12/31/2013

happy new year - offline till 6th of january

forget the internet for a while, make time for the people around you

do not run after news on the net but listen to the news of the people around you

do not be always so excited about new fads on the net, but be surprised by the people around you

yes, you can survive and have a good and interesting life even when you leave the internet now and than

the internet can't kiss you, won't love you and won't care for you

the people around you do

have a good party and a good year - with the people around you

Permalink | |  Print |  Facebook | | | | Pin it! |

12/20/2013

the new possible phishing middle in the man attack against sharepoint servers

A flaw in Microsoft Office 365 can expose account credentials by way of a Word document hosted on a webserver and is “totally invisible to existing perimeter and endpoint protection defenses,” according to researcher Noam Liran.

 

When a user is downloading a document from a SharePoint server, they are required to be logged in to their account. The server verifies the login credentials and issues an authentication token.

 

Liran discovered he could use his own server mimic the responses anticipated from a sharepoint.com domain server and elicit the generation of the token and intercept it.
http://www.tripwire.com/state-of-security/top-security-st...

if you have double authentification there is no problem

Permalink | |  Print |  Facebook | | | | Pin it! |

the bring your own device nightmare (research in the UK)

They study also revealed that 36 percent of consumers have their mobile phone linked to their corporate network, yet almost a fifth (18 percent) of these people also do not have any security installed on their device.

 

In addition, 17 percent of consumers also admitted to holding business data on their mobile device. These figures ultimately highlight the fact that consumers are putting their employer’s data at risk as well as their own
http://www.tripwire.com/state-of-security/top-security-st...

Permalink | |  Print |  Facebook | | | | Pin it! |

why one should use SSL confirmation and control if doing online shopping and banking

By using the browser for shopping I am provided with verification by the browser that I am on a secure website, I receive no errors and I see the lock I am familiar with. By using the mobile application, I am trusting the developer and rely on faith that the connection and my data is secure.

 

Although I may trust Amazon with my data, there are a lot of shopping applications that are available from well known brands that are not as secure as they should be and do not use properly encrypted channels to pass data back and forth from the application.

 

There is a lot that can go wrong when securing data via a mobile application, the developer has to manage many factors and there is no specific set way they have to implement the transactions.
http://www.tripwire.com/state-of-security/vulnerability-m...

in fact all the top mobile apps have been hacked since they were launched

and malware and phishing for mobiles is more popular than ever and will only increase

Permalink | |  Print |  Facebook | | | | Pin it! |

40 million creditcards with securitycodes stolen at Target shops in the US

the number is that high because the topshop day, black friday was included in the timeframe of the attack

it are only the data that were read by the payterminals at the shops that were affected

the cards are from different companies

the investigation is still ongoing with new elements being published daily

but it will be one of the biggest breaches ever

they are concentrating on the workflow of the data between the payment terminal and the backoffice

if there is no real end to end full encryption there will always be a securitygap somewhere

and sometimes someone may find it (and a way to intercept and keep or extract a copy of the data)

http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/

it also means that not only the creditdata but all the other data is also compromised (securitycode, account number, and all the other information on the card (forgetting that less is more)

Permalink | |  Print |  Facebook | | | | Pin it! |

12/19/2013

la quenelle is a neonazi greeting popularised in France by the radicalised rightwing

https://www.google.be/search?q=la+quenelle&num=100&am...

and so this becomes this by the master Dieudo, negotioniste and anti-sioniste radical who some call 'a comic'

compare the two pictures and yes he doesn't look like a son of an immigrant doesn't he

if it wouldn't have been surpressed by the law and the police and the press, I wouldn't have to hold my hand down and it would have gone up - like the first figure

but what is more disturbing is that it is being imitated by people who think it is just a symbol to say that you are fed up or something like that (like fuck you)

ilf you look at the page with pictures you will see people on TV, military, the Front National and others repeating this (and there are also pictures of this before the concentration camps or graves or memory statutes)

people should think more before they imitate things that they think seem funny

Nothing to laugh about

and in Belgium, the new political party Belgique Debout also thinks that you can only be a racist against the jews and that all the others will be saved because they are no jews

http://medias-presse.info/wp-content/uploads/2013/12/meeting-quenelle-laurent-louis-2-MPI.png

there is in flemish a good book  'hij is terug'  translated from german in which Hitler comes back in 2011 and is being launched like a hitler imitator - even if he is playing and saying exactly the same thing, but in which the media only think that he brings controversy and more viewers and the listeners just think that it is 'right what he is saying' but it is 'all for a laugh'

a surpressed nazi greeting is no joking matter

but it makes it clearer - even if you are no nazi when you do it, in the best case you have no brains

