security - Page 22

  • this is what tablets can be used for in sports

    you could also watch other sports or porn if the match gets boring and your players aren't listening to anything you have said anyway

  • #finfisher a lot of nonencrypted folders and files to download (few MB)

    http://toutbox.fr/mailforlen/leaks/finfisher

    if you want to download all the files in a subfolder you will have to download and use the tool

    and while I have your attention there is also a full copy on TOR http://q7hglakwm35gxwii.onion/

    the dummy infection is a REAL infection that not necessarily will be stopped by your antivirus

  • holden security 1.2 billion password leak could be a HOAX except if he proofs what he says

    if someone refuses to give access to the official authorities

    if someone than tries to make money out of it and forgets every public responsability (in my view he can be sued because it are not his password, it is lost or stolen property that should be handed back to the rightful owners by the public authorities)

    if something sounds as if it has been set up to make a maximum impact before one of the biggest security-events in the world (blackhat) and where the agenda for this event is already mindblowing (so you had to pre-empt all that publicity)

    than that needs more research

    and this article http://www.youarenotpayingattention.com/2014/08/08/the-lie-behind-1-2-billion-stolen-passwords/ doesn't believe much of the story and thinks - based on a trend he has discovered among a lot of other discoveries by Hold Security - that he has just put together all the databases that you can find online that are for sale (and of which many are fake, too old or just unusable). Official indexes of already leaked data the last 2 years are not far from the billion.

    and more articles are coming to that conclusion

    in my view, if he has that data he needs to be officially questioned and prosecuted if he refuses to cooperate with the authorities - this will also learn other clowns to make such declaration to try to make a business for himself

    meanwhile the story has been copy-pasted around the web which is not the case with the critical stories which proves that copy-paste journalism can be very dangerous

     

  • #finfisher dummy infection file still passes most antiviruses

    you should have thought that all the serious antivirus firms would have downloaded the files and incorporated the attackfiles in their virusencyclopedia

    no, they are on holiday

  • major European and American ISP's hacked for bitcoinmining by BGP hacking

    just to make you understand  BGP hacking

    a server, user or network is on an ISP which connects them by routers who make sure that the traffic from that user goes to that server and so on

    The connection between these big routers of the networks (which makes it possible to connect a Belgacom Router to a Telenet Router or whatever Router on the internet) are defined by the BGP protocol.

    Changing or controlling these BGP routes means that the traffic between networks or from one network to another or even better to one particular server from different networks is intercepted, redirected or infected. It also means that largescale scanning and exploiting is possible.

    The person who controls the BGP routes is GOD. He is the internet (or part of it) and that is the reason why it has to be done manually by the responsable ISP. There is great level of trust here and although every firm or organisation can have a malicious insider an ISP like the Belgacom takeover by the NSA has shown can be totally hacked and lose all control over its routers and in this way also the BGP connctions.

    in this case it was one router at one ISP who was discovered after a few months of operation because nobody thinks that BGP traffic can be malicious (as it should be human controlled) and so supposes more or less blindly that it is correct. THe ISP in question did not tell what the problem was and how they resolved it three days later.

    (by the way this shows the importance of the 4 eyes principle and of permanent monitoring and double-checking of the technical and administrative transactions)

    this is an example

    Figure 2. A broadcast of the malicious route in progress. Because AS3 is 'peered' with AS4, the malicious broadcast is accepted. AS3's broadcast is more specific than AS2's broadcast, so BGP prioritizes it above the AS2 broadcast. (Source: Dell SecureWorks)

    in the NSA documentation controlling or hacking the BGP routing was several times presented as the highest prize

    Why is this important to me ?

    well let's have a look at some of the impacted networks

    * amazon

    * leaseweb (NL)

    * OVH (FR)

    * Hetzner (DE)

    * Serverstack (US)

    and so on (19 in total, no Belgians even if there are many Belgian sites on OVH, Leaseweb and Amazon)

    the source has much more technical information and a clear explanation about Bitcoin mining malware practices

    http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/

    and the solution is like always certification

  • the snake virus attack in Belgium : more than only the ministry of foreign affairs

    First the attackers also set up some infrastructure in Belgium and an essential part of that is a infected and controlled website that is used to connect, infect and collect the user and the information. As part of the operation was in Belgium there had to be some websites to fulfill that role Under the .be domain to take away the suspicion of the target.

    they targeted specifically the CMS TYPO3

    in the article you will find a full analysis and a list of some of the architecture but this already gives some impression about the complexity of the attack and its infrastructure

     

    and there were 6 victims in Belgium, not 1

    so who were the others and what does it say about the security of that infrastructure ?

