• this is the value of your facebook or Google or hotmail account on the Russian underground

    The hacking of Facebook logins has halved the price of the working logins by halve.


    and your login is of much bigger value than your creditcard where creditcards are now sold in packs of thousands or millions at 1 dollar a piece for the US market

    there is much more you can do with a facebook account because you can resell the access

  • now phishers in France use electricity company EDF to get very valuable documents from users for ID theft

    "At the end of January last year, French power company EDF advised the public that they were seeing a significant rise in the number of phishing complaints they were receiving from their customers. An example story in English from The Connexion: EDF customers hit in 'phishing' scam, says that an EDF spokesperson said beginning in August of 2012 they were seeing 20,000 customers per month complaining about the phish and that in January 2013 it had risen to as many as 40,000 customers per month. As many as 200 to 300 new phishing sites per month were being created at that time.

    This week Malcovery is noticing that the EDF phish are back, with a twist! The current EDF phish are asking for documents with an enormous value for identity theft and are targeting many different French banks with the information. Here's what a currently live phishing site looks like:

    This is the same reason why you can't throw such documents as such in the dustbin.

  • network of Australian parlement penetrated by Chinese cyberspies during one year

    "SYDNEY (Reuters) - A cyber attack on the Australian parliamentary computer network in 2011 may have given Chinese intelligence agencies access to lawmakers' private emails for an entire year, the Australian Financial Review reported on Monday.


    The newspaper, citing government and security sources, said new information showed the attack had been more extensive than previously thought and "effectively gave them control of" the entire system.


    "It was like an open-cut mine. They had access to everything," a source told the newspaper.

    They are now declaring that they are making a priority of cybersecurity. Sure ....

  • Firefox will control much more strict the way you have set up your ssl certificate

    "Many of the certificate verification changes in the new library are subtle and are related to technical requirements specified in the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" issued by the Certification Authority/Browser (CAB) Forum. However, some of the behavior modifications also stem from changes Mozilla made to its own policy for trusting CA certificates.


    For example, a document describing mozilla::pkix requirements notes that "end certificates used by servers are not allowed to have basic constraints asserting isCA=TRUE" and "certificates used as trust anchors or intermediates are now required to have the basic constraints extension and assert the isCA bit."


    These two requirements are intended to prevent the misuse of subordinate CA (sub-CA) or intermediate certificates, which can be used to issue SSL certificates for any domain on the Internet.

    The first result will be that the users will have to add many certificates to their exceptions because most of the certificates today don't respect a very strict set of rules - if any

    You have untill the end of july to adapt your certficates so that they are compatible with the minimum requirements from Firefox which counts for at least 30% of all the browsers

  • double authentification process by mobile can now be replaced by a trojan

    "iBanking is a malicious Android application that when installed on a mobile  phone is able to spy on its user’s communications. This bot has many interesting phone-specific capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device’s microphone. As reported by independent researcher Kafeine, this mobile application was for sale in underground forums and was used by several banking Trojans in an attempt to bypass a mobile two-factor authentication method put forth by some financial institutions. This method, usually called “mobile transaction authorization number” (mTAN) or mToken in the financial realm, is used by several banks throughout the world to authorize banking operations, but is now also increasingly used by popular internet services such as Gmail, Facebook and Twitter.

    The malware makes in fact the double authentification by SMS unreliable for the simple reason that people by a social engineering trick have already given the malware all the necessary permissions to take over the identification process while starting a connection with mobile banking

    In Belgium online banking is heavily promoted by the banks and it is called safe even if - for example - there is no CERT responsable for the wireless network

  • any wireless sensor data without encryption and with standard passwords can be hacked

    “By sniffing 802.15.4 wireless traffic on channels used by Sensys Networks devices,” Cerrudo wrote in an advisory (.pdf) he sent to the Department of Homeland Security’s ICS-CERT division last year, “it was found that all communication is performed in clear text without any encryption nor security mechanism. Sensor identification information (sensorid), commands, etc. could be observed being transmitted in clear text. Because of this, wireless communications to and from devices can be monitored and initiated by attackers, allowing them to send arbitrary commands, data and manipulating the devices.”

    In this interesting article it is about the traffic lights but that counts for any sensor that is working under these premises.


  • #ukraine the most important thing I have learned about the hype of social media and its dangers

    We already have seen it with the green revolution in Iran a couple of years about after which the term clicktavists was born and we were all tweeting and blogging about the opposition movement while on the ground the manifestations were just attacked by paramilitary and tens of thousands of people were arrested and convicted. The social media helped to get the information out and probably got the movement going for a while but in the end it didn't make any difference because the regime was stronger on the streets and the protestors weren't sure about the strategy and didn't have enough people to be able to continue and resist the permanent brutal attacks.

