09/12/2011

leaks : the different kinds of pastebin.com leaks (or other paste-sites)

the full cleartext accounts : here you will find a list of emailaddress and the passwords and sometimes they place the sites were they have found it.

the specific cleartext accounts : these are the specific accounts for different specific webservices and (sometimes illegal or pornographic) websites for some people or some specific infrastructure (acces to networks or infrastructure)

the hashed or encrypted accounts : here you will need to work a bit but sometimes the resulted accounts are als published a bit later

the spamlistings : these are listings (sometimes from specific websites) of all the passwords they have found and that seem to be working

the passwords : the only use of publishing only the passwords is to enrich your passwordlisting that you are using to bruteforce

the infrastructure : here you will find all the necessary information about a website or server (dns, ports, people responsable) sometimes mixed with the most recent exploits

the targeted person (or doxing) is a collection of personal information about somebody that has been found on the internet, the mobile number being the most precious, although this doesn't mean it is correct

Permalink | |  Print |  Facebook | | | | Pin it! |

local websites or domainnames do not mean decentralised infrastructure

the microsoft website in Bosnia, numerous local Israeli websites of international companies, pandasecurity in Pakistan and hundreds of others have been hacked, penetrated, defaced or injected

the damage to their image may have been worldwide and general

the possibilities of penetrating the local website and network and arriving at finding some links or passwords for the general kingdom are never to be neglected

so what went wrong ?

confusion

it is not because you buy domain names all over the world that you have to set up websites all over the world using different local partners who can't always give you enough professionalism in the short run and during maintenance and upgrades

it is not because you set up websites in different languages and for different publics that they have to be hosted on other platforms, made by different service provider or under their supervision and be less secured

it is not because you are setting up local websites with their own domainnames that they don't have to be checked by the international and local security officer

this is the big confusion

a tip : this is why I like the *.in domainextension   apple.in/country   apple.in/language  apple.in/format (one server, one format, one service provider,  and so on.....

the only thing that you have to be sure of is that there is always somewhere a team of securitypeople and webmasters ready to help the 'locals' update their stuff (whatever the time) but that can also be centralized

security is about control and isolation

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgian emergency communication network saved from crumbling financial dexia linked holding

The 'Communal Holding' is an historic holding for the different cities in Belgium who had a participation in the public 'Gemeentekrediet' (Communal Credit) before its semi-privatisation into Dexia (who thought it would conquer the world and went on a buying spree and is now not only losing big on the stockmarket but also desperately trying to sell all those 'big worldwide projects' as fast as possible).

The Communcal holding was (ab)used by the government to finance the installation of a new emergency communication network for the different police, firefighter, hospital and other emergencyservices. It was the only network that was still in the air when last month there was a disaster at pukkelpop and the other mobile networks went down for hours.

But as the shareprice of Dexia is sliding to the 1 Euro mark not only the federal government (who gave a lot of money so it wouldn't collapse at a far too high shareprice) but also the cities and a lot of other semi-private-public institutions are beginning to come into trouble because of the chaos at Dexia (the CEO resigned last week). The reason is that many used their Dexia stock as warrant or guarantee for loans and investments.

so the Commonual holding should have gone broke today if the government didn't intervene

* the federal government has bought the stock of Communal holding into Astrid so the public-private partnership can continue to operate

* Communal holding is re-financed so that it cal also continue its existence.... for a while

the main problem is at Dexia and that hasn't been treated adequately, even if a former prime minister is now a manager there but with speculation getting more intense and trust disappearing they are losing time quickly

as you can read elsewhere in the international business press and blogs, we have 2 big banks that could get into trouble

but whatever happens, the operations of the emergency communication network have been secured

it should never have been semi-privatized anyhow

Permalink | |  Print |  Facebook | | | | Pin it! |

#globalsign the three levels of investigation after a breach

after a breach and the close down you start with

investigation : you get all the possible proof together and you try to find out what happened and you assemble as many proof and indications as you can 

after you are more or less 100% sure that you won't find anything new and you know what happened and have started to do to necessary changes you set up the

Verification : you verify after the changes that there are no hacks or vulnerabilities or backdoors left and you verify that the version that will be online will be exactly the one that should be online and that processes go as intended

after you have verified this and you are more or less 100% sure that everything is now more or less as it should be and that you are ready for production, you go over to the next phase

