the last days some teams in #antisec are 'leaking' Dns information about big sites and present it - or it is presented as - hacked, leaked or poisoned
first, there is nothing as important for a network as Dns. If your Dns is not maintained than it will lead to internal problems and external securityproblems. In the worst case you can even get blacklisted because you are used by a botnet to refer to other websites or to hide.
secondly, even if Dnssec has some small technical problems (and there are commercial solutions that do the same thing or evern better than Bind) for important networks it is the best solution to respond to this and a number of other securityproblems. Meanwhile even if you didn't upgrade to dnssec, you should have installed all the bindpatches.
thirdly, it is very amazing, but everything may be wrong with your Dns but nobody will be able to tell you about it because you have no (real or good) emailaddress mentioned or you haven't activated the mailfunction on your dns service
fourth, you are probably watching all kinds of traffic, but not the dns traffic. Who watches dns traffic, that is only the same stuff every time, address asking for hostname and dns server etc.... THis is right, but if you filter the normal traffic, you can sometimes not only see attacks and probing of your dns server but in the worst case, extraction of internal (secret) information over dns (port 53). Offcourse you should have enough power and space to log that without bringing down your network, installation or monitor tools
and if you aren't looking, how would you see if Anonymous is probing or attacking your dns servers
fifth don't try to be the internet. It is amazing how many dns servers still try to resolve every IP address on the internet into a domainname. THe internet is much too big for you and you should be sure that your dns servers sends the requests to the right dns server for the domain and be sure that you are correct and available for your own domain. That is already a whole lot to do. some say it is to be faster and so on, but there are specific methods to do that without becoming an authoritative dns server for other domains.
so what do those postings - and articles mean
For the moment not much - correct me if I am wrong
You see the IP adresses and names of the dns servers of very important servers
You see (mostly failed) tests to transfer the root zone (control) over the domains
You see (mostly failed) tests to poison a cache by sending for example someone who types in Google to a Porn site
but if you see this as a learning process, you will understand that some kids getting bored with dumping 4 million accounts on the internet the last year are looking to do other things and are in the learning process
and just as they have begun with some small stuff and sites, is it not important what they are doing now but what they can be doing later this year
this means that you have maybe some time but not sure how much
because hacking, ddossing or redirecting a Dns server is much more interesting than some stupid server or router because you can influence so much more what is happening - creating mayhem for the lulz
so it could be dangerously wrong just to write it off for the moment (attacks against dns infrastructure are happening every day even if it isn't in the press)
we bring them to the safe haven CERT.be if they haven't found them already
we only look for .be addresses because we are sure they are belgian addresses
so if you don't have a .be address than you should only hope that your emailprovider is also following my dumpz and leaks twitter.com/mailforlen list and contacting the compromised addresses themselves
as long as the CERT.be doesn't say that they already have those addresses I will continue to send them, but I hope that this will be soon.... because there are other things
the best thing in fact should be to set up an international coordination center that would distribute the daily loot among all the different certs and service providers and be sure that everyone has all the necessary information at the same time
it is also totally stupid to use your address from your website or from your work for personal things on the net
the number of .be adresses we have already seen that were from government, military and big corporations and banks...... ideal for a targeted attack (security officer do you already have a policy that is known by your staff)
remember the break in in Rsa only took one email to three people of which one opened it (and the whole internal securitypudding (hard from the outside smooth on the inside) was yamyam for the penetrators
in total I think there are today releases worldwide for about 30.000 emailadresses and accounts (and there are about 10 belgian .be emailadresses found)
to the cert.... ship is coming in a minute :)
you can also follow the feed diigo leaks with direct links to the leaks
today the favourite is a forum with star war fans (23.000 of them)
they say that the problem was discovered in july and that an external security audit was done
* the problem was only in their EVssl procedure - which normally should have been even more secure as the certificates are supposed to be even more extensive, secured and double-checked
* they said that at the time all the certificates were retracted except for the Google one - which happened yesterday
Do I read that right ? Read the phrase again aloud or think about this phrase in a rhetorical sense (argument)
all problems were resolved than and all damage was taken care off except for the biggest one that we didn't see at that moment and that we have taken care of yesterday - because some browser told a surfer so who was wise enough to contact others with that information
this means - back to the auditors (others) and back from scratch
if you didn't see that your google certificate was compromised which is the god of all certificates than are you really sure you know everything ?
where is your sense of critical thought ? How can you do an audit or be a responsable security operator without critical thinking ?
