12/12/2014

#ukraine US gives itself the legal possibilities to intervene and help the attacked eastern front states

so you are not alone and if it comes to that the US president and the military have the legal and democratic powers to intervene while the NATO can intensify their links and decide if it comes to that what they will or can do

the bill itself : https://t.co/hWDalmQQhm

Permalink | |  Print |  Facebook | | | | Pin it! |

12/11/2014

Belgian Mobile Networks used for Mobile attacks from Inception espionage network

the following Belgian mobile networks were used in these Inception attacks and had mobile malware MMS files being sent over

this shouldn't surprise anybody as Brussels is the diplomatic capital of Europe

we should also remember that in Belgium NOBODY is responsable for MOBILE attacks because the CERT (already underfinanced and understaffed) is NOT responsable for the MOBILE networks, they say that the Belgian mobile operators themselves are responsable

the belgian mobile operators are shouting every so many months about the successes of the mobile data revolution blablabla but there is NO MOBILE CERT and the latest news from PROXIMUS is that the securityteam is responsable for FRAUD but not for malware

this seems to be the responsability of the mobile users but he doesn't know that the mobile datatraffic is not filtered and protected and scanned as is the case with the normal traffic and that there is no securityteam that is looking at and investigating attacks in the mobile traffic

and in any case, very few mobiles are in se secure, they are as secure as computers were 10 years ago (and the same for tablets)

Proximus 197

Mobistar 78

BASE 33

but these are targeted attacks against certain specific targets, so these numbers can't be high

You should read the Inception report - see previous post because there is so much information in it

it is time that somebody in Belgium starts worrying about mobile attacks while our ministers use all kinds of insecure mobiles

Permalink | |  Print |  Facebook | | | | Pin it! |

new international cyberespionagenetwork Inception with new techniques discovered

you will have to read the whole file if you are a specialist

the points to remember are the following

* they use webdav so you will have to look at webdav traffic coming to that - eliminate everything you don't know

   go from free for all to only those you know and look at the logs of the things that were blocked

* they use infected files of which RTF and docs so sandboxing attachments or opening them on specific servers with no connections to any workstations (scripts, installations etc...) and no links to the internet

* they use routers they overtake which haven't been hardened which means that you will have to take the security of your routers more seriously and look at what happens to them and who has access as an administrator to those routers (they own hundreds of them)

* nothing can protect you once you are infected because all processes take place in memory - it is game over

* there is also a mobile element with infected multimedia messages but I never believed that mobiles were secure anyway

the targets are mainly russian for the moment but everybody will be reading and analyzing these files and this will just become another method used by everybody with enough knowledge or sold to anybody willing to apy for it

https://www.bluecoat.com/documents/download/638d602b-70f4-4644-aaad-b80e1426aad4/d5c87163-e068-440f-b89e-e40b2f8d2088

 

Permalink | |  Print |  Facebook | | | | Pin it! |

those who think that they are anonymous on bittorrent forget something.... they are not

and other trackers and software are just encoding and keeping track

Permalink | |  Print |  Facebook | | | | Pin it! |

Googlemaps shows status of Crimea depending on where you live #ukraine

this says something about the universality of information and the correctness of information because it is not disputed legally, it is still legally part of Ukraine, point final

once you start departing from that point of view you are creating problems with no return

Permalink | |  Print |  Facebook | | | | Pin it! |

before the #sonyhack there was the wipe-attack against Las Vegas Sands Casinoservers

same methodology http://www.businessweek.com/printer/articles/239652-now-a...

extract and destroy the rest while the victim tries to hide the damage from the public

Permalink | |  Print |  Facebook | | | | Pin it! |

are the US cruisemissiles coming back to Europe - and no peace movement now to count on

at the time it was the US who was thinking and planning a limited nuclear war in Europe (Reagan and Haig and so)

now it is Putin who is sending nuclear missiles to Crimea, the Baltic region and before our coasts (submarines) and along our borders in planes

it are the Russian troops shooting every day to kill in Ukraine, having already killed already thousands of people and not willing to abide by any peace agreement or diplomatic solution

it is in Moscow that people are parading with posters of Stalin, responsable for the deportation of 17 million people to the Gulag and nobody really knew how many millions died during the Big purge

it is Putin that is speaking in terms of war time and time again and Obama who is looking more and more like Roosevelt was treating Stalin (like a friendly Puppy he could handle personally while Churchill didn't trust Stalin a second)

so there may be some peace movements and demonstrations but they will be dubious (Marie Le Pen may even participate) and they won't be understood in the eastern memberstates of the EU and NATO. Well, you will also have the people who are always against the US whatever it is doing and do not want to know anything wrong about Russia because that is all propaganda

For the moment there are about 800 russian missiles targeting Europe with a madman holding the button

the day the first missiles land, don't be surprised that the situation will degrade quite quickly and that US troops will follow fast afterwards - except if Putin is brought back to his senses and stops this circus of military provocations and incursions and undercover destabilisation operations

