- Page 4

  • brazilian botnet could have stolen 3.75 BILLION $ worth of transactions

    Researchers with RSA, the security division of EMC, said they have discovered a Boleto malware (Bolware) ring that compromised as many as 495,753 Boleto transactions during a two-year period. A Boleto is essentially a document that allows a customer to pay an exact amount to a merchant. Anyone who owns a bank account - whether a company or an individual - can issue a Boleto associated with their bank.

    Though it is not clear whether the thieves successfully collected on all of the compromised transactions, the value of those transactions is estimated to be worth as much as $3.75 billion USD.

    "The first signs of its existence appeared near the end of 2012 or early 2013, when it began to be reported in the local news media," according to a whitepaper RSA released today on the malware. "The RSA Research Group analyzed version 17 of the malware, gathering data between March 2014 and June 2014. The main goal of Boleto malware is to infiltrate legitimate Boleto payments from individual consumers or companies and redirect those payments from victims to fraudster accounts."
    http://www.securityweek.com/cybercriminals-may-have-stolen-billions-brazilian-boletos

    read that  3.75 BILLION DOLLARS

    since 2012 and nobody is taking this serious enough ?

    this is fraud worthy of the worldcup :)

  • how to disarm advanced windows protections (EMET) and take over a computer afterwards

    "EMET is designed to prevent software vulnerabilities from being exploited by using various mitigation technologies, including Structured Exception Handler Overwrite Protection (SEHOP), Data Execution Prevention (DEP), Heapspray Allocations, Null page allocation, Mandatory Address Space Layout Randomization (ASLR), Export Address Table Access Filtering (EAF) and Return Oriented Programming (ROP) mitigations.

    Research papers such as "Bypassing EMET 4.1" and "EMET 4.1 Uncovered" detail mitigation bypass methods, but Offensive Security has focused on disarming EMET, rather than on bypassing mitigations, as this method gives an attacker the ability use generic shellcodes such as the ones generated by Metasploit. This also represents a generic way of disabling all protections, and "not having to rely on functions that are not critical to EMET when trying to defeat the MemProt ROP protection, especially when having 'Deep Hooks' enabled," the company said.

    The researchers managed to disarm EMET and get a shell after finding a global variable in the .data section of the EMET.dll file. The said variable, which is located on a memory page marked with read/write permissions, acts as a switch to enable or disable all the ROP protections at runtime.
    http://www.securityweek.com/researchers-disarm-microsofts-emet

    the article gives more information and links to the exploit code and a video tutorial

    EMET is only the very last protection so it is even more important that your first defense (firewall, proxy, application control etc....) is strong and Advanced

    EMET will not protect anymore if these défenses are bypassed or too lax.

  • NSA spies on everybody who uses TOR servers or even the TOR website because they are extremists (new documents)

    Google translate http://daserste.ndr.de/panorama/archiv/2014/Quellcode-entschluesselt-Beweis-fuer-NSA-Spionage-in-Deutschland,nsa224.html

     "Based on a secret source code of the NSA WDR and NDR were able to identify victims of the NSA surveillance, especially in Germany. One of them is the Erlangen Student Sebastian Hahn, who in his spare time engaged in encryption technology. He is by Angela Merkel, the first known victim of the NSA.

    Basis of the research is a part of the source code of the monitoring program XKEYSCORE, NDR and WDR exclusively present. The source code is the foundation of software.

    For the first time the public insight gets so into the closely guarded operation of the NSA software developer and in how monitoring victims are attacked specifically.

    Erlanger student targeted by the NSA
    Sebastian Hahn devotes his free time with encryption technology, he runs a server for the Anonymierungsnetzwerk goal. That's what has made him the target of the NSA.

    Sebastian Hahn is advised because of his hobbies in the crosshairs of the Americans. He runs a server for the Tor anonymizing network, the users try their mark on the Internet to blur. In particular, human rights in countries like Iran are dependent on this program.

    The IP address of a server operated by Hahn is precisely defined in the source code of Xkeyscore than to be monitored object. The Target: All users, every day hundreds of thousands who access the TOR server provided by Hahn are specially marked by the NSA, their connections saved. The NSA filters out so that everyone who uses the anonymizing network. This land, according to research from NDR and WDR then in a special NSA database. Sebastian Hahn finds the spying "shocking". Because he wanted to do something good, he random "in the focus of the intelligence services. This is a huge invasion of my privacy."

