• Apple has already one million creditcards in its Pay systems that work with hackable NFC

    read and enjoy 

    The NFC trouble 

  • why is the battle in Lebanon so important for the rebels in #syria ?

    "A battle between Lebanese troops and Muslim militants in northern Lebanon was widely expected after members of the Islamic State group and al-Qaida's branch in Syria, the Nusra Front, launched several attacks over the past weeks in areas on the border with Syria.

    Sunni militants inspired by the Nusra Front and the Islamic State group have killed and wounded several soldiers in a string of attacks in recent months in Tripoli and nearby areas.

    Lebanese army commander Gen. Jean Kahwaji said in comments published this month that the militants from Syria want to ignite civil war and create a passage to Lebanon's coastline by linking the Syrian Qalamoun mountains with the Lebanese border town of Arsal and the northern Lebanese town of Akkar, an impoverished Sunni area.

    http://bigstory.ap.org/article/3203da1b8d79480fa9d542c057395f62/lebanese-troops-fight-street-battles-tripoli

    Why does Putin want Crimea and now Mariupol ? And why is Syria so important to him, expect that it has his last Russian military fleetbase ? 

    Access to the sea means that there is a way to get weapons, fighters and other material by sea 

    but this is not the FSA but AlQaida so this battle is lost because nobody has an interest in it, except for Al Qaida, but that is not in the interest of anybody - and surely not FSA

  • remember the Afghan rebels shooting down Russian helicopters ? #Isis does....

    "BAGHDAD — From the battlefield near Baiji, an Islamic State jihadist fired a heat-seeking missile and blew an Iraqi Army Mi-35M attack helicopter out of the sky this month, killing its two crew members.

    Days later, the Islamic State released a chilling series of images from a video purporting to capture the attack in northern Iraq: a jihadist hiding behind a wall with a Chinese-made missile launcher balanced on his shoulder; the missile blasting from the tube, its contrail swooping upward as it tracked its target; the fiery impact and the wreckage on a rural road.

    The helicopter was one of several Iraqi military helicopters that the militants claim to have shot down this year, and the strongest evidence yet that Islamic State fighters in Iraq are using advanced surface-to-air missile systems that pose a serious threat to aircraft flown by Iraq and the American-led coalition.

    http://www.nytimes.com/2014/10/27/world/middleeast/missiles-of-isis-may-pose-peril-for-aircrews.html

    that is why they need US helicopters who have defenses against such attacks 

    this is not just a bunch of guys with machine guns, Isis is an army so you have to battle it like an army

  • those who thought that Russia had no end-game and that the game in #ukraine was over, it only started (again)

    Yep the Ukrainans have their elections and the results have been accepted by Moscow 

    Yep there is something of a cease-fire but that will be ended soon as the Russianheld territories need Mariupol and the airport to have something of a real region - even if they don't have the whole regions

    Yep there are no great movements of Russian military but every day new Russian tanks and soldiers are crossing the border - under the radar of the international news organisations (100 tanks is a better title than 10 russian tanks cross the border)

    and now, we are back at where it all started - a referendum in the two seperatist russian occupied regions (that is why it is a pity the Ukranian army didn't push into Donetsk when it should) 

    yep a referendum in a region in which everybody who is opposed to the occupation is send to cellars they don't come out of again 

    yep a referendum where there are no other parties or press than those of the occupiers

    yep a referendum that will be as legitimate as the one in the Crimea 

    so all those believers that you had an agreement with Putin, that Peace was on your way,

    you are chamberlain after all (but we knew that from the beginning)

    meanwhile if you are into (cyber)security prepare for the possbility of a new cold war or local wars and skirmishes and troop buildups and incidents and all the rest (the possbility that this will happen has just increased with 1000 percent)

  • the FBI sets up waterholing webpages since 2007

    waterholing webpages are pages or sites that look legitimate but have software installed that will 'mark' or infect the visiting computer 

    it is a normal procedure of real attack against a person or organisation 

    "The FBI in Seattle created a fake news story on a bogus Seattle Times Web page to plant software in the computer of a suspect in a series of bomb threats to Lacey’s Timberline High School in 2007, according to documents obtained by the Electronic Frontier Foundation (EFF) in San Francisco.