Permalink | |  Print |  Facebook | | | | Pin it! |

yahoo mail : it wasn't broke so why fix it

I have always used yahoo - from the first time it was there

and I probably will always use yahoo - because it is part of me

now it is not only changing into something that is hard to handle, but is also going down from time to time

but what about the credo in IT : if it ain't broke, don't fix it (except if you want to break it)

"Meanwhile, Yahoo’s user forums for feedback on the changes overflowed with complaints to the point that, according to ZDNet’s Violet Blue, Yahoo eventually shut them all down, stamping “completed” on each thread. One thread, titled “Please Bring Back Tabs,” had more than 100,000 upvotes and 10,000 comments at last count.

 

 

Yahoo Mail users are not, by and large, a young and tech-savvy crowd. (This is not a criticism, just an observation.) They use Yahoo Mail because they’ve used it for years and it has served an important function in their lives. They don’t care whether their webmail client wins design awards. They care whether it works. And it always had—until now.

 

Over the past few days, the service has been hit with glitches and outages that have left a significant proportion of users with no access to their accounts.
http://www.slate.com/blogs/future_tense/2013/12/12/yahoo_...

what is at stake for Yahoo is that the email is its most profitable business and has the biggest userbase always and - if you understand that userbase - for ever

you built on that and you cherish that because the problem has been to include (big parts of) that userbase in your other services by integrating it in your email or profile or whatever

nobody expects or wants yahoo mail to be gmail, facebook or twitter or whatever other hype of the moment

we just want yahoo mail to be there as it always have been - even in 2050 to say

something you take with you throughout your life, something you can depend on (without watching everything you do in your mail like google)

Permalink | |  Print |  Facebook | | | | Pin it! |

in fact bitcoin has gone underground in China

these decisions are clear

"On Wednesday, BTC China, the country’s largest Bitcoin exchange, said it had been told to stop accepting deposits in Chinese currency. The announcement was the latest in a series of steps that have restricted the ability to buy and use Bitcoins in China. The country’s leading third-party payment processors were told on Monday by the central bank to stop accepting the currency, according to Chinese news reports. And on Dec. 5, the People’s Bank of China and other regulators ordered traditional financial institutions in China to stop Bitcoin transactions.
http://sinosphere.blogs.nytimes.com/2013/12/19/chinese-bi...

If you take all those decisions together - as in this article

than it is clear that you can't exchange your chinese money into bitcoins (except on the black market) and you can't disposit your bitcoins or transfer them through Chinese financial institutions (which they were doing on an increasing wider scale)

China has a big parallell financial market of unofficial loans and accounts between enterprises and people and that fact has been worrying the national financial and economic decisionmakers as much as the international observers and institutions as the biggest risk to the Chinese financial system (if for example number of these enterprises can't pay those unofficial loans back so that the enterprises who lent that money can't pay back themselves the money they lent from others and so on.....)

Bitcoin was not only jumping in that market but it gave also the possibility to make quick much money (as the value of the money by enormously increasing demand in China was increasing by the hour) and to exchange it internationally without any government controls so you could get your hands on international currencies you would otherwise not have been able to amass

and the volatility of the Bitcoin was only increasing the risk of the parallell financial market crashing faster than the domino's can fall without any means for the Chinese government to intervene - or anyone else for that matter because bitcoin is totally outside any monetary control

the longer the chinese would have waited to intervene, the bigger the problem would have become and if bitcoin would have become to popular (even only in the middle class black money market) the risks of protests  would become too great while the need to control the beast would become even greater making it an impossible choice

it also shows clearly to the political leadership in China and to the international community that the Chinese financial infrastructure is too rigid and has too many unknowns to be compared to our financial systems - even if they broke totally down a few years ago. Untill now that weakness was very well hidden. The weakness that China can't liberate its financial markets and make the financial transactions free among people, industries and countries because chinese money only thinks about leaving once the opportunity is there, even a very flawed one like bitcoin because if you have used bitcoin to get your money out of China or out of the Chinese financial system you are really very desperate to take such risks (to lose much or even everything)

Permalink | |  Print |  Facebook | | | | Pin it! |

why the mobile anonymous rumour app whisper survives where others are going down

these are the facts

"The two-year-old app is rapidly gaining popularity. Millions of people use Whisper and it is approaching 3 billion monthly pageviews. On average, people spend more than 20 minutes per day with Whisper, checking its content eight to ten times per day. Whisper has raised $25 million from early Snapchat investor Lightspeed and others.

