06/25/2014

in this picture you will see why this 'comedian' is making jokes about the holocaust

it is in this picture because if you wear this, you don't know what you are wearing and doing

there is a good book you should read 'der ist wieder da' (translated in dutch and so on) which shows that at present you could say whatever as long as it looks like an imitation or funny but that people seldom think about what is being said

I just hate all those stupid standup comedians who have only 10% of the brains monthy python had and are in fact no better than the 'always funny guy' at the bar telling loudly his stupid remarks and jokes thinking he is the smartest guy around

they are popular in the present pop culture but I like more sketches and shows and things that are thought-through instead of just rattling a series of quick remarks and socalled jokes

and if it doesn't sound right than there is something not right about it - final (especially on television)

Permalink | |  Print |  Facebook | | | | Pin it! |

is your DNS server ready for a dns-flood attack of 100MBPS or 90million requests a second ?

why use an amplification trick - which shows malicious intent when you can just do a DNS demand and get the machine down anyway ?

"DNS floods attacks are symmetrical DDoS attacks that works by sending thousands of rapid valid DNS requests to the targeted server, thereby giving the server more traffic than it can handle resulting in slower and slower response times for legitimate requests.

DNS servers provide the roadmap to the Internet, and help clients find the servers they are looking for, but a DNS floods attempt to exhaust server-side assets (for e.g., memory or CPU) with the large number of UDP requests generated by the malicious scripts running on several compromised botnet machines. The packets sends per seconds are even larger in this case compare to DNS amplification attack.
Currently researchers at the DDoS protection service are mitigating with this attack with just one of their servers, that can process upto 170Gbps/100Mpps worth of traffic at an inline rate.
http://thehackernews.com/2014/06/dns-flood-ddos-attack-hi...
 
this is an interesting question for an exercise
 
and it all comes back again to simple stupid hardware
if you ain't got the hardware you ain't got shit
you can't go to the war without tanks, airplanes and soldiers
and the more you have of them, the easier it will be to win the war
 
so cold standby contracts will become even more important as they can be activated anytime to add more bandwith or transfer dns services to more available servers
 
most networks have very simple dns servers and no extension plan

Permalink | |  Print |  Facebook | | | | Pin it! |

are you ready for the 300GBPS DDOS attack on your server ?

yeah, that is volume that is now possible for a real persistant ddos attack

"On Friday, Matthew Prince, the CEO and co-founder of San Francisco based CloudFlare, the web performance company maintaining the voting website, said that the DDoS attack on the Occupy Central’s voting platform was “one of the largest and most persistent” ever.

According to Prince, the cybercriminals appeared to be using a network of compromised computers around the world to effectively disable the service of the voting website with an overwhelming amount of traffic. In such cases of attacks, the computer users who are exploited are usually unaware that their systems have been compromised.
 
Prince also wrote on Twitter: “Battling 300Gbps+ attack right now,” on the first day that the vote began. Three hundred gigabits per second is an enormous amount of data to take down any huge servers.
http://thehackernews.com/2014/06/largest-ddos-attack-hit-...
 
so if you are important critical infrastructure or if you are part of something that is opposing a really powerful opponent than this is the DDOS traffic you have to be able to handle
 
or a Policy to go offline or to change your website every so often to another place, playing hide and seek

Permalink | |  Print |  Facebook | | | | Pin it! |

hedge funds all over the world are in disarray over multimillion trading loss after databreach at hedgefund

hedge funds all over the world are now in disarray because they understand that it could also happen to them

"Meanwhile, on 23 June, BAE Systems Applied Intelligence revealed that a US hedge fund lost millions of dollars over a two-month period after hackers installed malware designed to steal trade secrets.

