- Page 3

  • why we need a global interdiction on certain trademarks in all domainnames (except from the real owners)

    just to make it much more difficult for the attackers to use legalsounding names to keep networkadministrators from interrogating the traffic or users from not clicking on it or letting it pass

    like eBay and Google and in other lists you will find other examples

    remember there will be close to a thousand new domainextensions soon

    all free to use any of the those names and confuse us and overwhelm our administrators and securitypeople

  • china is testing a new network man in the middle attack against Google searches

    "Until last month, CERNET users could access Google freely for research purposes, but there have been changes now, and users see a certificate expiration page when they search for something.

    The devices that are performing the attack are probably injecting packets near the outer border of CERNET, the place where it peers with external networks. Netresec said that it’s difficult to find out how the attack was planned, but DNS spoofing was certainly not used.

    There’s a chance that the IP hijacking method was involved, and it could be BGP prefix hijacking or a packet injection. Whatever method was used by them, they are certainly able to inspect the traffic going out to Google.

    Greatfire advised CERNET users not to bypass the certificate warning as the attackers could steal their Google information and could even access their email accounts. The website also advised people to use Chrome or Firefox because these browsers will not let them click through the warning page. They can also use Greatfire Google mirror to perform searches. Google mirror has been accessed by more than a million users to find information that has been blocked by China.

    so the question is how they do it because if the chinese can do it anyone else can do it

    and it could be used to get credentials to penetrate into a network - see what happened with the linkedin attacks against administrators of networks that the NSA had used

    it is not DNS spoofing but for the moment there is no more information - we will follow up on this  later

  • #ukraine no illusions about Mariupol, still a military-political Russian goal

    every day and night one or two attacks on checkpoints and military material

  • #ukraine Russian volunteers are paid to go on holiday to Ukraine (4K Euro)

    and an interesting monthly wage - if they survive

    if they are dead their family gets an undisclosed sum to shut up

  • this is why every incident or attack has to be monitored - followed up - in one image

    oh it is just another virus, we stopped it (we thought)

    oh it is that computer trying to get out again (looking only at the connections that are stopped)

    did you patch that computer last month ? oh it is planned for next month .....

    and that is why you need vigilant people at your monitor stations (showing the alerts, connections, stopped intrusions,...) vigilant as always with the mentality of the MATRIX, they are out there, they will come, they are maybe close or Inside, but it won't happen on my Watch or with my team


    the foothold is now also called a 'digital beachhold' like in an invasion

    just like in military strategy before the second world war they thought you could throw them back in the sea afterwards, but the second world war has shown that this is nearly impossible - or at an enormous loss - the prime military strategy is now to do everything so that there is no beachhold and that the invaders are kept on the beach but without advancing and attacking the boars behind them (to stop deliveries)

    the same goes for the digital business - once they have a beachhold in your network (going in and out at will, receiving new code and exploits and sending out new information (like your whole Active Directory or a whole network scan - with the vulnerabilities of each machine) will make it extremely difficult to find afterwards all the compromises and other hiding places that have taken place (making the costs of the cleanup enormous as in most cases much costly hardware just has to be replaced because even drivers or bioscode could be abused making the replacement as costly as resetting the machine (without every being sure with the old machine)

    If there are rumours that Belgacom is still penetrated by the NSA than it is exactly because they have maybe not replaced enough machines and have not seen all the 'implants' the hackers have left behind who act like 'sleeper cells' to be activated at a certain moment in a certain way'.

    SANS Internet Storms Center said years ago that a server that was impacted in a Professional way (and you can't find better hackingprofessionals than in state agencies) you better just throw away the machine and replace it with a new one because you will never find all the impacted code especially if the penetration happened months or years ago

    at the same time it is not a loss, because you get new heardware and maybe even a new OS with more security features


  • old versus new cybersecurity thinking in one image

    source  http://techcrunch.com/2014/09/06/why-breach-detection-ss-your-new-must-have-cyber-security-tool/?ncid=rss


  • this is why Captcha is a bad idea for anonymous services like #TOR

    this is how the owner of Silk Road on TOr was discovered

    people say don't mix driving and drinking

    well don't mix TOR with anything outside TOR

    you may crash during the ride

    "The IP address leak we discovered came from the Silk Road user login interface. Upon examining the individual packets of data being sent back from the website, we noticed that the headers of some of the packets reflected a certain IP address not associated with any known Tor node as the source of the packets. This IP address (the “Subject IP Address”) was the only non-Tor source IP address reflected in the traffic we examined.”