 

 

The people who are spilling their guts on Whisper fall between ages 17 and 28. Heyward says less than 4 percent of his users are under the age of 18. The vast majority of its users—70 percent—are women. 

 

The reason Whisper gets so many people to share things they'd never say out loud is because everything is posted anonymously. In the past, anonymous social networks have been nasty places. Just look at the comments on YouTube, or at failed startups like Juicy Campus, which was sued by people defamed on its site.

 

Michael Heyward, the app's 26-year-old founder, has gone to great lengths to keep Whisper's content respectful. He never wants anyone to read Whisper and feel like they need to shower. He has 92 people moderating content and comments in the Philippines in addition to the 32 people Whisper employs full-time.

 

"You are who you are when no one else is looking," Heyward told Business Insider at his Santa Monica headquarters in early December. "Anonymity is a really powerful tool. But we think about it like that Spiderman quote, 'With great power comes great responsibility.'"
http://www.slate.com/blogs/business_insider/2013/12/16/wh...

the big difference is with the monitoring in which he is investing heavily because it will make the difference between survival and extinction because of scandal, suicides, bad press, complaints by parents and 'secure internet for kidspeople' and so on. And as it is anonymous, nobody can complain that they have blocked of taken down content or postings and at the same time you don't need all those lawyers of which each is as expensive as a whole building full with lowpaid thirdworld moderators.

the other effect of this monitoring for bad behaviour is that those who want to do harm know this is not the medium to do it because others are watching too closely and can intervene nearly immediately

this is a lesson for all the other proprietors of webforums and other open communication tools, if you invest in monitoring you can keep people coming back and have a feel-good around your place

Permalink | |  Print |  Facebook | | | | Pin it! |

the bitcoin protocol can be used to built an universal digital currency

this is one example of how normal procedures and arbitration can be built in the process

if one accept that your individual anonimity and the illegal transfers are not the main raison why you use bitcoin

if we call for the closure and control of many bitcoin businesses because they are as hazardous as bad banks and financial services online, this has nothing to do with bitcoin an sich, but because it is being abused for something it wasn't intended to and that instead one shouild concentrate on builiding a legitimate bitcoin framework that is not the playground of shortsellers, thiefs and speculators

"

Bitrated.com is a new site (announced yesterday on Hacker News) that facilitates setting up multisignature transactions. Bitcoin client support for multisignature transactions is limited, so the site helps create addresses that conform to the m-of-n specifications. At no point does the site have access to the funds in the multisignature address.

 

In addition, Bitrated provides a marketplace where people can advertise their arbitration services. Users are able to set up transactions using arbitrators both from the site or from anywhere else. The entire project is open source, so if you want to set up a competing directory, go for it.

 

What excites me most about the decentralized arbitration afforded by multisignature transactions is that it could be the beginnings of a Common Law for the Internet. The plain, ordinary Common Law developed as the result of competing courts that issued opinions basically as advertisements of how fair and impartial they were. We could see something similar with Bitcoin arbitration. If arbitrators sign their transactions with links to and a cryptographic hash of a PDF that explains why they ruled as they did, we could see real competition in the articulation of rules. Over time, some of these articulations could come to be widely accepted and form a body of Bitcoin precedent. I look forward to reading the subsequent Restatements.

