07/29/2014

openssl has now also its public repercussions on SCADA installations (Siemens)

"Several Siemens products used for process and network control and monitoring in critical infrastructure sectors are affected by four vulnerabilities in the company's OpenSSL cryptographic software library.The vulnerabilities – CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470 – can be exploited remotely, and fairly easily, to hijack a session as part of a man-in-the-middle attack or to crash the web server of the product, according to a Thursday ICS-CERT post. Siemens has already issued updates for APE versions prior to version 2.0.2 and WinCC OA (PVSS), but has only issued temporary mitigations for CP1543-1, ROX 1, ROX 2, and S7-1500.

 

The products are typically used in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors, according to the post.
http://www.scmagazine.com/siemens-industrial-products-imp...

so this is how one cares about critical infrastructure ? and this by an enormous big firm with all the resources at its disposal to find remedies in time if it wanted to ?

and so this is only launched last week and with only temporary mitigations for some other installations ? what does that mean for a critical installation ?

in fact it means that critical installations shouldn't have internet connections if they are really critical and if our lives or health depend on it

and secondly that if you install software or hardware in such critical environments you don't use untested products like openssl (all the 10 year old bugs that are being found now weren't tested in all these years contrary to the popular myth that code is better when it is opensourced because more people are looking at the code)

Permalink | |  Print |  Facebook | | | | Pin it! |

Apple has left a great number of open backdoors on your ipads and iphones without telling you

"Zdziarski’s slides came to light on Monday through ZDNet and were used in a recent conference talk he gave called “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices.”

 

The full set of slides are available in a PDF download here, but some of the highlights include:

 

  • Library and cache files are not encrypted although since iOS 7, third-party documents are.
  • Some of the undocumented services in iOS — “lockdownd,” “pcapd” and “mobile.file_relay” — can get at encrypted data for access over USB and perhaps thorough a cellular connection.
  • Third-party forensic software companies that know how to access data through these backdoors are selling their services to law enforcement agencies.

 

Zdziarski suggests these services are part of iOS by design, perhaps so that Apple can comply with legal requests for data from the government. It’s difficult to say, of course, and Apple hasn’t commented on the original story.
http://gigaom.com/2014/07/21/security-researcher-suggests...

Permalink | |  Print |  Facebook | | | | Pin it! |

DDOS attacks hidden under fake googlebot crawlers making discovery difficult

"According to the data they collected, it appears that 34.3% of the fake crawlers were explicitly malicious, most of them (23.5%) being used for application layer DDoS attacks, while the rest dealt with scraping, spamming and hacking. 65.7% had purposes far from being nefarious, but still worrying, considering that they collected information used for marketing purposes.

Mitigating an application layer DDoS attack is not too easy, because the requests are directed at the application interface and mimic legitimate behavior, which makes filtering out the bad traffic more difficult.Website admins that do not have solutions that can distinguish the fake web crawlers from the legitimate ones face a pretty difficult dilemma because they either risk loss of traffic by blocking the bots or suffer downtime by allowing them.

Incapsula says that “fake Googlebot visits originate from botnets - clusters of compromised connected devices (e.g., Trojan infected personal computers) exploited for malicious purposes.”
http://news.softpedia.com/news/Fake-Googlebots-Used-for-L...

and so it will be necessary that such crawlers will have real certificates especially for those that are always necessary like Google and Bing

Permalink | |  Print |  Facebook | | | | Pin it! |

these are the kind of payments datathiefs receive now for full DB sets

they have a twitter account in which they offer the db of paris.fr - france24 and others or a million israeli emailaddresses with their passwords - if this is all real

if we take his word for it - and we believe for a moment that this is real

than this is an indication of prices paid for full databases

Permalink | |  Print |  Facebook | | | | Pin it! |

#gaza Belgian statebank Dexia finances the Israeli colonization of what should become a Palestinian state some day

En Belgique, c’est le groupe bancaire Dexia SA, dont l’État belge est actionnaire majoritaire, qui est lui aussi directement impliqué dans le financement des colonies à travers sa filiale israélienne, Dexia Israël. Malgré les campagnes dont le groupe a fait l’objet et ses déclarations de séparation de sa filiale, Dexia SA est toujours lié à Dexia Israël qui continue à financer les colonies israéliennes à travers notamment des prêts accordés aux municipalités".
http://www.rtbf.be/info/societe/detail_israel-comment-sav...

so maybe it is time to intervene and stop this financing of something that is clearly and withouit any doubt illegal and was condemned by the whole international community including the US and is in fact responsable for the weakening of Fatah which has empowered Hamas which is now keeping this senseless war going by refusing any halt to it

so indirectly the statebank Dexia (saved by our tax money) is in part responsable for the context that led to this war

