- Page 5

  • ALERT : STILL ON XP ? CHANGE Internet Explorer for Firefox NOW (not later)

    as we have seen in the new announcements for the securitypatches from Microsoft for May there are

    NO SECURITYPATCHES FOR XP (they say they meant it when they would leave several million pc's without securitypatches - maybe some-one should sue them for that)

    there are several things you can do yourselfs offcourse

    First and all ditch Internet Explorer and use Firefox (we don't like Chrome for several reasons and the Apple Safari is securitywise a total disaster)

    With Firefox you activate the automatic updates and you can install a whole series of functions to block adware, scripts, protect your privacy and so on (everyone has its favourites)https://support.mozilla.org/en-US/products/firefox/privacy-and-security

    https://support.mozilla.org/en-US/products/firefox/customize

    and if you have a proxy on your network or a firewall on your pc than you don't let your Internet Explorer on XP on the internet ever again (in the free zonealarm.com firewall is that with the application control)

    to keep your xp safer 5 rules

    1. install always the latest versions of adobe, flash and all other software updates still available (use the free secunia.com tool for that)

    2. do not let internet explorer or office 2003 on the internet, ever

    3 install a firewall (zone alarm), a free antivirus (for example avg or avast) and spybot search and destroy security tool (safer-networking.org)

    4. do not surf on pornsites, don't use IRC or P2P with your XP as you will be too vulnerable in those dangerous environments

    5. do not click without thinking (keep for example your email online instead of downloading it) and be very careful with downloads (for example download in a folder on which you have set a password or zip the files afterwards with a password so they can start doing things on their own)

    in any case if you think about what you would like for christmas, think about a new pc or laptop (fuck the tablets, they are as expensive as a good laptop and your tablet is so minimal that you will get bored after a while)

  • this is why the CIA could inform Belgium that its Ministery of External Affairs was breached again

    Accoriding to some information it sounds as if the CIA informed our country that there was a serious problem

    there are a few reasons why the US saw it before we found out themselves

    * they have attacks and infections with Snakeversions since a few years and know the tool all too well by now

    * the CIA could have gotten the information from the NSA with which it closely works together

    * the CIA is on the ground in Ukraine where an attack with the same tool infected a whole series of governmental networks

    so the problem is not that the CIA-NSA are spying or monitoring the networks, it is that they are doing this on the wrong basis which is not acceptable and as we are nearling cold war 2.0 it becomes urgent to correct this before we are in warlike mindsets and some people want to start spying on everything for fear of the great russian invasion or fifth column

    they should limit it to their goals and for our security not to know what each of us doing at some time online

  • in general new viruses are very seldom immediately detected

    so waiting some time instead of downloading immediately that new file is not so stupid as it sounds

    or put them in a folder on your desktop with a password on it so that it can't install itself on the disk without any knowledge

    this is an example of the detection of some new virusfile by a specialist site (checks with virustotal.com)

    http://malwaredb.malekal.com/

     

  • sometimes very few antiviruses protect against snake, uburos etc files

    virustotal.com

    Some of the infection packages are now quite good, like this one

    hash  https://www.virustotal.com/en/file/bf1cfc65b78f5222d35dc3bd2f0a87c9798bce5a48348649dd271ce395656341/analysis/ 

    but when the file was launched 3 years ago nearly no AV discovered it as a virus/trojan

    source of picture above http://blog.cylance.com/infinity-vs-the-real-world-uroburos

    this is the drivers signature (which is NOT checked because that process is bypassed by a vulnerability)

    but than we take another one in which the same file was found

    https://www.virustotal.com/en/file/897e301665cc4749c905be38e1f10653a6d29653a639e49f01543d83c23bbb2f/analysis/

    and another one even worse

    https://www.virustotal.com/en/file/aaeb9d2903047fdacf7102b2084711b725d1b497273b6ab7dfc7c3e2b1bc4ce9/analysis/