    MY COMMENT : "or is it one of the unnamed following administrations (there are still 5 to go except if there were Other Belgian embassies infected and they also have lost a lot of data which would explain why it has taken 3 months to clean this mess up - meaning they had to control embassy after embassy and declaring one embassy only safe and secure after which everything was checked, monitored and double-checked - which would take a lot of time if you would have to do it for all the embassies)

    if this is not the case than there are ministry of interior, ministry of trade and commerce, intelligence and military who all have close and frequent contacts with the ministry of external affairs (especially as the ministry of external affairs has some special responsabilities)"

    source https://securelist.com/analysis/publications/65545/the-epic-turla-operation/

     

     

  • lasing is treated as a serious crime (aiming a laser at an airplane)

    source http://www.ibtimes.co.uk/us-man-sentenced-21-months-jail-aiming-laser-pointer-police-helicopter-1460064

    I suppose they will invent some anti-laser glass that will keep those laserbeams outside of the cockpit

  • learning for anti-Israel DDOS attacks are you ready for this ?

    source http://www.arbornetworks.com/asert/2014/08/ddos-and-geopolitics-attack-analysis-in-the-context-of-the-israeli-hamas-conflict/

    the share volume of the attack will bring any system or network down that is not prepared for this

  • #ukraine talk of war and cyberwar is increasing in Russia and how "Hold On security" is helping them

    source :

    It is for this reason that is important that Hold security tells who is having that billion passwords, but at the other hand this isn't important because even in this case the Russian hackers would be obliged by the Russian auithorities to hand over all that data - including the 422.000 vulnerable websites

    and it is for this reason that the fact that Hold On security is playing a very very dangerous game by not giving this data to the international community and the international organisations responsable for the security of our networks and infrastructure.

    it will mean that lots of people will have to cancel their holidays and come back and that thousands of actions will need to be taken

    but it is better that that be held ransom by Russia who may unleash a cyberwar storm uponn our information and networks like we have never seen before (because with all that data that would be possible)

  • wordpress and drupal vulnerable to XML bomb (DOS) if not upgraded NOW

    more information at the source http://thehackernews.com/2014/08/millions-of-wordpress-and-drupal.html

    this is what an XML bomb is

  • Google begins with putting HTTPS secured webservices above dangerous ignorants

    "The company has been running trials over the past few months to test the use of secure, encrypted connections as a signal in search ranking algorithms.

     

    "We've seen positive results, so we're starting to use HTTPS as a ranking signal," Google webmaster trends analysts Zineb Ait Bahajji and Gary Illyes wrote in a blog.

     

    "For now it's only a very lightweight signal — affecting fewer than one percent of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS.

     

    "But over time, we may decide to strengthen it, because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."
    http://www.zdnet.com/google-confirms-its-giving-https-sites-higher-search-rankings-7000032428/

    that will learn them a lesson because if you are not on page 1

    forget it

  • 250.000 twitter accounts and twitter makes a fatal security mistake

    source http://zerosecurity.org/2014/08/250k-twitter-accounts-compromised

    this means that if you have access to twitter and the email that you still have full control because you will receive the new email (and if all the reset passwords are the same or use the same logic you only need one of those emails to take all the others over again)

  • #gaza these are the tools Anonymous uses to cyberprotest against the war

    ********** Anonymous Emailers  **********

    http://emkei.cz/  << very handy!

    http://remailer.paranoici.org/index.php

    https://www.quicksilvermail.net/

    http://mixmaster.sourceforge.net/

    ********  Proxies  ***********

    http://spys.ru/

    *********** DOS  ***********

    Original SlowLoris Code   http://ha.ckers.org/slowloris/slowloris.pl

    Slowloris with TOR https://github.com/RootSecks/torloris

    PyLoris DoS http://sourceforge.net/projects/pyloris/

    R.U.D.Y  http://pastebin.com/LmJ4easP

    Apache httpd Remote Denial of Service  https://gist.github.com/revolunet/1170381

    KillApachePy (CVE-2011-3192) https://github.com/stamparm/KillApachePy...lapache.py

    HULK http://pastebin.com/qFUNsF1V

    Great resource for spoofing packets and DNS amplification http://www.packet-craft.net/Malicious/

    ****** Shells *********

    http://www.r57shell.net/

    ********** Free SMS sites ************

    http://afreesms.com/

    http://www.24sms.net/

    http://ezfreesms.com/


    source http://pastebin.com/iUW1ZU2d

     