 

Paul Henninger, product director of BAE Systems, said the cyber-attack could be a case of a smaller company spying on the larger firm as the attack began with a simple phishing email on an employee of the unnamed hedge fund.
http://www.ibtimes.co.uk/us-hedge-funds-scramble-buy-cybe...

let's read it again

phishing mail : no clear mailfiltering and protections

installed malware : no real securitypackage and too many rights on the machine

steal trade secrets : important secrets are not protected and not seperated from the rest

two month period : nobody is monitoring what is happening on the network and the machines and with the data 

and so what are they doing ?

buying cyberinsurance

that is like driving totally drunk every evening at 150km/h and buying a huge insurance that will accept that if you have an accident (which you probably will have)

and who is paying for that cyberinsurance without additional cybersecurity ?

the clients because of increased costs (not the salaries of the lousy managers)

oh and just by the way, who is responsable for watching over the cybersecurity of hedge funds in Belgium ?

Permalink | |  Print |  Facebook | | | | Pin it! |

how the terrorist group ISIS is making you look like a terrorist by following them

source http://techpresident.com/news/wegov/25137/how-isis-wins-t...

and than you arrive in the database of the NSA and you can't buy a ticket for a Holiday in the US because you are blacklisted

in a wider sense, this premission hacking will become a trend or is something widespread

Permalink | |  Print |  Facebook | | | | Pin it! |

make a 3D selfie of yourself (for 100 Euro's)

source

http://www.ibtimes.co.uk/asda-launches-60-3d-printed-self...

Permalink | |  Print |  Facebook | | | | Pin it! |

hackingteam mobilephone commercial spyfirm has an intercept server in Belgium

source http://www.securelist.com/en/blog/8231/HackingTeam_2_0_Th...

this is from the list of interceptor and command and control servers

in fact it means that this private spyfirm - who works for legitimate European countries Under legitimate governmental and democratic control for mobilephone spying Under normal democratic rules as well as for a number of countries worldwide without those controls and guarantees (or even any real form of democracy) has such a server on Belgian soil and intercepts information from Belgian and other mobile phones on Belgian soil for its clients (including the more or less dictatorial or not really democratic countries)

the question now is if this is legal and if such a commercial spyservice can have such an infrastructure on our Belgian soil without any permit from our privacycommission or intelligence service

more information on this commercial hackingtool sold to all kinds of governments worldwide

https://citizenlab.org/2014/06/backdoor-hacking-teams-tra...

Permalink | |  Print |  Facebook | | | | Pin it! |

new bank trojan steals half a million Euro in a week and something easy banks could do

source http://www.ibtimes.co.uk/luuuk-cybercrime-campaign-steals...

but in the document there is something interesting

"The stolen money was passed on to the crooks’ accounts in an interesting and unusual way. Our experts noticed a distinctive quirk in the organization of the so-called ‘drops’ (or money-mules), where participants in the scam receive some of the stolen money in specially created bank accounts and cash out via ATMs. There were evidences of several different ‘drop’ groups, each assigned with different sums of money. One group was responsible for transferring sums of 40-50,000 Euros, another with 15-20,000 and the third with no more than 2,000 Euros. "

transferring 40.000 to 50.000 Euro online without any double verification ? WOW

we have blocked our creditcards and bankcards to a certain amount each month (not more than a percentage of my low wage) so even when it gots abused they can't empty an account or abuse it

it seems now that online this is totally different

well give me the possibility to block any transfers bigger than x online that I didn't authentificate or approve after or before or something like that

just common sense

it would be as effective as the rule that you now have to tell your bank you are travelling to some country if you want to use your bankcard outside of Europe (the fraud diminished by the millions instantly)

 

Permalink | |  Print |  Facebook | | | | Pin it! |

US tech companies in Ireland, Holland and Luxembourg may finally have to pay taxes

The European Commission has told Ireland it may investigate more companies as part of a probe into the country's tax practices, after announcing a formal probe into Apple's Irish subsidiaries.

The EU is investigating whether Ireland, Luxembourg and the Netherlands have attracted investment and jobs by helping big companies avoid tax in other countries, including EU members.

