- Page 2

  • in this picture you will see why this 'comedian' is making jokes about the holocaust

    it is in this picture because if you wear this, you don't know what you are wearing and doing

    there is a good book you should read 'der ist wieder da' (translated in dutch and so on) which shows that at present you could say whatever as long as it looks like an imitation or funny but that people seldom think about what is being said

    I just hate all those stupid standup comedians who have only 10% of the brains monthy python had and are in fact no better than the 'always funny guy' at the bar telling loudly his stupid remarks and jokes thinking he is the smartest guy around

    they are popular in the present pop culture but I like more sketches and shows and things that are thought-through instead of just rattling a series of quick remarks and socalled jokes

    and if it doesn't sound right than there is something not right about it - final (especially on television)

  • is your DNS server ready for a dns-flood attack of 100MBPS or 90million requests a second ?

    why use an amplification trick - which shows malicious intent when you can just do a DNS demand and get the machine down anyway ?

    "DNS floods attacks are symmetrical DDoS attacks that works by sending thousands of rapid valid DNS requests to the targeted server, thereby giving the server more traffic than it can handle resulting in slower and slower response times for legitimate requests.

    DNS servers provide the roadmap to the Internet, and help clients find the servers they are looking for, but a DNS floods attempt to exhaust server-side assets (for e.g., memory or CPU) with the large number of UDP requests generated by the malicious scripts running on several compromised botnet machines. The packets sends per seconds are even larger in this case compare to DNS amplification attack.
    Currently researchers at the DDoS protection service are mitigating with this attack with just one of their servers, that can process upto 170Gbps/100Mpps worth of traffic at an inline rate.
    http://thehackernews.com/2014/06/dns-flood-ddos-attack-hit-video-gaming.html
     
    this is an interesting question for an exercise
     
    and it all comes back again to simple stupid hardware
    if you ain't got the hardware you ain't got shit
    you can't go to the war without tanks, airplanes and soldiers
    and the more you have of them, the easier it will be to win the war
     
    so cold standby contracts will become even more important as they can be activated anytime to add more bandwith or transfer dns services to more available servers
     
    most networks have very simple dns servers and no extension plan
  • are you ready for the 300GBPS DDOS attack on your server ?

    yeah, that is volume that is now possible for a real persistant ddos attack

    "On Friday, Matthew Prince, the CEO and co-founder of San Francisco based CloudFlare, the web performance company maintaining the voting website, said that the DDoS attack on the Occupy Central’s voting platform was “one of the largest and most persistent” ever.

    According to Prince, the cybercriminals appeared to be using a network of compromised computers around the world to effectively disable the service of the voting website with an overwhelming amount of traffic. In such cases of attacks, the computer users who are exploited are usually unaware that their systems have been compromised.
     
    Prince also wrote on Twitter: “Battling 300Gbps+ attack right now,” on the first day that the vote began. Three hundred gigabits per second is an enormous amount of data to take down any huge servers.
    http://thehackernews.com/2014/06/largest-ddos-attack-hit-hong-kong.html
     
    so if you are important critical infrastructure or if you are part of something that is opposing a really powerful opponent than this is the DDOS traffic you have to be able to handle
     
    or a Policy to go offline or to change your website every so often to another place, playing hide and seek
  • hedge funds all over the world are in disarray over multimillion trading loss after databreach at hedgefund

    hedge funds all over the world are now in disarray because they understand that it could also happen to them

    "Meanwhile, on 23 June, BAE Systems Applied Intelligence revealed that a US hedge fund lost millions of dollars over a two-month period after hackers installed malware designed to steal trade secrets.