    and the same for another infection package in zip

    https://www.virustotal.com/en/file/c8a468ea53d46829aed0c4852923a6f33e12cfbb4b813183fcac6afce1add2d8/analysis/

    and

    https://www.virustotal.com/en/file/e2709a57d4feaa999ede964a7295d7c9a76a1f711026f2ef988c42e6661943c5/analysis/

    it means that about nearly two weeks ago when those packages were launched (Ukranian crisis by the way) it was not discovered by most of the antiviruses and the computers could be infected (if other circumstances were available)

    this does not mean that all those antiviruses have not added this infection meanwhile to their library

    but before you are going to think that fprot and fortinet are going to protect you against all the variants of snake you will have to look at the following file when it was discovered in the wild

    https://www.virustotal.com/en/file/33460a8f849550267910b7893f0867afe55a5a24452d538f796d9674e629acc4/analysis/

     other samples

    https://www.virustotal.com/en/file/6adf258bda09f0863eb6f1bea73c9b419add7cac7ed1149edaa08a65b2d5564f/analysis/   45/50

    and the signature of the file (not checked) is interesting

    maybe it is time for Microsoft to update its signatures so that signatures of files have to be from maybe at least 2012 or something like that

    by updating the signatures one can say that everything older is buggy and not to be trusted

    https://www.virustotal.com/en/file/ecfed4163f7058856e1d253a29d06d808c069670e4a06cad66f42e71cbc83a2e/analysis/  44/51  Microsoft signature

    and so there are 100 of these files running around

     

  • updated snake espionagetool 4 more important documents to read

    Uroburos Highly complex espionage software with Russian ...

    https://public.gdatasoftware.com/.../GData_Uroburos_RedPaper_EN_v1....

    the malware's code and following an ancient symbol depicting a serpent or ... malware and the supposed spying techniques used by it, we assume that this ..

    Operation “Ke3chang” Targeted Attacks Against ... - FireEye

    www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf
    Sep 18, 2013 - The worldwide deployment of espionage-focused malware has made this .... seems to make sense, because it relates to 360 Chinese anti-virus software. ... In 2011 a campaign, labeled “snake” by the attackers, started using the theme of nude ...  (NOTE : This uses more or less the same techniques and strategies)

    20140312Kaspersky Lab Press-release How Turla and ...

    newsroom.kaspersky.eu/.../20140312Kaspersky_Lab_Press-release_How...
    Mar 12, 2014 - espionage operation codenamed Turla (also referred to as Snake or Uroburos). ... Kaspersky Lab first became aware of the Turla cyber espionage campaign in ...
     
     
     
  • the abuse by snake espionagetool of free DNS services

    these free DNS services give you the possibility to host on a server or pc different domains and to use their DNS service or redirect service

    and if you want to block the service no-ip.com than you have to block the following domains

    len is my testname so len.ddns.me should become *.ddns.me

    off course most of the domains that used no-Ip.com are gone or blocked but they will need more pro-active monitoring and an automatic control of urlblockinglists to automatically receive reports for those that use their services

    otherwise other snakes will bite them

    the other ones they have used are these ones

     

     It makes it easy to get the domains of the web - if those services have permanent and fast security services but it makes it a cat and mouse game

    in the versions that are discussed here it seems that some of the subdomains are hardencoded which is silly (and stupid) as the domains are gone but which means that putting those domains in a list and let it go through your logs of internetconnections to find any trace may be an interesting indicator (but not an absolute one)

    we can presume that in future they will be able to change that

    but it also means that the firms in question should not just block the domain and make it available after a few weeks of months or years because we have seen with other botnetinfections with dns.be that even when the domains were liberated three years later for sale they were immediately rebought by the operators (to the astonishment of DNS.be). But it was logical to me because as they had hardencoded the domainname in the botnet they would - at the low price of a domainname and some hosting - recuperate maybe some computers that weren't cleaned (don't be surprised because this is still very much the case in many networks)

    you could off course decide to ask your webfiltercompany to get a category included to be able to block such free hosting and free dns services to limit the risks

    some free dns and redirection services have lately closed doors or changed course into professional services for companies because the workload with all the criminal activity was becoming too big to bear

  • the new microsoft security Updates are a MUST to install (attacks likely)

    In the columns below, "Latest Software Release" refers to the subject software, and "Older Software Releases" refers to all older, supported releases of the subject software, as listed in the "Affected Software" and "Non-Affected Software" tables in the bulletin.