Corporate profit-shifting has come under the international spotlight in recent years following reports of how companies such as Apple and Google use complex structures to slash their tax bills.
https://www.businessspectator.com.au/news/2014/6/23/techn...

so instead of claiming that they are socially responsable companies blablablabla

they should pay their taxes like any other firm or worker

they make enough profit anyway

 

Permalink | |  Print |  Facebook | | | | Pin it! |

here you can follow the other news about the World Cup (local protests)

Use this search in Twitter  https://twitter.com/hashtag/FifaGoHome?src=hash

and so on

 

 

Permalink | |  Print |  Facebook | | | | Pin it! |

this happens when (stupid) criminals are addicted to.... facebook

Nick Wig was arrested Thursday after allegedly breaking into a home in Dakota County, south of Minneapolis, authorities said. His undoing, they said, was that he logged into his Facebook account on homeowner James Wood’s computer and forgot to log out.

“This is a first case in Dakota County in which a suspected burglar left his Facebook profile on the computer screen of the victim’s computer,” Monica Jensen, spokesperson for the Dakota County Attorney’s Office told ABC News today.
http://abcnews.go.com/US/alleged-burglar-logs-facebook-vi...

maybe he also smiled in the camera .....

or just had to post a message that he now has the money to go shopping later

Permalink | |  Print |  Facebook | | | | Pin it! |

why the securitychecks on airplanes will become even more stringent soon

there are new fears and threats

"The U.S. government had obtained intelligence that associates of an al Qaeda affiliate in Syria – the Al Nusrah Front – and extreme elements of other radical groups were being joined by operatives from al Qaeda in the Arabian Peninsula, the Yemen-based group behind the failed underwear bomb plot on Christmas Day 2009 and the plot a year later to take down cargo planes over the United States with explosives packed into printer cartridges.

And the groups are jointly working to produce new and “creative” designs for nonmetallic explosives, leading U.S. analysts to believe that the group of radicals, who have worked with Al Nusrah Front, might be looking to target a U.S.- or European-bound plane, sources told ABC News.
http://abcnews.go.com/International/terrorists-team-syria...

the first problem is that the different groups have united their 'scientific' and 'organizing' talents in setting up new kinds of attacks against Airlines (because an attack against an airline has an enormous political, PR and economic impact)

the second problem is that with thousands of youngsters with international passports fighting in Syria (which is one of the main reasons to stop this war with all means as soon as possible) it will become much easier to bypass all profiling and databases to only double check certain persons

so don't be surprised if you have to be three hours before departure in the airport, if you are questioned more thoroughly and if for any reason or suspicion you are refused boarding

Permalink | |  Print |  Facebook | | | | Pin it! |

06/24/2014

even Yahoo makes mistakes with her ssl certificates and messes up security

this has been popping up on my yahoo profile in chrome

Permalink | |  Print |  Facebook | | | | Pin it! |

e-health is not secure in the US : 31 million medical files leaked and hacked

Nearly 31.7 million individuals, a number equal to 1 in 10 people in the U.S., have had their medical records exposed through known and reported major data breaches by healthcare providers and their business associates. With 34 publicly reportable breaches coming in June alone, the total number of breaches on the federal “wall of shame” website topped the 1,000 mark this month.
http://www.modernhealthcare.com/article/20140613/BLOG/306...

in Belgium we have e-health but we shouldn't worry, everything is in order, there is no reason to worry, not at all, really, there are really very stringent securitynorms in hospitals and for doctors and that is controlled by external consultants and so on......

well, we know that doctors and pharmacies are running totally insecure websites in Belgium and these websites have maybe files or medical information

but if you are looking for examples (or want to see what we don't have in Belgium or Europe (this is for example fines if there is a breach) you can look here http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples...

the biggest problem with medical information is that it can't be changed, you can change a password or a creditcard but you can't change your medical information

so if that becomes public or is sold than there is nothing you can do about that ..... maybe change your name and your day of birth (virtually) so that people can't link you anymore to the published information (not bad that idea, the idea that you may receive a totally new identity when essential information about you becomes public or is hacked)