Oh yes he says that everything else is in order (his firm is one of two responsable for the digital egov id for all dutch citizens and enterprises) and that we should trust him
but untill two days ago there were two defaced webpages on his site since 2009 according to security.nl and they only took them down because security.nl wrote about it
the defacements was from.... Iranian hackers (maybe they had also installed a backdoor or keylogger)
we always say that with very critical infrastructure if it is compromised you throw away the server and you start all over again and you make sure none of the backups that you use was compromised etc....
they say that all their clients can see their security audit
who are that ? all the citizens who have an e-gov ID from them ? everyone who has used their digital signature technology ? speaking of a leak.....
now the dutch egov project has a problem because people are massively or unknowngly throwing one of two of their certificate providers out of the trusted list and whatever they may be saying it is not with this that trust can be restored - it ain't that easy (as rsa understood after a few months when it started to replace all the secureID because it couldn't give enough information to be able to guarantee that there was absolutely no doubt)
they have now a single point of failure - one to go and digital egov ID in Holland has a BIG problem
and diginotar ?
you have to earn trust and to earn trust you have to invest in trust and just a declaration like that won't do and will things make even worse
people know that this can happen - shit happens and it is not that shit happens that is important but what you do afterwards
and the one thing you can't do afterwards is not to the whole truth and only the truth and try to talk around it
that doesn't inspire trust - maybe with the press and politicians but not with securitypeople who know otherwise
it is up to you to do what you have to do to make sure that you are secure and who you want to trust to give you the most important document to proof that, a certificate without the slighest ounce of doubt
and if you don't understand that, you are in the wrong business
Journalists should sometimes read more and ask more before writing things down about stuff they don't know enough about because they don't have the time or resources to follow it up as it should be done
there is a brawl between the wikileaks community and Domscheidt, who left the organisation and wrote a kiss and tell book and is now trying to set up his own organisation openleaks which will leak nothing to the public but everything to the participating press (that will publish it, yeah right:) )
it is easy to understand that people can't get along or that bosses and employees go their own ways and that there are huge differences about strategy and goals and so on
but Domscheidt thought that as an administrator he found that the website and network of wikileaks was so insecure (how come it stayed up all that time) that he encrypted the digital 1500 documents that should have been published a year ago (but were awaiting review and checking) and said he would release them when he thought the site was again secure again
meanwhile Wikileaks has been targeted and brought to a standmill by an ongoing stream of events and hasn't been capable of investing much in new infrastructure (even if the question is if you can guarantee full anonimity online because even in Tor there are ways to intercept traffic) Most of the new copies of wikileaks were volunteer projects that are fed from the central bulletproof server in switzerland (but bulletproof seems to have hard times against the now ongoing attacks)
so Domscheidt (Dom in flemish means stupid in english :)) found not better than to present his new openleaks (with encryption mistakes in ssl) at the conference of the CCC (one of the greatest gatherings for cyberactivists and hackers together and where Wikileaks was promoted, born and supported). After his presentation and the press interviews he gave a contradictory and thus confusing list of statements about the status of those documents - which infuriated the leakers because they gave it at the time to him (at their own peril) to be published in wikileaks, he was only their messenger, not their guardian.
He said he still had the keys to the documents - that he said he didn't have the key to the documents but maybe there is still a key to decrypt them or not and so on and so on and than he said that he had published the keys on the internet during some time or not and more of not stupid list of insane declarations that are only confusing even more. As the spokesperson for a leakproject, he has lost meanwhile all his credibility which he knows because he is backtrapping and changing declarations every so many days since than - like a fish on the beach trying to get to the sea - which is retreating from him at an ever increasing speed.
some media thought that he was talking about the wikileaks insurance file which is a selection of documents that aren't published yet and are so sensitive they probably never will (or in a highly redacted form). You have to remember that Wikileaks has never published every document they have received. THe insurance file was meant to insure that no undercover operations would try to kill or hurt one of the members of the wikileaks team (including Assange).