    The second revolution was in Egypt where the media made a huge fuzz about the role of social media and the fact that one of the guys had some function with facebook and that the Egyptians used facebook and twitter to organize the protests and distribute information in real time. All nice and well and very interesting. But it was not that that made the difference. The day Moubarak send in his thugs (on camels) there were fights going on through the night with the army standing aside. Hundreds were wounded many were killed, but in the morning the army decided that it was enough and intervened on the side of the protestors and drove the attackers away. This had nothing to do with social media. It had to do with the number of people on the ground willing to be hurt or die while throwing stones to keep the attackers away from place Tahir.

    The Turkish protests proof the same thing. They just didn't have the people to counterbalance the attack by the police forces (with better equipment than the Ukr now) and to continue the demonstrations night after night to create the atmosphere of revolution, unrest and uneasy that would have forced the government to take some actions to calm down the situation.

    Euromaiden proofs again that everything that is really important is happening on the ground. THe number of people willing to be hurt or die and the number of people helping them getting the things organized so they don't have to. After the snipers shot so many people it was clear that the protestors would continue to advance and that short of bringing in machine guns on tanks there was little the regime could do to stop them. (which is different from now where in Eastern Ukraine the regime has the necessary forces but can't use them or can't trust them and doesn't have the international support to deal with it)

    Now there is one big and important thing to learn - and I have the impression that even if the Euromaidan people have read the analysis they don't yet understand it and so they aren't capable of influencing the real news. Maybe it all has to do with their age, with their enthusiasm to play reporter without ever being accepted as one by real reporters, with their need to be immediately in the stream of developments following them every minute as a film.

    The real news I have learned is NOT in the social media. It is in the newspapers on the international press agencies and on TV. THat is the real news and that is where the real influence is. Yeah they will read some blogs and some tweets but for most of their content they will depend on the big agencies and their reporters on the ground (who sometimes don't even want to follow the social media or don't know which ones to follow)

    And it is not about the news an sich it is about the framework, the news-setting that Moscow is trying to create and that is being copied without any research, analysis or re-action by the big press agencies, by the (even socalled quality media) media (even in socalled liberal Russian press the military in Eastern Ukr were called militants). You change words, you set up events, you create impressions and you leave out others. All this is done deliberately and some of the propaganda is very subtle while the other is so stupid that a normal person would see through it (but maybe it is not intended for a normal person)

    So as long as you don't have a real press official press office that gives international tv stations video with translations in any important language, in which a high official on the record responds immediately to new allegations or declarations elsewhere, as long as you don't have permanent press officer who try to correct the names that are sometimes used for these terrorist and alert the journalists (of which you know what he thinks and what he doesn't know (yet)) to specific bits of information and contacts so he can verify the information or dig a bit deeper into it.

    Playing on twitter and facebook is fun, but mediawar is much more professional than just that. And you won't beat specialised mediastrategists with a tweet or a facebook. Oh you may impact a few thousand people for some time but not necessarily the millions who are watching tv news and reading their newspapers. The fact that the opinion polls about Ukraine internationally aren't that bad doesn't mean that you have to do nothing. On the contrary it means that if you would have a real mediawarstrategy you could do even much better and having a real impact on the democracies that have soon to decide to implement real sanctions that will also hurt them, remilitarize their eastern borders with Russia and should their 'reference' again so they would see Russia as an unreliable, militaristic, imperialistic, undiplomatic havebeen superpower that is only dreaming that it could havebeen the new USSR

    This is one for the long haul and for countries who are preparing themselves for the new cold war and are looking anxiously to the propaganda war coming out of Putinized Moscow they should invest in the means to fight a very lowlevel warfare immediately, have socialmedia monitoring and actions but they must surely not overinvest in it and put most of the mediawar money in the international mediawarstrategy.

    Social media is when you are organizing protests and trying to foster a strategy, mediawarstrategy is when you have won and you are playing with the big media around the world against the mediapuppetmasters of the new Goebels.

    This was for me an eye-opener. Socialmedia is less important than bricks and guns on the street and can't correct fast the international bigmediastrategy of a professional propagandateam. It helps but it doesn't change a thing. It must be there but as a support on the ground and for a professional propagandateam. Otherwise you are fighting in the media like you are now fighting on the ground in Eastern Ukraine.

    btw I have re-opened some books about propaganda and informationwar

  • #ukraine taking a break from Ukraine

    As in other stories where we followed the beginning and first developments we stop and go back to our normal work once the situation has become clear.

