- Page 2

  • #heartbleed except Globalsign there is no global policy of revoking old certificates

    source https://isc.sans.edu/crls.html?token=954ed60cfa05dc6bbc900aaf451bec4539c38aa1&startdate=2014-04-07&enddate=2014-04-28&submit=Update

    The big spike is because Globalsign had decided to revoke all the certificates on vulnerable installations - just to be sure

    afterwards it become clear that the other certificate authorities didn't do the same thing and that their clients are still working with the old certificates who may not be trusted anymore the way they used to be

    and a certificate without trust is not worth the paper it is printed on

  • #ukraine still 80.000 signatures to go to designate Russia as terrorist state

    they are sponsering terrorism in Ukraine

    abductions, torture and killings

    and people walking around playing soldier with machineguns and rocket launchers

    GO here https://petitions.whitehouse.gov/petition/designate-russia-state-sponsor-terrorism/XMjbTltM

  • how to treat fake Microsoft or securityphonecalls (vishing) in a funny way

    it started a few weeks ago with one person who called my father - but he preferred to ask me and I said that was nonsense, that Microsoft would call to ask you to install a securitytool because your security has been breached

    now he is getting phonecalls every so many days (probably in a list somewhere)

    and so we are developing some conversations to make it fun meanwhile

    1 What is wrong with your computer

    * We are from Microsoft helpdesk center and we have seen your computer is infected. Are you before your computer ?

    response : are you ?

    * yes, well your computer is infected

    response : is your computer infected, well you should buy an antivirus, so sorry to hear that, I can't help you with your computer

    * no, it is your computer not my computer

    response : you don't know which computer is infected, well than you will have some work to do, have fun, bye

    2. This is with the police sketch

    * We are from Microsoft helpdesk center and we have seen your computer is infected. Are you before your computer ?

    response : do you call for my computer

    * yes, you know he is infected and we are here

    response : but there is already somebody here to help me, I'll pass him

    son or friend with deep voice :  hello police officer krukkelgem of the Computer Crime Force can I halp you

    than they shout in the background 'police do I have to lay the phone down' and the phone goes down

    3. this is the endless waiting line

    * We are from Microsoft helpdesk center and we have seen your computer is infected. Are you before your computer ?

    response : wait a minute I'll get my husband (or son) he knows all about it

    you lay down the phone

    you get out to get some coffee

    you take up the phone

    wait a minute please he will be there in a minute

    you lay down the phone

    you read the newspaper

    wait a minute he is restarting the computer

    you lay down the phone

    you take up the phone  'oh but he said he already spoke to Microsoft helpdesk yesterday and now his computer has broken down'

    4. take them for a salesperson

    * We are from Microsoft helpdesk center and we have seen your computer is infected. Are you before your computer ?

    what do you want to sell

    * we don't sell anything, we want to fix your computer, there is a securityproblem

    but I already have a computer, I don't need a new computer

    * we know that you already have a computer because it is infected

    is it expensive

    * no it is free you only have to download

    do you give free computers, from where that is cheap

    * no, no we don't sell computers, we want to fix your computer, are you before you computer ?

    no, because I was going to buy a new one from you guys, one for free


    and so on

    one you had them once they will call you back once or twice a week

    in the meanwhile you can have some fun with them 

    you could do also

    * do you want to marry me because your voice makes me so horny .......

    * a computer, who needs a computer, the end of the world is near and you are talking about computers, what has the world come to

    * this is my voice speaking but I am not here I am thinking about the intergalaxy transportation of our memories into the global conscience

    * I'll ask Bil gates what to do, he is responsable for all of that, he made the stuff so now he can come to explain it too

    * make your dog bark in the phone

    * take the phone to your bathroom and flush the toilet next to the phone (say them, I've cleaned it now)


  • #ukraine Russian troops are now put on Combat Alert for possible action soon

    The movement of the troops can mean the preparations for an invasion.