It is not the insurance file people are talking about
* files on paper about torture in Latin America
* transmissions from drones in the Afpak war
* files from a Hard Disk of the Bank of America Executive from 2004
meanwhile it is true that
* the American embassys according to the New York Times have gone - are going through all the leaked cables (they now the leakage period so they know the leakage) in the supposition that they will all be leaked totally at some time in the future. For this reason they have been busy since a year relocation their sources that could be in danger to other countries or the us without arousing suspicion (but if you read that and you work in a nuclear facility and you have a collague who is for the moment going to the us for an operation or family visit, you know) some earlier reports spoke of several hundreds of activists and sources that were being brought to safety by the us state department.
and meanwhile wikileaks have now increased the leakage and have stopped the fine-grained redaction that asked too much resources and time. THey have leaked over 20000 cables the last week (several about Belgium that we have posted) after it was clear that the us was going to throw the patriot act at Assange.
now wikileaks is under ddos attack
we said yesterday, ddos attacks can come back in force from september with a whole bunch of new tools that are being released (17th of september for Anonymous toolz) This is also the day the Anonymous campaign against Wall street will start. I am not sure if the two are connected, we will see, but some people in some networks should take this connection into consideration.
they do digital signatures because they were founded by the Dutch Notaires
they know if anybody made some fake ones ?
but they will have a problem with all these infrastructures that are using them
ok some say that as the digital PKI service of the dutch government uses their own rootcertificate there would be no problem - but some people are already seeing warnings coming up with digi-id services in Holland (including health services).
you can now say to your customers that they could just ignore those warnings that those warnings are nothing important - but that is learning them also to be vulnerable to man in the middle attacks and phishing
this is why you should have a good certificate that is accepted by everybody and safe
not some amateurs thinking that everybody can set up a securityservice like that ......
certification - external auditing and controls - norms and standards -- that is what the certification business needs and maybe it is up to the big boys to implement it between themselves and for the clients to make sure that all their other partners implement them - or to put it in your laws for certification services that operate in your country
a restaurant has more security obligations than such a critical infrastructure
When the Iranese gov said a few months ago that they were assembling a cyberforce and when Iranese patriotic (this is to say pro-dictatorship) hackers publicly join them in their fight, you shouldn't be surprised that with time and with clear objectives, they would do things. What do you expect them to do, read the internet all day ? No, they will have operations with objectives.
The main objective of the Iranese gov in cyberwar - as they call it - is not protect their nuclear installations and to limit the possibilities of the protests to spill out of their garded (cyber)walls into the internet. But as gmail, facebook and other services have learned, you need to use certificates (ssl - many belgian services log in without) that are validate (check www.ssllabs.com).
so the only way to intercept these communications is to able to install a false (broken) certificate that looks allright for the simple users but in fact shows all the communications in clear text to the interceptors - they may even be on another server.
but Google - the god of the web - decided to place the renewal of their certificates with this small dutch certificate maker without doing any background research
they would have learned that the site has been hacked several times and that the texts of these hacks are still online after so many years - according to security.nl
but ok they have also the dutch PKI keys - also no background research ?, just believe the paperwork and blablabla - and so they have a website http://www.digid.nl/ that makes one ID for every citizen for all dutch egov services
but now Firefox, Mozilla and tomorrow Chrome will be blocking all keys made by Diginotar as not trusted so people will have to click and click to get passed all the warnings - and in some configurations of Firefox it becomes real hard and Google itself has been saying it will block all sites certified with this operator.
some are even calling for the death penalty of the internet for this operator because they could have Iranian blood on their hands
what is worse
they didn't know and nobody knows when and how
they have the certificate for GOD (google still has an enormous part of the webtraffic) and you don't protect it as if it is the most important thing you could ever have - as if you wouldn't put in somewhere totally isolated with a physical person doing nothing else than to guard and oversee the keys to the kingdom (take the dutch ssl certificate for all its citizens with it)
the only other thing is that maybe Google shouldn't do a false economy by buying a global certificate and it should make a certificate for each service and for each server, this way a compromise of one doesn't lead to a total compromise as is here the case (*.google.com). As Google will need enough certificates all the time you could even have a firm (fortress) doing nothing else than that and working as if they were Fort Knox.
Depressing thoughts after all these stupid decisions.
