No trust without oversight

source

attention this is a productsite selling stuff even if the presentation is nice

this is a picture

you have to go here http://www.proofpoint.com/uk/topten/index.php

this means that your online webservices or shops are seperated from your content and social media and all that other nonsense and that non-critical information can be presented without the encryption but all the personal and practical prepare-to-shop parts of your website should be protected by SSL (the full ssl environment)

this limits the possiblities of attack (against for example the browser of the visitor or by injecting content)

"An extremely low 2/100 websites protect users by automatically using a secure HTTPS version (SSL) by default.

• Only 25/100 websites have SSL EV certificates.
• 33/100 websites display non-SSL content together with SSL content on their pages.

Parliament, he said, "could request COM to start infringement procedure on basis values of fundamental rights and legal principles as lined out in Art. 2 of the Treaty and on the over-step of the notion of 'national security' in Art 4. In addition the activity in other EU member states without explicit permission by those could be infringement to souvereignety of these other EU member states and the principle of loyal cooperation in the EU." In short, Albrecht does not believe that 'national security' is as completely isolated from EU jurisdiction as is often supposed.

He added that the work of European intelligence services should be considered within the proposed General Data Protection Regulation, and that Europe should start discussing "a treaty change procedure on allowing the EU to set minimum standards for intel services."

But in all of these various accusations and refusals to comment, one question has been left unasked and unanswered: what do Europeans actually think of Britain and GCHQ's spying. Infosecurity asked the question bluntly, and received a refreshingly blunt reply. "It is already today a huge damage to the relationship between UK and the rest of Europe. The attacks of the GCHQ on TelCom services like Belgacom and on servers on huge internet companies are illegal cyberattacks which come near to the notion of cyberwar. The involvement of issues not covered by national security like economic spying splits the Union and throws it back to the fight between national economies in the last century. It will harm the economies in Europe including the British and the trust in the institutions as well as the digital market severely."
http://www.infosecurity-magazine.com/view/36030/exclusive...

It is for us Belgians very important that Snowden has more information or knows if there is more information about the role of the british and echelon intel agencies with the breakin in Belgacom

this is the hack

another screencast can be found here

http://www.zone-h.org/mirror/id/21341439

and in fact it is the database of 

Coda-Cerva, Centrum voor Onderzoek in Diergeneeskunde en ...
www.coda-cerva.be/‎Translate this page
Andere informatie en diensten van de overheid / Autres informations et services officiels : www.belgium.be. Logo des autorités fédérales belges. Coda-Cerva ..

and in fact it was the webinterface to a database with statistics (but also with passwords that may be compromised)

BVDV Survey Page
bvdv.var.fgov.be/‎
The thematic network on BVDV-control wishes to collect information about data sources on BVD and relevant demographic data in Europe. The aim is to make ...
Help - Welcome to our web-database on BVDV data sources
bvdv.var.fgov.be/index.php?help=1‎
Database Info. Description: This field contains information on the objectives, the purpose, and the use of the database. The database may contain information of ...
View Database - Welcome to our web-database on BVDV data ...
bvdv.var.fgov.be/index.php?view=1‎
Welcome | View Database | Enter your data | Data Administration | Help | Login. Please login first. login : password:

and it is a bad cleanup operation - wow says something about security over there

this was cleaned up  http://fugazi.var.fgov.be/   was before this http://www.zone-h.org/mirror/id/21341438

but these were not cleaned up yet

http://www.zone-h.org/mirror/id/21341440

http://www.zone-h.org/mirror/id/21341441

This example is based on the UK version of what we are calling The Hack using BT Internet services. If you are not in the UK and regardless of the service, you should always assume that the exact same principles detailed
here are always being used against you regardless of your country or ISP.
The Hack is based on the fact that a second secret/hidden network and second IP address is assigned to your modem. Under normal use, you cannot detect or see this from your LAN, but the attacker has direct access to your modem and LAN in your house from the Internet

How it Works
When the DSL connection is established a covert DHCP request is sent to a secret military network owned by the U.S. Government D.O.D. You are then part of that U.S. D.O.D. military network, this happens even before you
have been assigned your public IP address from your actual ISP.

This spy network is hidden from the LAN/switch using firewall rules and traffic is hidden using VLANs in the case of BT et al, it uses VLAN 301, but other vendors modems may well use different VLANs. The original slide has a
strange number 242 with grey background, we think this represents the VLAN number/Vendor number so BT would be 301.

This hidden network is not visible from your "Modem's Web Interface" and not subject to your firewall rules, also not subject to any limitations as far as the switch portion of your modem is concerned and the hidden network
also has all ports open for the attacker.

