security - Page 132

  • leaks : the different kinds of pastebin.com leaks (or other paste-sites)

    the full cleartext accounts : here you will find a list of emailaddress and the passwords and sometimes they place the sites were they have found it.

    the specific cleartext accounts : these are the specific accounts for different specific webservices and (sometimes illegal or pornographic) websites for some people or some specific infrastructure (acces to networks or infrastructure)

    the hashed or encrypted accounts : here you will need to work a bit but sometimes the resulted accounts are als published a bit later

    the spamlistings : these are listings (sometimes from specific websites) of all the passwords they have found and that seem to be working

    the passwords : the only use of publishing only the passwords is to enrich your passwordlisting that you are using to bruteforce

    the infrastructure : here you will find all the necessary information about a website or server (dns, ports, people responsable) sometimes mixed with the most recent exploits

    the targeted person (or doxing) is a collection of personal information about somebody that has been found on the internet, the mobile number being the most precious, although this doesn't mean it is correct

  • local websites or domainnames do not mean decentralised infrastructure

    the microsoft website in Bosnia, numerous local Israeli websites of international companies, pandasecurity in Pakistan and hundreds of others have been hacked, penetrated, defaced or injected

    the damage to their image may have been worldwide and general

    the possibilities of penetrating the local website and network and arriving at finding some links or passwords for the general kingdom are never to be neglected

    so what went wrong ?

    confusion

    it is not because you buy domain names all over the world that you have to set up websites all over the world using different local partners who can't always give you enough professionalism in the short run and during maintenance and upgrades

    it is not because you set up websites in different languages and for different publics that they have to be hosted on other platforms, made by different service provider or under their supervision and be less secured

    it is not because you are setting up local websites with their own domainnames that they don't have to be checked by the international and local security officer

    this is the big confusion

    a tip : this is why I like the *.in domainextension   apple.in/country   apple.in/language  apple.in/format (one server, one format, one service provider,  and so on.....

    the only thing that you have to be sure of is that there is always somewhere a team of securitypeople and webmasters ready to help the 'locals' update their stuff (whatever the time) but that can also be centralized

    security is about control and isolation

  • Belgian emergency communication network saved from crumbling financial dexia linked holding

    The 'Communal Holding' is an historic holding for the different cities in Belgium who had a participation in the public 'Gemeentekrediet' (Communal Credit) before its semi-privatisation into Dexia (who thought it would conquer the world and went on a buying spree and is now not only losing big on the stockmarket but also desperately trying to sell all those 'big worldwide projects' as fast as possible).

    The Communcal holding was (ab)used by the government to finance the installation of a new emergency communication network for the different police, firefighter, hospital and other emergencyservices. It was the only network that was still in the air when last month there was a disaster at pukkelpop and the other mobile networks went down for hours.

    But as the shareprice of Dexia is sliding to the 1 Euro mark not only the federal government (who gave a lot of money so it wouldn't collapse at a far too high shareprice) but also the cities and a lot of other semi-private-public institutions are beginning to come into trouble because of the chaos at Dexia (the CEO resigned last week). The reason is that many used their Dexia stock as warrant or guarantee for loans and investments.

    so the Commonual holding should have gone broke today if the government didn't intervene

    * the federal government has bought the stock of Communal holding into Astrid so the public-private partnership can continue to operate

    * Communal holding is re-financed so that it cal also continue its existence.... for a while

    the main problem is at Dexia and that hasn't been treated adequately, even if a former prime minister is now a manager there but with speculation getting more intense and trust disappearing they are losing time quickly

    as you can read elsewhere in the international business press and blogs, we have 2 big banks that could get into trouble

    but whatever happens, the operations of the emergency communication network have been secured

    it should never have been semi-privatized anyhow

  • #globalsign the three levels of investigation after a breach

    after a breach and the close down you start with

    investigation : you get all the possible proof together and you try to find out what happened and you assemble as many proof and indications as you can 

    after you are more or less 100% sure that you won't find anything new and you know what happened and have started to do to necessary changes you set up the

    Verification : you verify after the changes that there are no hacks or vulnerabilities or backdoors left and you verify that the version that will be online will be exactly the one that should be online and that processes go as intended

    after you have verified this and you are more or less 100% sure that everything is now more or less as it should be and that you are ready for production, you go over to the next phase