Permalink | |  Print |  Facebook | | | | Pin it! |

the future of TOR is in encryption not hosting the underworld and so it is a networkservice

as an ISP you could already propose a clean TOR relay service

the only thing you will have to do for legal reasons is to put a proxy behind it so that you can go on the whole of the internet except onion sites (just one blocking rule in fact)

and if you go on it to do something awfully wrong, it will be in the logs

but for their business clients it would be useful to go on a respected and trusted relayserver and be able to communicate with a host of countries and clients without endangering your privacy or confidential information

fundamentalists won't like it, but I think it is the kind of service that will make TOR available on a reliable scale for the real purposes that it was put into place

source http://www.businessweek.com/printer/articles/179773-the-inside-story-of-tor-the-best-internet-anonymity-tool-the-government-ever-built

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine putin is channeling all the money he can to his croonies in these hard times

source http://www.bloomberg.com/news/2014-12-10/putin-s-friends-reap-billions-in-deals-as-economy-teeters.html

that is what friends are for

or also the proof that Russia is a cooperation, nothing more

Permalink | |  Print |  Facebook | | | | Pin it! |

brandweerzonetaxandria.be hacked and LOL

this is a very old server time to throw it away

and the following even I couldn't make up

and this is for the following cities

Permalink | |  Print |  Facebook | | | | Pin it! |

and to end 2014 the most hacked belgian server ever ..... hacked again (no joke)

even with IIS7.5 they can't secure their server

http://www.zone-h.org/archive/domain=www.webcamsaanzee.be

but there are some other websites on that server that are also hacked from time to time

Permalink | |  Print |  Facebook | | | | Pin it! |

#rexmundi this is why webdevelopers should have a securitycertificate (for starters)

the installation itself should also be certified

never sign a contract or renew it with a firm that doesn't have it or doesn't use a securitycompany to review its code and its architecture

these two sites have very obvious stupid securitydefaults and they are in fact lucky that Rexmundi didn't take more time and didn't hack them sonywise

for z-staffing it means that all passwords will have to be blocked and changed and that people will have to change the passwords everywhere else they have used them

Z-staffing and tobasco should inform their victims

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine if there is not enough money for the war, there have to be more creativity

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine the destruction of a Russian unit seen through a drone that located them

Permalink | |  Print |  Facebook | | | | Pin it! |

#sonyhack more information about the wipeware that was used

source (with more technical information) http://blog.trendmicro.com/trendlabs-security-intelligence/wipall-malware-leads-to-gop-warning-in-sony-hack/

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/12/WIPALL-infection-chain2-1.jpg

Permalink | |  Print |  Facebook | | | | Pin it! |

hacked and leaked (also belgians) ledbox.fr

due to lawyers no more links to leaks here

Permalink | |  Print |  Facebook | | | | Pin it! |

#sonyhack if you don't spend money on security, you don't have security

securitymanagers and all that kind of blablablabla stuff is makebelieve security hard to make you believe that somebody is busy with security because somebody is talking about it

that is what happened at Sony

too many managers talking

no people actually doing things

source http://www.computerworld.com/article/2858143/sony-makes-cybercrime-even-more-dangerous.html

and this after a history of defacements, leaks and hacks which are summed up here http://attrition.org/security/rant/sony_aka_sownage.html

Permalink | |  Print |  Facebook | | | | Pin it! |

BIPT and other ISP regulators will have to oblige IPS's to put their gaminginfrastructure far away from the rest

source http://www.thelocal.se/20141211/internet-issues-in-telia-attack

in means that in the ddos battle against gameservers (now going up to 400GBPS attacks) ISP's should get there gaming infrastructure and services as far away as possible from any other service or infrastructure because whatever you do when your network is attacked with that volume than everthing connected or going through the same pipes will be impacted

Telia is not a small ISP and it has 5 million customers that were impacted during the attack against 1 gamingserver

this is an example and the BIPT will have to look at this in Belgium

Telenet has a gaming site and forum that has already been attacked and hacked - are there ready to resist a 400 GPBS ddos attack

Permalink | |  Print |  Facebook | | | | Pin it! |

#Anonymous leaks picture of moneystash for Putinfriendly Russian youth organisation

source (where there is more) http://globalvoicesonline.org/2014/12/10/russias-anonymous-international-promises-new-wave-of-leaks/

Permalink | |  Print |  Facebook | | | | Pin it! |

#rexmundi z-staffing.org this is the public information that could have been leaked

here is a form with contactinformation

http://office.z-staffing.org/index.php/page/applicants/bb/1/command/enrollqs/qsuid/46b19a56e0dbf3fbeef8a7ad5ff97069/cms_categorie/79113/aid/75906

but it also depends on what is on your cv that you can send also - without any protection that is

at the other side it are full profiles because there is also a pic with the cv and so on

and as the logins aren't protected than you could in theory extend that with other information

and if the same person used the same password for other things - like email or shopping - than it is a bigger problem (but not sure that RexMundi has those logins or just sqlinjected these forms)

but there is better - without any ssl protection - that is in cleartext

 

Permalink | |  Print |  Facebook | | | | Pin it! |