     

    Paul Henninger, product director of BAE Systems, said the cyber-attack could be a case of a smaller company spying on the larger firm as the attack began with a simple phishing email on an employee of the unnamed hedge fund.
    http://www.ibtimes.co.uk/us-hedge-funds-scramble-buy-cybercrime-insurance-after-firm-loses-millions-1453996

    let's read it again

    phishing mail : no clear mailfiltering and protections

    installed malware : no real securitypackage and too many rights on the machine

    steal trade secrets : important secrets are not protected and not seperated from the rest

    two month period : nobody is monitoring what is happening on the network and the machines and with the data 

    and so what are they doing ?

    buying cyberinsurance

    that is like driving totally drunk every evening at 150km/h and buying a huge insurance that will accept that if you have an accident (which you probably will have)

    and who is paying for that cyberinsurance without additional cybersecurity ?

    the clients because of increased costs (not the salaries of the lousy managers)

    oh and just by the way, who is responsable for watching over the cybersecurity of hedge funds in Belgium ?

  • how the terrorist group ISIS is making you look like a terrorist by following them

    source http://techpresident.com/news/wegov/25137/how-isis-wins-twitter

    and than you arrive in the database of the NSA and you can't buy a ticket for a Holiday in the US because you are blacklisted

    in a wider sense, this premission hacking will become a trend or is something widespread

  • hackingteam mobilephone commercial spyfirm has an intercept server in Belgium

    source http://www.securelist.com/en/blog/8231/HackingTeam_2_0_The_Story_Goes_Mobile

    this is from the list of interceptor and command and control servers

    in fact it means that this private spyfirm - who works for legitimate European countries Under legitimate governmental and democratic control for mobilephone spying Under normal democratic rules as well as for a number of countries worldwide without those controls and guarantees (or even any real form of democracy) has such a server on Belgian soil and intercepts information from Belgian and other mobile phones on Belgian soil for its clients (including the more or less dictatorial or not really democratic countries)

    the question now is if this is legal and if such a commercial spyservice can have such an infrastructure on our Belgian soil without any permit from our privacycommission or intelligence service

    more information on this commercial hackingtool sold to all kinds of governments worldwide

    https://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant/

  • new bank trojan steals half a million Euro in a week and something easy banks could do

    source http://www.ibtimes.co.uk/luuuk-cybercrime-campaign-steals-500000-large-european-bank-one-week-1454009

    but in the document there is something interesting

    "The stolen money was passed on to the crooks’ accounts in an interesting and unusual way. Our experts noticed a distinctive quirk in the organization of the so-called ‘drops’ (or money-mules), where participants in the scam receive some of the stolen money in specially created bank accounts and cash out via ATMs. There were evidences of several different ‘drop’ groups, each assigned with different sums of money. One group was responsible for transferring sums of 40-50,000 Euros, another with 15-20,000 and the third with no more than 2,000 Euros. "

    transferring 40.000 to 50.000 Euro online without any double verification ? WOW

    we have blocked our creditcards and bankcards to a certain amount each month (not more than a percentage of my low wage) so even when it gots abused they can't empty an account or abuse it

    it seems now that online this is totally different

    well give me the possibility to block any transfers bigger than x online that I didn't authentificate or approve after or before or something like that

    just common sense

    it would be as effective as the rule that you now have to tell your bank you are travelling to some country if you want to use your bankcard outside of Europe (the fraud diminished by the millions instantly)

     

  • US tech companies in Ireland, Holland and Luxembourg may finally have to pay taxes

    The European Commission has told Ireland it may investigate more companies as part of a probe into the country's tax practices, after announcing a formal probe into Apple's Irish subsidiaries.

    The EU is investigating whether Ireland, Luxembourg and the Netherlands have attracted investment and jobs by helping big companies avoid tax in other countries, including EU members.

    Corporate profit-shifting has come under the international spotlight in recent years following reports of how companies such as Apple and Google use complex structures to slash their tax bills.
    https://www.businessspectator.com.au/news/2014/6/23/technology/eu-warns-ireland-it-could-expand-tax-probe-beyond-apple

    so instead of claiming that they are socially responsable companies blablablabla

    they should pay their taxes like any other firm or worker

    they make enough profit anyway

     

  • here you can follow the other news about the World Cup (local protests)

    Use this search in Twitter  https://twitter.com/hashtag/FifaGoHome?src=hash

    and so on

     

     

  • this happens when (stupid) criminals are addicted to.... facebook

    Nick Wig was arrested Thursday after allegedly breaking into a home in Dakota County, south of Minneapolis, authorities said. His undoing, they said, was that he logged into his Facebook account on homeowner James Wood’s computer and forgot to log out.