     

    The deception was publicized Monday when Christopher Soghoian, the principal technologist for the American Civil Liberties Union in Washington, D.C., revealed it on Twitter.

     

    In an interview, Soghoian called the incident “outrageous” and said the practice could result in “significant collateral damage to the public trust” if law enforcement begins co-opting the media for its purposes.

    http://seattletimes.com/html/localnews/2024888170_fbinewspaper1xml.html

  • Yemen is just such a mess no wonder alqaida feels at home

    "FIghting in central Yemen between Houthi rebels and a tribe in the town of Radda has killed at least 250 people in the last three days, security officials said Monday.

     

    The Houthis — a political and religious rebel group named after a former commander, Hussein Badr al-Din al-Houthi — captured Sanaa on Sept. 21 after weeks of anti-government protests focused on fuel price rises. The group signed a power-sharing agreement with other political parties soon afterward, a deal that was sanctioned by President Abd-Rabbu Mansour Hadi. But this has not deterred the Houthis from pushing into other parts of the country. Their leaders say they want a more representative national government that can combat corruption and secure the country. http://america.aljazeera.com/articles/2014/10/27/officials-clash-inyementownkills250in3days.html

    if you understand something, you know more than I but this looks like a real mess in which you will never know who will do what to who 

    failed state is their name

  • POS (POINT of sales) hardware connected to the internet is a new goldmine for hackers

    yep, they are doing it again

    connecting things to the internet without the big defenses for it (proxies, vpn, ....) so you can't get to the machine itself (that costs too much)

    no, you connect for maintenaince your Point of Sales hardware directly to the internet so it can be directly updated and managed from the internet (easy it looks and everybody is doing it)

    now that they have laid of all that staff that was giving technical support to their POS because they did it 'over the internet' they are paying dearly for this 'cheap' solution 

    in fact they are paying millions every month because thousand and thousands of systems are infected (and how are you going to clean all that without all the technical staff that you have laid off, brother ?) 

    and if at the same time you don't encrypt the data from end to end and the technical staff that has access to those systems use default or bad passwords and doesn't react to all those securityalerts for months (because not enough staff for too much work doing all those things over the internet, and hey it is not in my job description (which is right, you need some-one doing nothing else but looking at all those things happening everywhere) 

    than you lose millions of data and millions of dollars and what is even worse you lose enormously much money to clean up the mess and your stock takes a hit and according to a survey last week more than half of all customers won't go to the chains that were impacted by the latest attacks on their POS infrastructure (maybe you should install big moneymachines in those shops so people can get the cash out and pay with cash as they don't trust your POS infrastructure for their cards and accounts)

    and they have any reason to worry because it now seems that what the banks and financial institutions were saying in the beginning that they didn't see any fraud with those thousands or millions of financial data that was lost, is not true anymore. It looks as if the data has been sold to some operators or that some accounts are only attacked or emptied right now (when maybe everybody is losing attention because it is already some time ago)

    and meanwhile the attackers have learnt so much and have so much money in their pockets (and that of their women who are very happy about their naughty boys) that they can now bypass any firewall or antivirus and can only be stopped by ..... threat intelligence. Ohlalalala this means that you need people who watch, who analyse and that the big economy you think you were going to have in the first place is now also up in smoke because you will have to pay enough people enough money to look every day every moment at logs and events and check and doublecheck and investigate thinks. If you think that this can be done by a computer or robot, think again. Programs can help but they can't stop the attackers. 

    and so to keep themselves rich and their women happy they are now attacking in full force the POS installations and software because it is the biggest moneyfarm that is available for free now and that is not being defended as it should be - why make life difficult with hacking banks if you can get the same information just by those POS installations of some supermarket chain (and know what, once you get into one, you can get in all of them because they have set them up all the same way - economies you know)