    “The Subject IP Address caught our attention because, if a hidden service is properly configured to work on Tor, the source IP address of traffic sent from the hidden service should appear as the IP address of a Tor node, as opposed to the true IP address of the hidden service, which Tor is designed to conceal. When I typed the Subject IP Address into an ordinary (non-Tor) web browser, a part of the Silk Road login screen (the CAPTCHA prompt) appeared. Based on my training and experience, this indicated that the Subject IP Address was the IP address of the SR Server, and that it was ‘leaking’ from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.”

  • famine because of #ebola may kill much more people

    "The world's worst Ebola epidemic has endangered harvests and sent food prices soaring in West Africa, the U.N. Food and Agriculture Organisation (FAO) said on Tuesday, warning the problem would intensify in coming months.

    The FAO issued a special alert for Liberia, Sierra Leone and Guinea, the three countries most affected by the outbreak, which has killed at least 1,550 people since the virus was detected in the remote jungles of southeastern Guinea in March.

    Restrictions on people's movements and the establishment of quarantine zones to contain the spread of the hemorrhagic fever have led to panic buying, food shortages and price hikes in countries ill-prepared to absorb the shock.

    "In the three countries severely affected by Ebola, the agriculture and food security situation is really deteriorating," said Vincent Martin, head of an FAO unit in Dakar that is coordinating the agency's response

    other articles are speaking of a total breakdown of the local economies

    and so it is not ebola that may be the real killer but the whole desintegration of the economy and the society because of the measures that have been implemented to contain it

    trying to solve it with just some drip-drop medical aid will not change this and will demand an enormous effort later on

    remember the first Ebola crisis was in isolated villages that were totally cut off from the rest of the world

    now we are faced with some Ebola infections in some cities with enormous populations, sparking more fears than reality shows us (only 2.000 people dead on a target population of millions if the doomsayers are to be believed)

  • the total impact if all US freetrade agreements negotations are successfull in one map

    source http://www.brookings.edu/blogs/brookings-now/posts/2014/09/why-trade-matters?

    this is also important because all of them have some copyright clauses with privacy impacts

  • #ukraine the best explanation why Kremlinology is back in vogue

    "On these terms, America is right to resist Russia if Putin seems truly bent on bullying his way to a redrawn map of Europe, but also right to try to keep working with Russia on matters of mutual concern such as Islamic militancy. And that same calculation will hold when Putin, as must happen eventually, exits the Kremlin, willingly or unwillingly, whether replaced by a new autocrat or a more democratic figure. Today’s heightened tension between the United States and Russia, conceivably the first chapter of a new cold war, with Europe as ambivalent as ever about its role, underscores that Russia is likely to remain one of America’s most vexing and formidable diplomatic challenges for a long time to come.

    the reason is that we need to know where we have to work together or get 'silent acceptance' and where we have to give 'silent acceptance' to who in the Kremlin to get what and to stop what

    it has and never will be a perfect science

    because the Kremlin has as many secrets as the Vatican

  • #ukraine the US hesitation gives Chinese warhawks more influence

    "For Colonel Fang, Russia has the initiative. The U.S. lacks military options, and “Russia does not fear,” according to this Chinese analysis. Russia’s “actual control” over Crimea is a decisive factor in the present crisis that the Chinese have not missed. True, some other Chinese analysts have been more circumspect, pointing to the prospect of major losses to the Russian economy (国际问题研究, April 2014), but many others, such as a Xinhua Russian expert writing in May 2014, seem to follow Colonel Fang’s interpretation and admire “Russia’s rejection of the West’s global leadership, its defense of its core interests, and its lack of hesitation in becoming the enemy of the West.” (军事文摘, May 2014) It might be impossible to determine definitively whether the Ukraine Crisis has impacted China’s risk calculus in hotspots such as the South and East China Sea, but the evidence discussed above certainly suggests that such eastern reverberations are quite plausible