Permalink | |  Print |  Facebook | | | | Pin it! |

#gaza Israeli anti-riot police uses dirty water in rebellious neighbourhoods

strange (in french) from le Monde

 

Permalink | |  Print |  Facebook | | | | Pin it! |

kvo.be online ticketsales is totally exploitable thanks to openssl

because all the other good things that have been done in setting up the certificate (except for the domain mismatch) are totally undone by a forgotten patch for a new vulnerability in Openssl (they keep on coming don't they ?)

test your own server at www.ssllabs.com

and the data that is exploitable is the following

is login and password you are probably also using elsewhere and a lot of identification data here

http://tickets.kvo.be/nl/register/  (also tax number for enterprises for the business seats)

and your financial data for the transactions 

 

Permalink | |  Print |  Facebook | | | | Pin it! |

this is why we are NOT legion and we are NOT one and never will be, Anonymous

because I don't think that people associating with these kind of puppets of Putin with all kinds of extremist nuts who don't care a second for human rights, and so on

so now we will never be one surely not with this one

and I am rather not Anonymous but a true democrat

Permalink | |  Print |  Facebook | | | | Pin it! |

The European fiscal authorities have only discovered 20% of all offshore money in Switzerland

"Gabriel Zucman (born Oct 1986), the young French economist who is an assistant professor at the London School of Economics and a collaborator with compatriot economists Thomas Piketty and Emmanuel Saez on inequality research, has hailed the remarkable progress in recent times against international tax evasion but he warns that Swiss banks will continue to cheat as there are no sanctions in Europe comparable to those in the US for penalising the hiding of asset trails that they have mastered for decades.

 

Earlier this month Zucman told Tages-Anzeiger, the Swiss newspaper, that based on analysis of published data, offshore money in Swiss banks has risen in recent years and an estimated “80% of European bank clients’ assets still aren’t being reported to tax authorities.”
http://www.finfacts.ie/irishfinancenews/article_1028007.s...

get the money where it is ..... in the Swiss banks before asking hardworking people to give their money to stabilize the budgets and markets and save the same banks (with offices in Switzerland)

Permalink | |  Print |  Facebook | | | | Pin it! |

do the new clean desk test to safeguard information

go here

Permalink | |  Print |  Facebook | | | | Pin it! |

digital warfare has become the most asymetric warfare ever

the main reason is that you can now buy the most professional attack tools - that will even bypass most defenses if they are not protected also by monitoring and intervening manpower - for a price everybody can afford - and with some additional cost you can launch the attacks from countries that have not the capacity to investigate and have no extradition agreements (unless you travel to the west if the underground businessowners or operators are identified)

"If an attacker can spend as little as $200 to execute an attack that could cost your organization $3.5 million, you’d better put some very serious consideration into how much you want to invest in defending against that attack.
http://www.csoonline.com/article/2457448/malware-cybercri...

it also means that only security by design from the start of any ITproduct or code is the only way in which the costs of keeping your data and networks secure is affordable

Permalink | |  Print |  Facebook | | | | Pin it! |

war leads to immense polluting now

in the Gaza

i

in Libya

in Ukraine where russian backed mercenaries and the Ukr army are fighting along an enormous chemical factory

https://www.youtube.com/user/akomarofff/videos

aside from the thousands of other rockets and bombs

maybe we should put an ecological tax on war ?

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine the battle for Donetsk has started

you can follow it on twitter at /mailforlen or with 190 sources (also in russian and ukr but mostly english) at mailforlen/lists/ukraine

this is the most important battle untill now and it seems that the Ukr troops are making slowly headway around the city, in certain districts of the city and are holding on to the airport (necessary to keep Russian transport planes from flying in new men and material although yesterday 100 (yes one hundred) Russian tanks, rocket launchers and vehicles were heading to Donetsk (near 1 million citizens but mainly defended by new and old mercenaries and russianbacked fighters and some locals). The political russian leaders of the Donetsk people republic have already fled the city and the city itself seems rather quiet (no manifestations of thousands of local citizens to show their support for example) as this leader of a militia says

this is the latest victory of the Ukr army by one of their most famous battalions

During the night there were heavy and intense battles around the city where the main rebel defenses were set up

https://www.youtube.com/watch?v=Pjzdeis9PaQ

this channel is also publishing new videos about the battles around (and increasingly nearer the center of) Donetsk https://www.youtube.com/user/eliezer861/videos

meanwhile the rumors of a russian invasion are increasing (again) and then number of Russian offensive troops at the border have also increased the last days - but the USA have said that they will now consider the demand from Ukraine for overt military assistance because of the continuous shelling of the Ukr border posts and the nearby positions of the Ukr army from inside Russia

this map shows why we are now really having the endgame - unless Putin really loses his nerves and sends in the troops - but some advisors around him have hinted that he will let the rebels fall if they loses Donetsk and this map also shows why