  • why #ISIS has to control cities and road to have a steady income (next to oil)

    "Extortion and illicit taxation systems are also a significant source of income for ISIS, and potentially one of the most sustainable. Prior to capturing Mosul, ISIS was already earning $12 million a month in the city alone. This is now being replicated, though in a more organized manner, across ISIS-controlled territory and covertly in other areas under its partial influence. However, it should be recognized that this ‘extortion’ and taxation is not always done unilaterally and solely in ISIS self-interest. For example, a sophisticated ISIS taxation system on the main highway between Jordan and Baghdad has been developed which replaces the government’s import tax by charging reduced rates for the transport of goods into the Iraqi capital. The trucking business across western Iraq is primarily controlled by Sunni tribes, and therefore, by imposing lower taxes ISIS earns a steady income but offers its tribal guarantors an opportunity to increase their earnings.  Similar systems are in place elsewhere in western Iraq and eastern Syria, with an overriding emphasis place upon this dual focus of earning money while retaining a ‘buy-in’ from tribes that ISIS existentially relies upon for its societal survivability.

    http://www.brookings.edu/blogs/iran-at-saban/posts/2014/10/24-lister-cutting-off-isis-jabhat-al-nusra-cash-flow

    so without troops on the ground to attack ISIS and to develop a sense of security so that nobody thinks that they have to pay to ISIS to be sure that their livehood and business will not have any risk of being killed, ISIS will be sure to have at one side enough resources to pay its combatants and at the other side have secured the continued commerce in the territories that she controls so that 'everything looks normal' and people can 'get on with their lives' (they think)

    and neither the Iraq army nor the Iraq leadership are showing any real willingness to go to a real war with ISIS because they are holding back (and the US and the socalled alliance is NOT giving them the military hardware and operations they need to make a real difference)

  • the situation can become much worse in Iraq and the region if #ISIS takes Anbar (but who cares over here?)

    "So far, Iraqi military and security forces in Anbar report they are receiving supplies and light arms from the government, but not the heavy artillery and tanks they say they need to push back Islamic State gains.

     

    “The general perception is that the Iraqi government doesn’t believe Anbar as a whole to be important,” says Ahmed Ali, an Iraqi researcher with the Institute for the Study of War based in Washington. “It sees parts of Anbar to be important, but it’s clear the government’s priority is to secure the [outskirts] of Baghdad first.”

     

    Similarly, US-led airstrikes have shifted away from targets in and around cities in Anbar in recent weeks. Instead, coalition planes are more often protecting key points of Iraqi infrastructure like the Mosul Dam and Bayji oil refinery.

     

    Ali says beyond the province’s symbolic value, there will be dramatic strategic consequences if Anbar falls out of government control. One of those consequences will be that Islamic State militants will be better positioned to launch attacks on Shia holy sites in Karbala. One such devastating attack, Ali argues, could spark an all out civil war in a manner similar to how the 2006 al-Askari Mosque bombing in Samarra unleashed a torrent of sectarian violence. http://www.mintpressnews.com/isis-making-strong-gaines-in-anbar-baghdad-may-be-next/198205/

    war is not sending 9 or 20 times a plane to drop a bomb or 4 - how precise and massive they may seem

    war is not only giving small arms to soldiers who are facing an enemy with tanks, rocketlaunchers and heavy artillery 

    war is not standing by and saying everything is lost even if we have done everything we could (we say) 

  • these are the best/worst mediapirates websites (thanks MPAA)

    if you don't find it here, it will be very hard to find (and it will surely not be in Google)

    networks from firms should control that access to these sites is blocked to limit their responsabilities, if they have a proxy there should be some categories that would allow this. Allowing P2P traffic in a netwerk is just asking for huge legal and securityproblems (and sometimes networkproblems) 