Monitoring : you set everything in high monitoring (meaning that you keep logs of everything you may need logs for) and you set PEOPLE before the screens and the additional analysis tools to have a very attentive look (surely for some weeks after the incidents)

If they find something that doesn't look normal they VERIFY (they ask some-one trustworthy what is happening and why they see this kind of traffic or transaction) and if there is no answer or real explanation they seperate the process and start to Investigate (getting the logs, eventually halting a process, calling people)

this is the process in which you have to invest (in products like tripwire for example and in resources (and walls of screens for those eyes))

if you want trust, you should be able to say, we control everything and with slightest doubt we Verify and if that isn't possible we investigate and only afterwards we DECIDE. There is no machine deciding on itself (or forced to by the penetrator)

Permalink | |  Print |  Facebook | | | | Pin it! |

#globalsign : it is the securityminded people who saved the day

one of the differences between globalsign and diginotar now shows that it is the thing that saved the day - and their business

diginotar was set up by lawyers and people who played a bit with the internet but didn't understand even the basic necessities and standards of online security (their wifi was wide open for starters and they were hacked during 2 years without noticing)

globalsign was born from Ubizen (it is based on the same campus) and the people who founded it in Belgium and still work there have grown up in the internetbusiness with security from morning till evening (and a real securitymind never really sleeps)

* keeping a Berlin wall between production and presentation (and don't let Marketing bring that wall down)

* keeping the really businesscritical stuff totally offline and if possible undigital

so some of the things that you will read now about what was happened and why some things that happened with others didn't happen here have everything to do with the most fundamental reflexes a securitymind has and some of the things that happened (hacking the webserver) has everything to do with the fact that sometimes in an organisation you don't win every argument always and at the time you think it isn't important because you have set up the most fundamental barriers between the unimportant marketingcrap (who says they can't bring in new business without their glitter flashy stuff) and the securitypeople (who say everything from a to z have to be secure if you are selling 'virtual trust').

the same battle is now waging in many rooms between the marketing people who want to do mobile banking, payments and identification "because everyone else does it" and the securitypeople who say that is totally nuts because there is no securityprotocol, no securityforum and no cert to handle incidents (the Belgian cert is NOT responsable for Mobile hacking and malware for the moment and will need more resources if they have to add that for starters)

so maybe now in many enterprises and projects the securitypeople have a question they can pose to the other people at the table : do you want to be diginotar or Globalsign, with other words do you want to go down after a breach or be able to show that your business processes were still intact and go on with your business a week later

to be safe and survive or to be flashy and totally vulnerable

that is the real question many businesses are faced with nowadays (even linux.com)

Permalink | |  Print |  Facebook | | | | Pin it! |

dns hacking : control the most important webconnections for a whole Island

they had access to a very important Dns server and could change all the traffic for the following sites in Guadeloupe (GP)

http://www.google.gp/
http://www.google.com.gp/
http://www.google.net.gp/
http://microsoft.gp/
http://internet.gp/
http://motorola.gp/
http://orange.gp/
http://www.oracle.gp/
http://opera.gp/
http://ubuntu.gp/
http://yahoo.gp/
http://www.facebook.gp/
http://www.youtube.gp/
http://www.bing.gp/
http://www.joomla.gp/
http://www.myspace.gp/
http://www.ciscosystems.gp/
http://www.googleplus.gp/
http://www.gmail.gp/
http://live.gp/
http://bankamerica.gp/

to a defacement declaration page somewhere else during some time (luckily it was ONLY that - they could also have proxied all the logins which would make it a chaos today because all the people who would have used these services during the hack would have to change their logins at least)

imagine that they would have dumped these logins on the net as have happened 5 million times already the last months

but it shows again that

* control over the dns for a country, Isp, hoster, domainextension is the most critical thing one can imagine and should be done with the adequate attention and resources

* that if there are to be new domainextensions, the way they will be handling the security of their dns should be one of the 'make or break' conditions

* dnssec is the only way to go forward fast - surely between trusted, important and transactional websites (maybe hosters, domainextension managers and other webservices can place those important websites on other dns server that have permanent monitoring, high quality security and so on)

if you are in thirdworld country and you aren't obliged to use the local domains, why do so.....

