security - Page 106

  • Skype ransomware darkbot : how much time does an antivirus firm needs to protect you

    Initially only 2 of the present 44 antivirus engines identified the threat, but currently the number has increased to 27, which is still quite low. However, it also indicates that about 1 Million users must have clicked o the links and greeted infection on the links.

    that is right now - after all the publicity only 27 out of 42 (a bit more than half of all the antiviruses) protect you against this skype bot

    shouldn't there be some rule that says that after x weeks an antivirus firm has to give the antidote for a specific worm or bot for free or for a fee to the others

    because this is the case for most of the viruses and the number and names of protecting antivirusproducts is always different

  • Georgian CERT forgets its mission but gives Russian spies their own virus back

    First it can not be the mission of the CERT to be more than the firemen on the internet, they shouldn't be operational cyberwarriors and if people are getting frustrated or bored with their job with helping people and networks to survive or recover after and during attacks, they should go for another job (for example with the military or the intelligence services)

    In fact there may be reason for the international coordination of CERTS to study this matter because the CERT should become the red cross of the internet, the one you can always trust, whatever side you are one, because if you are infected during this cyberincidents, anyone else can be infected too through you. As the different targeted stuxnet and flame state viruses has shown there is now way to control a virus in such a way that it would only infect a certain number of computers. The internet and the online connections and communications are for this too massive and too fast and before you know it this could quickly be more than collatoral damage.

    so what is the case here ?

    well the Georgian CERT entrapped one of the Russian cyberoperations against its networks and sent the virus back to the planter under the name of an interesting document which he opened off course. As the attacker was so stupid not to use an seperate operational attack computer than the one he used for analysis (defended, sandboxed and all of that) he lost completely control over his network. In the report they even took pictures of him sitting before his computer.

    all funny and all of that but

    if we want to the CERT to behave like a Red Cross they should act like one, always and everywhere

    I am sure that if we don't do that there will be a day that we will regret this

    As a Red Cross they are also off target for thses kinds of attacks - just as you don't attack ambulances or hospitals (normally) and you can't use them to hide military operations or weapons

    If you are all investing billions in cyberarmies of spooks and crooks, you should also think off a Cyber Red Cross and the CERTS are perfect for that role

  • smart attackers or stupid users or unsecure security ?

    Israel is crying cyberwar again after police and other departments had to close off their internet connections for days now and it seems very difficult to get the things back to normal again.

    the issue ? a virus

    or better, the lack of security and security education and controls

    There were clear signs that the email and file in question were suspicious, raising concerns about the level of security in the department. The virus arrived as an email message with an attached .RAR archive; unknown attachments are a common method used by hackers to distribute their “wares,” and most computer users know to avoid such files. In addition, the message was sent from Gantz, of course, is the IDF chief of General Staff, and it’s unlikely he would be using a service like Gmail to communicate with Israeli officials.


    if I had it my way no files that would come by mail could be put on a computer - on an isolated server with security and logging controls yes (which means it has no internet or internal server connection) - but on a computer no way

    also, people are your first firewalls, if they can smell a RAT, they just don't open it but they can only do that if you teach them and remind them time after time that they should always be very prudent because

    email is an open street full with litter, garbage and sometimes bad people and you should take that in your appartment (your mailbox that is)

    I for one, never had any Outlook activated so I never have any email on my computer (or its attachments) and I tend to keep it that way

  • the first version of the peerwritten cryptoparty handbook for new cyberactivists is out

    This 392 page, Creative Commons licensed handbook is designed to help those with no prior experience to protect their basic human right to Privacy in networked, digital domains. By covering a broad array of topics and use contexts it is written to help anyone wishing to understand and then quickly mitigate many kinds of vulnerability using free, open-source tools. Most importantly however this handbook is intended as a reference for use during Crypto Parties. It is being continuously developed.

    It can be edited here:

    It can be edited directly in the browser here (exporting to PDF, e-pub formats): . Please note all edits will be reviewed before release. All authors will be credited. Please use language and methods an absolute newbie can understand.

    Either way, the discussion on how to proceed can be held at

    WARNING! - Due to the rapid development of the Handbook, as well as lack of rigorous peer review, there may be advice within that does not guarantee your safety - be vigilant! This is version 1. Each version of the book will improve upon the last, if you find any errors, please contribute your suggested changes. IMPORTANT! - PPTP was referenced in this book as one method for use when setting up Virtual Private Networks. It is easily breakable. Do not use it!