    “This is a first case in Dakota County in which a suspected burglar left his Facebook profile on the computer screen of the victim’s computer,” Monica Jensen, spokesperson for the Dakota County Attorney’s Office told ABC News today.
    http://abcnews.go.com/US/alleged-burglar-logs-facebook-victims-computer/story?id=24280108

    maybe he also smiled in the camera .....

    or just had to post a message that he now has the money to go shopping later

  • why the securitychecks on airplanes will become even more stringent soon

    there are new fears and threats

    "The U.S. government had obtained intelligence that associates of an al Qaeda affiliate in Syria – the Al Nusrah Front – and extreme elements of other radical groups were being joined by operatives from al Qaeda in the Arabian Peninsula, the Yemen-based group behind the failed underwear bomb plot on Christmas Day 2009 and the plot a year later to take down cargo planes over the United States with explosives packed into printer cartridges.

    And the groups are jointly working to produce new and “creative” designs for nonmetallic explosives, leading U.S. analysts to believe that the group of radicals, who have worked with Al Nusrah Front, might be looking to target a U.S.- or European-bound plane, sources told ABC News.
    http://abcnews.go.com/International/terrorists-team-syria-build-generation-bombs/story?id=24274983

    the first problem is that the different groups have united their 'scientific' and 'organizing' talents in setting up new kinds of attacks against Airlines (because an attack against an airline has an enormous political, PR and economic impact)

    the second problem is that with thousands of youngsters with international passports fighting in Syria (which is one of the main reasons to stop this war with all means as soon as possible) it will become much easier to bypass all profiling and databases to only double check certain persons

    so don't be surprised if you have to be three hours before departure in the airport, if you are questioned more thoroughly and if for any reason or suspicion you are refused boarding

  • e-health is not secure in the US : 31 million medical files leaked and hacked

    Nearly 31.7 million individuals, a number equal to 1 in 10 people in the U.S., have had their medical records exposed through known and reported major data breaches by healthcare providers and their business associates. With 34 publicly reportable breaches coming in June alone, the total number of breaches on the federal “wall of shame” website topped the 1,000 mark this month.
    http://www.modernhealthcare.com/article/20140613/BLOG/306139996

    in Belgium we have e-health but we shouldn't worry, everything is in order, there is no reason to worry, not at all, really, there are really very stringent securitynorms in hospitals and for doctors and that is controlled by external consultants and so on......

    well, we know that doctors and pharmacies are running totally insecure websites in Belgium and these websites have maybe files or medical information

    but if you are looking for examples (or want to see what we don't have in Belgium or Europe (this is for example fines if there is a breach) you can look here http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/index.html

    the biggest problem with medical information is that it can't be changed, you can change a password or a creditcard but you can't change your medical information

    so if that becomes public or is sold than there is nothing you can do about that ..... maybe change your name and your day of birth (virtually) so that people can't link you anymore to the published information (not bad that idea, the idea that you may receive a totally new identity when essential information about you becomes public or is hacked)

  • #ukraine appeal to people with military knowledge to help Ukr. military blogger

