10/20/2014

Korea may have to rebuild a totally new Electronic Identity card system after hack

"After an avalanche of data breaches, South Korea's national identity card system has been raided so thoroughly by thieves that the government says it might have to issue new ID numbers to every citizen over 17 at a possible cost of billions of dollars.
http://abcnews.go.com/Technology/wireStory/south-korea-id...

and it is for this reason that one has to be prepared for the worst

if in belgium our EID system would get hacked we would have to change the whole DB because the Rijksregister- numbers aren't really strong enough

but there is even no clear documentation about what one should do if one loses all of its digital information online, inclusive the EID information. Does one get a new EID and a new Rijksregister (unique) number ?

when half a million data of belgians were stolen and we didn't know what has effectively stolen, nobody knew what should and would happen if the hacker would have published the EID information online and how these EID's could have been replaced

 

Permalink | |  Print |  Facebook | | | | Pin it! |

privacyrights of customers of banks in the US is enforced with fines of millions

"In a sanction that can serve as a wake-up to the financial industry, Verizon Communications last week agreed to pay $7.4 million to end an investigation that found it failed to tell two million new customers about their privacy rights before using their information for marketing purposes, the Federal Communications Commission said.

 

The privacy probe highlights the vigilance that must be paid to consumer privacy rights to meet regulators’ requirements. Although the financial industry mostly answers to different regulators, it too is subject to laws and regulations protecting the privacy of its customers.

 

The FCC said its investigation found that these phone customers, starting in 2006, did not receive proper privacy notices in their first bills. The notices would have told consumers how to opt out of having their personal information used to tailor marketing offers, which the company later sent to them. Compounding the lapse, the FCC learned, Verizon failed to discover these problems until September 2012 and failed to notify the FCC of these problems until January 18, 2013 — 126 days later.
http://blogs.reuters.com/financial-regulatory-forum/2014/...

take that - you didn't comply - you pay

Permalink | |  Print |  Facebook | | | | Pin it! |

how botnets use dynamic webhosting to connect to their IP addresses

"FireEye studied a sample 100 active CnC domains for njRAT (includes LV categorisation), XtremeRAT, njw0rm, h-worm, and DarkComet that threat actors used against our customers. Though advanced threat actors are also using these tools, we surmise that various individual hackers and hacking teams are largely conducting these activities for notoriety hacking, hacktivism, cybercrime, or hobby hacking, and not targeted data theft from an APT campaign. Domain resolutions for the 100 dynamic CnC fully qualified domain names (FQDNs) revealed more than 20,000 historical IP resolutions, suggesting that these actors use dynamic domains for connectivity via their local Internet service provider to their personal computers

Nearly all the C2s domains used a dynamic domain name system, such as no-ip, dyndns, adultdns, zapto, sytes, servequake, myvnc, with a number of the FQDNs individually resolving to hundreds of IP addresses. The sample set of FQDNs resolved to more than 20,000 IP addresses in our historical data and possibly indicated the origins of the activity given the apparent direct use of local Internet service providers. For example, in one case involving
more than 600 FQDN-IP resolutions, more than 500 of the IPs appeared to be Jordan-based IPs.  FireEye also found cases in which additional FQDNs simultaneously resolved to the same IPs as some of the identified C2 FQDNs."

Fireeye regional threat report  http://www.fireeye.com/info-center/

so if you block in your proxy access to these domains you normally don't need at all, than you limit the possibility of connecting an infected workpost with a botnet control and commandcenter

 

Permalink | |  Print |  Facebook | | | | Pin it! |

10.000 new shops every month sells fake pharmacy thanks to corrupted staff of Visa and Mastercard

Group-IB detects 10,000 new online stores selling fake pharmaceuticals every month. "The counterfeit stores will collude with employees of processing centres and legitimate online stores to skirt the rules of international payment systems like VISA and MasterCard, which prohibit payment for unlicensed medical sellers," Group-IB reports.
http://www.theregister.co.uk/2014/10/16/russian_cybercrim...

the report says that in fact the international payment systems like Visa and Mastercard have an internal corruption problem because according to the report they are making it possible for these fake pharmacies to use the creditcard system while they should normally be blocked.