  • bulgarian governmental travel website hacked (leak) and another one


    a stupid sql injection stupid

    oh and there is a belgian in it

    and this one has also Belgians in it, even if it is not clear from where

    the passwords are protected by it is not clear what the strength is

  • nearly undetected chinese redirection scripts to malware still present on some belgian websites

    the code injected with the redirect is this one

    <script type="text/javascript" src=""></script><script src=""></script> 10/29/2012

    according to
    the first website is used to analyse where the user is based and what his browser and other installed software
    is and afterwards the user-victim is redirected to another site with the specific viruses for his installation
    ASN AS4134 Chinane

    it is strange that this website has not been more wider blacklisted

    the tarfile couldn't be retrieved by for analysis
    but the first site is indicated by only 2 out of 32 as a malicious site
    and the stupidity of them is that they have chosen a blacklisted website
    or maintained the redirects to a blacklisted website
    in the websites itself in asp and mostly in the admin pages 
    you will find the following page added

    you can google for the Belgian pages

    site:be  Archie-Manning-Jersey.htm

    for example







    this script shows some more information about how it was done

    <script>var f={};f.navigateTo=function(b,a,g){if(b!=a&&{if(
    </script><noscript><META http-equiv="refresh" content="0;

  • the Holy Grail Hack of PS3 : the level-zero-keys of the kingdom have fallen

    This is how the PS3 loads software

    The Level Zero (LV0) loader is the mother of all field-updatable firmware components in the PS3 bootstrap process. It orchestrates the loading, and the cryptographic verification, of all the modules underneath it. As long as the LV0 loader remains the way Sony wants it, you get to run only what Sony wants you to.


    Pirated games won't load, which is good for rights holders. But Linux, for example, won't run either, which is bad for you. Why shouldn't you run lawfully-acquired software of your choice on your own computer? [*]


    With the LV0 keys now published, you can - at least in theory - replace the LV0 loader and run whatever you like, because you can authorise your own custom firmware (CFW). The PS3's most-secret cat is out of the bag.

    well they were known to the hackerworld since long but the people working with them, didn't publish them and so it was 'safe'. But the group writing new software or workarounds for ps3 got bored with PS3 and wanted to move on to other stuff and one of these bored persons thought it would be cool to give the keys to the community and published them somewhere online.

    The Chinese hackers thought that was the greatest thing on earth and as they already had some experience with imitating other technology and luxury from the west, thought that they should build a new OS for PS3 on which all their pirated games would run without any problem, they had the keys anyway.

    This was all fine for the hackercommunity untill they started charging money for it, which was a bridge too far if you had gotten the information for free. So the keys were published in the wild for everyone to see.

    the only solution for PS3 - release a PS4 with a double boot, one for the normal system and one that would you let play android or other stuff

  • the importance of a DNS operator during fast-flux botnet (ddos) attacks (example .eu)

    In a report about the latest DDOS attacks against the US banks an analysis of the infrastructure that was used to set off the attacks shows that the servers had domainnames but used several IP addresses on different servers in different countries (fast flux).

    In this page from the analysis we see the domainextension .eu

    the only thing to do here is that the dns of .eu blackholes the specific domainnames (because of abuse) so that alle traffic from and to those domainnames falls dead (and doesn't reach its destination) because there is no dns resolution (it will take about 24h to get all the dns servers in the world synchronized)

    such a procedure exists and has already been used (I know I helped to set it up :)) in the past for the .be domainextension and in fact every dns operator should have such a procedure (and tell their clients that this is possible if they don't look after their site and are abused)


  • us bank under Iranian cyberattack ? have a big laugh

    You are reading big headlines about the US banks being under constant Iranian Cyberattacks of a kind that has not been seen before ?

      at the same time those fearmongers claim that this will undermine the public trust in the financial (digitalized) system and could hurt the US economy (and nobody wants that in a time of crisis)

    It makes me think about the articles about the almighty Al Quaida that could hit us anywhere anyhow anytime with every week new complex attacks against another part of our daily lifes by blowing up or disabling some part of the critical infrastructure (energy, water, food, banks, .....)

    what are the attacks all about ?

    They are about DDOS, only the level of traffic is 10 to 20 times higher than any other DDOS attacks seen before. But for the rest it is just a classical DDOS attack for which there are protections (buy them) and network redirections (implement them). But everybdoy thought that DDOS was for Casino's, creditcards and state agencies. So no

    what is the real danger ?

    well as Anonymous and Antisec has learnt us last year, some part of the infrastructure or defenses can break down and can be 'not hardened' enough when they restart automatically and can be bypassed and information can be stolen (while everybody else is working on keeping other services up)

    this hasn't happen they say

    but instead of crying fool and blame anyone else, pay the price for business continuity and get those DDOS protections in place (which also means having a federated system of hosting)

