source of image http://hackersnewsbulletin.com/2014/04/new-androids-security-feature-will-regularly-scan-apps-protect-harmful-software.html
source of image http://hackersnewsbulletin.com/2014/04/new-androids-security-feature-will-regularly-scan-apps-protect-harmful-software.html
"Computer hardware company LaCie is warning customers who have made transactions between March 27th, 2013 and March 10th, 2014 that their personal data may have been compromised. According to a statement released by the company, customer names, addresses, email addresses, payment card numbers, card expiration numbers and passwords could be at riskLaCie's disclosure of the year-long security breach came a month after Krebs on Security published evidence of the attack. Brian Krebs wrote extensively about "a botnet of hacked e-commerce sites" created using Adobe ColdFusion vulnerabilities. http://www.theverge.com/2014/4/16/5619336/lacie-infected-malware-sensitive-information-compromised
many of those websites are STILL Vulnerable
"The botnet control panel listed dozens of other e-commerce sites as actively infected. Incredibly, some of the shops that were listed as compromised in August 2013 are still apparently infected — as evidenced by the existence of publicly-accessible backdoors on the sites. KrebsOnSecurity notified the companies that own the Web sites listed in the botnet panel (snippets of which appear above and below, in red and green), but most of them have yet to respond. http://krebsonsecurity.com/2014/03/thieves-jam-up-smuckers-card-processor
they have a contact form
that is where you have to fill in details because you want to complain about the intelligence services or you want to ask what information they are collecting about you
it is interesting to know for other parties who in Belgium is followed by intelligence services and in such a way that they want more information why they are followed (which may be interesting to you)
so that form should be very well protected no ?
also in the interest of the person itself because if this information is intercepted than that person - who could be innocent can be treated by a number of intelligence services of suspicious - even if they don't know what for
so the page with the form
first there is total mismatch of the SSL form - which also makes it clear to the attacker that the server is running plesk - a platform for which there are enough exploits to find online
secondly if we test the certificate of the server itself - it may be a good one than the result is devastating
so if you want to contact the comité R or I than you better don't do it online
That Belgian comité R of the Belgian parliament is not only responsable for the oversight of the military and civil intelligence services but they also handle complaints against these services and they can launch investigations or make the services stop certain investigations
saturday a securityresearchers who apparently was scanning the belgian internet with the released phyton code found that their mailserver was still vulnerable. He contacted the services who patched the system on synday and who patched the system and than started on monday to investigate the possible securityproblems and actions
so first a few things
* as the scripts that is used downloads also information as part of the test (surely on some servers) I didn't use that script because I am not legally appointed to do such tests and to have such information on my computer so it is something that may be dangerous
* as the CERT was responsable for informing all the different networks and operators I presumed that highly secretive organisations like comite I were to be included last week
* as the press was full with all kinds of alerts and warnings about the bug and how to patch it you could suppose that it was already done by the networkadministrator - if you work for such an institution you should have the mindset to keep it always secure, not
now the hardest part
there is concrete information that the bug was used actively since november 2013 - this leaves ample time to do all the reconnaissance you want
there is concrete confirmation that you can get all the necessary information including the encryption keys which means that everything has to be changed
it is not because the other servers aren't impacted by the bug that there is no connection between the two servers and it is possible that one may have used this backoffice link to penetrate the other servers with the confidential information
they say that all the emails can be affected and they have taken the mailserver offline but do you know what that means, it means that all the passwords can be affected and if someone uses no double authentification than all these passwords everywhere are impacted and should be changed
if the intelligence services want to name the commission now a real security risk and refuse to give them information on their servers instead of obliging them to come to their offices to check the information they have asked for, than if you see everything that has happened in this crisis as sufficient proof of lax security - and there is more coming ......
this article explains it rather well
after the arrest of a few ringleaders who started singing like canaries operational information becomes available on which the Ukr security and intelligence services can act and luckily they do
"One of the Russian banks financed the terrorist groups in the east of Ukraine, stated the Security Service of Ukraine. During March and April of this year, the bank is now cashed 45 million USD, which was spent on organization of separatist actions . Officials of the bank's operating headquarters in Kiev , in violation of the law of Ukraine " On prevention and counteraction to legalization (laundering ) of proceeds from crime and terrorist financing ." " Financed terrorist groups whose members do violence to the citizens, riots , arson, destruction of property, seizure of public buildings , resisted state authorities and law enforcement agencies with weapons , as well as actions aimed at preparing to commit terrorist acts " - the the statement of the SBU.
In addition , the bank daily transfers from $ 200 to 500 on credit cards issued to members of terrorist groups. SBU investigators discovered by these facts a criminal case against officials of financial institutions under Part 3. 258-5 ( terrorist financing) of the Criminal Code of Ukraine.
first remember that the heartbleed bug was one line of bad code not more
secondly remember that a succesful attack against a evoting machine was not done through one bug but an unexpected combination of several small bugs which each apart were not a big issue
than you read this part of the report of the audit of the code of Truecrypt and think for yourself if you are going to jump through the roof (if you don't use for very important stuff) or if you aren't that sure anymore (if your stuff you are protecting with truecrypt is really really important)
by the way this proofs that even opensource code should be researched by professional tools and people who are only doing this during weeks and are obliged to give their upperbest as they are paid to do so and their credibility (in fact their business) depends on it
scary if you know how much xss mistakes there are on the web - and they don't care because most often they don't even know what it is, the prime concern is that it has to look good and be simple
all the breached .be sites that had logins published online in 2013 - 2014
this is a commercial service https://shouldichangemypassword.com/all-sources
approx 4883 paswords and logins from .be domains in a year
this isn't all the Belgian sites
this is only the known Belgian sites because they logins were thrown on the internet
underground there are far larger datasets for sale
and this will see all your followers
this is a private account but imagine that it is a highprofile business account
this is one example of a list of attackers of which they have penetrated the computers, infected them, stole the passwords (and published them) send online warning on their screen and took a picture of them
the kids themselves responded to the appeal of the Opisrael operation but didn't know they would be attacked themselves and that passwords and other stuff would be published about them
they had closed down the site the moment the information about the vulnerability became public but it was too late, they were already attacked with the exploit
"The Canada Revenue Agency (CRA) blocked public access to its online services last Tuesday in reaction to the announcement, but that wasn't fast enough to stop attackers from stealing information, it said on its website.