    Monitoring : you set everything in high monitoring (meaning that you keep logs of everything you may need logs for) and you set PEOPLE before the screens and the additional analysis tools to have a very attentive look (surely for some weeks after the incidents)

    If they find something that doesn't look normal they VERIFY (they ask some-one trustworthy what is happening and why they see this kind of traffic or transaction) and if there is no answer or real explanation they seperate the process and start to Investigate (getting the logs, eventually halting a process, calling people)

    this is the process in which you have to invest (in products like tripwire for example and in resources (and walls of screens for those eyes))

    if you want trust, you should be able to say, we control everything and with slightest doubt we Verify and if that isn't possible we investigate and only afterwards we DECIDE. There is no machine deciding on itself (or forced to by the penetrator)

  • #globalsign : it is the securityminded people who saved the day

    one of the differences between globalsign and diginotar now shows that it is the thing that saved the day - and their business

    diginotar was set up by lawyers and people who played a bit with the internet but didn't understand even the basic necessities and standards of online security (their wifi was wide open for starters and they were hacked during 2 years without noticing)

    globalsign was born from Ubizen (it is based on the same campus) and the people who founded it in Belgium and still work there have grown up in the internetbusiness with security from morning till evening (and a real securitymind never really sleeps)

    * keeping a Berlin wall between production and presentation (and don't let Marketing bring that wall down)

    * keeping the really businesscritical stuff totally offline and if possible undigital

    so some of the things that you will read now about what was happened and why some things that happened with others didn't happen here have everything to do with the most fundamental reflexes a securitymind has and some of the things that happened (hacking the webserver) has everything to do with the fact that sometimes in an organisation you don't win every argument always and at the time you think it isn't important because you have set up the most fundamental barriers between the unimportant marketingcrap (who says they can't bring in new business without their glitter flashy stuff) and the securitypeople (who say everything from a to z have to be secure if you are selling 'virtual trust').

    the same battle is now waging in many rooms between the marketing people who want to do mobile banking, payments and identification "because everyone else does it" and the securitypeople who say that is totally nuts because there is no securityprotocol, no securityforum and no cert to handle incidents (the Belgian cert is NOT responsable for Mobile hacking and malware for the moment and will need more resources if they have to add that for starters)

    so maybe now in many enterprises and projects the securitypeople have a question they can pose to the other people at the table : do you want to be diginotar or Globalsign, with other words do you want to go down after a breach or be able to show that your business processes were still intact and go on with your business a week later

    to be safe and survive or to be flashy and totally vulnerable

    that is the real question many businesses are faced with nowadays (even linux.com)

  • dns hacking : control the most important webconnections for a whole Island

    they had access to a very important Dns server and could change all the traffic for the following sites in Guadeloupe (GP)

    http://www.google.gp/
    http://www.google.com.gp/
    http://www.google.net.gp/
    http://microsoft.gp/
    http://internet.gp/
    http://motorola.gp/
    http://orange.gp/
    http://www.oracle.gp/
    http://opera.gp/
    http://ubuntu.gp/
    http://yahoo.gp/
    http://www.facebook.gp/
    http://www.youtube.gp/
    http://www.bing.gp/
    http://www.joomla.gp/
    http://www.myspace.gp/
    http://www.ciscosystems.gp/
    http://www.googleplus.gp/
    http://www.gmail.gp/
    http://live.gp/
    http://bankamerica.gp/

    to a defacement declaration page somewhere else during some time (luckily it was ONLY that - they could also have proxied all the logins which would make it a chaos today because all the people who would have used these services during the hack would have to change their logins at least)

    imagine that they would have dumped these logins on the net as have happened 5 million times already the last months

    but it shows again that

    * control over the dns for a country, Isp, hoster, domainextension is the most critical thing one can imagine and should be done with the adequate attention and resources

    * that if there are to be new domainextensions, the way they will be handling the security of their dns should be one of the 'make or break' conditions

    * dnssec is the only way to go forward fast - surely between trusted, important and transactional websites (maybe hosters, domainextension managers and other webservices can place those important websites on other dns server that have permanent monitoring, high quality security and so on)

    if you are in thirdworld country and you aren't obliged to use the local domains, why do so.....

