08/20/2014

if you use google with your smartphone they will track every location where you have been

"Today, with the help of these sensors, Google is tracking our every foot steps and placing a red dot on its map to keep track of users’ records, Junkee.com reports.

 

You can yourself check your every move from here. You just need to log in with the same account you use on your Smartphone, that’s it. The map will display all the records of everywhere you've been for the last day to month on your screen,” Elizabeth Flux, editor of Voiceworks magazine wrote.

You can check your Location History Here.
http://thehackernews.com/2014/08/google-map-tracks-your-e...

so never use Google with your smartphone - use something else (like Yahoo or Bing with other identities)

Permalink | |  Print |  Facebook | | | | Pin it! |

updated #tor deeplinks directory

we  have added a bunch of links and tried to check a list of others although there is no tool to do that automatically

there are now also some big libraries with documents and leaks that you can download from

the new links are not organized in the directory under it, all that takes time

but I still think it is one of the most useful directories around that is not too outdated

Permalink | |  Print |  Facebook | | | | Pin it! |

08/17/2014

arabs in Israel losing their jobs because of facebook postings

'Steven Beck, the director of international relations at the Association for Civil Rights in Israel (ACRI), told i100 there had been several incidents of Arab citizens of Israel being fired by their employers after criticising the military on social media.

 

“This has been a real problem since the start of the conflict, and it is completely illegal. Israeli employment law does not allow employees to be terminated for expressing their political views. This is about private opinions expressed outside the workplace,” he said.
http://i100.independent.co.uk/article/arab-israelis-are-l...

war changes views about the freedom of speech, traitors, fifth columns, defaitism and so on

Permalink | |  Print |  Facebook | | | | Pin it! |

fully encrypted filehosting on the cloud has some disadvantages

"That last point is probably the deal-breaker for most cloud providers right now. Imagine Google Drive with no search capabilities, or Dropbox with no preview. None of those features would work with encrypted files, because they’d be unreadable by Google and Dropbox’s server software. And if Google doesn’t have the encryption keys it can’t help you out if you lose a password. If you lose your SpiderOak password, for example, you lose your documents permanently, Oberman says.

 

And there’s a last point. Encrypted files are more expensive to store because companies like dropbox can’t identify the encrypted version of a popular movie or song and store one copy of it that’s shared between users. “[T]hat’s the economy of scale storage providers depend on,” says Nate Lawson, a cryptography expert and the founder of SourceDNA. “They only want to store one copy of the Frozen DVD, not thousands.”
http://www.wired.com/2014/06/cloud-encryption/

Permalink | |  Print |  Facebook | | | | Pin it! |

why Snowden always retires the battery of his cellphone if he doesn't want to be tracked

As we sit down, he removes the battery from his cell phone. I left my iPhone back at my hotel. Snowden’s handlers repeatedly warned me that, even switched off, a cell phone can easily be turned into an NSA microphone. Knowledge of the agency’s tricks is one of the ways that Snowden has managed to stay free
http://www.wired.com/2014/08/edward-snowden/

it is a rumour about which there are documents but within the intelligence and paranoid community it has become a common practice to put everything electronic or connected totally out of service before starting confidential conversations - in may organisations those places are held in secured environments and all electronic stuff has to be left outside

Permalink | |  Print |  Facebook | | | | Pin it! |

this Warcat is coming for your unprotected WIFI to hack it

 

"last month, a Siamese cat named Coco went wandering in his suburban Washington, DC neighborhood. He spent three hours exploring nearby backyards. He killed a mouse, whose carcass he thoughtfully brought home to his octogenarian owner, Nancy. And while he was out, Coco mapped dozens of his neighbors’ Wi-Fi networks, identifying four routers that used an old, easily-broken form of encryption and another four that were left entirely unprotected.