"Regrettably, the CRA has been notified by the Government of Canada's lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period. Based on our analysis to date, Social Insurance Numbers of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability."
The CRA said its analysis of the attack is not yet complete and it is continuing to analyze "other fragments of data, some that may relate to businesses" that was also apparently removed.
but before it was like this
they surely need some work on that server :)
this is their website
and this was the hack but they have already found the page
Today, The Spamhaus Project is both happy and proud to announce the official launch of the Spamhaus CERT Insight Portal. The aim of the new web portal is to help Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Team (CSIRTs) with a national or regional responsibility to protect their critical infrastructure and IP address space from cyberthreats.
The CERT Insight Portal, which is available for free, provides information about malware infected computers (bots) within a CERT/CSIRT area of responsibility — the specific country or region that the CERT or CSIRT is responsible for. This data set is sourced from the Spamhaus XBL. In addition, the portal contains a notification system for any new SBL and Botnet C&C listings within a CERT/CSIRT area of responsibility.
Last year, Spamhaus opened the CERT Insight Portal to beta users, and it has already been a big success. More than 30 CERTs with a national responsibility are now receiving near-real-time feeds from Spamhaus, helping them to remediate infections in their country and take action against new Botnet Command & Control servers (C&Cs).
CERTs and CSIRTs with national or regional responsibility can request access to the CERT Insight Portal by contacting the Spamhaus CERT Outreach team at: email@example.com
using this should become one of the things a cert has to do to be accredited
and they also should have a certain miniam resolve rate
what is the use of having access if you don't or can't do anything with it
This is not the same as reporting it to the police, the cert can only help you with resolving it
I also send lists of hacked belgian sites, vulnerable belgian sites, found belgian ID data
I never contact the owners themselves, the number of times they have said they would sue ME or just ignored it
"Report an incident
Please report any cyber security incident via firstname.lastname@example.org
If you would like to report an incident by phone first, call +32 (0)2 790 33 85 (every working day from 08.00 to 18.00).
Please note, you can report a cyber incident to CERT.be and ask for additional advice if necessary. If you wish to file a complaint immediately, you should contact your local police straightaway.
"President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday," reports David Sanger at the New York Times. "But Mr. Obama carved a broad exception for 'a clear national security or law enforcement need,' the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons."
this means the following
if they find a zeroday in openssl or pgp or anyother package
* they have to tell their critical infrastructure to update their servers and networks (because if you can find someone else will find it someday)
* they can use it against any other infrastructure they need to hack into for intelligence reasons
but how do you combine those two responsabilities ?
* by taking over the managment of the critical infrastructure (they have done so)
* by releasing their own versions of opensource software or releasing it under an NDA (but that would be contrary the legal contracts of open source software)
* by having disclosure contracts with private firms in which there is gap between the fast patch (for their own environments) and the public patch (for the general public)
as you have probably guessed this will all be too complicated with too many risks
so they will patch the systems of a few critical networks (government, finance platforms, military and critical infrastructure like nuclear) withoiut telling anybody (during socalled security controls of the networks) and keep it to themselves especially if they have found out before that this zeroday gives them actually proven access to communications or installations (proof before you demand the exception)
PS it also means that the NSA can now use legally the heartbleed zeroday against all their targets, so if you are a possible target and you aren't patched,..... unlucky you and your users
Ten eerste waar wordt openssl gebruikt in de Federale diensten
"Tevens werden de eigen systemen die de dienstverlening van Fedict ondersteunen, geanalyseerd. “De impact van Heartbleed bleek vrij beperkt,” aldus Peter Strickx. Een hele reeks implementaties maakten gebruik van een OpenSSL versie die het probleem niet had, terwijl de aangewende ‘appliances’ na navraag evenmin waren geïmpacteerd. Alle getroffen systemen werden vervolgens aangepast, de nodige certificaten werden vervangen en tegen dinsdag waren “alle systemen van Fedict gepatcht.” Vervolgens werd er gericht gecommuniceerd naar de klanten van de specifieke Fedict-diensten, zoals id & access management, service bus en dies meer."
en zal men nog openssl blijven gebruiken ?
" Peter Strickx benadrukt overigens het voordeel van ‘open source’-ontwikkeling, omdat onmiddellijk na het ontdekken van de programmeerfout, hierover breed werd gecommuniceerd, en binnen de 24 uur het probleem in de code was hersteld."
u kent mijn mening hierover :)
het is nu ook duidelijk dat als iemand opnieuw een zeroday heeft voor openssl waar het wordt gebruikt
andere belangrijke gebruikers van openssl hebben me gemeld dat zij afstappen van openssl
and this has been going on for some years now and it still hasn't changed
isn't this becoming a business liability for the investors ?
this doesn't mean that there are the biggest number of malware for it - this is Android for the moment
but the idea marketed by Apple that Apple is an sich safe and Microsoft is not is false
only there are so few Apple users that the Return on Investment is still not there to develop malware on a big scale for it