     

    Bulletin ID

    Vulnerability Title

    CVE ID

    Exploitability Assessment for Latest Software Release

    Exploitability Assessment for Older Software Release

    Denial of Service Exploitability Assessment

     

    MS14-021
    (Released out-of-band on May 1, 2014)

    Internet Explorer Memory Corruption Vulnerability

    CVE-2014-1776

    1 - Exploit code likely

    1 - Exploit code likely

    Not applicable

     

    MS14-022

    SharePoint Page Content Vulnerability

    CVE-2014-0251

    1 - Exploit code likely

    1 - Exploit code likely

    Not applicable

     

    MS14-022

    SharePoint XSS Vulnerability

    CVE-2014-1754

    1 - Exploit code likely

    Not affected

    Not applicable

     

    MS14-022

    Web Applications Page Content Vulnerability

    CVE-2014-1813

    Not affected

    3 - Exploit code unlikely

    Temporary

     

    MS14-023

    Microsoft Office Chinese Grammar Checking Vulnerability

    CVE-2014-1756

    1 - Exploit code likely

    1 - Exploit code likely

    Not applicable

     

    MS14-023

    Token Reuse Vulnerability

    CVE-2014-1808

    3 - Exploit code unlikely

    3 - Exploit code unlikely

    Not applicable

     

    MS14-024

    MSCOMCTL ASLR Vulnerability

    CVE-2014-1809

    Not applicable

    Not applicable

    Not applicable

     

    MS14-025

    Group Policy Preferences Password Elevation of Privilege Vulnerability

    CVE-2014-1812

    1 - Exploit code likely

    1 - Exploit code likely

    Not applicable

     

    MS14-026

    TypeFilterLevel Vulnerability

    CVE-2014-1806

    1 - Exploit code likely

    1 - Exploit code likely

    Not applicable

     

    MS14-027

    Windows Shell File Association Vulnerability

    CVE-2014-1807

    1 - Exploit code likely

    1 - Exploit code likely

    Not applicable

     

    MS14-028

    iSCSI Target Remote Denial of Service Vulnerability

    CVE-2014-0255

    3 - Exploit code unlikely

    3 - Exploit code unlikely

    Temporary

     

    MS14-028

    iSCSI Target Remote Denial of Service Vulnerability

    CVE-2014-0256

    3 - Exploit code unlikely

    3 - Exploit code unlikely

    Temporary

     

    MS14-029

    Internet Explorer Memory Corruption Vulnerability

    CVE-2014-0310

    1 - Exploit code likely

    1 - Exploit code likely

    Not applicable

     

    MS14-029

    Internet Explorer Memory Corruption Vulnerability

    CVE-2014-1815

    1 - Exploit code likely

    1 - Exploit code likely

       


    https://technet.microsoft.com/library/security/ms14-may

  • ex belgian pornproducer fires back through twitter with his backstage information

    https://twitter.com/dennisburkas

    he is now in prision but his press attaché (does this man know that for some of these tweets there is a possibility that people can go to court for slanders and lies and things like that - the fact that they didn't implicates some kind of guilt it seems)

    just a few

    a major newseditor of one the two major tvnewsprograms made before during an documentary (tv makers and press agencies were wildly enthusiastic to follow or report this 'belgian pornproducer' of a 'new kind') a lot of private pictures of an anal 'event' on stage

    how do you explain that ? Deny.... pfff .... where smoke is, is fire

     

    this tv producer exchanged tv work for sex in the office

    you got the picture (and there are some pictures :)) although I think the most important ones he is not putting online (maybe in case he needs some money)

    He is now in prision for four years for assaulting a minor of 15 years

    how to get that offline and out of the digital memory is a totally different much more complicated matter ....