 

Unbeknownst to Coco, he’d been fitted with a collar created by Nancy’s granddaughter’s husband, security researcher Gene Bransfield. And Bransfield had built into that collar a Spark Core chip loaded with his custom-coded firmware, a Wi-Fi card, a tiny GPS module and a battery—everything necessary to map all the networks in the neighborhood that would be vulnerable to any intruder or Wi-Fi mooch with, at most, some simple crypto-cracking tools.
http://www.wired.com/2014/08/how-to-use-your-cat-to-hack-...

by the way this is illegal in Belgium

but it proofs that the technology is not only available to everyone now, it is also so small that you don't need a computer for it anymore in the discoveryphase

Permalink | |  Print |  Facebook | | | | Pin it! |

US police uses IBM facial recognition to index every visitor of a music festival

this is the technology by our friends of IBM which also gave Hitler the first populationindex technology (so much for ethics)

the article tells more http://noisey.vice.com/blog/beantowns-big-brother

Permalink | |  Print |  Facebook | | | | Pin it! |

the US is giving China all the spytechnology it needs to prevent protests

and China is spending lots more than any country in the world in installing spytechnology in public places and on the networks in a desperate attempt to be able to prevent or control public protests

source http://www.wfs.org/futurist/2013-issues-futurist/march-april-2013-vol-47-no-2/chinas-closed-circuits

Permalink | |  Print |  Facebook | | | | Pin it! |

#ferguson should police always wear camera's to proof their (mis)conduct

the camera looks like this (and there are also camera's) in the car when they are following a suspect or stopping a car

A study published last April showed that complaints against police dropped 88 percent in Rialto, Calif., after that city began randomly assigning officers to wear body cameras. At the same time, use-of-force incidents dropped 59 percent.
http://www.businessweek.com/articles/2014-08-14/after-fer...

but the US firms producing this have now learnt from their international clients that the footage has to be on servers in the country of the client not in the US

it also needs policies and other instruments and the camera must not be able to be shut off by the police officer

Permalink | |  Print |  Facebook | | | | Pin it! |

#snowden is afraid of NSA fatique but doesn't understand the Russian threat

well it is normal that he doesn't understand because he is protected by the Russians and that is not some rightwing comment - I am not a rightwinger - it is just a matter of fact

he says also that he is afraid that it is becoming a non-story and that people will not be interested as much but he doesn't understand - like some of his fellows - that since his disclosures the geopolitical situation in Europe has fundamentally changed  - just as was the case with the Echelon discussion (in fact the same thing as now but without the thousands of documents) when the European Parliament stopped the investigation just after the 9/11 because there were much more important factors at play

Russia is a big unstable unpredictable and unreliable international factor again and if there is some-one who can predict what Putin or some of some satellites will say or do than he will earn a lot of money nowadays because he continues to surprise everyone time and time again with his statements, his initiatives and his blowing up of any sensible international organisation of diplomatic, economicn and military relations

what to think of his declaration a few days ago that if necessary Russia will go beyond the bounderies of the international treaties it has signed ? How can you declare such a thing and still be trustworthy ?

So we need a strong and efficient NSA but not against the internal threat but against threats like Russia and the ISIS and it needs to be overviewed, controlled, audited and limited and it needs to show returns on it investments

This context of the real russian military buildup, propaganda networks and subversion in some East European states has changed the situation fundamentally and so the tone of the analysts and the politicians and the press have changed. We need now a good partnership with the NSA and the CIA and the US to be able to receive all necessary information to have a clear view of the Russian military buildup at our borders - even if we find it a waste of resources, time and manpower we can't deny that there is a Russian military buildup that we have to respond to (again) - even if we hope that one day all that will disappear and walls will come crushing down (again)

and so we become less interested in dismantling the NSA than in reforming it and giving it - thanks to Putin - a new goal and future

and again Putin has been stupid because if he would have waited a few years with all this stupid warmongering the NSA would have been dismantled into something that would take years to rebuild - the NSA may post a big poster of Putin in its Hall with the words 'we thank Putin for reminding us of our real mission'

Permalink | |  Print |  Facebook | | | | Pin it! |

08/11/2014

this is how you can sue Hold Security for having your personal information

 

So any western Privacy  Commission or Data Privacy Officer in a country or an organisation or firm can just assume that Hold Security has some access data in his database and hasn't taken himself all the necessary steps to inform the authorities that this information is available to anyone (sometimes with a few bucks) and that you should protect your networks and servers or computers or hasn't give you the means to find that out for yourself and take the necessary steps (although most people online should by now have changed their passwords)

In fact Alex Holden has a database of stolen information and hasn't transferred that information or the place where you can buy or find it online to the authorities or the community.

In fact he wants to keep that information for himself although he has no public authority to do so, he has no legal basis to do so and it is not clear what he will and won't do with this data and on his website (even if he is called a security company) there are no external guarantees that the data has been secured enough to withstand even the most Advanced and persistant attacks because with that many data in one place it would surprise me if it didn't attract the best attackers of the world (except if they think this is a honeypot to lure them)

And you in fact didn't give him the permission to keep that data, he hasn't asked you.

