- Page 8

  • this Warcat is coming for your unprotected WIFI to hack it

     

    "last month, a Siamese cat named Coco went wandering in his suburban Washington, DC neighborhood. He spent three hours exploring nearby backyards. He killed a mouse, whose carcass he thoughtfully brought home to his octogenarian owner, Nancy. And while he was out, Coco mapped dozens of his neighbors’ Wi-Fi networks, identifying four routers that used an old, easily-broken form of encryption and another four that were left entirely unprotected.

     

    Unbeknownst to Coco, he’d been fitted with a collar created by Nancy’s granddaughter’s husband, security researcher Gene Bransfield. And Bransfield had built into that collar a Spark Core chip loaded with his custom-coded firmware, a Wi-Fi card, a tiny GPS module and a battery—everything necessary to map all the networks in the neighborhood that would be vulnerable to any intruder or Wi-Fi mooch with, at most, some simple crypto-cracking tools.
    http://www.wired.com/2014/08/how-to-use-your-cat-to-hack-your-neighbors-wi-fi/

    by the way this is illegal in Belgium

    but it proofs that the technology is not only available to everyone now, it is also so small that you don't need a computer for it anymore in the discoveryphase

  • USB modems have no login for authentification and are easy to manipulate

    this is what this article says

    "He said the simple holes were unsurprisingly present in each high-end USB modem device he tested.

     

    "I fairly quickly found a CSRF (Cross Site Request Forgery) vulnerability that would allow me to make the modem send a text message to any number of my choosing, simply by having the user go to a website under my control," Lindh said.

     

    "Unlike WiFi routers, there is no login functionality for USB modems so I didn’t have to worry about bypassing authentication." The forgery attack forces users to run an attacker's commands while they were logged into their USB modem portal.
    http://www.crn.com.au/News/370886,corporate-usb-modems-open-to-sms-attack.aspx

  • domainname collision : the coming plaque and what to do about it

    so Icann who is mainly responsable for this because she refused to listen to the security community and sold several of the domainextensions that were untill now soleley used for internal networks like .intra has now put together a whole resource about domainname collision

    which is nice - but doesn't excuse her for taking this decision in the first place

    source

    "A name collision occurs when an attempt to resolve a name used in a private name space (e.g. under a non-delegated Top-Level Domain, or a short, unqualified name) results in a query to the public Domain Name System (DNS). When the administrative boundaries of private and public namespaces overlap, name resolution may yield unintended or harmful results.

     

    Name collisions are not new. The introduction of any new domain name into the DNS, whether a generic TLD, country code TLD or second-level domain name, creates the potential for name collision. However, queries for un-delegated TLDs at the root level of the DNS have received renewed attention because certain applied-for new TLD strings could be identical to name labels used in private networks. A secure, stable and resilient Internet is ICANN's number one priority. Therefore, we've made a commitment to the Internet community to launch a substantial effort to mitigate and manage name collision occurrence
    https://www.icann.org/resources/pages/name-collision-2013-12-06-en#resources

    the problem is that many purely internal networks with networknames will now sometimes have problems because the same domainname has been sold to someone else (for example bayer.intra can exist hidden and on the web)

  • why belgian datacenters will be looking for electricity where-ever it is available

    If someone has decided that some sabotage was in order to show that nuclear energy is not safe enough, or that we need more nuclear installations to safeguard our energy than that person has succeeded

    Belgium is now in such a critical situation with the winter looming that there is a real possibility that not all of Belgium will have the necessary electricity all the time. It is possible that some villages and smaller cities can be cut off the electricity for several hours like in Japan. There are procedures for that but that makes it necessary for you to set up your own procedures if you are impacted

    * a communication policy towards your clients

    * a backup hosting of your webservices on another server (preferably in Brussels or Antwerp two cities that will be the last to be impacted) 

    * a closedown policy for your applications and network and servers as a sudden closure could make you lose data or even corrupt applications

    some datacenters in Belgium are located in small villages and so if they didn't install generators (which give you time to close down slowly your applications and sites) or didn't have an electricity backup line in some more central critical line that won't be impacted, they will have a problem (and if you take into account the time needed to look at the market, make a decision, have the product installed and configured you better start now instead of waiting a few months)

    the other problem is that by cutting whole villages or small cities from electricity may cause pannick because it won't be sure if the emergency services and so on will continue to work

     

  • the #NSA took Syria off the internet by accident and what it means for Belgacomhack

    first you read this

    "In his Wired interview, Snowden alleged that the NSA attempted to infiltrate the Syrian internet via a core router at the state internet provider. “But something went wrong, and the router was bricked instead—rendered totally inoperable,” Wired wrote. “The failure of this router caused Syria to suddenly lose all connection to the internet – although the public didn’t know that the US government was responsible.”