  • #huawai : is it a chinese trojan horse intercepting internet traffic worldwide, some think

    Huawei. This Chinese company is a major telecom company though out the world that nobody has ever heard of the quite, shy company type. They provide backbone infrastructure equipment for the Internet and Cell technology industry. But they have a few problems with the U.S.

    • Their head guy who created the company is: Ren Zhengfei — Huawei’s chief executive, Ren, according to a news release. The Chinese executive is a former leader in the (PLA) People’s Liberation Army who helped oversee the Chinese military’s telecom intelligence in the 1980s, according to a Rand report.
    • Three times since 2008, a U.S. government security panel has blocked Huawei from acquiring or partnering with U.S. companies because of concerns that secrets could be leaked to China’s government or military.
    • In 2005, a Rand report questioned Huawei’sdeep ties with the Chinese military, which serves a multi-faceted role as an important customer, as well as Huawei’s political patron and research and development partner.”
    • In late 2009, The Post reported, the NSA- National Security Agency privately urged senior executives of AT&T not to purchase Huawei equipment for a planned phone network.
    • Michael Wessel, a former Democratic aide who is a member of a bipartisan congressional advisory panel that unanimously agreed that Huawei posed a cyber-security risk to the United States
    • Huawei spokesman William Plummer said the company helps sustain thousands of U.S. jobs, and purchased $6.1 billion in U.S. goods in 2010. In an open letter to the U.S. government, Huawei called the claims of ongoing military ties “falsehoods.”
    • Eight Republican senators, including Jon Kyl of Arizona and Richard Shelby of Alabama, urged the Obama administration to investigate Huawei’s effort to sell equipment to upgrade Sprint Nextel’s mobile network. They argued that Huawei’s involvement “could create substantial risk for U.S. companies and possibly undermine U.S. national security.” The Committee on Foreign Investment rejected Huawei’s partnership with Sprint later that year.
    • In 2008, the Committee on Foreign Investment in the United States, a multi-agency government panel, blocked Huawei’s plan to buy 3Com.

    A DHS spokesman testified to congress that we might have electronic devices with hardwired backdoor to allow spying on our digital infrastructure by foreign Nation. He did not say China, but it was implied. Now lets take a look at the last 2 bullets points. China wanted Sprint and 3Com. These two (2) are the biggest in the telecomm space in America. If these tainted components were to get installed China would be able to see everything on the Internet, and they didn’t even have to hack a website to do it.

    http://uscyberlabs.com/blog

    may this be a lesson for those absolute freetrade advocates

    not everything shines that blinks and if you want to internet to continue shining you must have some transparancy and that is a word that the Chinese can't give you (off course not, they are a dictatorship, rich but still a dictatorship)

  • #globalsign : keep your most business critical stuff OFFLINE (as they did)

    Globalsign kept the digital masterkey OFFLINE

    this means that you would have to steal it to get it

    and that nobody could make domains for the whole internet as they did with Diginotar

    it was something that they also didn't do with the secure-ID at Rsa

    they didn't because they couldn't guarantee that there was no chance that the key wasn't compromised, which meant that you could find it on one of their servers connected to the rest of the network

    so this means in fact that they were keeping the one file that was their core business existence and that was the key to everything they have made and wanted to make not only in digital format but also online and connected

    that is an enormous risk to take

    keeping such stuff offiline is the only secure way to do it (yes, eventually on three places in three continents and so on)

    this is the same as for absolute secrets : never write it down if you want it to cease being a secret sometimes in the future

  • #globalsign : do you really need that kind of website for a critical service ?

    this is a really difficult question

    at one side you want to follow the marketing people who are crying that they need facebook, twitter, flash, interactivity and all kinds of coding and that in one or numerous places and if they would have it their way directly connected to their backoffice so their clients could have it all securely

    at the other side you are a critical service and you have the obligation to lower your risks and to concentrate your attention on your core-business without investing thousands in patching and following all the vulnerabilities and risks that come with the beautiful marketing package

    you can find a compromise - you think - by seperating the two environments but that will have be done in such way that even in an unguarded moment it will not be possible to jump from the presentation environment to the production environment and surely not to the core business

    but even that compromise - as praciticed by Globalsign - is not without danger to the reputation of your core business because any leak and problem with your presentation sites will be presented as if it is linked to your production environment (even if you state every second and can proof that this is not the case)