Permalink | |  Print |  Facebook | | | | Pin it! |

#huawai : is it a chinese trojan horse intercepting internet traffic worldwide, some think

Huawei. This Chinese company is a major telecom company though out the world that nobody has ever heard of the quite, shy company type. They provide backbone infrastructure equipment for the Internet and Cell technology industry. But they have a few problems with the U.S.

  • Their head guy who created the company is: Ren Zhengfei — Huawei’s chief executive, Ren, according to a news release. The Chinese executive is a former leader in the (PLA) People’s Liberation Army who helped oversee the Chinese military’s telecom intelligence in the 1980s, according to a Rand report.
  • Three times since 2008, a U.S. government security panel has blocked Huawei from acquiring or partnering with U.S. companies because of concerns that secrets could be leaked to China’s government or military.
  • In 2005, a Rand report questioned Huawei’sdeep ties with the Chinese military, which serves a multi-faceted role as an important customer, as well as Huawei’s political patron and research and development partner.”
  • In late 2009, The Post reported, the NSA- National Security Agency privately urged senior executives of AT&T not to purchase Huawei equipment for a planned phone network.
  • Michael Wessel, a former Democratic aide who is a member of a bipartisan congressional advisory panel that unanimously agreed that Huawei posed a cyber-security risk to the United States
  • Huawei spokesman William Plummer said the company helps sustain thousands of U.S. jobs, and purchased $6.1 billion in U.S. goods in 2010. In an open letter to the U.S. government, Huawei called the claims of ongoing military ties “falsehoods.”
  • Eight Republican senators, including Jon Kyl of Arizona and Richard Shelby of Alabama, urged the Obama administration to investigate Huawei’s effort to sell equipment to upgrade Sprint Nextel’s mobile network. They argued that Huawei’s involvement “could create substantial risk for U.S. companies and possibly undermine U.S. national security.” The Committee on Foreign Investment rejected Huawei’s partnership with Sprint later that year.
  • In 2008, the Committee on Foreign Investment in the United States, a multi-agency government panel, blocked Huawei’s plan to buy 3Com.

A DHS spokesman testified to congress that we might have electronic devices with hardwired backdoor to allow spying on our digital infrastructure by foreign Nation. He did not say China, but it was implied. Now lets take a look at the last 2 bullets points. China wanted Sprint and 3Com. These two (2) are the biggest in the telecomm space in America. If these tainted components were to get installed China would be able to see everything on the Internet, and they didn’t even have to hack a website to do it.

http://uscyberlabs.com/blog

may this be a lesson for those absolute freetrade advocates

not everything shines that blinks and if you want to internet to continue shining you must have some transparancy and that is a word that the Chinese can't give you (off course not, they are a dictatorship, rich but still a dictatorship)

Permalink | |  Print |  Facebook | | | | Pin it! |

#globalsign : keep your most business critical stuff OFFLINE (as they did)

Globalsign kept the digital masterkey OFFLINE

this means that you would have to steal it to get it

and that nobody could make domains for the whole internet as they did with Diginotar

it was something that they also didn't do with the secure-ID at Rsa

they didn't because they couldn't guarantee that there was no chance that the key wasn't compromised, which meant that you could find it on one of their servers connected to the rest of the network

so this means in fact that they were keeping the one file that was their core business existence and that was the key to everything they have made and wanted to make not only in digital format but also online and connected

that is an enormous risk to take

keeping such stuff offiline is the only secure way to do it (yes, eventually on three places in three continents and so on)

this is the same as for absolute secrets : never write it down if you want it to cease being a secret sometimes in the future

Permalink | |  Print |  Facebook | | | | Pin it! |

#globalsign : do you really need that kind of website for a critical service ?

this is a really difficult question

at one side you want to follow the marketing people who are crying that they need facebook, twitter, flash, interactivity and all kinds of coding and that in one or numerous places and if they would have it their way directly connected to their backoffice so their clients could have it all securely

at the other side you are a critical service and you have the obligation to lower your risks and to concentrate your attention on your core-business without investing thousands in patching and following all the vulnerabilities and risks that come with the beautiful marketing package

you can find a compromise - you think - by seperating the two environments but that will have be done in such way that even in an unguarded moment it will not be possible to jump from the presentation environment to the production environment and surely not to the core business

but even that compromise - as praciticed by Globalsign - is not without danger to the reputation of your core business because any leak and problem with your presentation sites will be presented as if it is linked to your production environment (even if you state every second and can proof that this is not the case)

but the marketing people are sometimes very difficult

they do not understand that they can't market a trust-security related business only with an online presence that is in itself totally secured and trusted - even if this means that you have no flash, java and a bunch of other beautiful and interactive functions on your website(s)

if you want to keep it secure, keep it simple and throw everything you really don't need, out of your balloon (it is only ballast keeping you down)

simple html pages with all the info you need are just as good if it is easy for surfers to find their way and you don't need searchforms, flash or java to do that

and you can state on your website

we made it more simple to secure it even better and inform you even more with less risks

let the others take the risks (now or in a few months)