    In addition to the IP address of Sebastian Hahn there is yet another German IP address, that of the Chaos Computer Club.

    Whether Sebastian Hahn was spied from German soil, present from the NDR and WDR source code, however, can not be read.

    Thomas Stadler, lawyer specializing in IT law, sees a "suspicion of intelligence agents work". The lawyer specializing in IT law, Thomas Stadler, sees a "suspicion of intelligence agents work". The Attorney General expressed only in general: it was examining all instructions.

    The XKeyscore source code also shows how easy it is to fall into the pattern of the NSA. Because not only permanent user of this encryption software become the target of the secret service. Anyone who wants to visit the official Torwebseite and merely inform is highlighted. In the case of other encryption providers already forwards the request to a search engine to act suspicious for the NSA.

    With the source code can be proven beyond reasonable doubt for the first time, that the NSA is not only so-called metadata, ie data connection reads. Be used emails to connect to the Tor network, then according to the programming command, including the contents of the so-called E-body are evaluated and stored. The relevant quote from the source code is:

    The source code contains both technical instructions and comments of the developers that provide an insight into the mind of the NSA. Thus, all users of such programs with "extremists" equated.

    On request, the NSA shares with only general, you keep strictly to the law and the "privacy and civil liberties always be considered in the computer monitor."

    It is worth noting that this application Tor network is an original idea of ​​the U.S. Navy and is funded until today, with around 800,000 dollars a year from the U.S. government.

    Months ago, the "Guardian" had already reported on attempts by the NSA to spy on users of the Tor network, but without knowledge of the source code."

  • the control over the Snowden documents seems lost

    First we thought that the documents had been given to one journalist Greenwald, than it surfaced that several journalists of several papers have different collections from the total cache

    and just as with Wikileaks and the diplomatic cables

    it seems that the cache or big parts of it have been copied and wandering around and that some activists are really thinking about releasing them all (or all they have because nobody has told exactly how many documents are in which stack held by which journalist)

    this means that our first comment that all the lost documents should be considered compromised and that the services impacted by this loss should act as if these documents are in the hands of their enemies or will become public soon

    it also means that the editorial, legal and political vetting and considérations of different international media has been bypassed now and that it will be up for each which documents are of internest to them - even if nobody hadn't published anything about them

    this is an interesting discuccion on twitter

  • biological warfare : US army is working on superblood to stop infections

    "A new study funded by DARPA, the scientific research arm of the military, has figured out how human red blood cells can be modified to produce and deliver protein antidotes and other antibody-based medicines throughout the body. With blood transfusions, these cells could theoretically neutralize biological toxins for soldiers on the battlefield.

     

    "We wanted to create high-value red cells that do more than simply carry oxygen. Here we've laid out the technology to make mouse and human red blood cells in culture that can express what we want and potentially be used for therapeutic or diagnostic purposes," Harvey Lodish of the Whitehead Institute for Biomedical Research in Massachusetts told the Independent.
    http://mic.com/articles/92685/darpa-has-genetically-engineered-super-blood-to-protect-soldiers-from-a-major-threat

  • the big problem with the way Google implements the oblivion-obligation and how to bypass it

    "This morning the BBC received the following notification from Google:

     

    Notice of removal from Google Search: we regret to inform you that we are no longer able to show the following pages from your website in response to certain searches on European versions of Google: http://www.bbc.co.uk/blogs/legacy/thereporters/ robertpeston/2007/10/merrills_mess.html

     

    What it means is that a blog I wrote in 2007 will no longer be findable when searching on Google in Europe.

     

    Which means that to all intents and purposes the article has been removed from the public record, given that Google is the route to information and stories for most people. So why has Google killed this example of my journalism?

     

    Well it has responded to someone exercising his or her new "right to be forgotten", following a ruling in May by the European Court of Justice that Google must delete "inadequate, irrelevant or no longer relevant" data from its results when a member of the public requests it.
    http://www.bbc.com/news/business-28130581

    so it seems that who-ever can ask for it and that it is more or less automatically done without further investigation

    there is nobody you can call to protest or to change the post (by changing the name with inititials for example)

    there is no procedure that is published for those who are the victims of this

    there is no difference between press reports and comments or other personal stuff that was published somewhere

    they didn't think it through

    so if you want to go to an uncensored Google, you should go to

    and if you use Google in your website you should change it to the world edition and US edition and not the EU one

    it means you have to seperate clearly the comments from the content so that Google forget the commentspage without having an impact on the article itself

    it means that we have to say goodbye to

    and set our Google now to this

    Under the page - if you have a Google account you will find use Google.be or french or uk or whatever

    or use Google.com the general server

    if you are looking for a french version you can also try https://www.google.ca/

    and so on (oh you can suppose that Google.ru and Google.cn aren't censored like that :))

    so the only result is that people who know how to search will never search on the European Google platforms or will always doublecheck on the international ones

  • Privacy international and some small iSP's file a legal complaint in the Belgacom case

    They also do it about the other Snowden relevations about the interceptions in Germany and so on.