  • Russian virus attack on the network of the Belgian Ministry of External Affairs is an atombomb

    The big problem is that on the same network there are several other very secret services or very important information that is very classified.

    For the moment it is the Ministery of External Affairs that distribute the Security clearances that were controlled by our Internal Intelligence service (why they don't keep that data on their network - would be safer)

    in fact - as the virus is a P2P worm that distributes itself on the network it is necessary to in fact to suppose that all secret information could be compromised unless you can proof 100% otherwise

    so unless one could proof 100% otherwise all people with security clearances will need new ones or will need to be replaced

    this - and other kinds of information shouldn't be on a network that has been hacked twice

    this is the atombomb

    imagine that all Belgians lose their securityclearance - if it is with an international firm or organisation because the organisation considers the information or person compromised now independently what the Belgian administration says (based on which forensic evidence - if there is any forensic evidence that can be accepted without any doubt)

    the one thing that is clear is that that information can no longer be on that network - for the security of everyone who needs a security clearance

  • #NSA has a good collection of the info on Facebook

    and they are quite proud of it

  • #NSA picture of adaption of not-yet-delivered computer

    well your firm or organisation has bought a computer or several and is awaiting their deliverance. Well the process is without your knowledge (and that of the firm in question) intercepted at the border and led to a special office where they place espionagetools on the computer so that you won't find them

    this is a picture of the installation

  • #NSA following closely investments and situation of international SCADA infrastructure

    if it would be of partners one could say that it was to warn them of certain dangers and to help to secure their critical networks but if this isn't the explicit goal there is a problem

    targeting electricity and gas networks of countries will be hurting the civilean population and should for that reason be prohibited

  • #NSA has Belgium and other countries as economic targets

    this is against all international rules and against all the declarations made by officials the last months that espionage shouldn't be used for purely economic advantages

    the reason the US says it does economic spying is to be sure that there is no corruption in international trade deals and secondly to be sure that there wouldn't be a new international financial crisis of which they wouldn't be informed long time ago (and so could take all the necessary precautions)

  • #NSA this is all the metadata your telephone gives away

    Belgium will now buy unhackable telephones - whatever that is

  • #NSA Belgium has a focused cooperation with the NSA (privileged)

    look at the table

    you have first the five historical allies of the second world war who have put afterwards together the echelon cooperation which is also called the 5 eyes or ears working very close together

    than you have a few countries in the second group with which there is a focused cooperation whatever that means but which is clearly not something that has been established with many countries

    but in the list of approved sigint partners which is longer Belgium is also mentioned

  • #NSA has a backdoor in the encrypted Outlook.com webchat

    an intelligence backdoor in encrypted services ? what is more scary than that ......

    this definitely needs some follow-up ....

  • NSA has a partnership with 80 major IT and telecom firms

    the file is top secret so the cooperation is also top secret so it is possible that very few people in the firm will now about this partnership

    the same is for example the case in France where people work in telecommunication firms who are linked to the intelligence service and have nearly no contact with their co-workers or fall under some-one authority

    and this will be the case all over the world - and the direction will say that they don't want to know (or someone working for them has made sure that they weren't officially informed so they can pretend that they didn't know)

  • new NSA documents : global surveillance reached 1 trillion metadata intercepted

    http://glenngreenwald.net/pdf/NoPlaceToHide-Documents-Compressed.pdf

    and they brought about 35 million tips - staggering numbers because how do you treat 35 million tips ? how do you analyze them, organize them, get them into usable intelligence ? 35 million tips (filters in fact to search for so it becomes a self feeding machine growing out of control)