Permalink | |  Print |  Facebook | | | | Pin it! |

09/09/2011

greece on the brink (really)

Greece is now facing the critical possibility of shortage of funds to meet the basic needs of the state, causing intense fear within the government, which prepares scenarios of gradual suspension/postponement of payments in order to ensure sufficient funds for salaries and pensions.
http://english.capital.gr/News.asp?id=1278280

European leadership ?

where when how what  who

the boat has no captain or too many captains which is the same

by the way it would cost the Belgian banks enormous lots of money

after the Us bank crisis it became clear that if they would have saved the failing banks at the moment it would have cost them 1% of what the banking crisis that erupted immediately afterwards have cost us

we should learn from that

we don't have the capacity nor the leadership to take the decisions that would be needed if we let Greece go broke - they are on the brink now (this is today) - and the crisis of trust and confidence would spread across the other failing debtors and those without a government and those that have a government but that doesn't really function

the banking crisis will look like a holiday when that would be over....

but where is the sense of urgency in Europe ?

Permalink | |  Print |  Facebook | | | | Pin it! |

update your browsers everyday automaticcally

I know it is a pain in the ass

you had for exemple all these functions and add-ons and there is another browser update and it is gone

but the browsers are in the forefront of the internet threats

and from open-minded it is all your own damn fault attitude they are changing to 'I will do everything in my power to protect you from malware' attitude

most of the attacks or possible attacks they want to attack you from are even not known or publicized or are jus things to make it work better

so it means that browsers are updating at an ever increasing rate and it is best if you install your browser so that before it launches on the internet it controls for an update and installs the update, this way you will always be protected against the latest threats

an maybe in some months or years from here, they will have closed all the wholes, found all the bugs and stabilized all the code and halted nearly all the attacks, but for now you are in a bumpy ride but you can still go on the internet in an every time better security-environment (from the browser perspective)

the things I would like to see in the browser are

* the sandbox intercepting everything that is downloaded and installed from the internet in a seperate folder

* the self-defending posture (when it feels it is beeing scanned or pushed around too hard, it turns off a certain number of interactive functions - unless you re-activate them)

* the double browser (the one for your computerfiles and a different (posture) one for the internet without any connection

Permalink | |  Print |  Facebook | | | | Pin it! |

#diginotar #globalsign 16th september D-Day for all certificate authorities

for the moment there are hundreds of them - businesses who claim that they can give a certificate to anyone about anyone (printing their money in fact)

no industry or economy can exist when everybody can print its own money and than has to proof to everyone that his money is really worth something

compare it with our identity in the real world

it is the state who gives you - based upon records - a card that states that you are who you say you are and people trust that card because it has been given by the state (enough). Imagine that everyone may start making passports.

in the present internetworld it is impossible to establish a seperate certificate authority for each country (and this wouldn't mean it would be more safe because some countries don't even have a state to speak of or one that you can't trust or where the records are something that has to be made up yet or is not even worth the paper it uses)

so we will be stuck with the few big Certificate Authorities and the hundreds of smaller operations who claim they are one. They will have to give you that proof that you are on the web who you say you are and that your business is really on that server and that the server in question belongs really to the hoster where you say it is (and not on a hacked server in russia for example)

the problem today is that the big brothers and sisters (the top 5 or 10 of the CA, the business leaders) don't talk enough with each other and are more afraid of each other than they should be. They should understand however that they (the big ones) are the first who will get much more business when the whole CA sector will have to implement stricter procedures, will be audited and when the sector will have to pay for a whole set of cooperative organisations who will be responsable for for example tracking the security threats and incidents, do the anonymized cross-checking of their certificates (to verify that they correspond to the rules and have the same quality of information and that there are no dubious doubles) and will safeguard the necessary technical information about the installations so that the CA's don't have to publicize that precious information themselves to all of you (including the hackers who love that kind of information)

the big brothers and sisters of the CA industry should meet soon and should talk like the creditcard companies did when fraud was becoming a direct threat to their online-business and even the trust in their creditcards themselves. They established the PCI which is not perfect but it is a beginning and the CA has for the moment nothing of a kind.