    but the marketing people are sometimes very difficult

    they do not understand that they can't market a trust-security related business only with an online presence that is in itself totally secured and trusted - even if this means that you have no flash, java and a bunch of other beautiful and interactive functions on your website(s)

    if you want to keep it secure, keep it simple and throw everything you really don't need, out of your balloon (it is only ballast keeping you down)

    simple html pages with all the info you need are just as good if it is easy for surfers to find their way and you don't need searchforms, flash or java to do that

    and you can state on your website

    we made it more simple to secure it even better and inform you even more with less risks

    let the others take the risks (now or in a few months)

  • greece on the brink (really)

    Greece is now facing the critical possibility of shortage of funds to meet the basic needs of the state, causing intense fear within the government, which prepares scenarios of gradual suspension/postponement of payments in order to ensure sufficient funds for salaries and pensions.
    http://english.capital.gr/News.asp?id=1278280

    European leadership ?

    where when how what  who

    the boat has no captain or too many captains which is the same

    by the way it would cost the Belgian banks enormous lots of money

    after the Us bank crisis it became clear that if they would have saved the failing banks at the moment it would have cost them 1% of what the banking crisis that erupted immediately afterwards have cost us

    we should learn from that

    we don't have the capacity nor the leadership to take the decisions that would be needed if we let Greece go broke - they are on the brink now (this is today) - and the crisis of trust and confidence would spread across the other failing debtors and those without a government and those that have a government but that doesn't really function

    the banking crisis will look like a holiday when that would be over....

    but where is the sense of urgency in Europe ?

  • update your browsers everyday automaticcally

    I know it is a pain in the ass

    you had for exemple all these functions and add-ons and there is another browser update and it is gone

    but the browsers are in the forefront of the internet threats

    and from open-minded it is all your own damn fault attitude they are changing to 'I will do everything in my power to protect you from malware' attitude

    most of the attacks or possible attacks they want to attack you from are even not known or publicized or are jus things to make it work better

    so it means that browsers are updating at an ever increasing rate and it is best if you install your browser so that before it launches on the internet it controls for an update and installs the update, this way you will always be protected against the latest threats

    an maybe in some months or years from here, they will have closed all the wholes, found all the bugs and stabilized all the code and halted nearly all the attacks, but for now you are in a bumpy ride but you can still go on the internet in an every time better security-environment (from the browser perspective)

    the things I would like to see in the browser are

    * the sandbox intercepting everything that is downloaded and installed from the internet in a seperate folder

    * the self-defending posture (when it feels it is beeing scanned or pushed around too hard, it turns off a certain number of interactive functions - unless you re-activate them)

    * the double browser (the one for your computerfiles and a different (posture) one for the internet without any connection

  • #diginotar #globalsign 16th september D-Day for all certificate authorities

    for the moment there are hundreds of them - businesses who claim that they can give a certificate to anyone about anyone (printing their money in fact)

    no industry or economy can exist when everybody can print its own money and than has to proof to everyone that his money is really worth something

    compare it with our identity in the real world

    it is the state who gives you - based upon records - a card that states that you are who you say you are and people trust that card because it has been given by the state (enough). Imagine that everyone may start making passports.

    in the present internetworld it is impossible to establish a seperate certificate authority for each country (and this wouldn't mean it would be more safe because some countries don't even have a state to speak of or one that you can't trust or where the records are something that has to be made up yet or is not even worth the paper it uses)

    so we will be stuck with the few big Certificate Authorities and the hundreds of smaller operations who claim they are one. They will have to give you that proof that you are on the web who you say you are and that your business is really on that server and that the server in question belongs really to the hoster where you say it is (and not on a hacked server in russia for example)

    the problem today is that the big brothers and sisters (the top 5 or 10 of the CA, the business leaders) don't talk enough with each other and are more afraid of each other than they should be. They should understand however that they (the big ones) are the first who will get much more business when the whole CA sector will have to implement stricter procedures, will be audited and when the sector will have to pay for a whole set of cooperative organisations who will be responsable for for example tracking the security threats and incidents, do the anonymized cross-checking of their certificates (to verify that they correspond to the rules and have the same quality of information and that there are no dubious doubles) and will safeguard the necessary technical information about the installations so that the CA's don't have to publicize that precious information themselves to all of you (including the hackers who love that kind of information)

    the big brothers and sisters of the CA industry should meet soon and should talk like the creditcard companies did when fraud was becoming a direct threat to their online-business and even the trust in their creditcards themselves. They established the PCI which is not perfect but it is a beginning and the CA has for the moment nothing of a kind.