(and so you can think that the colomn of 100 russian armored trucks and rocket launchers are a kind of last support to be able to tell always the lie that he has done everything in his power to help them (which he didn't off course because the only way to help them was to invade because once the Ukr army got an elected president and new chiefs appointed by him and clear marching orders and the non-lethal military stuff from the US at the same time (and probably some strategic advice and intelligence)

 

the red lines are the regions hold by the russian militants and the red ---- is the border with Russia - while the blue ones are the Ukr forces

You see that the fighters from Gottvka are trying to join the fighters in Donetsk as they are getting isolated

you see that the Ukr army has two big strategic goals

* retake and hold on to the border posts and a security zone between the border and the rebel zones (which is why the russians are bombarding them because it gets every day harder to send men and material across)

* drive a wedge between the Donetsk rebel battalions and the Lugansk rebel battalions and you see that the rebel battalions are trying to keep a corridor open between them

*¨pushing further into Donetsk to keep the Battalions of Donetsk from attacking the Ukr forces who are creating the corridor with the Lugansk Republic

the Ukr military are a bit more prudent as this map shows

 

 

Permalink | |  Print |  Facebook | | | | Pin it! |

07/07/2014

#tor blackhat will show how broken TOR in fact is and why

those who believed the propaganda that TOR was a secure system never looked Under the hook and didn't read the news (who mostly didn't report it)

but there are major security issues with TOR and if TOR wants to be a real security and privacy alternative there is a huge investment of money and resources to be done

and some international technology player are earning so much money complying with dictatorships that they should invest part of that money in TOR to make it a real alternative for their big brother versions they are delivering the people living Under these dictators

source http://securityaffairs.co/wordpress/26395/hacking/tor-net...

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine Latvia first to open counterpropaganda center against Russia's infowar

"Latvia on Thursday said it would open a NATO-backed strategic communications center in the capital Riga amid fears the Kremlin is influencing the Baltic state’s large ethnic Russian minority over the Ukraine crisis.The center will focus on providing an alternative to the official Russian narrative on the crisis and should receive full NATO accreditation “by the end of the summer,” the Latvian defense ministry told AFP.

Concern runs high in all three of the formerly Soviet-ruled Baltic states that Russia is mounting a propaganda campaign to win over the region’s ethnic Russians, who account for around a quarter of the population in both Latvia and Estonia.

Prime Minister Laimdota Straujuma on Thursday said Russia was waging an “information war” in Latvia, which joined NATO and the European Union in 2004.“The Latvian government cannot allow foreign countries to meddle internally, undermining the state,” Straujuma told parliament. Lawmakers also backed legislation more than doubling defense spending to the NATO-recommended minimum of two percent of GDP by 2020.
http://www.defensenews.com/article/20140703/DEFREG01/3070...

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine non-existant Russian soldiers in Eastern Ukraine are giving a burial in Russia

they were killed during the last ATO campaign

you see that two of them are first and all military (on leave ?)

if the Russian state now pays a military pension to their widows, than they ackowledge the official character of their mission

http://blogs.ipress.ua/blogs/v_moskve_horonyat_soldat_45g...

Permalink | |  Print |  Facebook | | | | Pin it! |

since october more than 100.000 children from latin america entered the US

"Children arriving without their parents are transferred to custody of the Health and Human Services Department, which tries to reunite them with family members in the U.S. Both groups have often been allowed to remain in the U.S. while their immigration cases move forward, a process that can sometimes take years.

Migrants' willingness to surrender to authorities has created a system in which smugglers need only to get their human cargo to the American side of the river, rather than guiding them to a populated area.

Just since October, the Border Patrol's Rio Grande Valley sector has made more than 194,000 arrests, nearly triple that of any other sector. In the first week of June alone, agents in this area south of Mission arrested more than 2,800 people, most from Honduras, Guatemala and El Salvador, making it the highest-volume arrest zone on the entire U.S. border. More than 60 percent were children.

All through the night, government buses idle near the border wall — a mile or two from the river — awaiting loads of immigrants. The zone is patrolled by no fewer than six local, state and federal law-enforcement agencies, including gunboats crewed by Texas state troopers with night-vision goggles and the Border Patrol's white and green trucks. Helicopters swoop above the winding waterway.