  • Anonymous is building a new wikileaks but they should rethink the concept

    Anonymous is everybody and nobody and it is a collective and a meeting of minds at the same time, so it fluid and the things that are right today or wrong tomorrow and alliances come and go or are dispersed

    the love relationship between wikileaks and Anonymous (the failed project to closed down wikileaks is in fact the start of the use of Anonymous as a global scream name for anybody who is angry about something (mostly leftwing or progressieve, alternative)) looks as if it is coming to an end

    as I have said here before, Assange is no angel and no movement or goal should depend anytime only a one or even a few individuals. Because humans are only humans and they will make mistakes or are capable to be less perfect that they are portrayed or believed to be

    and you don't have to read many books to understand that even if Assange has pulled off the Wikileaks project mostly by his leadership, he is also responsable for all the conflicts, drama and decisions that brought that project into big troubles (not leaking much about Russia or China being one of them)

    so when Wikileaks started to limit the publication of the millions of emails of the Syrian dictatorship they have received from Anonymous, the movement was already up in arms

    now Wikileaks is asking money to get access to its archive because they need money for their legal funds

    and now in Anonymous a group is working on developing an alternative

    Anonymous believes it to be unique as a disclosure platform, because “It will not be deployed on a static server. TYLER will be P2P encrypted software, in which every function of a disclosure platform will be handled and shared by everyone who downloads and deploys the software. In theory, this makes it sort of like BitCoin or other P2P platforms in that there is virtually no way to attack it or shut it down. It would also obviously be thoroughly decentralized.”

    there are a few problems with that

    * bitcoin has been hacked several times so security and quality of code is not guaranteed

    * P2P means that everybody who uploads documents will also keep a copy of the encryption key that will be proof of his involvement (and will be used by the prosecution in a dictatorship) while Wikileaks had several totally anonymous methods to upload or send documents or data

    * how do you proof that it is real data and not some dummies or provocations or falsifications

    take the two problems together and you have a big problem

    I understand the intention, that is that nobody has the key so no one soul can close the door or change the key or decide alone about what is in the locker, but you can also distribute this key to hundreds or thousands of individuals and organisations around the world independently of the uploaders and leakers who can stay anonymously. And as long as not everybody has decided to stop or close the system, the system can't be stopped or closed (if the documents are going to be available through several means)

    they could also be used to add commentary and to put dummy alarms on data

  • yeah I am back - but you don't have to watch your back because I

    don't hack myself

    just report on them

    and yes political campaigning is hard and intensive - even if you aren't yourself a candidate

    but yes we have made it

    for the first time in the history of the city of Ostend a woman has the second most important elected position after the mayor 

    the glass ceiling has been broken

    and now back to what is broken in the virtual world

    (yes since my personal 'troubles' i have decided to concentrate on one big  thing at the time because you can't do many things at the same time)

    so watch out for this space

    big things are coming

    (and I have nothing to do with them)

  • Anonymous hacks Italian State police servers and finds.... personal porn

    Hacker upload some sample folder which contains assorted material from the archives, like details about wiretaps from Telecom Italia and confidential technical information about interception devices. Information taken from state police servers and portals include police reports, mobile phone numbers, personal email, information on salaries, and soft-porn pictures, complete archive of more than 3500 private documents.

    well in that link is also the information about the torrent to download the whole stuff

    not really the whole because in june 2011 they have said they got hold of 3500 giga of documents (how can you download 3 terra of data without anything or anyone seeing it ?)

    what does that mean ?

    that all that information is compromised and that future trials are in danger, that the personal security of a number of police and undercover agents and informants in a mobridden country are at risk (and that they and their families will need new identities, sometimes will have to move and so on) and that ongoing investigations are at risk

    but maybe they have already indexed all the data that were gone in june 2011 and during the past year they have taken all the legal and practical measures to limit the damage.

    and that the security of these servers is bullshit (somebody ought to get fired and sued)

    the only way to secure access to a server is by a token (if you don't have the token or any other second access authentification) you don't have access

    forget passwords, passwords are the last part of the authentification process, not the first and only

    you didn't marry the first girl you have met, so why accept the first authentification method as the right one ?