this meeting between the big CA's will be highlevel poker and it will be difficult to have some level of trust between them but they have an unique once-in-a-lifetime opportunity to establish themselves as the main powerbase of the certificate business who can be trusted because they have the same stringent security and controlprocedures and because they have established organisations for their member-CA's for coordinating the new and permanent security threats. 

It will cost money to comply and to become member and to be certified (and to able for example to participate in offers from public instances and big corporations) but the result will be that the small businesses who thought that it was a way to earn money without investing much it will be the end of their amateuristic CA existence. Their security cost will be higher than their revenue because their certificates are too cheap or because they sell too few of them or they don't have the additional business services that make the real big money roll in. And even if they continue to exist there will come a day that browsers will refuse their certificates as automatically trusted or that securitywarnings will pop-up because the CA is not certified as secure, which would make their certificates worthless.

It will also make it much more difficult for

* webservices to use their own home-made certificates for free or to make only certificates for the domains and not for their subdomains, for the programcode but not the add-ons, for the website but not the forms on it and so on.  In fact home-made certificates will be killed by the browsers and the insecurity instincts that after the latest incidents have been created with the public

* hosters and other businesses who were selling their own certificates as some side-kick will understand quickly that the costs will continue to increase while their risks have increased enormously because they will be the lower hanging attractive fruit for the hackers. They will understand that they can do it more easily by allying themselves with one of the big CA's without having to install expensive hardware and software on their own network - (it can all be done through seperated lines and infrastructure which is encrypted from end to end and which is seperated with the other internal processes from the CA providers where a manual control or audit transfers the demands for certificates from the external environment to the internal one).

An advantage for the big CA's will be that they can have local offices in many countries so that it will be easier and cheaper to double-check the authenticity of information and to develop even more personalised certified information services. I want to buy something online but I want to know if that firm really exists ? Who are you gonna call ? If they have for example an Ebay-seller-certificate it would be easier (just one example of new business that could be developed).

the 16th september all the CA businesses will have to respond to a whole list of questions from Firefox who wants more guarantees

the one remark I totally agree with is that certificates for important international webservices like Google and facebook should never NEVER been given by ANY machine and should always be controlled manually.

I would even go a bit further and would say that this should also be the case for domainnames. Domainnames with trademarked names of important webservices and financial services in it should never, under no excuse whatsoever be used except if it is totally clear that it is not a business site. (like for example Ihatevisa.com or mastercardsucks.com but for examply mymastercard.bz should always be under the control of mastercard)

this would make it for phishers a bit more difficult and re-enforce trust but I agree that this is another matter

meanwhile I would like to hope that the big CA's will meet soon and take some hard but necessary decisions that may change the future of the internet and re-establish trust, because honestly, are those hundred trusted certificate rootservices equal and should they all be trusted equally. After reading the Diginotar report it is clear that this is absolutely not the case.

Permalink | |  Print |  Facebook | | | | Pin it! |

9/11 anniversary under increasing high tension

it was to be foreseen that the year that Bin Laden has been killed and numerous other Al Qaida operatives and leaders have been arrested or killed some-one somewhere would get the idea to do something on the day of the 10th anniversary (that makes a splash in all media around the world) of the attack

an Icarus attack because it led to the downfall of Al Qaida in the end

now specific terorist threats are being investigated in the Us and in Berlin

in Belgium, capital of Europe, there will be more police on the street and as the tension is increasing in the anti-terrorist community (and as more details become known about the failed plot in Berlin) more (secret) actions may be put in place in and around our capital and other strategic places

it is a perfect day for a lone wolf  (or two of them) because it is

* an anniversary of a terrorist attack that will go into history (most other recent attacks are already more or less forgotten because they didn't change the course of history and the way the world is)

* an enormous media attention so that any attack will have an enormous media fall-out, millions of times even the impact of the attack itself

so he too, will be famous for the rest of the history of 9-11 instead of some attack that is already more or less forgotten

for critical installations and businesses it problably means that the physical securitypeople will work throughout the weekend in high alert

and if nothing happens, it was a good yearly exercise to be sure that everything is still as it should be and that nothing has been forgotten or overseen which would give that minute of opportunity to any physical attack (terrorism, vandalism, theft, social engineering, political activism,....)