If you have certificates with that firm, you should buy immediately certificates with another firm and replace them. Today rather than tomorrow and go with BIG certificate firms. The difference isn't worth the risk and costs because of a crisis.
and yes there are some Belgians in it
the leaks give this address
robert de vos
Address: (as of 2007-04-29 12:41:01)
geraardsbergen, oost vlaanderen 9500 Belgium
as an example of many
Lulzsec has hacked a animesite they call a trading forum for pedophiles and leaked the accounts
around the world people are shaming them
or sending the info to the respective police services
the site is according to them a place where pedophiles can exchange their stuff
4 belgians have used their .be emailaddress
in total 7000 people have their accounts compromised
at first it looks like another animesite - even if anime is something quite particular ....
but the police will know if it is an child porn site or not and act on the info if needed
otherwise it are 7000 innocent animelovers who have been called pedo's a bit too fast
and will be treated online like ...... and have stuff in their mailbox like ...... censored
If I tick this in Google
than for the last 24h I have about 8 results - which is not much but
when I open the results, the discovery rates are staggering low
and with this one I can have those that were only discovered by 7 antivirus
site:http://www.virustotal.com/file-scan/report.html result 7/44
and these are 58.000 absolute malwares indexed
site:http://www.virustotal.com/file-scan/report.html Safety score: 0.0%
and if you want to know which yesterday, just get a Google account and limit the time frame but just remember those aren't perfect because if you taken 24h you have 54 and if you type in the date
site:http://www.virustotal.com/file-scan/report.html Safety score: 0.0% Submission date: 2011-08-29
you have 154 malware
for the month of august this would be
site:http://www.virustotal.com/file-scan/report.html Safety score: 0.0% Submission date: 2011-08
If Virustotal.com would now put not or no instead of - than it would even be possible to search for viruses an antiviruses wouldn't find and even make searches that would compare two or more
transparancy makes things go forward
we are speaking about rsa - the firm that controls and holds the digital keys to thousands of banks, military installations and the lot in the form of access keys to their secure-ID's
hacker basic Nr 1 : do not attack the target directly, but go around it
so they sent three emails to three different persons in EMC which was taken over by Rsa (just as with the Chinese Google attack, you begin low and you start going further away and more up, the first step is the most important - getting a foothold in the network)
hacker basic Nr 2 : try several persons and not one
they have send it to three persons but it didn't arrive in their mailboxes but in their spamboxes. One left it there, another sent it to virustotal and didn't open it because 18/49 see here he decided not to open it and the third one was the victim of lax security for a high-security environment.
First he was able to get it back from the spambox himself. Didn't have to ask anyone (we are talking high security environments)
secondly he opened it on his computer and not on a sandbox or external hardened server (so that when he saw there was nothing in the file he could leave it alone and throw it away). The hardened server should have no internetconnection except to services like virustotal.com for more analysis). External sandbox services linked to cloudhosted deep multi-tool analysis services are for such environments the future.
Important it was NO zeroday because 18 discovered it. It was a zeroday for all the others. Interesting view that list.
Third he didn't warn anybody that it happened and the securitytests on the computer and the network afterwards didn't show anything - even as the attackers
* could connect to the PC from servers that were already known for months to be starting and ending points for cyberespionage (the Google attacks were launched from there) mincesur.com and wekby.com
* could connect from these cyberespionage servers into the network not only to the connected servers but could also travel the network - as nobody really knows what they have done from there (so Rsa had to replace millions of keys as they couldn't be 100% sure what happened).
He should have been educated - made aware to tell someone of what happened from the moment he opened his file - without having fear that he would be fired or that it would have consequences for his career - as long as it was in good faith - and doesn't happen every week :)
people are your best firewalls - even if everything else fails
but so when you read the stuff about how they did it - ask yourself if it is possible in your network in your most secretive environments do the following
* educate educate educate
* block block block
* isolate isolate isolate
* control control control
* monitor monitor monitor
* analyze analyze analyze
* report report report
for the how to do it there are masses of products - free and for money - that can do the job
an investment in security is one of the best over time because once in a while it will save you millions
First there are the undiclosed rumors about Ddos tools that are coming soon
#antisec will release a new Ddos tool in september that can bring down even very big linux-unix sites in seconds. Maybe it is the slowiris attack (for which a patch exist but isn't implemented) but we aren't sure. You can get the tool before if you pay for it though. It worked against pastebin.com and they needed 40 minutes to recover. The goal is to replace the LOIC software for attacking the webpages by this tool. THis means that the unpatched or undefended targets will be downed very quickly time after time again.
and there is another tool by an anti-anonymous hacker who brought down wikileaks (on bulletproof hosting) down with it and says it has nothing to do with slowiris but refuses to give specific details (Apache)
secondly there is the new tool that will give attackers infected machines who can do the attack for them
a new worm is out that collects computers who use RDP and has only one criminal function : to DDOs other sites
thirdly there is a patch coming out tomorrow for a very critical ddos bug in Apache that is for the moment already being used (or should I say abused)
This is for Apache an important patch if you are on the latest version of Apache - otherwise you will have other issues and vulnerabilitites and should think about upgrading as well.