  • privacycommission and belgian parliamentarian want Belgian breach notification law after Rex Mundi announcement

    After the announcement of the hack of a Belgian firm with half a million members by rex mundi on twitter last week the privacycommission and the Belgian parliament are coming into action

    tired of waiting on the valuable but heavily counterlobbied effort by the European Commission for an European Data Breach Notification Directive - of which rumours say that it could take 2 to 6 years to implement - some Belgian Parliamentarians like Roel Deseyn want now to implement Belgian law that later can be adapted to the European Directive if necessary.

    the hack of a database of half a million belgians of which only a few people now what really happened (I don't know what really happened) may be the trigger to get the Belgian parliament and the government maybe moving very fast

    half a million data is off course a 'big one', the one that would lead to chaos if half a million people would have to change their password, sometimes their emailaddress, telephone numbers and so on

    the question is if we are prepared to treat a 'big one' just as we prepare for a big nuclear disaster, a food crisis, a big fire or accident and what if we have a big data leakage, who will be responsable

  • IEEE is breached and a hacker has all the 100.000 passwords

    IEEE suffered a data breach which I discovered on September 18 (UPDATE: the breach is now confirmed). For a few days I was uncertain what to do with the information and the data. On September 24, I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100,000 compromised users are Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places. I did not and will not make the raw data available to anyone else.

    so what does this say

    that they left the logins (login and password) unencrypted in the logs of the access to the site and didn't hash the logs or stock them away somewhere else to archive

    that European and American privacyregulations and laws have been breached

    that someone has the files on his or her computer and nobody can guarantee what he will or won't do with them

    the passwords give access to researchers all over the world of the biggest military, scientific and industrial networks

    in those networks, researchers are the ones that are the least preoccupied with security (free flow of information and all that)

  • Oplichtingsemails voor ING (banken sturen niet dergelijke emails - hoop ik)

    Veiligheidsupdate Home Banking / ING

    Marnixlaan 24, 1000 Brussel - 26-09-2012

    Sinds woensdag 25 Augustus 2012 werken wij met een nieuw beveiligingssysteem.

    Dit nieuwe systeem zorgt ervoor dat er geen misbruik kan worden gemaakt van uw rekening door bijvoorbeeld kwaadwillende software of een virus dat zich ongemerkt op uw computer heeft geïnstalleerd.

    Om ervoor te zorgen dat ook uw rekening wordt beveiligd door ons nieuw systeem,

    verzoeken wij u hieronder eenmalig de hyperlink te volgen om vervolgens uw gegevens te verifiëren.

    Zodra u dit heeft gedaan, zullen wij contact met u opnemen en stappen doornemen om uw account te updaten met onze nieuwe beveiligingssoftware.

    Klik hier om uw gegevens te verifiëren

    Bedankt voor uw medewerking

    Met vriendelijke groet,

    ING België

  • European Commission abuses online antiterrorism to propose to control everything from all of us (leaked document)

    A leaked document from the CleanIT project shows just how far internal discussions in that initiative have drifted away from its publicly stated aims, as well as the most fundamental legal rules that underpin European democracy and the rule of law.

    The European Commission-funded CleanIT project claims that it wants to fight terrorism through voluntary self-regulatory measures that defends the rule of law.

    The initial meetings of the initiative, with their directionless and ill-informed discussions about doing “something” to solve unidentified online “terrorist” problems were mainly attended by filtering companies, who saw an interesting business opportunity. Their work has paid off, with numerous proposals for filtering by companies and governments, proposals for liability in case sufficiently intrusive filtering is not used, and calls for increased funding by governments of new filtering technologies.

    The leaked document contradicts a letter sent from CleanIT Coordinator But Klaasen to Dutch NGO Bits of Freedom in April of this year, which explained that the project would first identify problems before making policy proposals. The promise to defend the rule of law has been abandoned. There appears never to have been a plan to identify a specific problem to be solved – instead the initiative has become little more than a protection racket (use filtering or be held liable for terrorist offences) for the online security industry.

    The proposals urge Internet companies to ban unwelcome activity through their terms of service, but advise that these “should not be very detailed”. This already widespread approach results, for example, in Microsoft (as a wholly typical example of current industry practice) having terms of service that would ban pictures of the always trouserless Donald Duck as potential pornography (“depicts nudity of any sort ... in non-human forms such as cartoons”). The leaked paper also contradicts the assertion in the letter that the project “does not aim to restrict behaviour that is not forbidden by law” - the whole point of prohibiting content in terms of service that is theoretically prohibited by law, is to permit extra-judicial vigilantism by private companies, otherwise the democratically justified law would be enough. Worse, the only way for a company to be sure of banning everything that is banned by law, is to use terms that are more broad, less well defined and less predictable than real law.

    Moving still further into the realm of the absurd, the leaked document proposes the use of terms of service to remove content “which is fully legal”... although this is up to the “ethical or business” priorities of the company in question what they remove. In other words, if Donald Duck is displeasing to the police, they would welcome, but don't explicitly demand, ISPs banning his behaviour in their terms of service. Cooperative ISPs would then be rewarded by being prioritised in state-funded calls for tender.