 

Multisignature transactions are just one of the many innovations buried deep in the Bitcoin protocol that have yet to be widely utilized. As the community matures and makes full use of the protocol, it will become more clear that Bitcoin is not just a currency but a platform for financial innovation.
http://elidourado.com/blog/bitcoin-arbitration/

so the government agencies looking at the bitcoin protocol should consider this kind of bitcoin, not the far far west way of doing things right now ( a kind of goldrush chaos)

Permalink | |  Print |  Facebook | | | | Pin it! |

Line - the free mobile tool activists are using for free calls and video

go to http://line.me/en/

Permalink | |  Print |  Facebook | | | | Pin it! |

the TOR entry points are not necessarily anonymous and this proven again

Tor is en underground anonymous network that says it protects your identity and after which stupid people do stupid things thinking nobody will find out who has done it

You get access to Tor by using a Torbrowser you have to download and to go to a Tor access point that is installed by some-one somehwere and who will forward you to the different services and the protections. These servers have not the same versions (this is to say that some have still some vulnerabilities), they can be operated by anyone and some keep more information about their visitors than others

it was this way they found quick fast which stupid student in Harvard mailed a bomb treat because he wasn't ready for an exam

"Presumably, the originating IP addresses in the email headers pointed to known Tor exit nodes—servers that are publicly listed as being part of the Tor network. The crucial sentence of the affidavit states: “Harvard University was able to determine that, in the several hours leading up to the receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvard’s wireless network.” Just as the exit nodes are common knowledge, many of the entry, or access, nodes used to connect to Tor are also listed in the service’s directory (some aren’t, to allow access to users in places that have blocked all known Tor servers). So while it’s easy to hide what you’re doing online when you’re using Tor, it’s harder to hide the fact that you’re using it. It sounds as if Harvard was able to consult its network activity logs and simply identify a device on its network that connected to one of these known Tor nodes around the same time the emails were sent. That device, presumably, was registered to Kim.
http://www.slate.com/articles/technology/future_tense/201...

youi better use a real (non echelonbased) proxy before you access TOR

Permalink | |  Print |  Facebook | | | | Pin it! |

200.000 belgian emails for sale to anyone

these kind of services are all over the web

they say that it are verified optin lists  but can't proof it because the only proof is when you can search for your own emailaddress and make it disappear

http://emailzz.com/belgium-email-list-47241108/

the problem is that the privacycommission can't really intervene because the websites have no legal link with Belgium and so they have to go through a lot of channels to get the service to close down

maybe a more coordinated action on European level is needed

Permalink | |  Print |  Facebook | | | | Pin it! |

why login and authentification services should make more effort to secure their pages

because if it is so simple to copy it

than it will be copies

like this example for Facebook

Permalink | |  Print |  Facebook | | | | Pin it! |

leak of 54.000 emailaddresses of horoscopes on bia2.com

Permalink | |  Print |  Facebook | | | | Pin it! |

even in the NSA your data is as secure as your most unsecure installation (snowden)

how did he steal so much information without anybody seeing this in one of the most paranoid organisations ?

simple

stupidity

"“The NSA’s Hawaii facility – unlike the other facilities – is not equipped with the up to date software(s) which can keep an eye upon ‘Which’ and ‘What’ is being  accessed by their employees at a given point of time. Take into consideration the magnanimous network the apex spying agency has and the watch-work becomes even tougher, which is why the Investigators are unable to quantify the numbers” – as quoted by a senior government official to New York Times.
http://hackersnewsbulletin.com/2013/12/grand-theft-files-...

you should start with the data and than install that data only on installations that have the sufficient security to host or give access to that data

no exceptions if the data is really important

Permalink | |  Print |  Facebook | | | | Pin it! |

have been to China on hotel recently ? your personal details may be hacked and published online

you are not alone, the personal details of 20 million visitors of Chinese hotels are being published and distributed as we speak 

"WooYun, is an online security watchdog which had observed in September that a loophole in CNWisdom, the largest provider of wireless internet for hotels, led the hackers have access to personal information of guests of the hotels. Personal details as to phone numbers, house addresses and also email addresses were retrieved by these hackers.

As a quick retort the service provider, CNWisdom at the outset had stated that many hotels which were not among its clients back then, also fell victim to such leak by another source. As of December, even though a website with leaked data was shut down, data has spread.

These hackers have been identifying themselves as the “harbors of evil goods.” It is considered to be wordplay on a particular saying originating from the archives of the Han dynasty. They have started using a WeChat account and are featuring on it now. They are providing a service through which a user can text them and ID card number and they will then run a trace or check with the data they have access to and the finally come up with the user details and hotel reservations made in favor of such persons. The operators of this account were approached through mail, but there was no response from them.