Even if it is just a collection of all the older bigger database - which could be possible even if it sounds enormous - he has no right to keep that data

with this tweet it is proven that he has a direct access to that data and even that is illegal because as a CEO he has no basis to have access to that data, it is for his privacy or security officer to have access to that data because he will have the certifications and have set in motion the necessary legal obligations

Permalink | |  Print |  Facebook | | | | Pin it! |

08/10/2014

Belgian privacycommission starts international investigation into online dataseller

They are working now with different agencies in Europe after we have sent them this information

and for Belgium this is

 

Permalink | |  Print |  Facebook | | | | Pin it! |

08/09/2014

these belgian sites use addthis invisible tracking tool canvas fingerprinting (privacy)

for all that I knew and others addthis was just a service that was giving you the possibility to inject into your site some code so that your visitors could add that page or your site to whatever social service they were member of. it is a rather good and simple service but lately they have changed their cookies (with all the cookieblockers and the laws concerning cookies) with a new technology that for most of the privacytools is invisible and tracks your computer (it doesn't work well with mobiles) where-ever it goes (what that has to do with the purpose of the goals is another matter, but that is the way they make money, the free services are just a front for that datacollecting)

https://securehomes.esat.kuleuven.be/~gacar/sticky/index....

funny that a site named hideme uses this also

a long but very interesting article (with also the Belgian researchers from the KUL) is published here

 "canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it. Like other tracking tools, canvas fingerprints are used to build profiles of users based on the websites they visit — profiles that shape which ads, news articles, or other types of content are displayed to them".

The website owners with this script didn't know that addthis changed the code and uses this method now. They can look for other services or just take the most popular ones.

 

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine in Russia you have to show your passport to use a public wifi

Permalink | |  Print |  Facebook | | | | Pin it! |

this new businesscard will spy on its users by printing usbtechnology on paper

"Well, here’s a third alternative in the making: SwivelCard is a paper business card that — by way of a spot of patented printing and some clever perforations — also includes a USB stick interface so the business card can be stuck into a USB port and then point the user to a particular webpage.

The webpage you associate with individual SwivelCards can also be changed — so you could update it with content specific to the person you’ve given a particular SwivelCard to, for instance. One suggested scenario there is for a wedding photographer to personalize the photo content they showcase to a potential client, for example.

And, being as it has a digital interface, the SwivelCard also includes the ability to track usage — so you can see where your business cards have ended up, and how much people are accessing them. So it’s a paper business card with analytics.
http://techcrunch.com/2014/08/08/swivelcard/?ncid=rss&...

no thanks, and in a businessworld this is spying and the possibilities of spying are so big when you start to think about it with a sick mind like me that I wonder if anybody will use it or want to keep it or will want to give it to some-one else at the office

on paper in a logical world it all sounds nice but in our real world of today, no thanks

and my sick mind says that the technology to print usb tracking devices gives a lot other possibilities of spying but also of tracking for libraries for example (no more lost books)

but the privacy problems are enormous  (you can use it to stalk somebody or control your employees)

this could become the new RFID if it ever proves to work as good as the demo says

Permalink | |  Print |  Facebook | | | | Pin it! |

08/08/2014

##finfisher the problem with the hack - what went wrong and what was done right

* you are as safe as the weakest part of your infrastructure. (0/5)

   The helpdesk and probably the helpdesksoftware was the weakest part but because they had access to the rest of the network or to a server on which they had place all kinds of technical and other files to do their job, the risks of being hacked were much greater than they had ever imagined.

How safe is your helpdeskinterface and to what do they have access

* only full encryption is real encryption (3/5)

if you start chosing which files on a server you want to encrypt you are not only losing time but you are also creating new problems because it is only if everything is encrypted that it makes totally no sense to extract any information at all as long as you use a Professional encryption software and you don't keep the key on the server or where it can be found.. It is for example strange that they didn't encrypt their code.

* if you lose 40 GB of information you are not really a secure company (0/5)

it is strange that people declare that they are safe and that they have securitypeople and millions of security hardware and loggins and controls but that nobody actually looks at what is happening on the servers and on that security frontline.

* the less data you have the less data you can lose (0/5)

I don't understand why you need files from 2012 on your helpdesk server because it can't be of any use in 2014. Old data should be automatically archived or transferred elsewhere.