    MPAA is spending millions to find them, calculate their importance and hunt them down to get at least their links out of Google as fast as possible (this is the reason for the renewed popularity of the sites that only have links to pirated content - which is illegal in Belgium under some conditions and maybe illegal in your country too, so be careful before you want to jump on the bandwagon)

    some sites are really located in astonishing places of which you would have thought that it would be easy to take them down using the copyright laws (Sometimes the FBI and now the London Police take down hundreds of websites in sweeps but those yearly actions aren't very effective because the search only goes to other places) 

    at another note, there is also some evidence that when there are professional, global and great alternatives like spotify and netflix the amount of illegal downloading reduces enormously 

    Direct Download and Streaming Cyberlockers:
    VK.com – Russia
    Uploaded.net – Netherlands
    Rapidgator.net – Russia
    Firedrive.com – New Zealand
    Nowvideo.sx and the “Movshare Group” – Panama/Switzerland/Netherlands
    Netload.in – Germany

    Peer-to-Peer Networks & BitTorrent Portals:

    Kickass.to – Several locations
    Thepiratebay.se – Sweden
    Torrentz.eu – Germany/Luxembourg
    Rutracker.org – Russia
    Yts.re – Several locations
    Extratorrent.cc – Ukraine
    Xunlei.com – China

     

    Linking Websites:
    Free-tv-video-online.me – Canada
    Movie4k.to – Romania
    Primewire.ag – Estonia
    Watchseries.lt – Switzerland
    Putlocker.is – Switzerland
    Solarmovie.is – Latvia
    Megafilmeshd.net – Brazil
    Filmesonlinegratis.net – Brazil
    Watch32.com – Germany
    Yyets.com – China
    Viooz.ac – Estonia
    Cuevana.tv – Argentina
    Degraçaemaisgostoso.org – Brazil
    Telona.org – Brazil

  • websites of local policeforces are not always what they seem when hacked

    this is what it is 

     

    policeath.PNG

     

    and this what it looked like

    but remember those local websites  - just as those from the city councils are a very important part of the crisiscommunication if something would go terribly wrong there 

    but just as with schools they would need secure platforms where a central team of securitypeople are responsable for defending and upgrading and securing their websites 

    oh and if you want to start an investigation, go first to France if you get a demand for international assistance in order and all that stuff and than file a complaint under French law and all of that 

    policeath2.PNG

  • yahoo is incapable of stopping predictable accountphishing against her users

    one may ask themselves why they can't get that kind of phishing scams out of their systems

    you can filter on titel or because the shown link and the real link are different or whatever 

    yahoo.PNG

  • yahoo is incapable of stopping predictable accountphishing against her users

    one may ask themselves why they can't get that kind of phishing scams out of their systems

    you can filter on titel or because the shown link and the real link are different or whatever 

    yahoo.PNG

  • the story of 4 carders who found a jail in the US instead of love and sex

    "One particularly interesting case of how a carder was apprehended involved a law enforcement professional who was working undercover in the carding world. The female agent befriended a carder and over time developed a relationship. As the relationship matured, the female agent convinced the carder to come to Las Vegas to marry her.

     

    Once the carder arrived in the United States, he was apprehended. However, that wasn't the end of the story. The agent took her carder "fiancé" to various locations in Las Vegas and took pictures of both of them at various landmarks, and later posted the photos on social media. The agent then invited the carder's friends to come to the wedding in Las Vegas. In total, Lenik said, four people were arrested after traveling to Las Vegas for the wedding
    http://www.eweek.com/security/sector-speaker-shows-how-credit-card-thieves-get-caught.html

    the cyberworld is no different from undercover- and spy-operations even if it is against the criminals

    now that all over the world policeservices are getting more power to use online the same techniques they use in the real world, you will end up asking yourself each time you try to do something illegal if that ain't a cop or intelligence officier at the other side of the conversation

    and being tricked to travel to the states is one that has been used several times and it is surprising that it still works 

  • drones are forbidden to fly over specific places in France

    but recently several drones where seen flying over the nuclear sites in France. They could not hit or destroy the nuclear reactors themselves but the best they can do is to hit to cooling places which would leave radioactive material into the air

    "French law prohibits individuals from operating drones in crowded areas, near airports, and near sensitive sites like military bases or nuclear plants, said Eric Heraud, spokesman for France's civil aviation authority.