Other tools and services are permanently enabled inside the modem, which greatly aid the attacker, such as Zebra & Ripd routing daemons, iptables firewall, SSH remote shell server, along with a dhcp client.

read more here  http://cryptome.org/2013/12/Full-Disclosure.pdf

possible but is it also plausible and is it real or is it on a particular modem

there are many indications and there is also a lot of suspicion

it also means that the special BTagent on the modem - like Belgacom has one - arouses a lot of suspicion which means that in fact to be trusted it will have to investigated by independent sources

the routers and switches used are from Huwaie

this is a free game for android and ipad that gives you the possibility to put you into the place and responsability of the people you see scanning thousands of bags everyday looking at all kinds of stuff being responsable to find everything that is hidden or broken up in several parts

airportscannergame.com

The potential is also there, Mitroff said, for the Airport Scanner game to play a role in Transportation Security Administration training and standard operating procedures. The research team now has access to more than 1.5 billion trials from the smartphone app for analysis.
http://www.hstoday.us/single-article/phone-app-tests-user...

Agency plans, policies and systems aren’t being updated to reflect the most recent threats, a potentially devastating misstep in the ever-evolving world of online security where new threats can pop up overnight, said the agency’s inspector general.

Some DHS cybersecurity guidelines date back to 2008, and “baseline security configuration settings are not being implemented for all systems,” investigators said.

In addition, 47 systems are being used without “authority to operate” certificates that ensure the most up-to-date security protocols are in place. Of those, 17 are systems that handle classified secret data.

“This report shows major gaps in DHS‘ own cybersecurity, including some of the most basic protections that would be obvious to any 13-year-old with a laptop,” said Sen. Tom Coburn of Oklahoma, the top Republican on the Homeland Security and Governmental Affairs Committee.

“DHS doesn’t use strong authentication,” he said. “It relies on antiquated software that’s full of holes. Its components don’t report security incidents when they should. They don’t keep track of weaknesses when they’re found, and they don’t fix them in time to make a difference.”

The number of cybersecurity incidents at DHS has risen 17 percent over the past year, data shows, and attacks by more advanced malicious software have risen 134 percent since 2010
http://www.washingtontimes.com/news/2013/dec/4/homeland-s...

wow

imagine this

and now hundreds of hackers are scanning and attacking every part of their network to find all those holes to go through to the internal network

a list in progress

they spy on activists, journalists and critics or militants and probably their own employees and other firms

the hire and are directed by mostly ex spies or their directors

stratfor was hacked and its 1 million subscriber-contributor list and all their emails were thrown on the internet

some of their activities are legit like anti-fraud, protection of resources and preventive screening of security and there is also open-source intelligence that still has to be analyzed, followed up and checked

http://littlesis.org/list/496/Corporate_Espionage_Firms

If China successfully aids the proliferation of bitcoin, the implications on the global currency system could be monumental. Rather than having to use USD as an intermediary currency or establish swap lines to support international trade, a world conducting trade with bitcoin would mean the USD currently used for this purpose would be leaked as additional supply in the Forex markets, driving down the value of USD and driving up borrowing rates for the US. This change, on a large scale, would drastically accelerate the effects of the inflationary policies already taken up by the Federal Reserve. A significant inflationary trend in USD could potentially create a devastating cycle as global banks looking to preserve their wealth seek alternative reserve currencies, even further reducing the dollar’s value.
http://thegenesisblock.com/bitcoin-the-newest-tool-in-chi...

but they seem to forget a few things

the biggest fear of inflation is in China, not in the US

Bitcoin is used in China as an internal investment (to bypass the governmental controls and as another way of shadowbanking which is the main monetary problem in China) and to get money out of the country or expand its holdings in real-estate without leaving an official trail (landgrab) and probably corruption

another thing is that the security of the bitcoin software and code is nearly worthless compared to the systems installed by the banks and the monetary exchanges and it is based upon virtual trust (and not central authorities with controlling agencies and guarantees) so it would be easy for a group of official hackers to hack big parts of the systems, steal big chunks of money and get it all spread out on the web so that nobody would trust his real money with this virtual 'coin'. People are very particular with real money, they panick more quickly and most of the exchanges don't have enough money to repay all the deposits.

the money has lost 50% of its value in the last three days, if this happens with real money it would be chaos and for many people it will be real money they will have lost

so if I was the US, I would say to China, You wanne use Bitcoin as an economic weapon, go ahead 'make my day' and send out the NSA to win this war without any casualty in a few hours or so

On Wednesday, the House Judiciary Committee is scheduled to consider legislation aimed at reining in abusive patent litigation. But one of the bill's most important provisions, designed to make it easier to nix low-quality software patents, will be left on the cutting room floor. That provision was the victim of an aggressive lobbying campaign by patent-rich software companies such as IBM and Microsoft.