    It is clear that there will be no invasion soon although the situation will continue to worsen. We will come back if this happens.

    It is clear the present government in Kiev doesn't have the will, the power and the knowledge to force a military or police re-action to this low form of warfare.

    It is clear that we are getting into a cold war 2.0 although germany and especially the german socialists aren't ready to give up on Putin and don't understand what he is doing and why he is dangerous as the debate yesterday among the contenders for the President of the European Commission showed (although you could hardly call it a debate, but it was a first time and you still have to learn)

    It is clear that we now will have to see anything Russian or done by satellites of Russia through other eyes and not more as new friends who were once enemies. The mix of extreme right and left in the third way or the complex propaganda mix supporting Putin and his Russian kind of corporatism (inspired by the Solidarism of the 1930's) changes (or refreshes) puts a new factor on the extremist political field.

    It is clear that NATO is back, that we will have a remilitarisation of Europe, that this low-level warfare is the modern way of overthrowing regimes (a military variant of the colored revolutions who didn't take arms and used paramilitary)

    It is clear that a big majority even in Eastern Ukraine doesn't want to be annexed to Russia or become independent but for the moment aren't capable of organizing any protest with the means to resist violent attacks by armed thugs.

    Sometimes I even think that an invasion would be good for Ukraine. It would liberate the army to storm the occupied buildings as military centers. It would make it very clear where all this shit is coming from. It would force the Chamberlains in Europe to understand that nobody was joking when the Putin said that he wanted to restore the Old USSR

    So as we know understood what is happening why we will go back to our research and reporting about all the other things in the security world

    The last couple of weeks we have informed you about the strategic concepts that have changed, the methods that were used, the players and how things were being set up

    the resources to continue to follow are

    twitter.com/mailforlen  list Ukraine

    diigo.com/mailforlen    list international

    and if you want to see what has been published than you search for #ukraine in the searchform here

    and if something very interesting happens than I will be back on the subject here

    I am with the Ukrainans but as long as the Europeans, the NATO or the US or eastern allies don't effectively get it and get them the help they practically need, than I don't know how they are going to win this low-level warfare even if there are some military, SBU and police forces doing excellent work

  • #ukraine the call in the US becomes louder for more leadership in this crisis

    this doesn't mean that they want to send immediately troops and go to war with Russia over this, but it means that Obama will have to take a harder stand and do more to make it clear that the US stands with the democrats in Ukr and want to give Ukr the necessary protection so it can hold its election and construct its new democracy again

    "What’s to stop Putin? The West is led by the modern equivalents of Chamberlain: President François Hollande of France is a political nonentity repudiated by his own compatriots; Prime Minister David Cameron of Britain and Chancellor Angela Merkel of Germany have both ruled out the use of force to stop Putin from annexing Ukraine; and worst of all, President Barack Obama–the one man who has the power to stop Putin in his tracks–does nothing. He makes Neville Chamberlain seem like a bellicose activist.



    The U.S. is the richest country in the world. Thanks to the fracking revolution, it has the means to meet the energy needs of all the former Soviet states. Its fleets and armies make Russia’s much reduced military power seem puny. It could move troops and aircraft into Ukraine within 24 hours, and its fleets could ensure protection to the Baltic states in a way that Putin would find unanswerable. Yet Obama makes no decisive moves. What ails the man? Is it cowardice? Indecision? A kind of executive paralysis he tends to display when firmness is called for? Clearly there’s something fundamentally wrong with the U.S. President. Meanwhile, Putin, who runs what is, in essence, a second-rate nation with a weak and declining demographic structure, behaves as if he rules the Earth.



    Sadly, there is no Churchillian voice to sound the alarm and call the democratic world to action"

  • #ukraine Putin failed again this weekend and what is ahead

    imagine the troops were there, they were battle ready and the hospitals crews were alerted that they maybe would have much work to do

    so it was waiting on the provocations and actions that should have been the argument to go in

    * shooting a major of a major city by an unknown person could be a trigger but it wasn't as he clearly had switched sites and it couldn't have been put in the hands of the Rightsector (except on Russian tv off course). The fact that he is a jew makes it even more difficult with all the antisemitism in the Prorussian camp

    * the explosion of an Afghanlike roadbomb against an Ukr police-officer was another incident to provoke something (but the link to the Prorussians is fast made because many of their military say they have fought in Afghanistan)

