Telona.org – Brazil

Permalink | |  Print |  Facebook | | | | Pin it! |

10/27/2014

websites of local policeforces are not always what they seem when hacked

this is what it is 

 

policeath.PNG

 

and this what it looked like

but remember those local websites  - just as those from the city councils are a very important part of the crisiscommunication if something would go terribly wrong there 

but just as with schools they would need secure platforms where a central team of securitypeople are responsable for defending and upgrading and securing their websites 

oh and if you want to start an investigation, go first to France if you get a demand for international assistance in order and all that stuff and than file a complaint under French law and all of that 

policeath2.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

yahoo is incapable of stopping predictable accountphishing against her users

one may ask themselves why they can't get that kind of phishing scams out of their systems

you can filter on titel or because the shown link and the real link are different or whatever 

yahoo.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

yahoo is incapable of stopping predictable accountphishing against her users

one may ask themselves why they can't get that kind of phishing scams out of their systems

you can filter on titel or because the shown link and the real link are different or whatever 

yahoo.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

the story of 4 carders who found a jail in the US instead of love and sex

"One particularly interesting case of how a carder was apprehended involved a law enforcement professional who was working undercover in the carding world. The female agent befriended a carder and over time developed a relationship. As the relationship matured, the female agent convinced the carder to come to Las Vegas to marry her.

 

Once the carder arrived in the United States, he was apprehended. However, that wasn't the end of the story. The agent took her carder "fiancé" to various locations in Las Vegas and took pictures of both of them at various landmarks, and later posted the photos on social media. The agent then invited the carder's friends to come to the wedding in Las Vegas. In total, Lenik said, four people were arrested after traveling to Las Vegas for the wedding
http://www.eweek.com/security/sector-speaker-shows-how-cr...

the cyberworld is no different from undercover- and spy-operations even if it is against the criminals

now that all over the world policeservices are getting more power to use online the same techniques they use in the real world, you will end up asking yourself each time you try to do something illegal if that ain't a cop or intelligence officier at the other side of the conversation

and being tricked to travel to the states is one that has been used several times and it is surprising that it still works 

Permalink | |  Print |  Facebook | | | | Pin it! |

this is what the Cert of the EU is responsable for (but don't ask if they got the resources)

and to understand it well

sit down and read aloud one line after another

and think about what the consequences would be if one of them got breached 

instead of spending millions on 'awareness' one should spend money on resources to defend your infrastructure and data before people become aware that you are a king without clothes (not against the people of certeu off course)

and the situation in Belgium is not better ...... 

certeu.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

this is how the cert of the NATO is organised

from a presentation 

and they seem to get ever more resources, the question is if it is enough and how much you need to increase it when you see what Putin is doing on the level of electronic warfare 

but it looks as if they are getting processes and disciplines in order 

as long as they learn that you will lose the next war when you prepare for it as you did for the last war .... 

certnatio.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

#opnl is Anonymous moving on the Netherlands

let's see if this will fizzle out or not

at the time of Lulzsec some operators of that network were in Holland and some of the people arrested or indicted for participation in one of the several ddos campaigns against banks and creditcardcompanies were also from Holland 

but that was all a long time ago

just something to look out for without turning into a mad paranoid securitybear 

opnl.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

Hackers are doxing Swift what is next ?

doxing means that they are publishing all the information they are finding by public channels or by extracting without reaching the real innercore of your infrastructure

it is a kind of scanning but more concentrated on the human aspect of an attack strategy 

when that starts, one knows that more is coming and one needs to make the doxed persons aware of that  

and no, it will not be with known viruses but by zerodays in the mail and phonecalls to the persons impersonating others 

I know it is a holiday, but isn't that the best social engineering period ? 

swift.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

10/26/2014

the fort Knox phone by Samsung can be broken says securityresearcher

Samsung launched a Fort Knox hypersecure phone approved by NSA but its security is according to securityresearchers still lacking some fundamental features (full encryption) and makes some other mistakes. Some may think this is unfortunate while others may suppose it is deliberate.

"Samsung really tried to hide the functionality to generate the key, following the security by obscurity rule. In the end it just uses the Android ID together with a hardcoded string and mix them for the encryption key. I would have expected from a product, called Knox, a different approach:

  • The fact that they are persisting the key just for the password hint functionality is compromising the security of that product completely. For such a product the password should never be stored on the device. There is no need for it, only if you forget your password. But then your data should be lost, otherwise they are not safe if there is some kind of recovery option.
Recommendation:
Instead of Samsung Knox, use the built-in Android encrpytion function and encrypt the whole device. Android is using a PBKDF2 function from the encryption password you choose and never persists it on the device. Obviously you can never access the data if you forget your password, but that's the point of a good encryption.

http://mobilesecurityares.blogspot.co.uk/2014/10/why-sams...

Permalink | |  Print |  Facebook | | | | Pin it! |

yahoo and facebook propose a new emailheader that makes it possible to clean memberbases

souce http://threatpost.com/facebook-yahoo-curb-identity-theft-with-new-email-ownership-header/109009

untill now nobody really wanted to clean up its membersbase and kill accounts that were inactive since a year at least. This makes that an enormous number of email- and other services have an enormous number of accounts sometimes with very attractive names that are just dead ducks. The biggest problem to take any action is the danger that if you liberate those accounts it will be possible for the people who were getting the old accounts to get access to other services that were authentificated through that emailaccount

this new header changes all that because it will be indicated in the new header if the emailaddress has changed hands or not and since when. This makes it possible for the other services to compare with their own database to compare the date at which their member became a member. It is not totally waterproof but it is a start.

It also gives numerous services a possibility to destroy accounts that have no sense of staying on their servers and limit also the damage if they have a breach.

Permalink | |  Print |  Facebook | | | | Pin it! |

1 2 3 4 5 6 7 8 Next