    this meeting between the big CA's will be highlevel poker and it will be difficult to have some level of trust between them but they have an unique once-in-a-lifetime opportunity to establish themselves as the main powerbase of the certificate business who can be trusted because they have the same stringent security and controlprocedures and because they have established organisations for their member-CA's for coordinating the new and permanent security threats. 

    It will cost money to comply and to become member and to be certified (and to able for example to participate in offers from public instances and big corporations) but the result will be that the small businesses who thought that it was a way to earn money without investing much it will be the end of their amateuristic CA existence. Their security cost will be higher than their revenue because their certificates are too cheap or because they sell too few of them or they don't have the additional business services that make the real big money roll in. And even if they continue to exist there will come a day that browsers will refuse their certificates as automatically trusted or that securitywarnings will pop-up because the CA is not certified as secure, which would make their certificates worthless.

    It will also make it much more difficult for

    * webservices to use their own home-made certificates for free or to make only certificates for the domains and not for their subdomains, for the programcode but not the add-ons, for the website but not the forms on it and so on.  In fact home-made certificates will be killed by the browsers and the insecurity instincts that after the latest incidents have been created with the public

    * hosters and other businesses who were selling their own certificates as some side-kick will understand quickly that the costs will continue to increase while their risks have increased enormously because they will be the lower hanging attractive fruit for the hackers. They will understand that they can do it more easily by allying themselves with one of the big CA's without having to install expensive hardware and software on their own network - (it can all be done through seperated lines and infrastructure which is encrypted from end to end and which is seperated with the other internal processes from the CA providers where a manual control or audit transfers the demands for certificates from the external environment to the internal one).

    An advantage for the big CA's will be that they can have local offices in many countries so that it will be easier and cheaper to double-check the authenticity of information and to develop even more personalised certified information services. I want to buy something online but I want to know if that firm really exists ? Who are you gonna call ? If they have for example an Ebay-seller-certificate it would be easier (just one example of new business that could be developed).

    the 16th september all the CA businesses will have to respond to a whole list of questions from Firefox who wants more guarantees

    the one remark I totally agree with is that certificates for important international webservices like Google and facebook should never NEVER been given by ANY machine and should always be controlled manually.

    I would even go a bit further and would say that this should also be the case for domainnames. Domainnames with trademarked names of important webservices and financial services in it should never, under no excuse whatsoever be used except if it is totally clear that it is not a business site. (like for example Ihatevisa.com or mastercardsucks.com but for examply mymastercard.bz should always be under the control of mastercard)

    this would make it for phishers a bit more difficult and re-enforce trust but I agree that this is another matter

    meanwhile I would like to hope that the big CA's will meet soon and take some hard but necessary decisions that may change the future of the internet and re-establish trust, because honestly, are those hundred trusted certificate rootservices equal and should they all be trusted equally. After reading the Diginotar report it is clear that this is absolutely not the case.

  • 9/11 anniversary under increasing high tension

    it was to be foreseen that the year that Bin Laden has been killed and numerous other Al Qaida operatives and leaders have been arrested or killed some-one somewhere would get the idea to do something on the day of the 10th anniversary (that makes a splash in all media around the world) of the attack

    an Icarus attack because it led to the downfall of Al Qaida in the end

    now specific terorist threats are being investigated in the Us and in Berlin

    in Belgium, capital of Europe, there will be more police on the street and as the tension is increasing in the anti-terrorist community (and as more details become known about the failed plot in Berlin) more (secret) actions may be put in place in and around our capital and other strategic places

    it is a perfect day for a lone wolf  (or two of them) because it is

    * an anniversary of a terrorist attack that will go into history (most other recent attacks are already more or less forgotten because they didn't change the course of history and the way the world is)