    * the attack of a mob on a peaceful proUkr manifestation with a policeforce who did have no clear strategy, no command, no material and could hardly contain the small groups of prorussians attacking people on the ground (NEVER FALL ON THE GROUND AND IF ON THE GROUND MAKE YOURSELF SMALL AND DEFEND YOUR HEAD BUT GET UP)

    * the take-over of a small city (but at the big road to Crimea) didn't provoke the anti-terrorist brigade sending their tanks (nobody knows if they are sending anything anywhere for the moment)

    but in the end of the day, we can write and think whatever we think about the images and dramatics of the visuals, but military and strategically what did it bring Putin

    absolutely nothing

    it is clear that external police forces have to come in to protect the international monitors

    it is clear that around 40 people have to be liberated by the Russian occupiers

    it is clear that the prorussians are attacking proUkr demonstrators without reason (and laying on the ground)

    it is clear that they didn't evacuate anything

    so even if the sanctions weren't as harsh as wished by some, they are one step ahead and seeing the political pressure mounting in the US congress there will be more sanctions coming and maybe that was even the goal of Obama, not to proclaim himself harsh sanctions but to do so with the explicit political support of the full congress, telling his European partners that he has no choice because American public opinion is moving into this (right) decision

    off course it looks all different in you are living in Ukraine and it looks much more desperate and chaotic but you have to keep some perspective

    * there are no snipers and militea fighting all over the place with refugees going into their thousands to the borders

    * there are no cities that are totally controlled by the russians openly supported by thousands and thousands of citizens (a few that are presented as such)

    * the russian troops are back to their barracks which by the way are still to close for comfort to the Ukr border but this is not the same as being nearly on the border itself

    These are the days we have to look out for

    First of may : big parade - but it will be difficult to invade before because you need at least 48 to 72hours even with all the overwhelming manpower to be able to present itself and also Ukr and Russia have a meeting the day after about the dispute over the gas price (you don't invade a country the day before you will try to do business with them)

    9th of may : big parade

    11th of may : so called referendum that the seperatists would like to organize

    12th of may : the reaction of the Duma and Putin to this referendum if it takes place

    25th of may : presidential election

    what to expect, I don't know and if anybody knows he may say so because this is so fluid that anything can happen at any moment at any place - and it is this what makes it so dangerous that we are living in the most dangerous times since the second world war and everybody is being careful although not everybody is doing what should be done (stopping the occupation of buildings for example) they are too afraid of this situation totally out of control to take the dramatic steps like an invasion

    it is not for our pleasure or yours that we - and others - declare that an invasion is possible - it is because all the preparations for an invasion are in place, the readiness level of the army is in place and than there are certain manifestations and provocations that could possible be the pretext for some kind of invasion

    luckily for Ukraine these provocations didn't give until the effects that was counted upon (according to the textbooks - but that is why they are textbooks)

    this doesn't mean that he continues to try

    but time is running against Putin and he knows it all too well

    if we pass the 25th of May without invasion or big scale massive rioting, deserting and killing than he has missed in fact the opportunity to invade even if he doesn't accept the elected president

    but that will be his problem - not of the west

    when this will be over, we will ask Ukraine how they lived through these emotions and events and how it was possible that the west was so passive and didn't seem to do anything in time. But if all goes well, we'll say that it was the only way possible and had a good result. If all goes bad than we will have to change tactics and we are instantly into coldwar2.0 for a long time.

    and there is no way to know what is best and what would be dangerous and who in the Kremlin is for war whatever the cost and who is trying in a diplomatic way to keep backchannels over and keep the discussions going (Ukraine and Russia are meeting each other the second of May over the dispute about the gas price).

    there are also question rising if Putin has not lost control over his mercenaries operating in Ukraine and if they are not becoming rather a liability than an asset. There is no enormous outpouring of popular support (except pensioners and hooligans ready for a good bloody fight), the popularity of an annexation to Russia in the polls are going the wrong way and taking international monitors as hostages or even killing hostages is something that you can't sell as a reason to invade a country, on the contrary

    if his mercenaries continue like that he will even not be able to intervene when the European special forces decide to implement the Geneva agreement themselves and come in for an 'antiterrorist operation' to liberate the international hostages and the 40 others, liberate the public buildings and disarm the militias before this really gets out of hand

    and as the troops facing them won't be the Ukr untrained underequipped soldiers with an interdiction to shoot, I wouldn't be surprised if they would keep their salaries paid and just leave before they get hurt, especially if Putin only protests a little .....


