- Page 2

  • hacked unizohasselt.be (has inlogpage)

  • two crucial questions about Snowden in Russia

    First was he lured to Russia by Assange (working for the Russian propagandastation Russia Today) and what is the prorussian function of Wikileaks today (different from the goals set at the outset)

    Snowden and his closest supporters contend that Snowden flew from Hong Kong to Moscow on his way to Latin America when the U.S. government stranded him in Russia by revoking his passport. There are several reasons to question that claim, including the fact that WikiLeaks founder Julian Assange — who paid for Snowden's lodging and travel in Hong Kong — advised Snowden against going to Latin America because "he would be physically safest in Russia."  http://www.businessinsider.com/why-edward-snowden-is-stuck-2014-4

    But the biggest fear of the US intelligence community is that Snowden is living in a Soviet controlled environment

    ""He does not have the training to deal with this kind of situation," Russian security services expert Andrei Soldatov previously told BI. "Every time, he found himself in some new difficult circumstances and he was forced to make some decision. And long term, it's a very successful thing [for Russia]." So as long as Snowden doesn't reach a plea deal with Washington, the former CIA technician is stuck in a Kremlin-controlled environment." http://www.businessinsider.com/why-edward-snowden-is-stuck-2014-4

    Every operative gets a special training for when he gets caught or how to handle specific psychological situations. And even if he doesn't have any access to the information - if that is true.

    "And the classified intel in his head is what makes him so appealing to a U.S. adversary like Russia, especially because Snowden is not a true spy. http://www.businessinsider.com/why-edward-snowden-is-stuck-2014-4

    there is still enough information that over time can be received from him, even if that is only the way people work, interact, pass tests inside the NSA which is very useful for infiltration and 'human intelligence' to combine with cyberoperations.

     

    so in the end

     

    “If there isn’t a deal, it’s an unfortunate but relatively stable thing for him to be in Russia for the rest of his life with an American indictment standing against him,” Daniel Richman, a former federal prosecutor and a Columbia University law professor, told The Times. http://www.businessinsider.com/why-edward-snowden-is-stuck-2014-4

    and all the information he had laid his hands on has to be seen as compromised

  • all lavabits emailusers are compromised by the NSA not just Snowden

    The founder of an encrypted e-mail service reportedly used by former government contractor and National Security Agency whistleblower Edward Snowden says federal agents installed surveillance equipment on his company’s servers shortly after the Snowden leaks began.

     

    In his first public statement, Lavabit founder Ladar Levison says two government agents showed up at his house within days of the Snowden leaks with a court order “requiring the installation of surveillance equipment on my company’s network.”

     

    The equipment, Levison wrote, granted the government unfettered access to the activity of Lavabit’s 410,000 users, including “access to all of the messages — to and from all of my customers — as they travelled between their email accounts other providers on the Internet.”

     

    “I had no choice but to consent to the installation of their device,” Levison wrote
    http://theblot.com/e-mail-provider-u-s-government-put-spy-gear-servers-7719844

    so if you have used the Lavabit emailservice two days after the Snowden leaks all those transactions were recorded and the encryption is no protection because lavabit was required by court to hand over the encryption keys - which means that any new encrypted service makes only sense if it has no access to the individual encryption keys

    this means that any communication from may 2013 on is compromised and that means also that probably any information or interaction on that server before may 2013 have been compromised if the US authorities have a copy of the servers and logs because the owner says that he has shut down the service, not destroyed it

  • China is trying to throw US IT consultancy companies out of its state networks

    Today, the Financial Times, citing “people close to senior Chinese leaders,” reported that Beijing has ordered state enterprises to cut dealings with U.S. consulting firms, accusing them of spying for Washington.  The “instruction,” as the paper called it, was handed down after U.S. Attorney General Eric Holder announced indictments against five Chinese military officers for “serious cybersecurity breaches.”