that is a reason to make these controls automatiic which would block that human intervention

Permalink | |  Print |  Facebook | | | | Pin it! |

targeted malvertising : from take-one who comes to get only the ones you want

"Invincea researchers said that in the last two weeks of September they had detected up to six malvertising attacks that targeted one aerospace contractor and saw similar attacks against two other military contractors. What is clear is that perpetrators are turning to the demographic targeting tools available to any online marketer, taking advantage of real-time advertising bidding networks, which work like stock exchanges for marketers, to place malware-laced ads that target specific organizations or audiences
http://www.reuters.com/article/2014/10/16/us-cybersecurit...

well the military complex is however a target anyhow anyway anytime and if malvertising is the best backdoor to slip through the defenses and to reach the readers of the websites inside the networks or even with the best individual defenses on their computers, than they will use malvertising

the advantage of malvertising is that you can use marketing in a reverse way, not to include as many people you want but to exclude as many people you don't want

Permalink | |  Print |  Facebook | | | | Pin it! |

these two numbers show that Belgium is under cyberattack but in fact doesn't care

A new Coalition against cybercrime has seen the light today. They will do what all the other coalitions of private companies and public organisations do, organize congresses and produce paperwork. This gives everybody the impression that we are doing something and that we are making a difference. (sorry my cynism but seen that, heard that all before). 

what did they in fact announce today

well that this year 3.5 billion Euro in Belgium was lost because of cybercrime, well it is a beautiful figure and one that is making headlines everywhere, but can you proof that ? Does this mean that our citizens have paid each hundreds of Euro's to cyberscammers to deblock their computers ? Does it mean that our banks have been plundered ? Numbers don't mean a thing and if they are launched like that they lose any meaning and you have to inflate them every time just to make us look up and wander. 

Than they give some other numbers, which are in fact the reason that according to them that number is so high. 

But I think that number is way too high because according to this article the most aggressive and professionalised cybercriminals, the Russians made only 2.5 billion dollars in a year and most of it was in the US because of the POS and the ATM's which are much more difficult to hack in Belgium (because the creditcards are more high secure, even if the POS stations look to be cutting the secure cord more and more for something wireless) 

"The Russian hacking industry brought in $2.5 billion between mid 2013 and mid 2014, thanks in large part to the Target breach, according to a report released today by Group-IB. http://www.darkreading.com/russian-hackers-made-$25b-over...

"CERT.be a ainsi reçu 751.000 signalements d'ordinateurs infectés durant le premier semestre de 2014. En moyenne, 614 incidents ont été rapportés chaque mois, soit une hausse de 80% par rapport à 2013.Selon une enquête de la FEB, 66% des entreprises sont insuffisamment informées pour développer une approche efficiente de la cybersécurité. Plus des trois quarts ne connaissent pas la réglementation et les instances compétentes.http://datanews.levif.be/ict/actualite/la-cybercriminalit...

In the first semester of 2014 there were 751.000 Belgian computers infected. This is around 150.000 each month. And they have about 614 incidents each month which is 80% more than last year. Meanwhile nothing has changed and the national cybersecurity is not there, the CERT is still not sure of longterm financial stability, the privacycommission has no extra resources and powers, the FCCU cybersecuritypolice is under financial attack for its resources and must I go on ? 

The firms are not doing much better. THe federation of the business owners says that more than half of its members doesn't have an effective strategy about cybersecurity and 3/4 don't even know their reglementation.  HUH ? This means that 9% has an effective cybersecurityplan but doesn't know the reglementations they fall under ? How is that possible ? Oh, it is another of these surveys in which you call somebody in the firm and ask him questions for which he has no time, doesn't really understand the impact or gives negative answers to get a more positive look inside the firm (yeah, we are with the few companies that have a plan even if I said on the phone that we didn't (because I think it sucks but I am not going to tell my boss that)). 

so what is the use of such communication ? 

more blablablabla and comments that we ought to do something and more roundtables and whitepaper and more new ideas that have been coming back and forth for the last ten years

and so we are going back and forth for the last ten years, losing time and being able to do very little

just enough to keep this Titanic from colliding with the Iceberg

and if we do, there will be no captain because they are all at one or another congress, presentation or roundtabe 

the freedom of speech is also the freedom to doubt and to question because without questions the debate and research doesn't advance (for those who would take it personally) 