But there's little cat-and-mouse pursuit. Every day, hundreds of immigrants walk up to agents, wave to their remote cameras or simply wait to be picked up on the side of a road like Trevino's group in the park
http://bigstory.ap.org/article/south-texas-shows-drama-be...

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine US needs to put the money for us to hear what their mouth says

Most glaringly, U.S. outreach requires resources in order to properly compete with that of Russia. Currently, the Voice of America’s Russia Service is funded to the paltry tune of just $13 million annuallya mere fraction of the $300 million a year that Russia Today alone is estimated to spend on its particular brand of “news.” At this level, U.S. public diplomacy toward the Russian-speaking world lacks anything resembling the scope and reach needed to counter the Kremlin.

 

The funds to do so, moreover, are readily available, tucked away in various corners of the U.S. government (such as the U.S. Agency for International Development’s now-defunct U.S.-Russia Investment Fund). They simply require attention from Congress in order to be repurposed and harnessed for public diplomacy purposes.  
http://nationalinterest.org/blog/the-buzz/wanted-real-war...
 
and Russia Today is only a small part of the total Russian propaganda machine which is enormous
the US have always thought that since the end of the Cold War it wasn't really necessary to mold public opinion, it would automatically come to them or distrust the Russians anyway
 
if there is one thing we have learned from the Ukranian war than that is that it is simply not true
there were so many sublte manipulations and so many frameworks and stratégies that were used during the crisis simply because they have Russia today and their other outlets
it was thanks to the social media activists that it was somewhat countered
and because the rebels themselves are a bunch of stupid freaks 
 
so in this new cold war there need to be a new information strategy
no talk about being on twitter and Facebook and all that
no a real information and mediaframing strategy as  basis for a real mediawar

Permalink | |  Print |  Facebook | | | | Pin it! |

#russia the russian secret erotic library for the politburo only

In the depths of the Russian State Library, Marina Chestnykh takes the creaking elevator up to the ninth floor. She walks past stack after stack of books behind metal cages, the shelves barely visible in the dim light from the frosted-glass windows. This is the spetskhran, or old special storage collection — the restricted-access cemetery for material deemed “ideologically harmful” by the Soviet state.

She arrives at a cage in the floor’s back corner. When she inserts a key in the padlock, the door swings open to reveal thousands of books, paintings, engravings, photographs and films — all, in one way or another, connected to sex.

It was the kinkiest secret in the Soviet Union: Across from the Kremlin, the country’s main library held a pornographic treasure trove. Founded by the Bolsheviks as a repository for aristocrats’ erotica, the collection eventually grew to house 12,000 items from around the world, ranging from 18th-century Japanese engravings to Nixon-era romance novels.

Off limits to the general public, the collection was always open to top party brass, some of whom are said to have enjoyed visiting. Today, the spetskhran is no more, but the collection is still something of a secret: There is no complete compendium of its contents, and many of them are still unlisted in the catalogue.
http://www.themoscowtimes.com/arts_n_ideas/article/inside...

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine belgium will block military exports to Russia during this conflict and France ?

Most of the EU’s other big exporters - Belgium, Finland, the Netherlands, and Sweden - have followed suit.

In Belgium, licences are granted separately by the regions of Flanders and Wallonia. Both regional authorities told this website they would block new Russia sales.

A Finnish defence ministry official, Arto Koski, said: “If there would be a new application … I think our answer would be negative”. A Dutch diplomat, Roel van der Meij, noted: “All new licence applications for export of military goods to Russia have been suspended”. Sipri, a Stockholm-based arms-control NGO, said Sweden, a British and US ally, would not have approved sales of sensitive items to Russia even before the crisis.

Pieter Wezeman, a Sipri researcher, noted that, unlike official embargoes, the "de facto bans ... can easily be adapted when the circumstances change again".

Commenting on the France, Igor Sutyagin, a military expert exiled from Russia on espionage charges who now works for Rusi, a think tank in London, said the Mistral deal is important because it includes transfer of high-end “command and control” technology He noted that Europe’s arms industry has a history of odd behaviour, with Britain’s Rolls Royce, for instance, supplying engines to the German airforce after the outbreak of WWII.

He added that if any Western ban is to have teeth it should target “dual-use” material instead of weapons.  He said European firm Eads makes components for Russian spy satellites, while Pentium, a US company, makes microchips for Russian military computers. IHS Jane’s Defence Weekly, a British consulting firm, added that France sells avionics for Russian jets and “electro-optic infrared” technology, used for surveillance and targetting, for Russian helicopters and tanks
http://euobserver.com/investigations/124883

Permalink | |  Print |  Facebook | | | | Pin it! |