    CleanIT (terrorism), financed by DG Home Affairs of the European Commission is duplicating much of the work of the CEO Coalition (child protection), which is financed by DG Communications Networks of the European Commission. Both are, independently and without coordination, developing policies on issues such as reporting buttons and flagging of possibly illegal material. Both CleanIT and the CEO Coalition are duplicating each other's work on creating “voluntary” rules for notification and removal of possibly illegal content and are jointly duplicating the evidence-based policy work being done by DG Internal Market of the European Commission, which recently completed a consultation on this subject. Both have also been discussing upload filtering, to monitor all content being put online by European citizens.

    CleanIT wants binding engagements from internet companies to carry out surveillance, to block and to filter (albeit only at “end user” - meaning local network - level). It wants a network of trusted online informants and, contrary to everything that they have ever said, they also want new, stricter legislation from Member States.

    Unsurprisingly, in EDRi's discussions with both law enforcement agencies and industry about CleanIT, the word that appears with most frequency is “incompetence”.

    The document linked below is distributed to participants on a “need to know” basis – we are sharing the document because citizens need to know what is being proposed.

    Key measures being proposed:

    • Removal of any legislation preventing filtering/surveillance of employees' Internet connections
    • Law enforcement authorities should be able to have content removed “without following the more labour-intensive and formal procedures for 'notice and action'”
    • “Knowingly” providing links to “terrorist content” (the draft does not refer to content which has been ruled to be illegal by a court, but undefined “terrorist content” in general) will be an offence “just like” the terrorist
    • Legal underpinning of “real name” rules to prevent anonymous use of online services
    • ISPs to be held liable for not making “reasonable” efforts to use technological surveillance to identify (undefined) “terrorist” use of the Internet
    • Companies providing end-user filtering systems and their customers should be liable for failing to report “illegal” activity identified by the filter
    • Customers should also be held liable for “knowingly” sending a report of content which is not illegal
    • Governments should use the helpfulness of ISPs as a criterion for awarding public contracts
    • The proposal on blocking lists contradict each other, on the one hand providing comprehensive details for each piece of illegal content and judicial references, but then saying that the owner can appeal (although if there was already a judicial ruling, the legal process would already have been at an end) and that filtering such be based on the “output” of the proposed content regulation body, the “European Advisory Foundation”
    • Blocking or “warning” systems should be implemented by social media platforms – somehow it will be both illegal to provide (undefined) “Internet services” to “terrorist persons” and legal to knowingly provide access to illegal content, while “warning” the end-user that they are accessing illegal content
    • The anonymity of individuals reporting (possibly) illegal content must be preserved... yet their IP address must be logged to permit them to be prosecuted if it is suspected that they are reporting legal content deliberately and to permit reliable informants' reports to be processed more quickly
    • Companies should implement upload filters to monitor uploaded content to make sure that content that is removed – or content that is similar to what is removed – is not re-uploaded
    • It proposes that content should not be removed in all cases but “blocked” (i.e. make inaccessible by the hosting provider – not “blocked” in the access provider sense) and, in other cases, left available online but with the domain name removed.  (leaked documents)

  • My take on Anonymous and Lulzsec

    it seems I have to clarify or repeat this

    1. THere is no one Anonymous, Anonymous is a platform, a shouting name for a whole bunch of different groups, individuals, causes and actions with their own agenda but who would never get the same attention if they did it on their own, so in this way every activist is in some part Anonymous but at the same time he or she is not part of all the different actions that are done in name of Anonymous. But that doesn't make them hackers.

    2. Anonymous has a crappy ideology. This is what I said from the beginning. We are not one and united, we are all different and we have all different ideas, objectives and strategies and methods. So saying that we are one doesn't wash all these differences away. I like the Occupy movement more than Anonymous because it is more ideological and more clear. But that doesn't make me a hacker.

    3. Anonymous is evolving and changing all the time. If you see for example how Lulzsec (a police operation in the end) and Anonymous moved (or the discussion about the black block) than you can't stay that their relationship was clear and permanent. If you want to continue to understand the movement in movement, you have to continue to follow it up.

    4. I am an activist for the cybercauses so I follow them and a lot of other causes and as a newsjunkie I rassemble data, links, information and publications

    5. Also it is sometimes too much hype and boasting about itself and it sometimes loses all sense of critical thinking, just storming forward like a mob or a bunch of herds

    I don't need Anonymous here. I don't see the need for Anonymous here. I don't approve of the hacking by the Belgian Anonymous (the factory is still being planned to close)

    What we do need in reality is less hype about Anonymous and more digital actions about privacy, security and liberty in our Belgian society and on the web.