Permalink | |  Print |  Facebook | | | | Pin it! |

one quote that explains Europe's present weakess versus Russia

"Our mistake was not to humiliate Russia but to underrate Russia's revanchist, revisionist, disruptive potential. If the only real Western achievement of the past quarter-century is now under threat, that’s because we have failed to ensure that NATO continues to do in Europe what it was always meant to do: Deter. Deterrence is not an aggressive policy; it is a defensive policy. But in order to work, deterrence has to be real. It requires investment, consolidation, and support from all of the West, and especially the United States. I’m happy to blame American triumphalism for many things, but in Europe I wish there had been more of it."

source http://www.slate.com/articles/news_and_politics/foreigners/2014/10/nato_and_eu_expansion_didn_t_provoke_vladimir_putin_american_triumphalism.html

which means that part of that necessary public investment IMF and the others are talking about will have to go to defense and if that investment is big enough we will never have to use it again .... in Europe while maybe it would be easier to impress warmongers around the world to stop using war as a way of diplomacy or internal politics. 

If the NATO wants to have a meaning for Eastern Europe it will have to be a strong NATO, if the military alliance with the US is to have a meaning for Eastern Europe it will be one that rebuilds its military capabilities, assumes its responsabilities and takes action whenever this seem to be needed in Europe. 

Permalink | |  Print |  Facebook | | | | Pin it! |

every tweet can follow you, especially if you become a minister

imagine that you are a very vocal new media political hardline opposition figure clearly right of center and sometimes going into the grey areas of what is acceptable in the public discourse of today

well, at that time it is part of your image and you become popular through it which makes it even more interesting to continue and to test the limits even further 

how proud you are of your new media influence and the tone of your tweets and facebook posts 

but than you become a secretary of state or a minister, something you had never thought could happen at the time you were writing all that stuff 

and so all these tweets and posts are now seen as coming from somebody who is a minister or attached to a minister as secretary of state 

those tweets aren't put in the context of what you were but of who you are 

this is what happening to the Belgian secretary for asylm and immigration Francken who will now be under the microscope looking for the smallest indication of racism or unfairness based upon this 

the lesson learnt is that as a politician you either keep neutral in your tweets and make sure that those 160 characters don't come back to haunt you later on if you have another function (and as a politician you never know what will happen) or you make different accounts which you delete each time you have another function or responsability (saying that you have another life now or you depersonalize those tweets in a generic account - this would make Francken-in-opposition before and Francken-secretary_of_state now)

at the other side the bulldogs of the opposition are now learning at the executive levels how it feels to be attacked all the time for whatever even slightly connected to you but in which the attacker always gets enough media-attention to create some doubt about your intentions or behaviour or actions. 

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgian historical researchers ask Minister of Justice Koen Geens to open the archives about the Collaboration

well, strange as it looks like but this Minister of the Justice will have to decide in a government with the flemish nationalists if he wants to open the archives of the collaboration after the second world war. It was asked by the most important historical researchers of this period on the RTBF yesterday. 

Normally the access to these archives of the collaboration and the repression afterwards are closed unless a commission by the highest judges decides otherwise. 

They say that it has to do something with the privacy and that not people are not 'yet' dead - but this is for 90% of the cases so and normally we are approaching the 70 years (or 100 or always extended) secrecy limit of some of the states archives. This doesn't mean that those archives can be made really public (this is published on the internet). You still have to file a demand and you still have to go to some library and you still have some conditions attached to the use and so on. 

The result of all this is that you can have discussions that are based on presumptions and not on research and historical evidence. These myths are dangerous because they take a life of their own. 

At the same time this government can also show the will to introduce a 'Freedom of Information' Act and also take some initiatives to open archives about some other periods in our history which need more historical research (the second world war, our colony and its decolonisation and our interventions, the cold war, .....) 