It also means that the patch NEEDs to be installed as quickly as possible.
Apache 1.3 all versions, Apache 2 all versions
workarounds : http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311
oh and Apple/Mac users who are running an Apache on their machines will need to wait for the Apple update (did they know they were running this - is like when PC used to run in their version 2000 automatically an Iis)
full description http://seclists.org/fulldisclosure/2011/Aug/301
all links are in the 'leaks' feed next to the blog (at your right, second one)
* the master of the bunch hacked a pedophile forum and published 7000 accounts online
* they hacked Isp IInet also and published root passwords
* they hacked the root passwords of some other sites
* they defaced a subdomain of Apple.com
* they found critical xss mistakes (could lead to hacking) on msn.com and cbs.com
* they hacked ancestry.com root database passwords (millions of users)
If you follow my twitterlist (twitter.com/mailforlen) dumpz and leaks you will see them coming in big time
who said on friday that they were dead ?
yeah, you have to be a dummy to have enabled that service, RDP Remote desktop Program in which you hand over your computer to the internet (you think the guy that logs in but you aren't that sure because when the first infection or vulnerability comes along, you are done)
With Morto this is the case.
You thought there were easy free secure solutions for something that is so hard to do and maintain in all privacy ?
or you just thought, 'well it is there, let's just use it'
in fact what Morto does is trying to guess the following stupid passwords (not so many if you compare with other passwordattacking viruses)
and this version tries to connect to (block them at your firewall and look for connections)
you will see that co.be (belgian) has two services here. THis is because co.be is just a very 'dirty' hoster of all kinds of pages with all kinds of spam, scam and scum. Maybe someone should read them the Belgian law on responsabilities in cyberspace.....
the main purpose of the infection is to use your machine to attack other computers with a DDOs
ooh you didn't look at that yet
well, IPv6 traffic can pass a IPv4 firewall inside and out
there are some technical trics - and it is not up to me to explain them here (google it)
but this is an issue you better look at
one indication is if in your proxylogs you see bittorrent clients downloading when you have stopped this in your firewall on that port (but they are placed on Ipv6 and thus pass the policies of your Ipv4 firewall-proxy)
but there are other indications as well
I think somebody is skipping lunch right now - if he understood what it means :)
classified means that someone somewhere did find it so sensitive that according to him it should be classified
the Us government has been re-classifying millions of documents since the war on terror (which costs enormous sums of money) but at the same time had to give more people access to those classified documents (800.000 people in total) to be sure that no crucial information would be lost like in the days running up to 9/11 where there was FBI information about the hijackers but the people who should have known didn't have access
so this for the meaning of 'classified'
so thousands of documents are being released and yesterday we published a list with interesting Belgian cables (but most of the Belgian media just follows hype or the story of the moment and than forgets about it)
maybe this will shake them up
after all the sidetracks about wikileaks it is getting back to its core-business - releasing documents
because how can you defend an organisation that leaks that information because you defend the publicity of most of the information when it has stopped releasing leaks and is sitting on thousands more - it is as if they were becoming the domscheidt they were criticizing
some journalists declared wikileaks dead
maybe it is a Loch Ness that will pup up from time to time and surprise us all
the best way to keep up with the analysis by the community of the new dump is by going on twitter and following #WLFIND
you can also search in www.cablegatesearch.net and type the word or sentence or name or concept
one of the reasons that releases are now maybe coming faster is that Domscheit has said that the full package of cables was already leaked on the internet by the publication of a password and that other organisations and persons not mentioned have downloaded it at that time. Official wikileaks denies she knows anything about this but this changes the context of most of the cables.