     

    “The top leadership has proposed setting up a team of Chinese domestic consultants who are particularly focused on information systems in order to seize back this power from the foreign companies,” the paper quoted a “senior policy adviser to the Chinese leadership.”  “Right now the foreigners use their consulting companies to find out everything they want about our state companies.”
    http://www.forbes.com/sites/gordonchang/2014/05/25/china-cuts-off-mckinsey-other-u-s-consultants-to-retaliate-against-cyber-indictments/?partner=yahootix

  • the Senate of California prohibits cooperation of state agencies and tech firms (Google etc) with the NSA

    California lawmakers have voted to ban state agencies from providing certain material support to the federal government in a move many say is intended to curb tech companies from cooperating with the National Security Agency.

     

    Though the “Fourth Amendment Protection Act” doesn’t specifically name the NSA or any other federal agencies, lawmakers say the largely symbolic bill is aimed at the surveillance collective that has come under fire for so-called “warrantless wiretapping” and bulk collection programs that gather vast amounts of Internet and telephone metadata belonging to Americans.
    http://theblot.com/california-senate-votes-ban-nsa-cooperation-7719842

  • learn from Snowden why high security information handlers need totally different laptops for different access

    "Most people aware of high-security needs employ several laptops for segregating the various persons they talk to, and the classification levels of the information they handle," Dave Aitel, CEO of cyber security consultancy Immunity Inc., told BI. "Snowden was used to this from working at the government, and probably used this technique by only handling the documents on one laptop and communicating with the others. That way at no time would his documents ever be directly reachable by someone who hacked one of his communications laptops."

     

    Cyber expert and CEO of TrustedSec David Kennedy detailed how a security system with four laptops and encrypted thumb drives would work in practice.

     

    "You keep separate laptops in order to compartmentalize the data and ensure that only certain data is only on one system vs. the other in order to keep certain types of data that jointly together could be very damaging of taken," said Kennedy, a white hat hacker who breaks into systems for major companies. "Additionally, it may require a certain sequence of laptops and multiple encryption keys in order to disable them."
    http://www.businessinsider.com/why-snowden-had-4-laptops-to-hong-kong-2014-5

  • cisco is not very clear if some of its deliveries are intercepted by the NSA to be bugged

    In a blog post published last week, Cisco executive Mark Chandler said the company regularly complies with government regulations regarding the export of its computer equipment to customers overseas, but denounced the claim that the government “took steps to compromise IT products enroute [sic] to customers.”

     

    “We ought to be able to count on the government to…not interfere with the lawful delivery of our products in the form in which we have manufactured them,” Chandler wrote. “To do otherwise, and to violate legitimate privacy rights of individuals and institutions around the world, undermines confidence in our industry.”

     

    Chandler didn’t say if the company knew of the NSA interdiction program, nor did the executive acknowledge if Cisco participated in the interception of packages delivered to certain customers.
    http://theblot.com/exclusive-courier-services-deny-participation-nsa-interception-program-7719950

  • where is the military information Snowden stole from the NSA ?

    In early June 2013, Snowden gave about 200,000 documents to journalists in Hong Kong before identifying himself and going underground. Advised by WikiLeaks, the former CIA technician boarded a flight to Moscow on June 23.

     

    Both Snowden and Greenwald have said that Snowden held more documents than he gave to journalists. It is unclear when he gave up access to that information. Top U.S. officials believe that most of those documents include U.S. military information that has little to do with civil liberties or privacy.
    http://finance.yahoo.com/news/us-government-looking-co-conspirators-172918578.html

    this is the real question

    we read documents and articles that are about our the threats to our privacy by global surveillance or the way intelligence is gathered about acceptable targets

    but aside those documents the NSA and the specialists have identified a lot of documents and information that are much more sensitive and are about military and intelligence operation

    the heads of the NSA have indicated in interviews that meanwhile they are considering those operations and techniques as being compromised and that all those things have to change - we are not talking about the general global surveillance (which is not only nearly useless but also very dangerous)

    no, we are talking about military and intelligence operations and techniques

    the things that even if they are between the documents the different newspapers and journalists have will never be published

    but that doesn't mean that the information is not compromised and that there are no threats anymore against those agents and operations and that one should continue those operations or keep the operatives in the field - except as a 'honeytrap' or to send false information (the enemy thinks that he is receiving real information but as the NSA knows that the source or operation is compromised, the lost opportunity is used as an asset just by changing the goals)

