12/18/2014

We are closing down for always....... (but for the moment we keep this blog open as archive)

my sources will stay online and may stay updated

-------------------------------

Some people have been playing a trick on me and my family

this is not worth it

you don't play with my family

after ten years, I have done enough

I have also a life

and other priorities 

It is for the state to invest and to do its work

not me and surely not against my family 

bye

and a happy 2015

I am not coming back. Not this time

------------------------------------------------------------------------------------------------------------------------

just to make some things clear

* I never hacked, I don't know hackers and I am not Rex Mundi, never was and I don't know who he is

* I am open for new opportunities or possibilities to work for a safer internet or network somewhere - only serious offers this time - but this blog will not be updated again

* I am available for other freelance work

 

Permalink | |  Print |  Facebook | | | | Pin it! |

12/17/2014

Russian missile exercise (against what) in Kalingrad (next to Germany)

what is the scenario they are doing all those exercises for ?

situation getting more nervous and dangerous in that region every week

Permalink | |  Print |  Facebook | | | | Pin it! |

#copyrigth defenders want to take on dns providers to take down sites (back to IP numbers than)

when I started on the internet I had lists with IP numbers of servers on a page

dns and domainnames only came later

the copyrightholders want to go back to that

they want to marginalize copyrightinfringing sites like that

but it can bring down one of the most essential parts of the internet as we know it today

"The MPAA’s legal argument centers on the claim that DNS records are working as an index or directory rather than simply routing data. If that argument holds, then the DNS links could be vulnerable to the same takedown notices used to strike torrent links from Google searches. The net effect would be similar to site-blocking, making it as easy to unplug a URL as it is to take down a YouTube video. It would also cast DNS providers as legally responsible for all the sites on the web, the same way YouTube is responsible for every video uploaded to its network. For many providers, simply managing the flood of notices might create a logistical nightmare.
http://www.theverge.com/2014/12/16/7401769/the-mpaa-wants...

Permalink | |  Print |  Facebook | | | | Pin it! |

12/16/2014

#ukraine will decide the balance of geostrategic military power in Europe

why Russia thinks it can bully its borderstates militarily

CSTO Military Data Chart

into becoming a member of their socalled security alliance

Russia Military Alliance Map

in which you see why Ukraine is the missing domino as are uzbekistan, Georgia and azerajan

while trying to keep them from joining NATO

NATO's Expanding Membership Map

and also here you will that the whole geopolitical map changes when Ukraine joins NATO or is linked to it

because if you are linked to it, you are linked to the US and the US has the biggest military machine (even if it doesn't want to use it so massively as it did several times)

and you don't have to be afraid anymore of all those Russian troops at your border because there is a much greater and better shield once they begin to understand that that is necessary to keep the peace - even a cold war peace

and luckily Putin is doing is utter best the last year to convince even the most outspoken defenders of appeasement that it won't work and that Putin is clearly looking for a fight somewhere - the only question is where and when

Permalink | |  Print |  Facebook | | | | Pin it! |

apple and other online ecommerce sites are shutting down payment in Rubles or to Russia

source http://www.theverge.com/2014/12/16/7403535/apple-halts-online-sales-to-russia-as-the-ruble-plunges-in-value

it means that if this continues trust in anything Russian will be gone - this is the speed with which things can change - as we have seen in 2008 here during the financial crisis - wednesday you were still a major bank and on friday you were broke

Permalink | |  Print |  Facebook | | | | Pin it! |

now the US is building a new generation of nuclear submarines

sorry guys if you are still living in dreamland but it is time the hard reality begins to settle in

"I wish I was exaggerating, but I’m not. The Ohio Replacement Program was conceived to modernize the sea-based part of the nation’s nuclear force — the only part of that force that is certain to survive if Russia, China or some other major nuclear power launches a surprise attack in, say, 2050. The reason why is that the Navy’s ballistic-missile subs patrol silently beneath the surface of the world’s oceans, where enemies cannot find them; the Air Force’s bombers and silo-based missiles, on the other hand, are in known locations that can be easily targeted
http://www.forbes.com/sites/lorenthompson/2014/12/15/supe...

An Ohio-class ballistic missile sub returns to base in Georgia after a routine deterrence mission.  The vessels must begin retiring in 2027, which means the Navy has barely a decade to design, develop and test a successor. (U.S. Navy photo by Mass Communication Specialist 1st Class Rex Nelson/Released)

Permalink | |  Print |  Facebook | | | | Pin it! |

canadian telecoms say government not to worry, surveillance backdoors become standard

you don't need to put it into writing and even not in a law

that functionality will be in all telecom technology quite soon - because it has been asked by so many not so telco's in not so democratic countries or where this has become standard practice since ever

source http://www.michaelgeist.ca/2014/12/government-documents-reveal-canadian-telcos-envision-surveillance-ready-networks-2/

from the technical documents (you can download withoiut becoming member) https://www.scribd.com/doc/250135436/Public-Safety-ATIP-Telecom-Equipment

the technical information has been blackened so you can't know what these new standarts will be as each of the firms (and one of the heads of Huwai in Belgium told me personally) will say that officially these interception backdoors are NOT in their infrastructure