    Snowden told Wired that it resulted in an “oh shit” moment at the Tailored Access Operations center, where NSA operatives feared the Syrian government would discover what they had done. “But because the router was bricked, they were powerless to fix the problem,” Wired wrote. Snowden told the Wired interviewer that NSA officials joked that should they be discovered, they would blame the outage on Israel.

    At the time, the government of dictator Bashar al-Assad, blamed the outage on “terrorists”, while opposition groups fighting Assad suspected his government itself was responsible
    http://www.theguardian.com/world/2014/aug/13/snowden-nsa-syria-internet-outage-civil-war?CMP=twt_gu

    than we go back to the facts

    * The same service of the NSA was involved

    * they targeted also the main Telecom provider

    * they also overtook routers

    we were only lucky that the NSA didn't Fuck up with our routers

    what does it proof

    that there is nothing as critical as the general routers of our telecom companies and the security and monitoring and auditing of those should be one of the highest priorities of the government

  • #ukraine the real strategy of Russian trolls is to stop the discussion not have a discussion

    "Russia-watcher Catherine Fitzpatrick, who documents Kremlin disinformation for InterpreterMag.com, says just as Moscow uses vague Internet laws to encourage self-censorship, trolls inhibit informed debate by using crude dialogue to change “the climate of discussion.”

     

    If you show up at The Washington Post or New Republic sites, where there’s an article that’s critical of Russia, and you see that there are 200 comments that sound like they were written by 12-year-olds, then you just don’t bother to comment,” she says. 

     

    You don’t participate. It’s a way of just driving discussion away completely,” she adds. “Those kinds of tactics are meant to stop democratic debate, and they work.”
    http://www.defenseone.com/technology/2014/08/inside-russias-disinformation-campaign/91286/

    and this is why it is in many online political discussion an explicit strategy of the attackers to discourage any attempt to have a meaningful discussion by just insulting, repeating worthless arguments and just changing the discussion in a shouting match.

    As long as you take those online discussion seriously and you treat the other persons as normal rational people you will be disturbed or freightened by these personal attacks, but if you just treat them as something out of a textbook that mindless propagandabots are just rewriting time and time again, than you can just respond by making a joke of them and not losing any time with them afterwards

    this is in my opinion another reason for the financing of these trolls, the reason is to keep you busy and to create diversions so that the real bloggers and tweeters from the other party are not too much occupied distributing and commenting real information

    Off course the biggest responsability lays with the media who should be more strict when somebody starts to insult others, when somebody has absolutely no quality information or thoughts to add, to block him or her out of the discussion but the costs of that are enormous

    in my view it would be better for the big newspapers and magazines and discussion forums to select the most interesting from what is coming in and only publish those or publish them seperately - so you don't have to go through a pool of mud to find the most interesting thoughts and information

  • US police uses IBM facial recognition to index every visitor of a music festival

    this is the technology by our friends of IBM which also gave Hitler the first populationindex technology (so much for ethics)

    the article tells more http://noisey.vice.com/blog/beantowns-big-brother

  • the US is giving China all the spytechnology it needs to prevent protests

    and China is spending lots more than any country in the world in installing spytechnology in public places and on the networks in a desperate attempt to be able to prevent or control public protests

    source http://www.wfs.org/futurist/2013-issues-futurist/march-april-2013-vol-47-no-2/chinas-closed-circuits

  • when a dickhead going jogging with Nike tracingtech, this shit happens

    source http://www.sfweekly.com/sanfrancisco/jogging-penis-tracing-nike/Content?oid=3079565

    what is next a bomb around buckingham palace, a vagina around parliament and so on ?