  • are the stolen ebay accounts already on sale ?

    it could be a scam - many of those scams are launched each time there is a big breach

    but you never know

  • #ukraine the situation stabilizes

    Putin is not retreating or not in a way that is important and he is even holding new exercises on the border the day of the Presidential election

    that Presidential election will be hold in 2/3 of the voting stations in the fluid situation of the occupied cities in the South of Ukraine - only 1/3 of the voting stations in these cities are occupied by the prorussian militias and even that number is reduced every day as the Ukr troops are retaking smaller villages around these cities and voting stations every day

    the prorussian militias haven't been able to break out of their encircled cities, haven't been able to make a corridor between the encircled cities and haven't been able to retreat to the Russian border (to get out) and every day and night there are battles and firefights around the cities pushing the prorussian militias ever closer to the city centers

    the occupied cities themselves have fallen victim to crime (and banks have stopped operating) shortages and price increases and even coups and firefights between different groups of the prorussian militias (of which it is clear that surely the top commanders are Russians - although no official soldiers but goons)

    the most strangest aspect is the religious aspect that is creeping into the conflict and is also splitting the Orthodox church into a Russian branch which is helping, hiding and sometimes even arming the prorussian militias and an Ukranian branch which defends the democratic state of Ukraine. Some prorussian militia's call themselves armies of the Orthodox church.

    the main problem for a big offensive is that the prorussian militias are using effective human shields, firing from appartment blocks, hospitals and schools which makes it difficult for the advancing Ukr troops to shoot even back without making civilean casualties

    personally I think that an elected Ukr President hopefully after the first tour (even if a certain percentage of the people will not be able to vote because of the occupation of their cities) would have more legitimacy to lead a real military offensive against the last three stongholds in the South

    there are no big prorussian manifestations and take-overs any more in the major other cities like Odessa and the popularity of Putin and secession has decreased significantly the last month

    although there had been more rumours about Russian provocateurs in Kiev there have been no major incidents yet

    the Odessa fire seems to be investigated now by forensic experts who have found chloroform that was stocked in the occupied building. This gas (also used in Syria) is used to immobilize people for a few hours but which in combination with fire will lead to immediate death. It was also found in several of the dead people that were found and explains the way in which they were found dead.

    the border guards have received their new material and have also withstand several attacks and there is no proof that some border points are under control of the militias even if the border with Russia is too long to be able to monitor without camera's and drones

    the first volunteer national guards (and some underground freedom fighters) have arrived after their training and the military have also received new material but also did the militias who have now a great number of very powerful anti-tank weapons

    the russian journalists and volunteers are stopped at the border and some russian journalists have been arrested while they were participating in an attack on the Ukr army (as spotter) or clearly filming Ukr military positions and weapons. Russian protests very loudly about that but there is enough proof to detain them surely untill after the military operations or expell them definitively.

    Prince Charles have caused a storm in Britain by comparing the strategy of Putin with the one of Hitler in 1938-1940 (destabilizing regions internally before invading them) and the Russian sare really upset about that, but the very popular Daily mail persists and calls Putin the Hitler of our times. It takes some time for this image to settle in but when the popular press starts to take a clear stand and educate all the people why the strategy of Putin can lead us in another big war or a sustained series of local wars across our 'Eastern Front' than this is more important than all the discussions and analysis in all the international publications for diplomats and consultants.

    NATO is reviewing its strategy and will have to review its defense budgets, the location of the troops and so on as long as Putin is building up his army and holding on to his strategy of getting more by being the bad guy instead of getting nothing as Mr Nice guy (but irrelevant). THe modernization of the Russian army should be finished in a few years and at that time will be a force to reckon with. Due to the sanctions the Russian army is now more or less obliged to order its arms at its own defense industry, except for France who still hope they can deliver their warships to Russia which leads to consternation in Washington and the countries bordering Russia.