    Three big groups of Russian troops – North, Centre and South – have been put on combat alert near the Ukrainian eastern borders and in Crimea.

    Admiral Ihor Kabanenko, a former deputy head of the General Staff of the Ukrainian Armed Forces, wrote it on Facebook.

    The movement of the troops means they are preparing for something, according to him.

    “In the nearest time, 'something' can be:

    1. Further 'swinging' near our border with the aim of provocations and intimidation and, at the same time, expanding the instability zones with the involvement of Russian special purpose forces (saboteurs).

    2. The invasion under pretext of carrying out a 'peacekeeping operation' with the aim of taking over Dnipropetrovsk (the main goal), Odessa and Kyiv, the occupation of the relative territories of Ukraine,” the former deputy head of the General Staff of the Ukrainian Armed Force wrote.

    “An information and psychological operation aimed at our army and civilians will be carried out,” Kabanenko underscored.

    everything is possible and nothing is necessary but tension is increasing again after a relatively quiet weekend

    big riots are expected because prorussian gangs have vowed to attack a pro-ukr manifestation in Donetsk that will start soon (last time there was an enormous policeforce present but you are never sure what the police will do next or not do)

    or there is some attack or info-op later today or tonight that on first sight gives an enormous impact and will be used as an excuse

    it can also be that he is setting everything in place in case he sees an opportunity but after some time he has to accept that the planned operation didn't go as planned and wasn't good enough to justify a military operation on that scale

  • #ukraine the strange way Ukraine some police 'works' in the East

    Imagine that you are a police chief in Kiev or a minister or just a citizen of Ukraine and surely of that city and some people take over a police station with machine guns and rocket launchers and than the police - your neutral gardian releases this press report

    "At 11:07 (8:07 GMT) however, the press office of the Donetsk Police force announced that the police station in Kostiantynivka was "operating normally".


    Ukrainska Pravda reports that, while 30 unidentified gunmen had arrived and entered the building at 6:00 local time, the police press office had said that no one had been hurt and that no shots had been fired. According to the police, several of the intruders remain in the building negotiating with the local police chief while the rest are now outside."

    so who is in charge

    who-ever arrives with machineguns and rocket launchers ?

    looks more like the far far west in the worst of times

    than you would imagine that special troops would arrive to unset the police station and to arrest the anonymous intruders (euh non) because there is anti-terrorist operation going on (where ? when ? what ?)

  • HINT the new fabulous moneygrabbing hardware securityproject has heartbleed

    they get millions from Europe for their stuff and have enormous factories like Airbus as partners

    probably everybody is running around playing manager or coordinator or master-developer or something like that while nobody looks after the real security

    the money


    the stupidity

  • #ukraine power is NOT cyber it is troops and tanks - the other hardware

    there is the threat of troops on the border. In 2009 and again last year, Russia staged major exercises simulating an invasion of the Baltic states by more than 20,000 troops. That’s more than the combined armies of the three countries, which also possess no tanks or fighter planes. Said Terras: “I am absolutely sure that we need heavy armor capability. Russia understands heavy metal and power. Power is not cyber. Power is tanks.

    The chances that Estonia will get that deterrent, either on its own or by a NATO deployment, don’t look particularly good. In Brussels, Germany, France and Italy are among the governments lined up against a permanent NATO deployment in the Baltics; a frustrated Eastern European ambassador dubbed them the “white-flag coalition.” The Obama administration deployed the paratroopers as a non-NATO operation and said they will stay through 2014. But U.S. ambassador to NATO Douglas Lute said here that it was “too soon to tell” whether a longer-term deployment would be needed.

    there is no cyberwar in Ukraine, there is low guerilla warfare mashed with information-ops based upon the traditional propaganda strategies with some cyber used as a method of newsdistribution

    the baltic states will need to re-militarize instead of waiting on godot - in history it always took years before the other states were ready to come and help or liberate yoiu

  • #ukraine the gas war - this is why everything will be happening there

    there is enough gas there to make Europe independent of Russian gas - imagine that

    no more gazprom - no more easy incoming billions for Russia

    he is playing for broke

  • ONE website out of 1.4 million clients of a hosting firm get ddossed and everybody suffers (some bit)

    "123-reg is part of Host Europe Group, and hosts more than 1.4 million websites. The company did not disclose how many customers were impacted by the DDoS attack.