Huwai is installed in the Belgacom and Telenet networks although some have serious questions about that

Permalink | |  Print |  Facebook | | | | Pin it! |

#anonymous hacks swedish governmental emails in revenge for piratebay takedown

well, imagine the passwords of this kind of emailboxes being published on the web and nobody tries to take down the link and so everybody has access to these boxes

this is but one publication but the same team published other leaks also in revenge

and about the takedown

the piratebay said that because they were using 12 virtual servers in 12 different locations it would be impossible to take them down ..... but this is the theory of virtualisation but in reality there is always a mother or a server that takes all the load while the rest just thinks that you will never try to take them down and that they will never need so much power (and keep down the costs)

another thing is that if you work with domainnames than you have to control the dns server and the ip addresses to which they are linked but if you take down one ip address and it is not possible to add another one than you are cooked

taking down infrastructure like this and TOR takes much more time but in the end you will take it down - except as with Wikileaks several years ago thousands of people start serving a copy on their own servers

maybe this is a model for piratebay to follow

Permalink | |  Print |  Facebook | | | | Pin it! |

attack on pipeline is 6 years later attributed to cyberattack

"Yesterday, Bloomberg News reported that hackers, likely from Russia, caused a 2008 explosion on the Baku-Tbilisi-Ceyhan (BTC) oil pipeline in Turkey. According to Bloomberg, the BTC pipeline attack “Opened [a] New Cyberwar Era,” two years before the Stuxnet worm derailed Iranian nuclear centrifuges. The report is significant because it moves back the timeline for alleged state-sponsored cyber attacks that caused destruction in the physical world. (I use “attack” throughout this post in the colloquial sense, without reference to whether an “attack” is an “armed attack” for purposes of international law.)

 

But the pipeline explosion report also highlights another important issue. It took six years for the explosion to be publicly revealed as a cyber attack, and confusion about whether an incident is an accident or a cyber attack may be a common problem going forward. Although lot of attention focuses on cybersecurity attribution as a question of who carried out an intrusion, the BTC explosion exemplifies an analytically prior attribution question: what caused an incident, a cyber attack or a simple malfunction?http://justsecurity.org/18334/cyber-attribution-problems-...

and so if people get the right to respond immediately to such a cyberattack, the chance that they will be responding to the wrong country and are falling into a second trap is much bigger than anybody realises

in the US there is even talk of responding with military attacks

Permalink | |  Print |  Facebook | | | | Pin it! |

#luxleaks the first whisthleblower arrested but he was not alone

source http://www.icij.org/blog/2014/12/i-acted-conviction-pwc-whistleblower-speaks-out

the article shows some interesting things.

First it was said that these agreements were so secret that they were hardly communicated about in PWC but here we have some-one who had access to them in a database and was not implemented in setting them up becasue he was disgusted by them.

Secondly he took them with him when he left the firm (like Snowden) but nobody checked what he did, what he knew and what he took with him, even if there were documents that were considered highly secret

third he lost control over the documents and who got them and who did something with them just as Snowden lost control over his documents in which parts are going around the world

fourth there are others and they are hunting them down, one after another and I only hope for them that those who have used the documents have found all the obvious and secret indicators that will facilitate their job (one stupid but efficient trick is to change a letter in each copy)

Permalink | |  Print |  Facebook | | | | Pin it! |

CIA terrorlist of psychological mindgames with music

source http://theantimedia.org/playlist-used-by-the-cia-to-torture-detainees/

I imagine listening to Sesame street for 18 hours every day makes you so mad you just want to get out of there

Deicide: Fuck Your God

Dope: Die MF Die, Take Your Best Shot

Eminem: White America, Kim

Barney & Friends: theme song

Drowning Pool: Bodies

Metallica: Enter Sandman

Meow Mix: commercial jingle

Janeane Garofalo/Ben Stiller: chapter from the Feel This Audiobook

Sesame Street: theme song

David Gray: Babylon

AC/DC: Shoot to Thrill, Hell’s Bells

Bee Gees: Stayin’ Alive

Tupac: All Eyez On Me

Christina Aguilera: Dirrty

Neil Diamond: America

Rage Against the Machine: unspecified songs

Don McLean: American Pie

Saliva: Click Click Boom

Matchbox Twenty: Cold

(hed)pe: Swan Dive

Prince: Raspberry Beret

Permalink | |  Print |  Facebook | | | | Pin it! |

the demonstration in NY against police brutality (or the lack of punishment) in timelapse

very interesting idea

but they are not a million .....