    The last days a lot of pictures and videos and information is coming in on the social web about tanks, missiles, troops, documents and so on

    also when you connect all the messages you arrive at certain movements, events and in fact there is a strategy behind it (which maybe only military people can see)

    there are a few people who are pretending to be 'military informationwarfare operatives' on the Ukranian site but they have proven to be mistaken or hyperbolic more than is good to be trustful source of information doing more bad than good by not checking and re-checking their information and their conclusions over and over again

    also they sometimes have hidden or open agenda's in the power struggles between different ministers, political factions and strategists and this isn't always that clear and its makes the conclusions and analysis not only partial but also easier to contain mistakes and so on

    this military blogger about Ukr I like because he works methodological and he tries to get a logic in it, looks for the bigger picture without neglecting any detail and without taking sides in the numerous fights about strategy that are being fought in the online media and behind the scènes between the Ukr military, activists and politicians

    since the beginning of the crisis several Russian information-ops have been faulted by the coming together online of military and weapon specialists who on the basis of the pictures could make conclusions that no other human would know (direction of firing, kind of weapons etc......)

    as the infiltration by small Russian tank and military units into Ukraine has been intensifying over the last 24hours more and more pictures and videos are coming online

    if you have knowledge about military weapons, strategy and so on and you have a some time to spare to look online through the material that is posted and you think you can add and share some of your knowledge so we can know a bit more sure that what we think could be thruth could have more proof to be the best possible interpretation - than please do

    it has made an enormous difference already a few times in this crisis and it can over the weekend - be a small part of history and do a very small but essential thing

    help this guy, not with money, but with your knowledge (and help Ukraine and piss off Putin and make his stupid propaganda and incidents-for-invasion blow up in his face online for all of the world to see)

    https://twitter.com/djp3tros

    my twitterfeed is  mailforlen

  • why you should download everything you like from Youtube before you have to pay for it

    this is something that has been happening with other services that have started first with a limited paywall and than in fact limited their free service to only content that was so stupid that it wasn't even Worth using it

    so Youtube will start soon with a paid music service and will take everything down that is also on the paid service or doesn't want to be on it meaning that in fact all new and good musicvideos placed by the firms itself can't be on the official free channels of the artists or the labels and everything similar uploaded by their fans will be tracked, silenced and taken down with all the Tools they have and they are developing

    "Google-owned YouTube is threatening to pull down music videos by artists on independent (i.e., non–Big Three) record labels that have refused to sign on to its upcoming subscription streaming service. Major acts such as Adele, Radiohead, Jack White, and Vampire Weekend could all disappear from the site “in a matter of days,” according to YouTube exec Robert Kyncl.

    The indies say they are holding out because YouTube has offered them far worse licensing deals than it's offered the major labels (though they’re light on details). This, they claim, is a departure from the standards set by companies like Spotify and Rdio, which treat them on the same terms as Universal, Sony, and Warner. According to Billboard, meanwhile, YouTube executives "argue that they cannot offer music on the free service without it also being available on the paid service as this would disappoint its subscribers. The solution? To take down songs that can’t be available on both services." (If this sounds to you like a tenuous excuse for simply driving a hard bargain, join the club.)
    http://www.slate.com/blogs/moneybox/2014/06/19/youtube_music_service_google_is_threatening_indie_artists_

    but expect this also to be the case for movies, series, documentaries, cartoons and all the rest that is interesting

    there is quite some freeware (never pay for this stuff) to download the videos from Youtube  I like this one

    and if you don't upload it to a torrent or a fileserver afterwards, you are not doing anything different from watching it ........

    those who know where to look know where to find the interesting links to the interesting stuff on Youtube (surprise me :))

    download in the flv format with a flv player and an external harddrive isn't that expensive anymore

  • #ukraine every day a few Russian tanks into Ukraine is better than all at once

     

    While everybody is watching football or Iraq or the folders for the holidays

     http://ukraineatwar.blogspot.nl/2014/06/open-russian-invasion-into-ukraine-has.html (read this)

    These are the Russian tanks in Ukraine of today

     

     

    And these are the tanks for tomorrow or the weekend (they are now at 5km of the Ukranian border)