     

    Authorities will open legal cases for every suspected violation and those convicted could face fines of up to 75,000 euros ($94,000) and a year in prison, said the prime minister's general secretariat for defense and national security, known as SGDSN.

     

    "The objective apparently sought by this type of organized provocation is to disrupt the chain of surveillance and protection at these sites," it said.

     

    Other officials were increasingly quiet about France's response to the incidents. Interior Minister Bernard Cazeneuve said on French radio last week that authorities had ways to "neutralize" drones, but didn't elaborate. On Monday, he told RTL "the best way to be effective in this area is not to say what we're doing."
    http://www.stripes.com/news/europe/mystery-drone-flights-over-french-nuclear-sites-1.311875#.VFgBX-ALqSM.twitter

    I am not sure Belgium has such a law prohibiting drones

    we even don't have a law - as far as I know - prohibiting taking pictures of certain places (as in GB)

  • drones are forbidden to fly over specific places in France

    but recently several drones where seen flying over the nuclear sites in France. They could not hit or destroy the nuclear reactors themselves but the best they can do is to hit to cooling places which would leave radioactive material into the air

    "French law prohibits individuals from operating drones in crowded areas, near airports, and near sensitive sites like military bases or nuclear plants, said Eric Heraud, spokesman for France's civil aviation authority.

     

    Authorities will open legal cases for every suspected violation and those convicted could face fines of up to 75,000 euros ($94,000) and a year in prison, said the prime minister's general secretariat for defense and national security, known as SGDSN.

     

    "The objective apparently sought by this type of organized provocation is to disrupt the chain of surveillance and protection at these sites," it said.

     

    Other officials were increasingly quiet about France's response to the incidents. Interior Minister Bernard Cazeneuve said on French radio last week that authorities had ways to "neutralize" drones, but didn't elaborate. On Monday, he told RTL "the best way to be effective in this area is not to say what we're doing."
    http://www.stripes.com/news/europe/mystery-drone-flights-over-french-nuclear-sites-1.311875#.VFgBX-ALqSM.twitter

    I am not sure Belgium has such a law prohibiting drones

    we even don't have a law - as far as I know - prohibiting taking pictures of certain places (as in GB)

  • this is what the Cert of the EU is responsable for (but don't ask if they got the resources)

    and to understand it well

    sit down and read aloud one line after another

    and think about what the consequences would be if one of them got breached 

    instead of spending millions on 'awareness' one should spend money on resources to defend your infrastructure and data before people become aware that you are a king without clothes (not against the people of certeu off course)

    and the situation in Belgium is not better ...... 

    certeu.PNG

  • this is how the cert of the NATO is organised

    from a presentation 

    and they seem to get ever more resources, the question is if it is enough and how much you need to increase it when you see what Putin is doing on the level of electronic warfare 

    but it looks as if they are getting processes and disciplines in order 

    as long as they learn that you will lose the next war when you prepare for it as you did for the last war .... 

    certnatio.PNG

  • #opnl is Anonymous moving on the Netherlands

    let's see if this will fizzle out or not

    at the time of Lulzsec some operators of that network were in Holland and some of the people arrested or indicted for participation in one of the several ddos campaigns against banks and creditcardcompanies were also from Holland 

    but that was all a long time ago

    just something to look out for without turning into a mad paranoid securitybear 

    opnl.PNG

  • Hackers are doxing Swift what is next ?

    doxing means that they are publishing all the information they are finding by public channels or by extracting without reaching the real innercore of your infrastructure

    it is a kind of scanning but more concentrated on the human aspect of an attack strategy 

    when that starts, one knows that more is coming and one needs to make the doxed persons aware of that  

    and no, it will not be with known viruses but by zerodays in the mail and phonecalls to the persons impersonating others 

    I know it is a holiday, but isn't that the best social engineering period ? 

    swift.PNG