    China has finally decided to sponsor Russia by paying a price much too high for its gaz. It also creates one big red block of autocratic nondemocratic countries. Russia is also pushing some other countries to stop into an Eurasian alliance.

    If the extreme right parties win too many seats in the European parliament untill Sunday Putin will have a lot of friends in the European parliament because he has set up a weird alliance of extreme right, extreme left and extreme orthodox groups and parties united in their hatred of the US. It looks a bit like how the Naziparty looked at first with its leftwingtalking SA, its support from the antisemites in the catholic and protestand churches and from the extreme rightwing militaristic and nationalistic circled financed by big capital. Some also call it the Corporate state because it is no democracy but not a clear dictatorship either - but maybe dictatorships are more complicated than we  think.

    so we will keep an eye on Ukraine but as the immediate danger of war is going away, we will focus more on the new defense, intelligence and cyberprotection that are needed in this period of cold war 2.0

    you can follow all the Ukranian news on twitter.com/mailforlen/lists/ukraine with some 130 mostly english sources

    and yes our world has been turned upside down and the strategic and security consequences of this new order of the world have still to be thought through and it will take some time, years perhaps untill we have totally adapted

  • brasil fails first transportation test for the world cup - chaos in SPaulo

    as public buses were on strike, 300.000 users had to use other transport like the metro to get home

    this led to scenes like in this video

    what is striking is that 300.000 is also the estimated number of extra users of th epublic transport during the World Cup

    ready or not ?

     

  • the real facts behind your uptime percentage

  • FBI wants 2000 of the best cybercrime fighters even if they smoke pot on their way to ....the FBI

    Congress has authorized the FBI to add 2,000 personnel to its rolls this year, and many of those new recruits will be assigned to tackle cyber crimes, a growing priority for the agency. And that’s a problem, Mr. Comey told the White Collar Crime Institute, an annual conference held at the New York City Bar Association in Manhattan. A lot of the nation’s top computer programmers and hacking gurus are also fond of marijuana. “I have to hire a great work force to compete with those cyber criminals and some of those kids want to smoke weed on the way to the interview,” Mr. Comey said.
    http://www.slate.com/blogs/the_slatest/2014/05/20/fbi_director_says_considering_changing_drug_employment_rules.html

    maybe the FBI should relocate her cybercrime center to a state where Pot is more or less legalized

    at the other side imagine a conversation between two high cybercrime fighthers

    * hey man look at that attack here, a real DDOS of 400 Giga per Second

    * cool, get some graphics

    * wooow that is weird

    * you know what, get it moving in real time

    * yep, that is groovy

    chief comes by,  huh anybody called ebay yet to see if we can help stop that DDOS attack they are fighting with

    * we were just watching it, a real piece of shit

    * let's blackhole it

    * commander take that router

    * have command, will change direction sir

    * send it all into space

    *¨yes sir, to the moon and guys let's get loud music in here, we are going to battle

    * Led Zeppelin mastro, here we go

    (and so on......)  joking off course

  • #ukraine 100.000 online votes want the US to declare Russia a state sponsor of terrorism

    in the US you can petition the white house to do or think about something by signing an online petition

    the threshold had been increased to 100L000 after the lower one gave an increase in all kinds of stupid petitions

    it doesn't mean that the administration has to do it, but by reaching this treshold the White House will have to consider it and give an official answer to it and for the congress to react to it

    being designated a state sponsor of terrorism has enormous consequences in economic, diplomatic and financial relations for official and private businesses

    but it would also show Russia - by making it an official enquiry with a full report - that this kind of proxy war has to stop in Ukraine and that if Russia doesn't want a new cold war with proxy wars all over the world and in its rebellious republics - it shouldn't repeat them elsewhere

    something that was called 'smart' last month may in the end become something very dangerous

    you can in fact state that a government is responsable for controlling its borders to stop the flow of arms and warriors into neighboring countries and to arrest on its own territory militias who are preparing to go to the other countries

  • a lot more serious bugs rotting in openssl as OpenBSD community claims ?