  • when is your communication public or external (surveillance)

    the first question is when your communication or information is public is rather simple. It means that it is public from the moment that you have no placed no protections on it like a passwords. If you blog about things or place stuff on websites than that is public and everybody can see that, even intelligence agencies. They still need a reason to follow you because if they follow you than they have a file on you and if they have a file on you they have a case about you (which may only be informational) and if they have a case about you than there are certain aspects about you that had their interests

    so if you are tweeting or publishing about extreme political or religious subjects or if you are putting confidential or very interesting analysis on the web, you shouldn't be surprised if you because of passive monitoring are followed - this doesn't mean that you are suspected of anything - it only means that the information- and intelligence services and firms are just following whatever is written about a certain subject, including the things you write about

    this means that if you protect your emails and Facebook and other postings by specific passwords for your specific content (so not forums anybody can become a member of) than they have to have at least a case on you to break in or ask access.

    and here the second question becomes even more relevant. If you are using external internetservices outside of your homecountry this protection may become irrelevant because a country may have decided that all internetservices which are not clearly defined to be hosted and operated out from their own country are external. So for example the UK has decided that to make the active monitoring (getting passwords and having access to content like Facebook, emails and so on) more easy (without having a legal debate before deciding each case) all the popular social mediaplatforms are external and have no protection from content and data on the national infrastructure.

    In fact this means that to protect the privacy of the citizens Google, Yahoo and others will have to develop local services and state clearly that their emails and so on are always kept on the territory of the UK and always fall Under the national laws and obligations of the UK. This doesn't mean that the intelligence services don't have access, but that according to Britisch law they will need a reason to receive that access.

    and so the whole idea of the cloud and so falls apart again

    it was a stupid idea anyway

  • La libre Belgique is hackable (defacement that is)

    ok let's take this link

    so you would say that there would be nothing very dangerous with it

    it is in fact a subdomain of this site

    but the subdomain has not been well protected because in the first subdomain you can add pages

    and when did this happen well the 13th

    this happened 4 days ago and nobody saw it, it is still up.......

    and the server is placed in Italy - wow how to get your logs and police investigation undergoing .....

     and in fact it is a kind of fileserver because if you place this in Google site:http://r.llb.be

    you will find a list of documents

    which means that it is trusted because there are trusted links to the documents (means that the links are on trusted sites which makes it even more interesting for spammers and so on .....

    maybe it is also interesting to put an infected PDF file on it as if it came from Lalibre Belgique and would be hosted on the fileserver of La Libre Belgique but would have nothing to do with La Libre Belgique

    in these times of attack schèmes LaLibre Belgique looks like a very interesting target

  • the stalemate about the European Cybersecurity directive explained very shortly

    While obligations similar to those in the directive have previously been imposed in the EU on telecoms companies and ISPs courtesy of the E-Privacy Directive (2002/58/EC), the Cyber Security Directive introduces for the first time security and notification obligations on key providers of information services as well as public administrations and operators of critical infrastructure. These sectors rely heavily on information and communications technology that are essential to the maintenance of vital economic or societal functions.

    The original draft of the directive required member states to ensure that when implementing this legislation they required public administrations and market operators providing services within the EU to:

    • Take appropriate technical and organisational measures to manage the risks posed to the security of the networks and information systems that they control and use in their operations.
    • Notify the competent authority, established in each member state to deal specifically with network and information security, of any incidents having a significant impact on the security of core services they provide.
    • Inform the public where the competent authority determines that disclosure of the incident is in the public interest. 

    In January, the Committee on Civil Liberties, Justice and Home Affairs (LIBE) published its opinion and a compromise draft of the directive following amendments by MEPs. This draft was approved by the European Parliament on 13 March 2014, and will now be negotiated by the member states in the Council of Ministers, with final agreement anticipated for later this year and implementation anticipated in 2016.

    One of the key challenges surrounding the implementation of the directive is that its final form is yet to be agreed, causing lots of uncertainty.

    Furthermore, as the legislation is a directive as opposed to a regulation, each member state will be required to enact its own law interpreting and reflecting its provisions.

    With the draft directive still only partway through the legislative process, there is still much negotiation to be done.
    http://l2b.thelawyer.com/home/insight/cyber-law-needs-to-speed-up/3019632.article