02/28/2014

#kiev ALARM is this the beginning of the Russian invasion ?

Permalink | |  Print |  Facebook | | | | Pin it! |

#kiev russian helicopters and tanks intimidate the population in Crimea

 source http://www.youtube.com/watch?v=ZUthbNCA1nc

 

 

 

source https://twitter.com/LTUworld/status/439434646708051968/photo/1

Permalink | |  Print |  Facebook | | | | Pin it! |

target breach shows that big databreaches can never be covered by cyberinsurance

Cates explained how customers he has worked with have listed a data breach as the second biggest risk on their books after natural disasters. He used the Target breach as an example. “To date, the cost of remediation has been $61m, and $44m of that is covered by cyber-insurance”, he said. “The costs will continue and will eventually total and hundreds of millions. Gartner says that for every $5.6 a data breach costs you, the prevention would have cost only $1.”
http://www.infosecurity-magazine.com/view/37169/rsa-2014-...

tell that to your CIO who never will believe that anything like that is possible and that those small investments are even necessary and have numerous different advantages

Permalink | |  Print |  Facebook | | | | Pin it! |

Italian privacy commission fined for 4 million Euro in 2013 and will continue in 2014

In 2014, the Garante's investigations will concentrate on especially on overseas call centres and mobile payment systems, Italy's Data Protection Authority has announced. The inspection plan for the first six months of 2014 is to focus on the areas identified last year, for example, large public databases, management of public networks for wi-fi access, telephone marketing, and mobile payments.  Call centres outsourced to non-EU countries will be given special attention. The Garante also plans to conduct investigations on compliance with the new requirements to report data breaches for telephone companies and Internet service providers.

Last year, the Garante conducted 411 investigations in various sectors, which is a 4% increase on 2012, and the fines imposed reached some 4 million euros altogether.

The Garante is able to  carry out a large number of audits as it collaborates with the Special Unit of the Guardia di Finanza, which is an Italian law enforcement agency with offices all over Italy, under the authority of the Minister of Economy and Finance.

See the Garante newsletter of 25 February (in Italian) at http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/2949470

Permalink | |  Print |  Facebook | | | | Pin it! |

textsecure the app for encrypted texting

TextSecure, the secure messaging app developed by the encrypted communication provider WhisperSystems, is no longer merely a private short messaging service (SMS) application. According to a blog post penned by WhisperSystems co-founder Moxie Marlinspike, TextSecure is now a private, asynchronous instant messaging application that does not depend on SMS or multimedia messaging service (MMS).

 

In its latest version – released on Google Play today – encrypted group chat and push messaging capabilities are among the app’s new features. However it also offers end-to-end encryption, forward secrecy, and deniability with little or no user-input.  To be clear, the TextSecure server never stores or has access to any user communication or other data.
http://threatpost.com/textsecure-sheds-sms-in-latest-vers...

Permalink | |  Print |  Facebook | | | | Pin it! |

exBelgian Globalsign supports certificate transparancy

“When implemented, Certificate Transparency helps guard against several types of certificate-based threats, including misissued certificates, maliciously acquired certificates, and rogue CAs. These threats can increase financial liabilities for domain owners, tarnish the reputation of legitimate CAs, and expose Internet users to a wide range of attacks such as a website spoofing, server impersonation, and man-in-the-middle attacks,” Google’s description of the framework says.

The method requires the CAs to cooperate and submit their certificates to these public logs, and that’s one of the things that’s holding up its broad adoption.

 

“We need to get the CAs to change their behavior so they emit certificates this way,” Chris Palmer, a security engineer on the Chrome team at Google, said in a talk at TrustyCon here Thursday.
http://threatpost.com/fixing-trust-through-certificate-tr...

big customers or other CA should put pressure on their CA to do the same thing

if they have nothing to hide they have nothing to lose

Permalink | |  Print |  Facebook | | | | Pin it! |

California Attoryney General's answer to 21 million dataloss ..... a new brochure

California Attorney General Kamala Harris on Thursday elevated cybersecurity to a major focus of the state's top crime-fighting agency.

Harris said the personal information of 21.3 million Californians has been compromised in the past two years. Nearly three-quarters of the 300 data breaches were at retailers.