    The following is a statement emailed to the WHIR from 123-reg which describes the DDoS attack on its customer:


    “123-reg experienced a DDoS attack targeted against one particular customer domain. It was a sustained attack which we monitored closely over the course of several hours. The attack itself was from over 800 different IP addresses globally.

    This resulted in denigrated service to our hosting platform, meaning some customer sites were running slower, but no sites were taken offline as a result of this attack.

    Customer impact measured in terms of support queries was minimal – and likewise our social platforms saw a handful of comments – all of which we are being addressed on a one to one basis via our support teams.”

    So this is why shared hosting is not always the best solution if you need to be up at all times and you don't want to be dependent on the attackability of other sites on the infrastructure

  • alfahosting and the rex mundi hack (update)

    rex mundi published the names of the 12.000 customers of alfhosting threatening to publish the logins the next day if there was no money coming through

    that deadline has passed and there is no publication

    now normally if no money has come through, than it means that he got some money

      * not necessarily all the money because it can be that it is paid in parts, depending on the non-publication or non-communication by Rex Mundi

      * it may also mean that the insurance company or a third partner will pick up the bill (which is a way of paying it without having to show in your accounts that you have paid criminals)

    if this doesn't come through, than those passwords can still be published

    the company itself has asked all its customers to change its passwords

       those customers should change all the passwords on all the webservices who are identifical or look the same

    you should see all the accounts that the hosting firms and its customers used as 'compromised' in such a sense that you can't use them anymore

    for the customers it is maybe time to ask your hostingcompany for the report of a security-audit and be loyal when the firm asks a few euro's more to provide for all those new controls and defenses because if you pay peanuts you can only have monkey service or none at all

  • Dexia hack - the most interesting fact is only a few words

    Naar alle waarschijnlijkheid verkocht de bende de toegang tot het netwerk van Dexia aan minstens één Oekraïense dievenbende. Vanuit Oekraïne werd in 2009 geld gestolen van een bedrijfsklant van Dexia. Nadat Dexia op de hoogte gebracht werd van de frauduleuze transactie, kwam ook de hacking aan het licht.

    De krant schrijft dat het niet in te schatten is wat in de loop van 2008 allemaal is gestolen bij Dexia via de toegang die hackers hadden.

    they have no idea what was stolen in 2008-2009 through the backdoor the hackers had into the Dexia network

    they discovered it in 2009 (one year later) because of fraudulent transactions

    this means that the hackers had at least a few months to do whatever they wanted before being discovered

    that poses a whole lot of questions about the logging, monitoring, forensics and so on ........

    now since than one of their webservices for online loans was hacked by Rex Mundi so the doubt remain about the whole of their webservices for which they are legally responsable

  • biggest European cyberincident exercise held today

    "European Union Agency for Network and Information Security (ENISA) will today be running a series of simulations to test European nations’ preparedness for cyber attacks and threats to critical national infrastructure.


    In total more than 200 different organizations and 400 cyber-security professionals will take part in the Cyber Europe 2014 simulation involving 29 different countries. As in previous years, the simulation today calls upon participants to attempt to mitigate and resolve highly technical cyber-security attacks, including “scenarios which could impact the confidentiality, integrity or availability of sensitive information or critical infrastructures”.

    well, they have a major attack on Internet Explorer, Heartbleed, ddos replication attacks over NTP and DNS and..... you see that we have to do that crisismanagment all day every day

  • #privacy US based companies have to respond to US warrants, where-ever in the world the data is

    US Magistrate Judge James Frances in New York decided that Internet service providers such Google or Microsoft must turn over any customer information demanded by the government, along with any emails stored in data centers outside the United States.