The websites which have the leaked information in content have easier search options. They can run checks and searches based on name inputs. These websites reveal detailed bookings of the persons along with their personal details which include phone numbers and birth dates. There are also peer to peer file sharing websites which have taken substantial interest in furnishing personal data of the unfortunate individuals.
http://hackersnewsbulletin.com/2013/12/chinese-hackers-le...

so all your booking information is now public with that of millions of others, ready to be exploited for whatever goal - but it may not be a good one

wireless is a bad idea for personal information especially if it isn't yours or if it is to transfer personal or confidential information

Permalink | |  Print |  Facebook | | | | Pin it! |

how to find weak passwords (a microsoft tools)

A company might have a great firewall or a robust security system; but if its customers persist on using easy to guess passwords such as “password” or “123456” these safety measures come to no use.

 

To test how you fare at staying away from possible password hacks, all you have to do is log on to https://telepathwords.research.microsoft.com/ and type the initial character of the password that you like to test. With just a solitary character, number, or symbol to bank on, Telepathwords tries to guess the subsequent character. This is done by exploring databases of well-known passwords that have been exposed by safety infringements and familiar phrases and words.
http://hackersnewsbulletin.com/2013/12/hacking-tool-new-m...

propose those weaak passwords to your girlfriiend so you read her mail

Permalink | |  Print |  Facebook | | | | Pin it! |

why complete privacybased services like privatesky have to close down

When CertiVox positioned PrivateSky as the easiest to use and most secure encrypted messaging service, we really had two significant points of differentiation. First, even though we held the root encryption keys to the system, it was architected in such as way that it would have been all but impossible for our internal staff to snoop on our customer's communications, or for the service to leak any of our customer¹s data. Secondly, our possession of the root keys, and our use of identity based encryption, made the system incredibly easy to use. For the user, there were no private or public keys to manage, every workflow was handled for the user in an easy to grasp pure HTML5 interface, no hardware or software required, just an HTML5 browser.

 

We boxed ourselves into a feature set and market position that when called upon to comply with legal statues, we simply had no alternative but to shut the service down. We built it, but we couldn't host it.

 

Why? Because as you can probably surmise, there is an inherent impedance mismatch between being able to host a commercial communications service that gives the upmost in privacy to its users, against any breach, whilst at the same time being able to operate safely within the confines of the law as it is on the books in most countries on the planet.
http://www.certivox.com/blog/bid/359788/The-real-story-on...

it is not that they are illegal - they are not

it is that they can't fulfill any demands from the police or the intelligence services when asked for specifiic information about specific clients even if these demands have been passed through all the normal channels and are very specific and not generic taps on the whole system

so any such 'private service'in any country which has such laws is too good to be true and is probably not possible or not to stay in business if they don't change their way of doing things

Permalink | |  Print |  Facebook | | | | Pin it! |

Personal details of 54 million Turks in the hand of Russian hackers

How it this possible ?

Simple, you let other people do things like this (publishing all this information online so they could check if it is still correct) without any security. The number of records makes no difference, only a few seconds or minutes more to download. This is the beauty (and danger) of big data, leaks become immediately big leaks.

article

"Russian hackers have seized 54 Turkish million citizens’ ID data because Turkey’s political parties and the country’s Supreme Election Committee (YSK) share voters’ personal information, a prominent research company manager has said.

“I have heard about it. Hackers in Russia hold 54 million Turkish citizens’ ID numbers, addresses, father names,” the general manager of KONDA research company, Bekir Ağırdır, said last week in Ankara at a meeting to evaluate upcoming local elections in the country, according to a report on online news portal T24. 

Ağırdır also said some parties did not have an anti-virus system but uploaded all electors’ information online and “in two hours hackers downloaded all the information.”

Ağırdır said the Supreme Election Board provided every political party with this information in 2011. 
Recently the main opposition party Republican People’s Party (CHP) launched an “e-elector” initiative that enables citizens to check electoral rolls and detect deficiencies and mistakes through websites and mobile applications.
http://www.hurriyetdailynews.com/russian-hackers-stole-54...

this means that the ID numbers can't be used as an identifier and that only information that hasn't be leaked can be used as an identifier

what would happen if we would lose our Citizen ID numbers (or our National Registernumbers together with our addresses) ? How many systems would have to change their verification and logins ?

Permalink | |  Print |  Facebook | | | | Pin it! |

1 2 3 4 5 6 Next