and take time-zones into account, 9-11 has the same meaning around the whole world, do NOT take only your central time-zone into account

Permalink | |  Print |  Facebook | | | | Pin it! |

Msn total outage : the cloud is in the .... fog

cloud blbablablabla outsourcing blablabla buzz blablabla keywords blablabla always available blablabla

and than happens this (after for example the Amazon outage)

"At the time of writing, 9pm PT, all msn websites around the world are down and have been since around 8.30pm PT. These include Microsoft services such as Hotmail, Office 365 and SkyDrive.

A post on msn’s Twitter feed at 8.50pm PT said, “We’re currently experiencing an outage at www.msn.com We’re aware of the issue and working to resolve it. Thanks for your patience.”

In response to a tweet from someone complaining that they couldn’t access their Hotmail account, msn tweeted: “It’s totally inconvenient and we’re working to resolve it as fast as we can. sorry about this.” The cause of the outage is not immediately known.

UPDATE: A tweet from msn at 9.05pm PT said the company isn’t sure what the cause of the outage is and promised to tweet when it found out. “We’re working to find out why. this is an unusually long outage for us. sorry,” said another Twitter post from the company.

UPDATE 2: Hotmail appears to be working again, as of 9.30pm PT. However, the company is still working on other msn websites. This is a pretty long outage. Everyone ready for the cloud then?

UPDATE 3: Tweet from msn at 10.05pm PT: “we’ve had a global outage and things are slowly coming back online. Very sorry for the inconvenience.” The reason is still unknown, with msn saying it could “take hours to determine the root issue.”
http://www.digitaltrends.com/web/msn-com-down-including-h...

so the cloud was

* everything always available from everywhere under all circumstances (because no single point of failure)

* de- and relocation, failover, standby, virtualisation, deduplication, loadbalancing blablablablabla

but if you look at it, the cloud is just another word for

* servers, hardware, routers, and contracts for them

* procedures, backups and tests and humans and upgrades and coordination

* electricity and fires and telephones and lines and networks and natural disasters

very practical back to earth things that have to be done and followed up, each one of them

forget one and your cloud is in the .... fog

Permalink | |  Print |  Facebook | | | | Pin it! |

shoot this skynet drone cracker-attacker down

Adapted from a $300 Parrot AR.Drone quadricopter, the SkyNET drone has been constructed by a group of scientists at the Stevens Institute of Technology. The Terminator-inspired machine is equipped with an injection-enabled Wi-Fi card that has the ability to scan, attack, record and join Wi-Fi networks in the area. A second Wi-Fi card communicated with an Ad-hoc wireless network to receive drone commands. The drone contains an extremely light single board computer using the Linux operating system. The drone is also outfitted with a 3G connection for flight operation as well as a GPS receiver to transmit latitude, longitude, and altitude. The GPS receiver also allows for a predetermined flight plan to be programmed before takeoff. 
http://news.yahoo.com/skynet-arrived-crack-wi-fi-network-...

It can even attack towers from the wireless companies to intercept conversations.

This is cyberwar.

Make this illegal.

or we have to go back to ..... cable.

but if you want to be really secure you use cable, don't you ?

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgian Federal Crime Unit wants international antibotnet cooperation

Luc Beirens the head of the Belgian Federal Crime Unit and a passionate and convinced warrior (to protect the innocent) wants more international cooperation against botnets

last year they have found and downed 70 command and controlservers for botnets on the Belgian networks

Most of them were for Koobface (a virus on Facebook and against which Facebook is not doing enough in my view)

in some countries there are special units who only hunt down permanently command and controlservers (Japan) and in other countries they have special sweep days (in which the whole day every unit of the national network is dedicated to bring down a list of malware servers and infected computers without being interrupted by other work), other Isp (UK) have sent special warnings to users who seem to be infected and downed themselves infected servers (based upon a number of indicators and sources)

we could do all or some of these things

anything forward is a good step forward

we are a small country so with a little effort we can do enormous things fast

Permalink | |  Print |  Facebook | | | | Pin it! |

globalsign will restart some businessprocesses starting monday

read this clearly

they are talking about some services and probably that will be done under high supervision - so that will mean that services can be closed again or certificates can take longer or will need other passwords, other proof or other entrances... so please have patience as very complicated and strigent audits and monitor and control processes are added or changed

 

Update from #GlobalSign. We will start bringing services back online on Monday. We have already stated that we deem this to be an industry wide threat due to the mention of multiple CAs. We are adopting a high threat approach to bringing services back online and we are working with a number of organisations to audit the process of bringing the services back online. We apologise again for the delay.