The legislation is sponsored by Rep. Bob Goodlatte (R-Va.), chairman of the House Judiciary Committee. He unveiled a new version of his bill last month, touting it as a cure for the problem of patent trolls. One provision would have expanded what's known as the "covered business method" (CBM) program, which provides an expedited process for the Patent Office to get rid of low-quality software patents. That change would aid in the fight against patent trolls because low-quality software patents are trolls' weapon of choice.

But the change could affect the bottom lines of companies with large software patent portfolios. And few firms have larger software patent portfolios than Microsoft and IBM. These companies, which also happen to have two of the software industry's largest lobbying budgets, have been leading voices against the expansion of the CBM program.

The CBM program provides a quick and cost-effective way for a defendant to challenge the validity of a plaintiff's patent. Under the program, litigation over the patent is put on hold while the Patent Office considers a patent's validity. That's important because the high cost of patent litigation is a big source of leverage for patent trolls.
http://www.washingtonpost.com/blogs/the-switch/wp/2013/11...

this would mean of course that there portfolio's with thousands of patents and their papermill who are demanding for patents for whatever idea or process that their huge rd departements are working on and their patentlawyers who spend half their time bullying other firms into paying royalties if they don't want to go broke on costly and lengthy patent trials (which would be terminated with this proposal if the patent itself is weak) would be finished and you wouldn't want to stop all that money flowing in without doing or producing something new

this is also why the real value of firms is also based upon their patents and the possibilities that they may bring in royalties from bigger more succesful players (driving up the cost to pay for all that worthless non-creative middle managment in the patent blackmail scheme)

well this is far worse than the 'scandal' we have here with an ex minister who started working at an ecological firm two years after being out of office :)

http://maplight.org/content/73373

so how can you expect any serious law or investigation taking place

splunk is one of the success stories in the Open Source world because it gives the possibility to monitor an enormous lot of servers and machines and treat that enormous loads of data and metadata in a normal and understandable way without investing the millions of dollars other bigdata players are asking

"Splunk software is used by the US National Security Agency and Britain's Government Communications Headquarters and enables organisations to analyse "massive streams of machine data generated by websites, applications, servers, networks, mobile and other devices".

Australian Defence intelligence has been buying Splunk software since at least 2009.

http://www.theage.com.au/technology/technology-news/telst...

but you can get it free and use the same software as the NSA to monitor your installations and switches and so on and let no one - even the NSA - surprise you with an operation against you that you normally could have seen or receveid an alert for

"Splunk Enterprise is the leading platform for real-time operational intelligence. It's the easy, fast and secure way to search, analyze and visualize the massive streams of machine data generated by your IT systems and technology infrastructure—physical, virtual and in the cloud.

Troubleshoot application problems and investigate security incidents in minutes instead of hours or days, avoid service degradation or outages, deliver compliance at lower cost and gain new business insights.

Download Splunk Enterprise for free. You'll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. You can convert to a perpetual Free license or purchase an Enterprise license to continue using the expanded functionality designed for multi-user deployments.

http://www.splunk.com/download

This amounts to a chilling effect on new journalists who are seeking to take on investigative reporting. From June 2008 to June 2013, 456 journalists have been forced into exile worldwide — per the Committee to Protect Journalists. From 2000 to 2012, 1,801 reporters have been jailed for their coverage; 1,017 investigative journalists have been killed since 1992; 38 investigative reporters have been considered missing since 1995, without evidence to confirm death or final disposition.
http://www.mintpressnews.com/war-journalism-media-consoli...

but the most harmful is that journalists don't have the resources or the permission to do investigation or to go deeper than the headlines or the scandal of the week and stay trapped in running every day behind hundreds of incoming stories without being able to put the puzzle a bit together and inform the readers about backgrounds, trends and the things the other media is not writing about

if the press magnats wants us to buy newspapers there should be articles that we couldn't find online and that are interesting enough to spend some time on - there are a million other things to read and do today

the belgian press is boring.... to its death

Interestingly, Gigamon began to move into the Russian market in 2009 with a company spokesperson declaring “there is a bright future for Gigamon in the Russian Federation”. The company hasn’t revealed its Russian customer list, but at a trade show in the US in late 2011 Gigamon representatives gave a presentation in which they mentioned “they’d just done a huge install with Russia . . . allowing the government to monitor data of its citizens.”
http://leaksource.wordpress.com/author/leaksource/