  • the personal details of 70.000 Israeli users of jobsite Zerem.co.il are leaked

    source http://pastebin.com/QQzSnDkZ

    target

    Zerem | LinkedIn

    www.linkedin.com/company/zerem
     
    ... today for free. See who you know at Zerem, leverage your professional network, and get hired. ... and other actions. Zerem in the job site of Tapuz.co.il - the largest forums and community site in Israel. ... Website. http://zerem.tapuz.co.il/ ...
     
    download file
     
     

     

  • 212 websites that are hacked to host administrative panels for botnets and hackers

    source http://cyberwarzone.com/216-botnet-panels-tools-screenshots/

     
  • these are the sql dorks used to find vulnerable websites through Google

    these are actually used in the campaigns against Israeli websites but by changing site:il by any other domainname or domainextension you can check it for yourself

    some of it is documentation or information

    you can use the Advanced parameters of Google to find more recent websites

    in****:"error in your SQL syntax" +site:il

    in****:"mysql_num_rows()" +site:il

    in****:"mysql_fetch_array()" +site:il

    in****:"Error Occurred While Processing Request" +site:il

    in****:"Server Error in '/' Application" +site:il

    in****:"Microsoft OLE DB Provider for ODBC Drivers error" +site:il

    in****:"InvalidQuerystring" +site:il

    in****:"OLE DB Provider for ODBC" +site:il

    in****:"VBScript Runtime" +site:il

    in****:"ADODB.Field" +site:il

    in****:"BOF or EOF" +site:il

    in****:"ADODB.Command" +site:il

    in****:"JET Database" +site:il

    in****:"mysql_fetch_row()" +site:il

    in****:"Syntax error" +site:il

    in****:"include()" +site:il

    in****:"mysql_fetch_assoc()" +site:il

    in****:"mysql_fetch_object()" +site:il

    in****:"mysql_numrows()" +site:il

    in****:"GetArray()" +site:il

    in****:"FetchRow()" +site:il

    in****:"Input string was not in a correct format" +site:il

    inurl:/id= intext:"You have an error in your SQL syntax" site:il

    inurl:&#8221;main.php?t=”site:il

    inurl:&#8221;games.php?id=”site:il

    inurl:&#8221;guide.php?id=”site:il

    inurl:&#8221;index.php?cat=”site:il

    allinurl:&#8221;review.php?sid=”site:il

    inurl:&#8221;index2.php?id=”site:.il

    inurl:&#8221;main.php?id=”site :.il

    inurl:zoom.php?id=site:.il

    inurl:&#8221;details.php?id=”site:.il

    inurl:&#8221;?came=”site:.il

    inurl:&#8221;index.php?page=”site:.il

    inurl:&#8221;home.php?cat=”site:.il

    inurl:&#8221;index2.php?id=”site:.il


    http://pastebin.com/22nSZYdM

  • the New York Times confirms that the database with 1.2 billion logins is real and the sites are still vulnerable

    "Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information."

    but throughout the article it is repeated that (my comment)

    “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”

    and just to top it mister Holden had even contact with these thiefs and knows more or less who they are (my comment)

    "Like other computer security consulting firms, Hold Security has contacts in the criminal hacking community and has been monitoring and even communicating with this particular group for some time."

    but these gangster have broken one golden rule that Russian hackers have to abide to if they don't want to be prosecuted in Russia, stay out of Russian websites. (my comment)

    "Websites inside Russia had been hacked, too, and Mr. Holden said he saw no connection between the hackers and the Russian government. He said he planned to alert law enforcement after making the research public, though the Russian government has not historically pursued accused hackers."
    http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html

    So let make this even more clear

    * the data have been audited by independent securitypeople (except if they were smokescreened because it would be difficult for them to check if the data really came from the hacked websites or the websites were still vulnerable without breaking the US law)

    * MR Holden did a publicity stunt just before Black hat to be the talk of the town and thought in the first place only of himself and had no interest in the public repercussions of his act and the data that he is holding (and doesn't seem to have the intention to be responsable in any way)

    * Mr Holden has been in contact with the particular hackers since some time and hasn't informed the intelligence community about that - even if they were preparing attacks against major US corporations or had broken into them

    it is time to set an example for all to see that if you get your hands on such information that is not yet public than you run enormous risks if you don't go to the police or the authorities to set up a campaign to inform and protect the victims and the vulnerable infrastructure