this makes a total of 100.000 which is nearly half
a few teams are attacking .il sites systematically and defacing them
450 since the 20th of august
of which some important ones
* if you have a .il site as a hoster - you will be attacked
* if you have a .il site as an owner - you will be attacked
* if you have infrastructure on hosters in Israel or are on the same infrastructure as shared hostedsites with .il sites, you will be attacked
so you will have to
* monitor your logs and your site (sitechange)
* desactivate all useless interactive functions (chat, guestbook)
* have a clean backup
* patch and close down, change administrative passwords to 12 characters
* check the security of your site yourself and correct things
update on friday 26th, what a difference a day makes, the search for the video is only now increasing - even when the twitter traffic has been diminishing at an increasing rate. ze has now nearly double the number of friends (5000), has many more articles in the press and on the blogs and the searchtraffic is increasing because she is the first and second exploding searchterm for the Belgian surfers using Google.be The belgian traffic is also now also more dispersed over Flanders, what shows that events on the net need more time on the web than on twitter to peak and to go away. Which shows again that twitter is a best first alert, but that afterwards you have to go to the global web to follow the trends because the tweeters are already doing other stuff (like birds in an enormous wood going from tree to tree following the leaders and leaving the followers behind).
besides others are jumping on the wagon with remixes and a song and other stuff like that (culture jamming)
she has 104 videos according to Google running around the web of which 96 in Youtube
and aside from the tower images, there are now some images that get another semiotic meaning (especially those with hands...)
she has been blogged about in 572 blogs in the last 24h
and there were 96 articles in official newspapers around the world about the video
and on facebook she has nearly 5000 friends
but you don't have to inflate the hype too much because for Google Trends "ilse uyttersprot - does not have enough search volume to show graphs" and also on twitter there is too few traffic to be of importance
and on Google Belgium she doesn't appear with the movers
although she turned up on number 20 due to an enormous increase from her province in search traffic
so the video had three big impacts
* personally : she still has to work with a lot of people and see friends and family who may think different about her (at the best as someone who wasn't very careful and likes to take risks)
* politically : some will try to use it in one way or another and local elections are coming up next year and the Carnaval of Aelst of which she is mayor (christian-democrat) is known for using stuff like that (but maybe it is good she is mayor of a Carnaval city - would a very traditional no-fun mayor be the perfect exponent of a carnaval city ? Aelst is certainly on the map right now - maybe they need more towers :) )
* the belgian press, the belgian web insiders and the locals have read about it and many have seen the video (who will become a classic among the public sex videos because they are REAL amateurs and their is nothing staged about it)
remember this, in this digital world you have NO Privacy anymore. If you want to be sure that it is private, you don't digitalize it and you do it where there are no digital things around you. All the rest may become public one day or another.
even if it is 4 years old, there are sex pics of girls of 17 who come to haunt them years later
as in the Us an opponent of Anonymous found out when they republished his expressive pics of a gay party he published somewhere himself before (while he now seems married) found out
Do you want to know what the prime minister thought of the flemish socialists in his governement ?
"they are against everything"
Do you want to know what De Gucht was doing during his visit to Iraq ?
Do you want to know who was the belgian national arrested in Iraq from 2003 ?
Do you want to know what was the position from Belgium about the adhesion of Turkey to Europe ?
Do you want to know more about the backoffice politics of our Afghanistan presence ?
so yes we have selected a few interesting cables about Belgium
from this release http://wikileaks.org/origin/156_1.html
from the 5000+ that have been released the last 2 days after a long silence (somebody back from holiday ?)
and that you won't find in the Belgian press today
our selection can be found here
instead of all the buzz and fuzz it is becoming clear for everybody that
* wikileaks as a portal - dump for leaked information is broken
* wikileaks as an organisation is still shaken and unstable
* the only thing wikileaks produces for the moment are diplomatic cables only few media report about
* the other leaking portals have not made the big news offline or online
* the documents that were to be published are for the moment not publishable
* the archive that needs to be unlocked because Daniel locked it seems to be lost
and to add to the confusion nobody knows what has been deleted and what is still somewhere in an archive
the same question goes for Lulzsec
they said they were still sitting on Gigabytes of information that they keep to guarantee their own safety or to be able to negotiate something if apprehended
or it is information that is too sensitive to be published - so why not destroy it (see above)
one tip for security-officers some material (video from Afghanistan) couldn't be used because it was in a folder that was encrypted with a 256 encryption key program that was too hard to crack
isn't that something that could be automated ? putting really secret stuff in encrypted folders with a password ? Information Leakage Prevention Excellence. .The proof is in the not publishing by Wikileaks. I rest my case. And it proofs Information Leakage Prevention doesn't have to be difficult. Just doing that makes already a sea of difference most can't cross (unless you are called Jesus)
we will be sending now on twitter a message when we sunk or looted ships to the CERT.be habor so the clinic can help those innocent victims and help them repair the damage so they can go on with their digital lives in a more secure way
the twitterfeed itself is published on this blog at your left column last infobloc