but in present days you don't need to be with millions to have an impact (you need to have the attention of the media - even for the wrong reasons)

 

Permalink | |  Print |  Facebook | | | | Pin it! |

germany doesn't has an answer yet to the latest growing extreme right movement

source http://www.theguardian.com/world/2014/dec/15/dresden-police-pegida-germany-far-right

it is easier if they are just plain nazi's and difficult if they have gone into deep undercover (of the simple people who are not nazi's but disturbed by ISIS and militant islamic priests and movements)

 

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine russian government tries to rewrite wikipedia all the time

here you can follow those rewrites https://twitter.com/RuGovEdits_en

Permalink | |  Print |  Facebook | | | | Pin it! |

#shellshock if you haven't patched your qnap servers you will get hacked

some cloudproviders have been hacked over the last days

this is an alert, read more on the problem by following the link

"Shellshock is far from "over", with many devices still not patched and out there ready for exploitation. One set of the devices receiving a lot of attention recently are QNAP disk storage systems. QNAP released a patch in early October, but applying the patch is not automatic and far from trivial for many users[1]. Our reader Erich submitted a link to an interesting Pastebin post with code commonly used in these scans [2]

 

The attack targets a QNAP CGI script, "/cgi-bin/authLogin.cgi", a well known vector for Shellshock on QNAP devices [3]. This script is called during login, and reachable without authentication. The exploit is then used to launch a simple shell script that will download and execute a number of additional pieces of malware:
https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secu...

and this comment shows why automatic patching is so important

"I have one of the affected units. In the firmware update section of the admin interface, the closest thing I can find for an auto-updater is a checkbox that reads, "Automatically check if a new version is available when logging into the NAS web administration interface." From there, you have to manually tell the system to update -- as far as I can tell, there is no option to automatically update the unit. And the manufacturer doesn't send out emails to notify users when there is an update.
http://arstechnica.com/security/2014/12/worm-exploits-nas...

Permalink | |  Print |  Facebook | | | | Pin it! |

#sonyhack sony tries to keep the leaks out of the standards press

source http://www.bbc.com/news/entertainment-arts-30477257

"Sony Pictures has contacted some US news outlets in an attempt to limit the damage caused by the hacking of its internal computer system last month.

 

The studio, its letter informed them, "does not consent to your possession... dissemination, publication... or making any use of the stolen information".
http://www.bbc.com/news/entertainment-arts-30477257

this looks like Mensura here with me :)

but than the press will only link to other media using the information or talking about unconfirmed rumors without even mentioning the leaks

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine the diplomatic agreement over the North Pole is no more

Danmark has told the UN panel who is responsable for dividing the North Pole that they don't agree with their attributed piece of the cake and that they want lots more from Russia (sending troops to the North Pole and setting up more military installations around it) and Canada

http://www.bbc.com/news/world-europe-30481309

Permalink | |  Print |  Facebook | | | | Pin it! |

#sonyhack lost in fact its rootcertificate ; the certificate that makes other sony certificates

among others

it means they will have to redo their whole certificate infrastructure and default on all their old and present ones

source http://arstechnica.com/security/2014/12/hackers-promise-christmas-present-sony-pictures-wont-like/

Permalink | |  Print |  Facebook | | | | Pin it! |

NIST publishes new guidelines for privacy and security audits

NIST Computer Security Division announce the release of Special Publication (SP) 800-53 A Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

 

This update to Special Publication 800-53A contains significant changes to the 2010 version of the publication in both content and format.

 

To view the full announcement of the release of SP 800-53 A Revision 4, please see the full announcement on the CSRC News/Announcement page – this announcement will provide full details of this updated document:
http://csrc.nist.gov/news_events/#dec12

Direct link to the SP 800-53A Revision 4 document (in .PDF):
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar4.pdf

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine the eastern members of NATO are going to help Ukraine themselves

there is no sense waiting for a consensus that will never arrive because the interests are too different to arrive at any kind of meaningful compremise - also the Putin strategy of trying to keep  NATO from doing something meaningful in Ukraine is based upon the premise that they will always find compromise more important than letting each member decide for itself what it is going to do to help or not help Ukraine

Now it will be much more difficult for Putin to stop NATO from helping and supporting Ukraine because the vetopower of power to slow down or stop any meaningful decision of individual states is gone

The eastern european states will start helping each other and Ukraine in the first place meaning that we will have after some time a fortified intertwined eastern border not only linked to NATO but also to each other

and as the real power is based in Putins mind of military power this is may stabilize or even change the battlefield in Ukraine and make it less likely that individual eastern states are impressed by his succession of military provocations and exercises at their borders

meanwhile Russia keeps sending new military hardware to the border with Ukraine and afterwards into Ukraine bit by bit, day after day (of which some columns are going to Mariupol)

Permalink | |  Print |  Facebook | | | | Pin it! |

1 2 3 4 5 6 7 8 Next