* double authentification closes the box (0/5)

let them steal all the data, let them break the encryption as long as they need a double identification to be able to read any file (and this is not a password on a folder but an usb stick or fingerprint of whatever) to open the file just closes it down beyond the breaking point

and

I also think that the hacker was restless (to do it before blackhat I suppose) and that he didn't try to get beyond the helpdesk server (where probably there was much more interesting info) or didn't try to get credentials with which he could break in the mailboxes (which are nearly never encrypted)

he missed an opportunity here to really make a difference

but

the real difference will be if we get the public key or a way to break the encryption because if the encryption is broken there is an enormous lot of new files that become available

Permalink | |  Print |  Facebook | | | | Pin it! |

#finfisher the problem with the logfiles from 2012

a set of logfiles has been published on anonfiles that come from the 40GB set (of which most is encrypted and there is still no decryption)

the files look like this

and than you can dezip them and bring them in excell and than you will see triggers and ip addresses and commands for the sending of viruses, trojans and so forth but

first these files data from 2012 (maybe later in the weekend we will find more recent stuff among the 40GB who knows but the real wait is for the decryption)

an IP address can have changed enormously since 2012 so if you would look it up now, this doens't mean that you would be able to find the right person or the right organisation and as ISP's don't have to keep that kind of data for now 2 years it is even not sure that they will be able to trace it back to the real victim at that time

the emailadresses don't work which means that they are/were seldom used on the internet and they are not always linked to real names - but it can be that we find more during the weekend

there is one thing that is sure from these files and that is that

* there were victims in Belgium and UK and some other countries from 2012 onwards (which means that the jurisdiction is settled) and it is even not sure that we need a real complaint from a real person to trigger an investigation

* secondly we are sure now that there were infections and there was hacking of mobiles and computers with this system

* we know that the system was sold and used in Belgium and used against people who were at that time using a Belgian IP address

* another aspect is that we know that the servers that were collecting this evidence were in Holland and Germany and the UK and so the question is how the European Data officers will react to this private paneuropean spy operation ?

Permalink | |  Print |  Facebook | | | | Pin it! |

#finfisher the problem with the logfiles from 2012

a set of logfiles has been published on anonfiles that come from the 40GB set (of which most is encrypted and there is still no decryption)

the files look like this

and than you can dezip them and bring them in excell and than you will see triggers and ip addresses and commands for the sending of viruses, trojans and so forth but

first these files data from 2012 (maybe later in the weekend we will find more recent stuff among the 40GB who knows but the real wait is for the decryption)

an IP address can have changed enormously since 2012 so if you would look it up now, this doens't mean that you would be able to find the right person or the right organisation and as ISP's don't have to keep that kind of data for now 2 years it is even not sure that they will be able to trace it back to the real victim at that time

the emailadresses don't work which means that they are/were seldom used on the internet and they are not always linked to real names - but it can be that we find more during the weekend

there is one thing that is sure from these files and that is that

* there were victims in Belgium and UK and some other countries from 2012 onwards (which means that the jurisdiction is settled) and it is even not sure that we need a real complaint from a real person to trigger an investigation

* secondly we are sure now that there were infections and there was hacking of mobiles and computers with this system

* we know that the system was sold and used in Belgium and used against people who were at that time using a Belgian IP address

* another aspect is that we know that the servers that were collecting this evidence were in Holland and Germany and the UK and so the question is how the European Data officers will react to this private paneuropean spy operation ?

Permalink | |  Print |  Facebook | | | | Pin it! |

#finfisher had command and control servers in 36 countries in 2013

source

source  https://citizenlab.org/2013/03/you-only-click-twice-finfi...

and these are the servers closest to Belgium and probably used to spy on the Belgian targets  (Netherlands and Germany) which poses the question if a private spycompany can isntall spyservers in another European country to let its clients spy on the citizens of other countries

Permalink | |  Print |  Facebook | | | | Pin it! |

#finfisher the State Security Bureau of Quatar is a client

this from the helpdeskfiles

  • @h2Changing email address

Firstname: NASSER at: 2014-04-01 09:42:29

Description: Could you change my email address from nas.qatar@gmail.com to n.alnuaimi@ssb.gov.qa
http://pastebin.com/GN9wn7xn

SSB stands for State Security Bureau and according to Google

 

Permalink | |  Print |  Facebook | | | | Pin it! |