    But that they do it citing also the Belgacomcase is a bit strange because Belgacom should have filed a complaint. Belgacom has filed a complaint but against unknown (X). This is strange because there is ample proof of leaked documents that it was a NSA-UK operation from the beginning till the end, which would have enabled them to file a complaint against the GCHQ in the UK so that they or the government would have to answer it and refute or confirm the documents.

    The number of ISP's doesn't impress me much because no major ISP has participated in the complaint and this is understandable because all the major ISP's are working with the NSA, GCHQ or another intelligence institution and a legal complaint and trial could make it possible that more information would become public because once you are in the box you 'have to tell the truth and nothing but the truth' except if you want to go to prison just for not telling the truth

    this is also the reason why in Belgium we need a coalition of organisations that would make it possible to file complaints when our data has been leaked or it is known (or not yet) that information or networks are too vulnerable to stay in operation and should be 'plugged off'.

    the complaint is against the global surveillance and interception methods that are being used, which are Under any situation not only illegal, very expensive, not always productive but also very dangerous

    source http://www.bbc.com/news/technology-28106815  nothing quoted

  • the international financial industry is now turned upside down by US antifraud law

    "Observers said fund managers are becoming more conservative in the wake of global developments such as the U.S. Foreign Account Tax Compliance Act and other U.S. efforts.

    Following large settlements paid to the U.S. by Credit Suisse Group AG and BNP Paribas SA, "Other countries are getting angry about the size of the fines and are grumbling about retaliation," said Jonathan Lachowitz, a cross-border investment adviser based in Lexington, Mass., and Lausanne, Switzerland.

    Mutual funds are regulated differently from other investments and could be a target, he said.

    David Kuenzi, an investment manager in Madison, Wis., who works with Americans abroad, said that selling U.S. mutual funds to those investors had long been prohibited. "But it was matter of 'Don't ask, don't tell.' Now the firms are getting more aggressive about compliance," he said.

    A spokesman for Putnam Investments said the firm is no longer accepting additional investments into existing accounts held by non-U.S. residents.

    The spokesman said the changes were made "in accordance with U.S. anti-money-laundering and 'Know Your Customer' policies" and in response to recent tightening of European laws limiting sales of funds not registered in their jurisdictions.
    http://finance.yahoo.com/news/fidelity-bans-u-investors-overseas-230700640.html

    this is a fundamental change that will change the Financial industry for ever - especially after the enormous fines that BNP-Paribas has received and which are the real incentive for every US firm to abide by the rules nobody cared about before.

    this is a bit like our information securitypolicy - don't ask and we don't do anything and as long as there are no fines, we really don't care

    and you just need one big victim paying a big fine to get a whole industry moving out of fear of being the next one

  • boycot Putin FIFA 2018 now - Stop the War Machine - NO JUPILER ANYMORE

    source http://www.boycottputinnow.com/inbev/

    No more Jupiler for me - there are other beers but check if it isn't part of Inbev

    and no vodka either

  • will Greenwald be able to publish his bombshell

    Greenwald has announced that he will publish the most atomic of all the relevations that have come out from the Snowden documents (if you have forgotten everything that was published in 2000 about the NSA that is because in fact it only shows that with the expansion of the use of the internet, the NSA has only adapted to the new situation and possiblities).

    so after building up the pressure and hype, this happened

    "At midday on Monday, journalist Glenn Greenwald announced that revelations he has termed among “the most important” to result from documents leaked by NSA whistleblower Edward Snowden would be published at midnight. However, despite the growing anticipation on Monday and just hours prior to the expected publication, Greenwald went back to Twitter and announced:

  • the first big US commercial victim of Snowden : Verizon loses contract in Germany

    "Germany announced Thursday it is canceling its contract with Verizon Communications over concerns about the role of U.S. telecom corporations in National Security Agency spying.