  • #ukraine this is why the occupation of some cities in Ukr is the preparation of an invasion

    look at the roads he needs to go to Crimea - to bring food and other stuff

    look at the names of the cities

  • #ukraine the slow military buildup in the air at the eastern front

    let's use Putins language and take it on like it is and stop all these niceties

    drip, drop, drip, drop ..... and the bath is slowly filling because every step he makes (or doesn't) leads to some more drip, drop, drip, drop and in a few months time - if Putin continues like that the eastern front will look like an eastern front and he will wish that he never started this madness

    Embedded image permalink

  • #ukraine lessons and material for the riotpolice of Ukraine

    protecting marches (and having enough policement to do it) like in belfast

    moving your police next to the protestors in the safe environment of police cars (belfast)

    or behind the cars who move together as a protective wall

    having one or more watercannons to keep people from coming too close

    having rubber bullets if things really get too dangerous or to immobilize the most aggressive attackers

    making air-gaps between police and demonstrators (for example before buildings)

    give protective gear to the riotpolice so they aren't that easily hurt by incoming material

    having with a camera a total overview over what is happing in the coordination center where the command can take all the necessary measures (re-inforcement, new orders to move in or pull back or whatever)


  • #ukraine the situation in South Ukr or East Ukr in one map

    but even if it seems important - it is not as important as in reality because there is no massive bloodshed, there is no running streetwar - some incidents and fights but it is not that there are thousands of people fighting each other in the street or killing each other

    one good organized anti terrorism operation could blow this all over in one day - that they don't is because if they do they are so afraid of Putin that he doesn't even have to invade the country to have it act as if they are invaded

  • #ukraine first law of fear : beat every manifestation into chaos and bloodshed

    the same technique as during the 1930's with the nazi's

    and the police - they didn't intervene or they were helping the nazi's

    and the more trouble on the street, the better because than afterwards he would say that he came to restore order

    so either way, you win

    so let's see if next time they have a few thousand protestors and if they don't if they have some fighters so you could could have a nice riot and than present it as civil war (even if you have started it)

    and this is the monty python police (totally useless) the guy who is responsable for organizing his police force here can go back to the kindergarten and even than I wouldn't give the security of my children or anybody's children in his hands


  • #ukraine now a whole lot of the alternative news internet becomes stupid

    take for example infowars.com

    "violence escalated today as the mayor of the eastern Ukrainian city of Kharkov, Gennady Kernes, was shot in the back by unidentified gunmen and remains in a critical condition.

    On Sunday, 300 anti-government protesters were attacked by a 5,000 strong mob of pro-Kiev football hooligans in Kharkov who severely beat numerous demonstrators, leaving 14 injured.

    look at the links

    where do they get their information from

    'Russia Today' of course

    now that we have seen what is the worth of the reporting by Russia Today especially about Ukraine (in which they are only informationofficers not journalists) and also about Western Europe and the US (in which everything goes bad) and about Russia (in which all is well compared to the bad west)

  • an unencrypted external harddisk wht all personel data is lost by.... a privacycommission

    In Canada

    "The federal privacy commissioner will receive on Friday the findings of an internal investigation into an embarrassing loss of sensitive information of approximately 800 current and former federal employees.

    The data breach at the Office of the Privacy Commissioner of Canada is believed to have happened in February, after employees lost an unencrypted hard drive containing the private information of past and current employees, while moving their headquarters to Gatineau, Que. from Ottawa.

    The lost information dates back to 2002 and includes employee names, salaries, internal ID numbers, other payment information and job classifications for both current and former employees in the Office of the Privacy Commissioner and the Office of the Information Commissioner.

  • #ukraine Anonymous is in Ukraine only a megaphone for Russia Today

    there was a splintergroup that attacked some Russian targets and leaked some data (but not all of it)

    there was also a prorussian info-op calling themselves Anonymous Ukraine without any protestations from Anonymous Headquarters and leaking socalled intercepted telephone conversations and emails of diplomatic and other decisionmakers and re-arranged them only to try to present it in the best possible propaganda way as it is all a conspiracy of the CIA against their good Russian friends

    so no Anonymous is in this conflict not taking the sides of those who fight for freedom and justice and transparancy but is mostly just repeating the propaganda from Russia today and presenting the thugs and armed green men as antigovernment protestors, militants and so on

    their anti americanism has blinded their general principles of freedom of speech, of the press and of organisation which you even under the worst cases have a 1000 times more in the US than in Russia or China.

  • #heartbleed a new free networkscanner that tests different devices and ports

    just what you would need if you want to be sure that it is not lurking somewhere where you didn't expect it

    source http://www.crowdstrike.com/blog/new-community-tool-crowdstrike-heartbleed-scanner/index.html

    download it from here ; http://www.crowdstrike.com/community-tools/index.html