    The reasoning behind this decision is that it would just take too long for US agencies to coordinate efforts with foreign governments to obtain the desired data, which would burden the government substantially. “Law enforcement efforts would be seriously impeded,” the judge said.

    The only way for Microsoft and others to bypass this new extension of national law to the international sphere is to split the datawarehousing section of the company from the rest and give them a local 'shelter'. Then they would have a 'partnership' in which the local firm is providing services just as any other local firm would do. THis would in fact be very complicated but at the other side it would make it easier for those firms to market local services to local firms without having to watch the US watching with them over their shoulder.

    At the other side if you talk to people from the Belgian cyberpolice or the Belgian justice department it would already be an enormous advancement if this kind of automatic cooperation would be possible on the European level because now it can take weeks, months or years before one can receive the necessary information from european partners which in cybertime is like centuries

    this is why it is for Belgian companies and institutions better to house their data in Belgium with a secure company (which is not the case with every Belgian company offering these services as we have seen the last weeks)

  • no security without investment and openssl is finally getting some

    "Google, Facebook, Microsoft, Amazon and Cisco are just a few of the companies that have vowed to do something about it. They’ve each committed to donating at least $100,000 (€72,500) a year for the next three years.

    Dubbed the Core Infrastructure Initiative, the project was created by the Linux Foundation and it seeks to invest money into the critical software infrastructure that needs it.

    “After the Heartbleed crisis we asked ourselves: How did this happen and what role can The Linux Foundation play to be sure it doesn’t happen again. We decided to do what we always do: work with the industry to raise money and fund developers directly so they can do what they do best, develop, while we give them the assistance the way we do Linus Torvalds,” said Amanda McPherson, marketing chief at the Linux Foundation.

    Overall, there are some 13 companies that have joined thus far, and the organization has already amassed a $3.6 million (€2.6 million) commitment from the backers. More companies are certainly going to join in as time goes by, so more cash will be attracted too

    there are three important questions

    First is when it will start because now there are hundreds of hackers going over the sourcecode of Openssl to find new bugs

    Secondly how they are going to distribute and attribute the money because it seems that there is still a lot of cleanup work to do on openssl because it was such a mess before.

    thirdly one should be sure that these sums will continue to come in every year and not only when the CEO's of the company understand its importance

  • Why activating NOW in Internet Explorer 11 the Enhanced Protected Mode is important

    "Using EMET may break the exploit in your environment and prevent it from successfully controlling your computer. EMET versions 4.1 and 5.0 break (and/or detect) the exploit in our tests.
    Enhanced Protected Mode in IE breaks the exploit in our tests. EPM was introduced in IE10.
    Additionally, the attack will not work without Adobe Flash. Disabling the Flash plugin within IE will prevent the exploit from functioning.

    this is how you do it

    "Enable Enhanced Protected Mode For Internet Explorer 11 and Enable 64-bit Processes for Enhanced Protected Mode

    Internet Explorer 11 users can help protect against exploitation of this vulnerability by changing the Advanced Security settings for Internet Explorer. You can do this by enabling Enhanced Protected Mode (EPM) settings in your browser. This security setting will protect users of Internet Explorer 11 on Windows 7 for x64-based systems, and all Windows 8 and Windows 8.1 clients.


    To enable EPM in Internet Explorer, perform the following steps:


    1. On the Internet Explorer Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
    3. Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
    4. Click OK to accept thhanges and return to Internet Explorer.Restart your system .https://technet.microsoft.com/en-US/library/security/2963983 (also some other workarounds)

    and from the same source for network administrators

    Deploy the Enhanced Mitigation Experience Toolkit 4.1

    The Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit. EMET 4.1 is officially supported by Microsoft. At this time, EMET is only available in the English language. For more information, see Microsoft Knowledge Base Article 2458544.