    we forgot that before Ukraine everyone was looking to the South Chinese Sea for the next war or tension area and where - before the Krim invasion - the US was planning to replace its military forces (closing most of Europeans bases as not important enough) and planning to invest more in battle ships

    this has now all changed off course

    but the political leadership has not yet followed the military planners who are now transferring military hardware, knowledge and bases back to Eastern Europe (with Estonia becoming the next possible standoff with of without invasions, disruptions or incidents).

    The Chinese are looking very closely at what is happening - and they also know that untill the US election of 2016 they have a window of opportunity

    and they are not the only one

    but one should remember that the US was very late to become involved in the two world wars and only slowly became embroiled in Vietnam, saying that the big brother may be asleep but if he awakens it an mobilize or produce and enormous force

    after Ukraine, you can say that the big sleeping bear has one eye opened, saying 'huh what is that, I thought I was out of European war for another century ?' while sending some pics to the IS and playing with flowers about other conflicts 'I bomb him, I don't bomb him yet, I bomb him, I don't bomb him yet'

  • Israeli military occupation forces train US police organizations in crowd control

    "While Urban Shield has not disclosed the full list of participants for this year, organizers say that the past participation of numerous Israeli security agencies — including the Border Police Unit Yamam, which carries out extra-judicial assassinations of Palestinians — indicates that Israel is certain to play a role in this year’s gathering as well. Israel’s participation strikes an especially raw nerve for organizers given the state’s recent military assault on the besieged Gaza strip, as well as revelations that at least four law enforcement agencies deployed to Ferguson were trained by Israeli security forces.

    so strange and wrong : I would suppose it would be the other way round because the way the Israeli are treating civil disorders and public protests only adds to the violence and increases the influence of the terrorist groups (using guns against stones, seeking confrontation instead of cooperation to let the protests take place relatively peacefully)

    it explains the guns, the immediate increase in the kind of armor used and so on

    the US is not the same as the occupied Palestinian territories where there is always some change of shooters and the normality of violence before, during and after manifestations (provoked or not by the police or soldiers or by more radical fractions)

  • # spydevices on telecommunication networks in war theatres can be remotely exploded (Israel)

    "Israel remotely detonated a spying device planted in south Lebanon, killing a member of the Lebanese militant Hezbollah in the explosion, the group said Friday.


    Hezbollah Al-Manar TV said Hassan Ali Haidar was killed after army intelligence spotted a “strange device” in the village of Adloun. A jet detonated the device remotely after it was discovered, killing Haidar, it said.


    The Lebanese army confirmed the incident, but said the dead man was a civilian. It said Israel detonated the device “from a distance” through aircraft flying overhead. The device was planted on the militant group’s telecommunications network.

    so it will probably be an interceptor

    with the other advantage that when destroyed it will also destroy the infrastructure on which it was installed

    leaving also no fingerprints if correctly done

  • #ukraine the new spycams to be placed in many cars have become essential

    and this is one of the images he took the 3th of september

    prefering to take secondary roads well hidden

  • #ukraine the most bizarre US-Russian Miss election will be held in ... Crimea

    read more here


  • #ukraine Putin is not a communist but an extremist nationalist calling Lenin a traitor

    source http://www.newyorker.com/news/news-desk/putin-disses-lenin

  • #ukraine #MH17 Malasyian PM says intelligence reports are conclusive

    source http://online.wsj.com/articles/malaysia-says-intelligence-reports-on-flight-17-crash-pretty-conclusive-1409983490

  • #ukraine russian site indexes Russian "Missing on holiday" soldiers

    it is a thoughcrime in  Russia to speak about ot to ask too many questions

    according to some accounts they also are about 2000