And even if not all the documentation is put online or made available about these later periods, maybe a collection of specialised Belgian and international professors and researchers can have access to publish a 'white book' giving maybe a new look at these difficult periods in our national history (Leopold III, strikes of the 1960, ....) and with that learning from what went wrong and what we did right. And it will also in these cases be possible for other professors how things changed afterwards and what we can now learn or remembers from those crises (in Security we call this the 'lessons learnt' research)

It is very strange to have access to those thousands of US documents stamped secret or confidential before and sometimes just a few months or years old while we here have to wait ages before such a document becomes part of the public debate or memory. 

It is only if we understand history that we can prepare for the future. 

This is maybe the reason I am reading about the cold war and the KGB to understand Putin and about surveillance and instelligence to understand Snowden and the new kind of cyberwar (that looks more like espionage operations)

Permalink | |  Print |  Facebook | | | | Pin it! |

10/19/2014

nearly 60.000 servers are still vulnerable for the openssl bugs and leaks

Permalink | |  Print |  Facebook | | | | Pin it! |

Unicorn another searchengine for vulnerable hackable servers

this really looks blackhat or justdon'tcare

Project Un1c0rn is a search engine exposing open, vulnerable and weak services since May 2014 ... Leaking mysql, mongo and heartbleed services worldwide ... Disclosure is the solution ... Un1c0rn won't die ... We don't ask, we host ... Back online, uptime should now be good, DB migration coming later. Leakhorn
http://un1c0rn.net

http://un1c0rn.net/search?q=ports%3A%28443+AND+3306%29+AND+tags%3Aheartbleed&page=2

http://un1c0rn.net/search?q=tags%3Amysql%20AND%20keys

and their code is on github  https://github.com/ProjectUn1c0rn/Code/tree/master/src/Un...

they are financed by donors who assembled 5 Bitcoins anonymously

Permalink | |  Print |  Facebook | | | | Pin it! |

a commercial antidetect service for cybercriminals at a cheap price

well this is the result if you don't control who uses your API for what reason

http://scan4you.net/

 

Permalink | |  Print |  Facebook | | | | Pin it! |

follow the search for the Russian submarine live (ships arriving from everywhere)

on tv they say 'just as in the cold war'

we are in a new cold war, don't you know yet ?

source (here you can follow live the search  http://www.marinetraffic.com/en/ais/home/centerx:23.21578...

Permalink | |  Print |  Facebook | | | | Pin it! |

25.000 people use TOR in Belgium (look up your country)

you can look this up for any country

source : http://darktor.com/users.cgi

but when watching the trend for some big countries, you see that the number of users is decreasing since the beginning of the year which could be the result of the closure of some very popular drugmarkets or because the Snowden scandal is losing interest

Permalink | |  Print |  Facebook | | | | Pin it! |

was this the KUL site of testpatients that was hacked and leaked on tv

not too difficult too find

and there are also several different login forms (not one, that would be too easy to secure)

Permalink | |  Print |  Facebook | | | | Pin it! |

the most hacked website of Belgium infometeo.be is .... hacked again

why doesn't that surprise me ?

last time it was on this blog the owner was saying that he was going to invest in security and so on.....

yeah, right...

Permalink | |  Print |  Facebook | | | | Pin it! |

labsclient.be many services but website still defaced

this is their frontpage

this is where the hacker is staying

so all their clients ask no security guarantees from the firms working for them

Permalink | |  Print |  Facebook | | | | Pin it! |

belgian airforce days website defaced - several parts

this is one of them

Permalink | |  Print |  Facebook | | | | Pin it! |

the russian rebels in occupied #ukraine are even fighting or not recognizing each other

this is the map of the different battalions or occupied territories held by a local warlord

from time to time there are even firefights between the locals and the russians

a profile of each can be found here http://euromaidanpress.com/2014/10/19/anarchy-in-the-donb...

 

Permalink | |  Print |  Facebook | | | | Pin it! |

better than a pcgame : the battle for #Donetsk airport against the Russian troops

yep these are Russian tanks and Russian soldiers - these are not civilean volunteers or rebels

the video show one of the daily Russian attacks against the Ukrainan defenders who are becoming even more popular every attack they repell, even if they had to abandon some big parts of the airports

and there are lots more from the Ukranian side here https://www.youtube.com/watch?v=U8UexOCed1M

 

Permalink | |  Print |  Facebook | | | | Pin it! |