    Note EMET 3.0 does not mitigate this issue.


    For more information about configuring EMET, see the EMET User's Guide:


    • On 32-bit systems the EMET User's Guide is located in C:Program FilesEMETEMET User's Guide.pdf
    • On 64-bit systems the EMET User's Guide is located in C:Program Files (x86)EMETEMET User's Guide.pdf


    Configure EMET 4.1 for Internet Explorer


    EMET 4.1, in the recommended configuration, is automatically configured to help protect Internet Explorer. No additional steps are required.


    Configure EMET for Internet Explorer using Group Policy


    EMET can be configured using Group Policy. For information about configuring EMET using Group Policy, see the EMET User's Guide:


    • On 32-bit systems the EMET User's Guide is located in C:Program FilesEMETEMET User's Guide.pdf
    • On 64-bit systems the EMET User's Guide is located in C:Program Files (x86)EMETEMET User's Guide.pdf


    Note For more information about Group Policy, see Group Policy collection.

  • you should never use Internet Explorer 6 and surely not on XP (attacks ongoing and NO FIX)

    We have said time and time again that you should never use or allow the use of Internet Explorer 6 on your computer or network because it is just too big a risk for whatever you do with it and your computer (and there is no antivirus that can protect you when you use Internet Explorer 6)

    If you still use XP you should use Firefox instead of Internet Explorer and just leave it totally unused for whatever reason.

    You don't have a choice - there will be NO FIX for this vulnerability

    In fact the same question now goes for website-owners and webservice operators. Do you still let people use your webservice with an IE6 know that the machine can be owned totally (even if you find an antivirus on th emachine). It means that there is a possibility that all the data and logins that are being transferred between the machine and your (for example financial) webservice can be intercepted and send to another operator of a crimedata webserver who may sell or use this data for other means.


  • #ukraine only a few weeks left for Russia to invade

    "Ukraine has scheduled a national presidential election for May 25 that may further legitimize the regime the Kremlin hates and wants to overthrow. The Kremlin may find it hard to resist the temptation to attack Ukraine and "liberate" the south and east while Russia is ready, the Ukrainian military weak, and the regime in Kiev unstable. Such a move could lead to more Western sanctions, but this risk maybe dwarfed by the vision of a major geostrategic victory seemingly at hand.  The window of opportunity for an invasion will open during the first weeks of April and close somewhere around the middle of May. During his long rule Vladimir Putin has generally shown himself to be a shrewd and cautious operator, but his actions during the Ukrainian crisis have been rash. So far his daring has paid off. This, unfortunately, is precisely what could trigger more bold moves down the road.

    This is why the period between now and the 8th of May are of particular interest because than he will be able to present his victory during a march. Both marches are celebrations of the Soviet victory over fascism, which is exactly the way Russia is branding the Ukr government now.

  • #ukraine about NLM the organizers of the Russian Spring (of the building)

    "Formed in 2011, the NLM has adopted the Ribbon of St. George (a Tsarist-era symbol that today represents loyalty to the Kremlin) and the slogan "Motherland! Freedom! Putin!" -- redolent of the World War II-era Soviet call to arms "For the Motherland, For Stalin."The movement combines radical anti-Americanism and anti-Semitism with Russian imperialism and a bizarre cult of personality around Putin. Its militant brand of liberation seeks to avenge Russia's "humiliation" -- its imperial collapse, economic hardship, and political disorder -- at the hands of the West during the 1990s and aims to "restore Russian sovereignty" throughout the former Soviet Union. As the Kremlin airs ever more aggressive anti-Western propaganda and marginalizes alternative voices in Russia, the popularity of groups like the NLM is increasing amongst Putin's traditional supporters http://www.foreignpolicy.com/articles/2014/04/25/the_kremlin_s_faux_freedom_fighters

  • Ukraine : it is not about local rights in Eastern Ukr it is about the enormous Gaz fields

    translated with Google  http://www.unian.net/politics/912297-smi-slavyansk-stal-tsentrom-udara-rossiyskih-diversantov-iz-za-slantsevogo-gaza.html

    "Journalists conducted their own investigation of so-called secrets " Yuzovsky project," who are reluctant to discuss in Ukraine itself , because it hides the great resources that can change the world's energy map .