California is one of the few states that require companies to report when the data of 500 or more customers is stolen
http://www.usatoday.com/story/tech/2014/02/27/california-...

and the major new initiative is a brochure that has some guidelines

makes me laugh.... or sick

Permalink | |  Print |  Facebook | | | | Pin it! |

a paywall for Belgian magazines nobody wants

De digitale markt bracht in 2013 evenmin soelaas. Zo schaften 269 mensen een digitale Humo aan. Nochtans maakte bladmanager Lisbeth Rillaerts zich vorig jaar bij het vertrek van Van Driessche sterk dat het verlies aan printkopers de voorbije jaren "ruimschoots gecompenseerd werd met een relevant bereik via andere platformen".

De digitale versie van Story moest het wekelijks met 258 lezers stellen. Knack verkocht wekelijks 349 digitale exemplaren, P-Magazine 118.
http://www.demorgen.be/dm/nl/16340/Media/article/detail/1...

well you would have understood the numbers, it means that only 269 people subscribed to the digital version of Humo which has now 134.000 readers

I used to read Humo during decennia but now I don't know why I should because there no more really investigative articles in it (which was the reason it became a household name attracting the best investigative journalists and the best interviewers) nor any qualitative commentary about the programs.

but it also means that those paywalls are enormous moneylosers and that it would be much cheapier to throw their enormous and very interesting archives online (and for Humo their fabuluous artistic covers) and get money by traffic and selling prints and re-use of articles.

the populair daily press is just sensational rubbish I don't care about and that has been reduced elsewhere to pennypress (one euro in fact) not worth any cent more - even not the paper it is written on

Permalink | |  Print |  Facebook | | | | Pin it! |

and this is the same for privacy activists (although we may differ about some methods)

an image speaks louder than words

Permalink | |  Print |  Facebook | | | | Pin it! |

the new anti-riot cars that the Braslians have bought for the world cup

there are many dictators who will be looking with interest to these cars

Permalink | |  Print |  Facebook | | | | Pin it! |

why brasilians keep protesting against the worldcup in one picture

they speak louder than words

Photo : Grandes diferenças...

Ato: https://www.facebook.com/events/574531142642166/

Curta: Contra Copa 2014

Permalink | |  Print |  Facebook | | | | Pin it! |

something for the FCCU or an European agency an European db of malware

For example, the FBI has been building a database of malware samples, snappily dubbed the Binary Analysis, Characterization, and Storage System (BACSS), for its investigators. Later this year a declassified version of this, dubbed Malware Investigator, will be made available to security partners, said Comey, who was sworn in as director in September.

"If a company has been hacked you can send the malware back to us and, in most cases, get a report back in hours about how it works, who it might be targeting and where we've seen it before," he told the conference today.

"Our goal is to make BACSS the same kind of repository that we have long maintained for fingerprints, criminal records and DNA."

The FBI will also expand its eGuardian program that allows companies to automatically update the agency about data security breaches involving classified and non-classified material.
http://www.theregister.co.uk/2014/02/27/new_fbi_boss_pled...

Permalink | |  Print |  Facebook | | | | Pin it! |

02/27/2014

#kiev russian armed roadblocks on the road to the Crimae

with police and riotcontrol troops birkut and armed men and russian flags

http://www.youtube.com/watch?v=2xlPEHZhzkQ

the only question is how much of the territory will be lost and in after how much bloodshed

Permalink | |  Print |  Facebook | | | | Pin it! |

yourdeal.be unsecure login and defaced

so this is the non-secured login

this is the defacement, luckily they didn't place a phishing page

Permalink | |  Print |  Facebook | | | | Pin it! |

#kiev moment of truth arriving with more russian troops and ships arriving at Crimae

so how would you could this

mobilizing troops, sending mp's, having russian military out of their bases with tanks and machineguns and having military training for your troops on nearly all the western borders ?