  • uber promises 3000 Euro a month to new drivers in the US

    "New drivers who sign with UberX could earn up to $5,000 their first month, guaranteed. That's according to the latest string of Uber billboards, which have been placed somewhat incongruously on Muni buses throughout the city.

    Five thousand dollars a month is no small change for a contract livery job. It's far more than the starting salary for a California public school teacher. It's more than the median salary for journalists. It's certainly a better paying gig than petty drug-dealing, though not quite as lucrative as high-profile ecstasy trafficking.

    It certainly beats driving a cab in San Francisco, though it's about commensurate with what one would earn driving a Muni bus. And it's still piddling compared to the $7,074 a month that a Facebook MBA intern might pull.
    http://www.sfweekly.com/thesnitch/2014/08/15/uber-promises-new-drivers-5000-a-month

    this makes it a transportcompany whatever the status or contracts of their drivers

  • technology : first he was in a wheelchair, now he is kind of walking again

    source http://www.sfweekly.com/sanfrancisco/ekso-bionics-multiple-sclerosis-pariplegia/Content?oid=3079551

    they call it private transportation

  • predictive policing when big police data becomes a tool in preventive policing but

    "One of the most important new weapons that police forces around the country are experimenting with is so called predictive policing—the use of data and statistics to determine the location, and possibly even the perpetrators of crime. It’s a trend that’s sweeping police departments across America. Reporters at San Francisco Weekly have shown that a lot of today’s predictive policing marketers are peddling products that don’t meet the expectations that those marketers are advertising"

    this article shows some examples from the us and the different problems with it, even if it has been done by a strong community information policy

    http://www.defenseone.com/threats/2014/08/will-predictive-policing-make-militarized-police-more-dangerous/91559/?oref=d-mostread

  • the satcom protocol used by satellites, airplanes and military has some interesting insecure features

    We have to call them features because some producers call them features as they sometimes to in other fields of programming :)

    the features are very interesting for hackers and attackers because they are so easy to use that it makes the attacks even more interesting because you don't have to do a lot of scanning and attacking to find a vulnerability for which you will have to wirte an exploit which you will have to get into the system or on the system

    no, those features make it for attacker very very interesting to single out those systems and they probably will because they are used in airplanes, military installations and satellites which are all things that the statesponsered cyberattackers are actually working on - even if they don't execute the attacks because they are only developed in case it is needed

    * backdoors - these undocumented backdoors are normally only known to the firm and they allow the engingeers and helpdesks of these firms to get into the systems and do upgrades or repaires. They are in fact only undocumented because they haven't been publshed by another securityfirm

    * hardcoded credentials - that is the big plague of the Internet of connected things in which is is very difficult and so expensive to make it possible for the user to change his password - off course you could do it on a webinterface but for programming this on your fridge webcam etc it needs not only some programming but also a set of update and securitypossibilities

    this is an interesting military article about it

    I wonder why these irresponsable firms can still deliver products to the US army if they leave backdoors and credentials open

    http://www.defenseone.com/technology/2014/08/hacker-shows-how-break-military-communications/90947/?oref=d-dontmiss

  • #ferguson should police always wear camera's to proof their (mis)conduct

    the camera looks like this (and there are also camera's) in the car when they are following a suspect or stopping a car

    A study published last April showed that complaints against police dropped 88 percent in Rialto, Calif., after that city began randomly assigning officers to wear body cameras. At the same time, use-of-force incidents dropped 59 percent.
    http://www.businessweek.com/articles/2014-08-14/after-ferguson-shooting-of-michael-brown-will-police-wear-cameras

    but the US firms producing this have now learnt from their international clients that the footage has to be on servers in the country of the client not in the US

    it also needs policies and other instruments and the camera must not be able to be shut off by the police officer

  • 5 consumerist policies to make the internet and your computer much safer

    this is out of an article by a securityguru who summed up 10 things but I think that 5 of them are much more essential and easy than some of the others

    http://www.defenseone.com/technology/2014/08/10-ways-make-internet-safe-cyber-attacks/90866/?oref=d-dontmiss