     

    “The links revealed between foreign intelligence agencies and firms after the N.S.A. affair show that the German government needs a high level of security for its essential networks,” declared Germany’s Interior Ministry in a statement released Thursday.

     

    The Ministry said it is engaging in a communications overhaul to strengthen privacy protections as part of the process of severing ties with Verizon.
    http://www.mintpressnews.com/germany-fires-verizon-nsa-spying/193184/

    The contract is being awarded to Deutsche Telekom.

    It could become an example for other governmental contracts with US providers worldwide. The problem is that Under the US law the US firms are obliged to give the information the NSA and other intelligence agencies may ask wherever it is stored.

    The only way to counter this is by splitting the company in many seperate parts so it isn't possible for the US company to ask its European Partner for that information. The only link between the two firms would be the royalties the European company would have to pay to the US company for using its products, information and so on. The disadvantage of this would be that the European countries would hardly get any income out of this because this will be used - as is even the case now - to empty the other companies of any gain by setting these royalties so high that these companies would hardly make any profit.

  • Russia implements a chinese wall for webservices

    "

    Last night, the Russian State Duma (parliament) passed the first bill requiring that the personal data of all Russians should be stored inside the country.

     

    The effects of the bill, if passed, would be wide-ranging, touching just about every international service used by Russians. Essentially, it would mean that Facebook, Google or any other international online service – including apps – used by people in Russia would need to have physical servers inside Russia’s borders.

     

    Furthermore, these non-Russian companies would not be allowed to send data outside the country unless they can provide certain guarantees on data storage inside the country. For those who do not, the state telecommunications agency Roskomnadzor will require carriers to restrict access to those services.

     

    The bill also proposes amendments to laws covering personal information and data protection.

     

    A rough Google translate version of the key part of the bill says:

     

    “When collecting personal data, including through information and the internet telecommunications network, the operator is required to provide a record that the systematization, accumulation, storage, updating and retrieval of personal data of citizens of the Russian Federation, is held on databases located in the territory of the Russian Federation.”

     

    If this law is enforced to the letter — it would take effect in September 2016 — it could mean a fundamental change to how both international and Russian tech companies use international hosting services, not to mention huge costs for implementing the changes.
    http://techcrunch.com/2014/07/02/russia-moves-to-ban-online-services-that-dont-store-personal-data-in-russia/?ncid=twittersocialshare

    This does not only have an effect on the webservices and apps who would need to store that information in Russia and Russia alone (and according to the Russian laws make it available for surveillance, becoming in fact a Partner or collaborator in the limited democracy autocracy of Putin)

    it will also have an impact on anyone working in or with Russians or working from Russia.

    If one is really interested in extending democracy a big investment in Tor services and access is one option to bypass these and other limitations.

  • this is why a speculator has bought from the FBI the bitcoin cash of Silk Road

    The 13 million dollar worth of bitcoins that the FBI had seized from Silk Road was auctioned off for the first time.

    'With just 13 million bitcoins in circulation, it can be hard for new companies to buy large chunks of the digital currency without driving prices up. But the arrangement with Draper will help Vaurum provide its clients with easier access to bitcoins. “It’s still quite difficult to get access to bitcoin in these developing economies, Bhama wrote in blog post announcing the news, “and that’s exactly where it is needed the most. Our goal is to build reliable infrastructure and increase liquidity, which are two major challenges in the ecosystem.”
    http://www.wired.com/2014/07/vaurum/

    he will use it for his own service company that sets up bitcoin exchanges for companies

    before they would have found it to hard to enter the market because there would be not enough bitcoins available for them to have immediately a critical impact on the market

  • Netflix opensources its own tool to manage Amazon Cloud accounts securily

    "Netflix has open sourced another member of its “Simian Army,” the monkey-monikered tools its engineers use to manage the enormous number of machines that drive its popular video streaming service. The latest is called Security Monkey, and it’s a tool for monitoring and analyzing the security of its systems.Like others in the family, the tool is designed to deal with machines used through Amazon’s cloud computing service. Netflix operates several dozen accounts on the Amazon cloud, and through each of these, it can spin up virtual servers to run the various parts of its video service. The company is constantly deploying new code, adding new services, deleting old ones, and modifying server configurations. Each of these tasks can create security vulnerabilities, and that’s where Security Monkey comes into play. The tool could potentially help any company that runs its operations atop Amazon and other cloud services—and such companies are only becoming more prevalent.