Permalink | |  Print |  Facebook | | | | Pin it! |

06/20/2014

#ukraine appeal to people with military knowledge to help Ukr. military blogger

The last days a lot of pictures and videos and information is coming in on the social web about tanks, missiles, troops, documents and so on

also when you connect all the messages you arrive at certain movements, events and in fact there is a strategy behind it (which maybe only military people can see)

there are a few people who are pretending to be 'military informationwarfare operatives' on the Ukranian site but they have proven to be mistaken or hyperbolic more than is good to be trustful source of information doing more bad than good by not checking and re-checking their information and their conclusions over and over again

also they sometimes have hidden or open agenda's in the power struggles between different ministers, political factions and strategists and this isn't always that clear and its makes the conclusions and analysis not only partial but also easier to contain mistakes and so on

this military blogger about Ukr I like because he works methodological and he tries to get a logic in it, looks for the bigger picture without neglecting any detail and without taking sides in the numerous fights about strategy that are being fought in the online media and behind the scènes between the Ukr military, activists and politicians

since the beginning of the crisis several Russian information-ops have been faulted by the coming together online of military and weapon specialists who on the basis of the pictures could make conclusions that no other human would know (direction of firing, kind of weapons etc......)

as the infiltration by small Russian tank and military units into Ukraine has been intensifying over the last 24hours more and more pictures and videos are coming online

if you have knowledge about military weapons, strategy and so on and you have a some time to spare to look online through the material that is posted and you think you can add and share some of your knowledge so we can know a bit more sure that what we think could be thruth could have more proof to be the best possible interpretation - than please do

it has made an enormous difference already a few times in this crisis and it can over the weekend - be a small part of history and do a very small but essential thing

help this guy, not with money, but with your knowledge (and help Ukraine and piss off Putin and make his stupid propaganda and incidents-for-invasion blow up in his face online for all of the world to see)

https://twitter.com/djp3tros

my twitterfeed is  mailforlen

Permalink | |  Print |  Facebook | | | | Pin it! |

why you should download everything you like from Youtube before you have to pay for it

this is something that has been happening with other services that have started first with a limited paywall and than in fact limited their free service to only content that was so stupid that it wasn't even Worth using it

so Youtube will start soon with a paid music service and will take everything down that is also on the paid service or doesn't want to be on it meaning that in fact all new and good musicvideos placed by the firms itself can't be on the official free channels of the artists or the labels and everything similar uploaded by their fans will be tracked, silenced and taken down with all the Tools they have and they are developing

"Google-owned YouTube is threatening to pull down music videos by artists on independent (i.e., non–Big Three) record labels that have refused to sign on to its upcoming subscription streaming service. Major acts such as Adele, Radiohead, Jack White, and Vampire Weekend could all disappear from the site “in a matter of days,” according to YouTube exec Robert Kyncl.

The indies say they are holding out because YouTube has offered them far worse licensing deals than it's offered the major labels (though they’re light on details). This, they claim, is a departure from the standards set by companies like Spotify and Rdio, which treat them on the same terms as Universal, Sony, and Warner. According to Billboard, meanwhile, YouTube executives "argue that they cannot offer music on the free service without it also being available on the paid service as this would disappoint its subscribers. The solution? To take down songs that can’t be available on both services." (If this sounds to you like a tenuous excuse for simply driving a hard bargain, join the club.)
http://www.slate.com/blogs/moneybox/2014/06/19/youtube_mu...

but expect this also to be the case for movies, series, documentaries, cartoons and all the rest that is interesting

there is quite some freeware (never pay for this stuff) to download the videos from Youtube  I like this one

and if you don't upload it to a torrent or a fileserver afterwards, you are not doing anything different from watching it ........

those who know where to look know where to find the interesting links to the interesting stuff on Youtube (surprise me :))

download in the flv format with a flv player and an external harddrive isn't that expensive anymore

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine every day a few Russian tanks into Ukraine is better than all at once

 

While everybody is watching football or Iraq or the folders for the holidays

 http://ukraineatwar.blogspot.nl/2014/06/open-russian-inva... (read this)

These are the Russian tanks in Ukraine of today

 

 

And these are the tanks for tomorrow or the weekend (they are now at 5km of the Ukranian border)