    "'Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

    Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.
    http://it.slashdot.org/story/14/05/17/2250242/30-day-status-update-on-libressl

    and the only alternative is switching to windows which has another SSL library

    it means for many opensource projects that you would have your contentserver running Apache and all of your opensource software but that your login or commercial webservices would run on windows (making also attacks more difficult as they would have to be crossplatform) and which also would better protect your loginservices from attacks against vulnerabilities in your contentcode or packages and would harden your SSL handshake process because it wouldn't go back and forth anymore between

  • Itunes is hacked due to an SSL vulnerability Apple forgot to patch and some certificate control problems

    "iTunes users on Windows (AND IOS but they get a warning about the certificate but most users will ignore that) are vulnerable to a serious SSL certificate flaw that allows hackers to intercept their passwords, which are easy to intercept because Apple doesn’t hash passwords before sending them to the server. This leaves the SSL connection vulnerable to a man-in-the-middle attack, according to security researcher Mark Loman as reported by Dutch site Tweakers.

     

    You may recall that when Apple pushed out iOS 7.1.1, it also fixed a serious security flaw in its mobile operating system that left iDevice users vulnerable to man-in-the-middle attacks, allowing a hacker with privileged network position to capture data or change the operations performed in sessions protected by SSL.

     

    With iOS 7.1.1, Apple has apparently patched this issue on mobile devices but left out the patch for the certificate vulnerability on iTunes.
    http://www.iphoneincanada.ca/mac/itunes-security-certificate-flaw/

    Another big vulnerabilitiy is that the certiticates don't control if the server is really from Apple which makes the man in the middle attack quite easy. Any server can easily pretend to be from Apple which in fact makes the whole SSL and certificate process totally FAKE and untrustworthy which in fact makes the whole SSL and certificate process at Apple unnecessary because it corresponds to nothing a certificate process is all about : the trust that you are on the server from that organisation and not any other.

    so now we will have to wait for that patch from Apple and wait to use Itunes untill it is used.

    and those who still think that because they are on Apple they are safe because everything Apple does is good and safe and cool,  hahahahaha security on Apple is a joke only you believe in..... but that is why we call Apple's permanent consumers 'believers'

  • #NSA abuses access for DEA to copy every phonecall totally in The Bahama's

    According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the “full-take audio” of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month.
    https://firstlook.org/theintercept/article/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/

    so you always have to control what is done, even if it is done by your friends

  • Google's obligation to forget you if you asked it opens a new market for uncensored search engines

    "The court ruling specifically targeted search engines as a way of exerting EU control even when the source information itself is held on a site outside of EU jurisdiction. But will this work? Creating a search engine isn't all that difficult. It's hard to create one as good as Google, but it's not hard to create one that's pretty good. And if that search engine is located solely in the United States and does no business in Europe, then the court's ruling doesn't affect it. However, residents of Europe would still have access to it unless the EU gets outrageously heavy-handed and tries to firewall unapproved sites, much as China does. That seems unlikely
    http://www.motherjones.com/kevin-drum/2014/05/will-only-rich-benefit-eus-new-right-purge-google

    in fact Google itself could sell all those links it has retired for whatever reason (copyrights for example)

  • elections 2014 the social media clash between seperatists and belgians

    both use thunderclap to be able to make their message flood the social web (that is the hype)

    In thunderclap people add their social media accounts and give the right to thunderclap to publish a message on their social accounts

    mathematically they count the number of contacts, connections and so on and so they state that they will reach x number of people (without counting the number of people who will be annoyed by it)

    the belgian campaign only started today

    the belgians  https://www.thunderclap.it/projects/11884-be-happy-stem-voor-belgi?locale=en

    The seperatists

    https://www.thunderclap.it/projects/10749-verandering-voor-vooruitgang

    at the other side for all the broehaha about the social media campaign, 2000 people on 6 million voters is not what I would call a tremendous outcome