    * an enormous media attention so that any attack will have an enormous media fall-out, millions of times even the impact of the attack itself

    so he too, will be famous for the rest of the history of 9-11 instead of some attack that is already more or less forgotten

    for critical installations and businesses it problably means that the physical securitypeople will work throughout the weekend in high alert

    and if nothing happens, it was a good yearly exercise to be sure that everything is still as it should be and that nothing has been forgotten or overseen which would give that minute of opportunity to any physical attack (terrorism, vandalism, theft, social engineering, political activism,....)

    and take time-zones into account, 9-11 has the same meaning around the whole world, do NOT take only your central time-zone into account

  • Msn total outage : the cloud is in the .... fog

    cloud blbablablabla outsourcing blablabla buzz blablabla keywords blablabla always available blablabla

    and than happens this (after for example the Amazon outage)

    "At the time of writing, 9pm PT, all msn websites around the world are down and have been since around 8.30pm PT. These include Microsoft services such as Hotmail, Office 365 and SkyDrive.

    A post on msn’s Twitter feed at 8.50pm PT said, “We’re currently experiencing an outage at www.msn.com We’re aware of the issue and working to resolve it. Thanks for your patience.”

    In response to a tweet from someone complaining that they couldn’t access their Hotmail account, msn tweeted: “It’s totally inconvenient and we’re working to resolve it as fast as we can. sorry about this.” The cause of the outage is not immediately known.

    UPDATE: A tweet from msn at 9.05pm PT said the company isn’t sure what the cause of the outage is and promised to tweet when it found out. “We’re working to find out why. this is an unusually long outage for us. sorry,” said another Twitter post from the company.

    UPDATE 2: Hotmail appears to be working again, as of 9.30pm PT. However, the company is still working on other msn websites. This is a pretty long outage. Everyone ready for the cloud then?

    UPDATE 3: Tweet from msn at 10.05pm PT: “we’ve had a global outage and things are slowly coming back online. Very sorry for the inconvenience.” The reason is still unknown, with msn saying it could “take hours to determine the root issue.”
    http://www.digitaltrends.com/web/msn-com-down-including-hotmail

    so the cloud was

    * everything always available from everywhere under all circumstances (because no single point of failure)

    * de- and relocation, failover, standby, virtualisation, deduplication, loadbalancing blablablablabla

    but if you look at it, the cloud is just another word for

    * servers, hardware, routers, and contracts for them

    * procedures, backups and tests and humans and upgrades and coordination

    * electricity and fires and telephones and lines and networks and natural disasters

    very practical back to earth things that have to be done and followed up, each one of them

    forget one and your cloud is in the .... fog

  • shoot this skynet drone cracker-attacker down

    Adapted from a $300 Parrot AR.Drone quadricopter, the SkyNET drone has been constructed by a group of scientists at the Stevens Institute of Technology. The Terminator-inspired machine is equipped with an injection-enabled Wi-Fi card that has the ability to scan, attack, record and join Wi-Fi networks in the area. A second Wi-Fi card communicated with an Ad-hoc wireless network to receive drone commands. The drone contains an extremely light single board computer using the Linux operating system. The drone is also outfitted with a 3G connection for flight operation as well as a GPS receiver to transmit latitude, longitude, and altitude. The GPS receiver also allows for a predetermined flight plan to be programmed before takeoff. 
    http://news.yahoo.com/skynet-arrived-crack-wi-fi-network-above-042803588.html

    It can even attack towers from the wireless companies to intercept conversations.

    This is cyberwar.

    Make this illegal.

    or we have to go back to ..... cable.

    but if you want to be really secure you use cable, don't you ?

  • Belgian Federal Crime Unit wants international antibotnet cooperation

    Luc Beirens the head of the Belgian Federal Crime Unit and a passionate and convinced warrior (to protect the innocent) wants more international cooperation against botnets

    last year they have found and downed 70 command and controlservers for botnets on the Belgian networks

    Most of them were for Koobface (a virus on Facebook and against which Facebook is not doing enough in my view)

    in some countries there are special units who only hunt down permanently command and controlservers (Japan) and in other countries they have special sweep days (in which the whole day every unit of the national network is dedicated to bring down a list of malware servers and infected computers without being interrupted by other work), other Isp (UK) have sent special warnings to users who seem to be infected and downed themselves infected servers (based upon a number of indicators and sources)

    we could do all or some of these things

    anything forward is a good step forward

    we are a small country so with a little effort we can do enormous things fast

  • globalsign will restart some businessprocesses starting monday

    read this clearly

    they are talking about some services and probably that will be done under high supervision - so that will mean that services can be closed again or certificates can take longer or will need other passwords, other proof or other entrances... so please have patience as very complicated and strigent audits and monitor and control processes are added or changed

     

    Update from #GlobalSign. We will start bringing services back online on Monday. We have already stated that we deem this to be an industry wide threat due to the mention of multiple CAs. We are adopting a high threat approach to bringing services back online and we are working with a number of organisations to audit the process of bringing the services back online. We apologise again for the delay.