Permalink | |  Print |  Facebook | | | | Pin it! |

06/17/2014

when is your communication public or external (surveillance)

the first question is when your communication or information is public is rather simple. It means that it is public from the moment that you have no placed no protections on it like a passwords. If you blog about things or place stuff on websites than that is public and everybody can see that, even intelligence agencies. They still need a reason to follow you because if they follow you than they have a file on you and if they have a file on you they have a case about you (which may only be informational) and if they have a case about you than there are certain aspects about you that had their interests

so if you are tweeting or publishing about extreme political or religious subjects or if you are putting confidential or very interesting analysis on the web, you shouldn't be surprised if you because of passive monitoring are followed - this doesn't mean that you are suspected of anything - it only means that the information- and intelligence services and firms are just following whatever is written about a certain subject, including the things you write about

this means that if you protect your emails and Facebook and other postings by specific passwords for your specific content (so not forums anybody can become a member of) than they have to have at least a case on you to break in or ask access.

and here the second question becomes even more relevant. If you are using external internetservices outside of your homecountry this protection may become irrelevant because a country may have decided that all internetservices which are not clearly defined to be hosted and operated out from their own country are external. So for example the UK has decided that to make the active monitoring (getting passwords and having access to content like Facebook, emails and so on) more easy (without having a legal debate before deciding each case) all the popular social mediaplatforms are external and have no protection from content and data on the national infrastructure.

In fact this means that to protect the privacy of the citizens Google, Yahoo and others will have to develop local services and state clearly that their emails and so on are always kept on the territory of the UK and always fall Under the national laws and obligations of the UK. This doesn't mean that the intelligence services don't have access, but that according to Britisch law they will need a reason to receive that access.

and so the whole idea of the cloud and so falls apart again

it was a stupid idea anyway

Permalink | |  Print |  Facebook | | | | Pin it! |

La libre Belgique is hackable (defacement that is)

ok let's take this link

so you would say that there would be nothing very dangerous with it

it is in fact a subdomain of this site

but the subdomain has not been well protected because in the first subdomain you can add pages

and when did this happen well the 13th

this happened 4 days ago and nobody saw it, it is still up.......

and the server is placed in Italy - wow how to get your logs and police investigation undergoing .....

 and in fact it is a kind of fileserver because if you place this in Google site:http://r.llb.be

you will find a list of documents

which means that it is trusted because there are trusted links to the documents (means that the links are on trusted sites which makes it even more interesting for spammers and so on .....

maybe it is also interesting to put an infected PDF file on it as if it came from Lalibre Belgique and would be hosted on the fileserver of La Libre Belgique but would have nothing to do with La Libre Belgique

in these times of attack schèmes LaLibre Belgique looks like a very interesting target

Permalink | |  Print |  Facebook | | | | Pin it! |

the stalemate about the European Cybersecurity directive explained very shortly

While obligations similar to those in the directive have previously been imposed in the EU on telecoms companies and ISPs courtesy of the E-Privacy Directive (2002/58/EC), the Cyber Security Directive introduces for the first time security and notification obligations on key providers of information services as well as public administrations and operators of critical infrastructure. These sectors rely heavily on information and communications technology that are essential to the maintenance of vital economic or societal functions.

The original draft of the directive required member states to ensure that when implementing this legislation they required public administrations and market operators providing services within the EU to:

  • Take appropriate technical and organisational measures to manage the risks posed to the security of the networks and information systems that they control and use in their operations.
  • Notify the competent authority, established in each member state to deal specifically with network and information security, of any incidents having a significant impact on the security of core services they provide.
  • Inform the public where the competent authority determines that disclosure of the incident is in the public interest. 

In January, the Committee on Civil Liberties, Justice and Home Affairs (LIBE) published its opinion and a compromise draft of the directive following amendments by MEPs. This draft was approved by the European Parliament on 13 March 2014, and will now be negotiated by the member states in the Council of Ministers, with final agreement anticipated for later this year and implementation anticipated in 2016.

One of the key challenges surrounding the implementation of the directive is that its final form is yet to be agreed, causing lots of uncertainty.

Furthermore, as the legislation is a directive as opposed to a regulation, each member state will be required to enact its own law interpreting and reflecting its provisions.

With the draft directive still only partway through the legislative process, there is still much negotiation to be done.
http://l2b.thelawyer.com/home/insight/cyber-law-needs-to-...

Permalink | |  Print |  Facebook | | | | Pin it! |