intimidation

there is one advantage is the Crimae becomes independent

than the Ukraine can become a mamber of NATO as there are no foreign military bases anymore

and it will have to come under our umbrella as otherwise the Russian bear will leave it never alone

just believing what he says is so.....munich

Permalink | |  Print |  Facebook | | | | Pin it! |

free SANS tool to test if your network can eliminate 85% of all attacks with these 4 settings

source https://www.qualys.com/forms/sans-top-4-security-controls/

Permalink | |  Print |  Facebook | | | | Pin it! |

ex security guru from the US says NSA can hack European cloudservers to proof they are not safe

"NSA and any other world-class intelligence agency can hack into databases even if they not in the US," said former White House security advisor Richard Clarke in a speech at the Cloud Security Alliance summit in San Francisco on Monday. "Non-US companies are using NSA revelations as a marketing tool."
http://www.theregister.co.uk/2014/02/24/richard_clarke_cs...

well that is a reason to have a look at your logs not ?

 

Permalink | |  Print |  Facebook | | | | Pin it! |

the next (in)security frontier : connected medical devices (that are hacked)

But another troubling aspect is that once attackers gain access to these devices, they can use them to launch attacks on other devices. 

 

Indeed, the report tracked the origin of some of the malicious traffic coming out of medical sites that had been hacked: 

 

"The findings of this study indicate that 7% of traffic was coming from radiology imaging software, another 7% of malicious traffic originated from video conferencing systems, and another 3% came from digital video systems that are most likely used for consults and remote procedures."

 

In following the trails of this malicious traffic, Norse found detailed information about the layouts of hospitals and specifications of various lifesaving equipment.
http://www.latimes.com/business/technology/la-fi-tn-study...

the same old song : first the product than the security

and in between the incidents and articles and products to secure something that should have been secured from the beginning - before it came to market

why is it so difficult to let a new medicine on the market and why is it so easy to place unsecured vulnerable connected devices on the market

deconnect them - period

Permalink | |  Print |  Facebook | | | | Pin it! |

the first wifi virus that automatically attacks unprotected Access points

Researchers from the University’s School of Computer Science and Electrical Engineering and Electronics, simulated an attack on Belfast and London in a laboratory setting, and found that “Chameleon” behaved like an airborne virus, travelling across the WiFi network via Access Points (APs) that connect households and businesses to WiFi networks.

 

Areas that are more densely populated have more APs in closer proximity to each other, which meant that the virus propagated more quickly, particularly across networks connectable within a 10-50 metre radius.

 

Alan Marshall, Professor of Network Security at the University, said: “When “Chameleon” attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi APs that it could connect to and infect.”

 

“Chameleon” was able to avoid detection as current virus detection systems look for viruses that are present on the Internet or computers, but Chameleon is only ever present in the WiFi network. Whilst many APs are sufficiently encrypted and password protected, the virus simply moved on to find those which weren’t strongly protected including open access WiFi points common in locations such as coffee shops and airports.
http://scienceblog.com/70678/scientists-demonstrate-first...

as there is no antivirus on the Access Points it is more easy to infect and it doesn't need to do more as everything goes through the access points (passwords, information,....)

Permalink | |  Print |  Facebook | | | | Pin it! |

from Brasil to Europe and bypassing the USA_NSA

BRUSSELS (Reuters) - Brazil and the European Union agreed on Monday to lay an undersea communications cable from Lisbon to Fortaleza to reduce Brazil's reliance on the United States after Washington spied on Brasilia.

At a summit in Brussels, Brazilian President Dilma Rousseff said the $185 million cable project was central to "guarantee the neutrality" of the Internet, signaling her desire to shield Brazil's Internet traffic from U.S. surveillance.

"We have to respect privacy, human rights and the sovereignty of nations. We don't want businesses to be spied upon," Rousseff told a joint news conference with the presidents of the European Commission and the European Council.

"The Internet is one of the best things man has ever invented. So we agreed for the need to guarantee ... the neutrality of the network, a democratic area where we can protect freedom of expression," Rousseff said.
http://news.yahoo.com/brazil-presses-eu-undersea-cable-sk...

But you will have to bypass also the UK because everything that comes into the UK is intercepted by the NSA who is paying for the bases in the UK

Permalink | |  Print |  Facebook | | | | Pin it! |

1 2 3 4 5 6 7 8 Next