    1. Companies should be obligated to report big hacks (and be responsable for the consequences to their customers)

    2. Companies should be liable for making hackable software (just as with the car industry - test before you release)

    3. Software needs resilient fallbacks (in fact put service contracts behind everything)

    4. Abandoned software should be treated like abandoned stuff

    5. Make sure there is always an offline backup

  • in one map why an European-US partnership against cybercrime is essential

    when the two biggest victims cooperate they have most to win and less to lose

    https://www.recordedfuture.com/cyber-threat-landscape-forecast/

  • #snowden is afraid of NSA fatique but doesn't understand the Russian threat

    well it is normal that he doesn't understand because he is protected by the Russians and that is not some rightwing comment - I am not a rightwinger - it is just a matter of fact

    he says also that he is afraid that it is becoming a non-story and that people will not be interested as much but he doesn't understand - like some of his fellows - that since his disclosures the geopolitical situation in Europe has fundamentally changed  - just as was the case with the Echelon discussion (in fact the same thing as now but without the thousands of documents) when the European Parliament stopped the investigation just after the 9/11 because there were much more important factors at play

    Russia is a big unstable unpredictable and unreliable international factor again and if there is some-one who can predict what Putin or some of some satellites will say or do than he will earn a lot of money nowadays because he continues to surprise everyone time and time again with his statements, his initiatives and his blowing up of any sensible international organisation of diplomatic, economicn and military relations

    what to think of his declaration a few days ago that if necessary Russia will go beyond the bounderies of the international treaties it has signed ? How can you declare such a thing and still be trustworthy ?

    So we need a strong and efficient NSA but not against the internal threat but against threats like Russia and the ISIS and it needs to be overviewed, controlled, audited and limited and it needs to show returns on it investments

    This context of the real russian military buildup, propaganda networks and subversion in some East European states has changed the situation fundamentally and so the tone of the analysts and the politicians and the press have changed. We need now a good partnership with the NSA and the CIA and the US to be able to receive all necessary information to have a clear view of the Russian military buildup at our borders - even if we find it a waste of resources, time and manpower we can't deny that there is a Russian military buildup that we have to respond to (again) - even if we hope that one day all that will disappear and walls will come crushing down (again)

    and so we become less interested in dismantling the NSA than in reforming it and giving it - thanks to Putin - a new goal and future

    and again Putin has been stupid because if he would have waited a few years with all this stupid warmongering the NSA would have been dismantled into something that would take years to rebuild - the NSA may post a big poster of Putin in its Hall with the words 'we thank Putin for reminding us of our real mission'

  • #ukraine this is why it is strange to see so few satellite images with proof

    because there is a new technology breakthrough

    "The new satellite’s most important feature is its 30-centimeter resolution, which would “allow you to see not only a car, but the windshield and the direction the car is going. Something as small as home plate,” according to the company.

     

    While that 30-centimeter resolution isn’t sufficient to do computerized facial recognition from space—depending on the light, the angle and the analyst, pictures at that scale could help positively identify Russian military commanders operating in Ukraine. Or it could help illumine ISIL leaders like Abu Bakr al-Baghdadi. The U.S. military has a big interest in what’s called “non-permissive data collection,” which really means the collection of data about a subject without the subject’s knowledge

    http://www.defenseone.com/technology/2014/08/public-will-soon-be-able-buy-military-grade-satellite-images/91412/

  • #ukraine this is why it is strange to see so few satellite images with proof

    because there is a new technology breakthrough

    "The new satellite’s most important feature is its 30-centimeter resolution, which would “allow you to see not only a car, but the windshield and the direction the car is going. Something as small as home plate,” according to the company.

     

    While that 30-centimeter resolution isn’t sufficient to do computerized facial recognition from space—depending on the light, the angle and the analyst, pictures at that scale could help positively identify Russian military commanders operating in Ukraine. Or it could help illumine ISIL leaders like Abu Bakr al-Baghdadi. The U.S. military has a big interest in what’s called “non-permissive data collection,” which really means the collection of data about a subject without the subject’s knowledge

    http://www.defenseone.com/technology/2014/08/public-will-soon-be-able-buy-military-grade-satellite-images/91412/