    http://www.wired.com/2014/07/security-monkey

    http://techblog.netflix.com/2014/06/announcing-security-monkey-aws-security.html

    https://github.com/Netflix/security_monkey

  • the website of the supersecure snowdenlike linuxOS Tails was defaced

    security is not something you talk about

    and your website security is just so essential because it could be the backdoor to information or the place where you insert malware code or real spyware against the users

    it shows again that some good initiative is putting enormous resources in coding and community work and not enough in real practical annoying security

    source http://thehackernews.com/2014/06/tails-operating-system-website-has-beed.html

  • why we need an Europal instead of paypal as universal payment method (protonmail)

    Paypal has decided to freeze a 275.000 $ startfund of Protonmail, based in Switzerland, that would deliver an end-to-end encrypted mail service and wouldn't have to give the US government any information like US companies are obliged to under US law (even if these servers are based elsewhere and the people or organisations involved are not American).

    source http://thehackernews.com/2014/07/paypal-freezes-275000-campaign-funds-of.html for picture of image

    mynotes

    the same was true with Wikileaks which was blocked by Paypal as other creditcompanies without any official request from any government or judicial authority. They did it based upon their conditions of use and so on (which are so vague they could be used against anything if they wanted to)

    So in the whole rethinking of the internet by the European strategists and democratic activists it is clear that we need a normal financial service like paypal but based in Europe (Switzerland or Luxembourg for example). No, we don't need bitcoin or any other *coin alternative without any reglementation and supervision and even internal security.

  • off course the list of target countries and organisations is long for any spy organisation

    you should really start making a difference between surveillance and espionage

    every spy organisation has the duty to spy and there is nobody having a real problem with it because that is what to they do - since the beginning of history - and that is why every country has a spy agency to find them out, mislead them and block them - if necessary and possible

    surveillance is something totally different because in surveillance you control a whole population or datatraffic whatever the purpose or reason that you are spying. surveillance is something that is done by our own states and according to the democratic and judicial framework of the state (in the hope that it is a democratic country)

    so what is all the fuzz about ?

    it would be really astonishing if the NSA had no right to spy on targets in all these countries and organisations if that would have been necessary or could have given some interesting information

    oh Belgium is in it, but Belgium is one of the toptargets in any spy-organisation (even of our neighbours) because we are host to so many international institutions that any spy organisation worthy of that name has Belgium high on its list. it wouldn't even be possible to explain to any specialists why we shouldn't be.

    If our intelligence services have the resources and people to stop all those spies and intelligence operators and networkers wandering around in Brussels is another matter

    the hacking of Belgacom and intercepting or taking control of the total communication flow is surveillance and that is a step too far but - if true - only extracting information about some specific telephone numbers that used this network is just logical for a spy organisation

    it also means that the trust and cooperation between the different democratic spy organisations is not great that they have to undertake such operations to get information that could have been simply asked for

  • #ukraine and the threat of war is there again (not before the end of the world cup)

    no, you don't have to worry they won't interrupt the matches of the world cup for breaking news that Russian tanks have now officially entered Ukraine - even if every day a few new Russian tanks are crossing the border as gifts to the militia's. This is also the reason why it is taking so long because we are no longer talking about simple guerilla's or terrorists but about militia's having tanks, mortars and longrange anti-tank guns and ground-to-air missiles that are being used. This changes naturally the possiblities of attacking them and the dynamics of the battle.

    the reason is that they have to hold out untill the middle of July because the Russian Army is regrouping its troops at the Ukranian border (according to NATO and the Pentagon) and all this is just the mathematics of the logistics. How many tanks can you move from point 1 to point 2 with all the facilities for the people and the necessities for the hardware (like fuel). And we are not speaking about a few tanks here and there but about hundreds or thousands of tanks and people and trucks and so on that have to move and be prepared and approvisioned to be able to continue its attack inside Ukraine without having to wait for fuel or ammunication

    all the rest is just propaganda and trying to get the best image possible in the international press and if that is not possible to have the best framework possible to be able to sell it more easily to their own public and the not-so-interested public in the west (who only read a few headlines).

    it was not the president who broke or ended the ceasefire. There was no ceasefire because the firing never ceased and the only effect of the ceasefire was that the governmental troops couldn't go on the offensive which meant that their actions were very limited. The ceasefire was also necessary for the Russians to bring in more arms and tranks across the border withoiut being noticed or stopped.

    these are not terrorists, guerilla's or so on. They have tanks, mortars and all kinds of specialised hardware. So don't feel sorry for them. They can defend themselves and they even attack military positions all the time.