We would like to take the opportunity to explain that the GlobalSign CA root was created offline, and always has been offline. Any claim of the Comodohacker to holding a private key does not refer to the GlobalSign offline root CA. The investigation also continues.

Permalink | |  Print |  Facebook | | | | Pin it! |

09/08/2011

#globalsign update

there is no risk for the Belgian EID infrastructure whatever happens

but there is for the moment with what is known today only a minimal risk that such a plan should be put in motion

because there are - for the moment but awaiting confirmation - no certificates of Globalsign stolen or made

there is no CA database or BIG database or cache stolen, there is maybe somewhere somehow some server somewhat penetrated and downloaded but we have to wait the report to be sure what it specificcally was

there is nothing extra-ordinary about a key that gives absolute access or something spooky like that

stick to the facts and don't try to pannick, wait for the facts and don't try to speculate

for the rest are we awaiting more news from the COMODOhacker and mostly about the others he says he owns because they are all saying that is not true - so who is telling the truth and nothing but the truth

and from the investigation but if such an investigation wants to be done right than it will take some time so be patient and I am sure that in the following days we will have new factual correct information and new investigation in new claims by this superhacker -  except if he disappears again for several months

if he disappears it is that some-one somewhere in his country isn't that happy with his actions and asks him to cool down a bit, that that wasn't the intention

and if every site who works with personal and financial information would go down for investigation for a week because there is somewhere an incident and a hacker claims to own it all, than the number of sites on the internet that would be offline would be enormous

to give an idea : in 2010 there were 16.000 .be sites defaced or hacked, penetrated (in a million)

Permalink | |  Print |  Facebook | | | | Pin it! |

bijdrage in De standaard : de 11 september van de digitale veiligheid

U merkt het misschien niet persoonlijk, en de meeste kranten zullen er ook meestal niet over berichten, maar er gaan schokgolven door de wereld van de internetbeveiliging, schrijft security-blogger Len Lavens. Hij geeft ook enkele tips om veilig te blijven surfen.

Verschillende gevaren en hackercampagnes bedreigen momenteel het internet, en op één of andere manier hebben die mogelijk een verband met elkaar. Maar ook los van deze campagnes is er een toename aan botnet- en virusactiviteit, wat weinig goeds belooft voor de nabije toekomst.

http://www.standaard.be/artikel/detail.aspx?artikelid=DMF...

 

 

Permalink | |  Print |  Facebook | | | | Pin it! |

TDL-4 or Tdss botnet : 2 important technical aspects for simple users

First this is NOT a virus

It is a BOOTKIT

Okay, well you have a virus that is on your computer and can be found by your anti-virus, you have a rootkit that starts up together with the operating system (xp, vista or whatever) but before your antivirus and will only be found if you have windows7 or your antivirus has a special tool or function or control against rootkits and you have a bootkit that starts together with your Bios (hardware drivers) before the Operating system starts (your Os like xp or windows7) and so before your antivirus and that your antivirus will not find in most of the cases because it can't reach the boot and can't clean it without risking to disabling the whole computer (and everything on it)

there are now some simple specific tools for this bootkit that will search for the parts of this virus that are installed on the computer

but it may be possible that the computer is not cleanable and that parts of the virus will stay in the boot, bootviruses are made to stay and come back all the time

this is why PREBOOT authentification is so important in critical systems

It uses EMULE networks

when the record companies started prosecuting people because they were downloading music and films without paying the P2p networks had to do two things to survive. First they had to better protect their users so it was harder to proof who downloaded what when and secondly they had to re-organise their networks so these were self-defending so the emule network made a robust networkprotocol and infrastructure Kad

It is this protocol and some parts of the emule network that have been used by this antivirus, this means that if you snort or firewall or sniff for this protocol that all traffic at that network can be found and stopped

Permalink | |  Print |  Facebook | | | | Pin it! |