    Circumstances indicate that the Donbas there is no struggle for humanism , for federalization defense Russian-speaking population , and Slavic patriots against mythical Banderivtsy and metropolitan junta. It all made-up images that have created in Kremlin offices and invested in ordinary Shakhtar head to hide the true purpose of the special operation in Russia.

    Read takzheUkraina will abandon Russian gas - PoroshenkoTak in town Slovyansk no important enterprise , nor mine , nor military units or research institutes. However, it is located in the heart of the territory " Yuzovsky project " , where the focus of the deposits of the modern energy resource of the 21st century - tight sands gas , the so-called shale gas. Giant field covers part of the territory of Donetsk to Kharkiv regions .Experts note that the gas reserves in the land could fundamentally change the energy not only in Ukraine , but also in Europe .

    " According to the latest confirmed data , Americans now give it 3.6 trillion cubic meters , which they clearly see how their produce . This is a significant volume , high volume, because if Ukraine will increase production by 15-20 billion cubic meters , it is already an exporter will "- said General Director of research Center of Energy Alexander Kharchenko .takzheMID UK : EU discusses reduction of energy dependence RossiiTsentralnaya authorities are engaged in this project and chooses his words very carefully about its prospects. However, even with such high future restraint noticeable benefit Ukraine.

    " Inventories quite significant . Some of the largest in Europe. According to those estimates , that is, we can increase by 30-40% and own gas production . If it is 20 billion , and that's figure out somewhere to increase to 10 billion " - energy Minister Yuriy Prodan .

    Agreement on the development of gas fields signed Viktor Yanukovych , and the whole line activity has closed over his Energy Minister Eduard Stawicki . Former president and his entourage wanted to get illegal profits from alternative gas . They would be billions . Therefore, none of the professionals involved in ministry now does not want to comment. Silence holds and production company .

    In the case of the Slavic field - a Dutch company " Shell " . On journalistic inquiry companies responded formally , but did not hide the fact that in the near future , the corporation will invest up to $ 200 million at the beginning of work on the gas deposits . First will drill 15 wells .

    " The first small volumes of gas may be produced in the next year . But it will be millions . But industrial, large-scale production , in billions , which will immediately feel the market will be more likely for 4-5 years " - said the expert , president of the Kyiv International Energy Club Alexander Todiichuk .

    And they were afraid that the Russian gas monopoly , said the publication . Shale gas is planned to produce not only in the East but in the West - in the Lviv region . Because of this , Ukraine is rapidly get rid of the gas stranglehold Kremlin because it is the fourth in Europe for its deposits .

    takzheUkraina and the EU should unite against Russia in the gas market - Kanivets " It is very well aware of " Gazprom ". A long time ago ," Gazprom " company is focused on what to do to kill the topic of shale gas in Europe. At that invested tens of millions of dollars. In information campaigns in the struggle for land . They know about the enemy , ready to kill him and kill . and very successfully do it , "- said Melanie .

    "The struggle for these areas ... in the end and for the market , which can be lost, including the gas market " , - says Todiichuk .Moscow media have repeatedly hinted that revenues from gas companies get directly Vladimir Putin and his entourage . Thus, rejection of the Ukrainian part of the Donbass has direct relevance to the largest pockets of Russia , not the Slavic unity ."

    my own comment : if some thought that the US invasion in Iraq was all about oil well than you can say that the Russian interference has everything to do with gas - but those who say these things normally don't think logically, they don't use the same universal arguments everywhere the same way