    We would like to take the opportunity to explain that the GlobalSign CA root was created offline, and always has been offline. Any claim of the Comodohacker to holding a private key does not refer to the GlobalSign offline root CA. The investigation also continues.

  • #globalsign update

    there is no risk for the Belgian EID infrastructure whatever happens

    but there is for the moment with what is known today only a minimal risk that such a plan should be put in motion

    because there are - for the moment but awaiting confirmation - no certificates of Globalsign stolen or made

    there is no CA database or BIG database or cache stolen, there is maybe somewhere somehow some server somewhat penetrated and downloaded but we have to wait the report to be sure what it specificcally was

    there is nothing extra-ordinary about a key that gives absolute access or something spooky like that

    stick to the facts and don't try to pannick, wait for the facts and don't try to speculate

    for the rest are we awaiting more news from the COMODOhacker and mostly about the others he says he owns because they are all saying that is not true - so who is telling the truth and nothing but the truth

    and from the investigation but if such an investigation wants to be done right than it will take some time so be patient and I am sure that in the following days we will have new factual correct information and new investigation in new claims by this superhacker -  except if he disappears again for several months

    if he disappears it is that some-one somewhere in his country isn't that happy with his actions and asks him to cool down a bit, that that wasn't the intention

    and if every site who works with personal and financial information would go down for investigation for a week because there is somewhere an incident and a hacker claims to own it all, than the number of sites on the internet that would be offline would be enormous

    to give an idea : in 2010 there were 16.000 .be sites defaced or hacked, penetrated (in a million)

  • bijdrage in De standaard : de 11 september van de digitale veiligheid

    U merkt het misschien niet persoonlijk, en de meeste kranten zullen er ook meestal niet over berichten, maar er gaan schokgolven door de wereld van de internetbeveiliging, schrijft security-blogger Len Lavens. Hij geeft ook enkele tips om veilig te blijven surfen.

    Verschillende gevaren en hackercampagnes bedreigen momenteel het internet, en op één of andere manier hebben die mogelijk een verband met elkaar. Maar ook los van deze campagnes is er een toename aan botnet- en virusactiviteit, wat weinig goeds belooft voor de nabije toekomst.

    http://www.standaard.be/artikel/detail.aspx?artikelid=DMF20110908_129

     

     

  • TDL-4 or Tdss botnet : 2 important technical aspects for simple users

    First this is NOT a virus

    It is a BOOTKIT

    Okay, well you have a virus that is on your computer and can be found by your anti-virus, you have a rootkit that starts up together with the operating system (xp, vista or whatever) but before your antivirus and will only be found if you have windows7 or your antivirus has a special tool or function or control against rootkits and you have a bootkit that starts together with your Bios (hardware drivers) before the Operating system starts (your Os like xp or windows7) and so before your antivirus and that your antivirus will not find in most of the cases because it can't reach the boot and can't clean it without risking to disabling the whole computer (and everything on it)

    there are now some simple specific tools for this bootkit that will search for the parts of this virus that are installed on the computer

    but it may be possible that the computer is not cleanable and that parts of the virus will stay in the boot, bootviruses are made to stay and come back all the time

    this is why PREBOOT authentification is so important in critical systems

    It uses EMULE networks

    when the record companies started prosecuting people because they were downloading music and films without paying the P2p networks had to do two things to survive. First they had to better protect their users so it was harder to proof who downloaded what when and secondly they had to re-organise their networks so these were self-defending so the emule network made a robust networkprotocol and infrastructure Kad

    It is this protocol and some parts of the emule network that have been used by this antivirus, this means that if you snort or firewall or sniff for this protocol that all traffic at that network can be found and stopped