security - Page 43

  • according to Alienvault the most dangerous IP addresses in Belgium are

    the first is Verizon Cloud services in Brussels which hosts the following spamming sites

    this is an active infected malware domain on a Belgacom server

    these are also infected domains

    and those are also infected by malware

    sweb3032.isp.belgacom.be#sthash.h5YyZzDY.dpuf
    sweb3032.isp.belgacom.be#sthash.h5YyZzDY.dpuf
    sweb3032.isp.belgacom.be#sthash.h5YyZzDY.dpuf
    sweb3032.isp.belgacom.be#sthash.h5YyZzDY.dpuf
  • alienvault launches free Open Security Intelligence Portal

    source  http://www.alienvault.com/open-threat-exchange?utm_medium=Advertising&utm_source=THN&utm_content=BN

  • #kiev #oprussia economy.gov.ru the emails and all the vulnerabilities in one file (or is it fail)

    economy.gov.ru emails + sqli #oprussia

     

    By: LegionOperations on Mar 9th, 2014  |  syntax: None  |  size: 314.56 KB  |  hits: 127  |  expires: Never

     

    download  |  raw  |

    http://pastebin.com/HckwEr6b

  • if you can deliver books by drone so why not drugs ?

    yes why not

    so new at the borders and in innercities will be policecars with radar and anti-aircraft guns shooting drugdelivering drones down (and what if those drones can shoot back - cartels have enough money don't they)

    source http://leaksource.info/2014/03/09/drone-drug-delivery-into-melbourne-remand-centre/

  • #kiev for the US annexing the Crimea is the same as declaring a new cold war

    "On Saturday, U.S. Secretary of State John Kerry told Russian Foreign Minister Sergei Lavrov that the Kremlin annexing Crimea would “close any available space for diplomacy.”

     

    The warning is disconcerting because there are three general ways that this crisis could play out: Russia keeps advancing into east and south Ukraine, Russia annexes Crimea and then applies further financial and political pressure on the new government in Kiev, or Russia makes limited concessions and the crisis de-escalates.

     

    By Kerry saying that the diplomatic window is closed if Russia annexes Crimea — which is almost a forgone conclusion — then the best path for de-escalation is obstructed.

     

    "We need a de-escalation and that can only happen via talks," German Vice-Chancellor Sigmar Gabriel, who spoke with Putin in Moscow last week, told  Der Spiegel. "It's not a question now of whether we react in a 'hard' or 'soft' manner; rather we have to act in a clever manner."

     

    Furthermore, on Sunday U.S. national security official Tony Blinken said that America won't recognize the March 16 referendum and will increase sanctions on Moscow if and when Crimea secedes. 

     

    Meanwhile, experts agree that Vladimir Putin is not going to give up Crimea.

     

    "What's happened in Crimea is a fait accompli. You aren't going to get the Russians out of there," Stephen Larrabee,  who specializes in European Security at Rand,  told NPR. "I can't see Putin agreeing to withdraw troops that are already there. It would be losing face with his own public."
    http://finance.yahoo.com/news/john-kerry-made-troubling-threat-151446123.html

    so whatever the experts (pfff they are nearly always wrong) whatever the Europeans (are there Europeans or are there several different groups of thought on the European continent) think or say

    the US has decided - so it seems for now - that the Crimea is the red line and that after Georgia and with several other regional conflicts in Europe unresolved because of Russian interference - it has been enough

    one can not have peace in Europe with a Russian neighbor who thinks again that it has to protect its minorities and has a duty to do so - even military - or safeguard its last protective states (states that have to be overrun before you arrive before Moscow (as Napoleon and Hitler did)

    everything has changed after the Crimea - and those experts who are already giving it up and think it will be peace afterwards for always are just dreaming - because every other borderstate now knows that the same scenario could be played out against them

    many of our paradigma's that we had just a few months ago are into doubt or the dustbin - for the experts it will take much longer before they understand that and are willing to rethink their viewpoints

    when one reads nowadays books about the second and first world war there are hundreds of thoughts that come to mind if one reads the news and views today - but I will come later on that

    this declaration by the Secretary of State as firm as it has been said - and if confirmed by the President but who is under enormous pressure to keep a firm stand and show some leadership as his whole Russiapolicy is being compared to Chamberlainlike Naivité - is a turn of events that changes things completely.

    let's hope now somebody burns all those voting papers so that there is no referendum saturday

    the' weekend of all fears' (a good film about the Cuban Missile Crisis is the "Summer of all fears")

  • yahoo antispam can't filter out its own phishing spam

    this is strange

    you still can get this in your inbox

    but as you don't get all the other spam, many people will think this is genuine because the real spam has been blocked

    this phishing spam is stupid because the domainname where you have to login has totally nothing to do with Yahoo

  • Microsoft Secure Development Lifecycle a lesson Adobe and Oracle java don't want to learn

    Few outside the firm knew of the crisis unfolding inside its campus but not everyone was surprised. Microsoft now traces the moment the penny dropped to the early hours of a summer morning in 2001, only weeks before it was due to launch Windows XP to OEMs.

     

    "It was 2 a.m. on Saturday, July 13, 2001, when Microsoft's then head of security response, Steve Lipner, awoke to a call from cybersecurity specialist Russ Cooper. Lipner was told a nasty piece of malware called "Code Red" was spreading at an astonishing rate. Code Red was a worm a malicious computer program that spreads quickly by copying itself to other computers across the Internet. And it was vicious."

     

    Others arrived in the following two years; the Blaster worm, Nimda, Code Red II, MyDoom, Sasser, and on and on. To a world and a Microsoft not used to the notion of malware being a regular occurrence, this was all a big shock.

     

    By January 2002, with attacks on its baby XP humbling the biggest software firm on earth, Bill Gates sent his famous Trustworthy Computing (TwC) memo to everyone at Microsoft. From now on, security was going to be at the root of everything and so help us God.

     

    That turned into the SDL, and it was given priority one to the extent that it took over the whole 8,500-person Windows development team for much of that year and the next. Its ambition was to completely change the way Microsoft made software so that as few programming errors were made that had to be fixed once customers were involved; "security could not continue to be a retroactive exercise."
    http://www.cio.com/article/749408/The_Greatest_Security_Story_Never_Told_How_Microsoft_s_SDL_Saved_Windows

    and it is something that is still totally absent from many many software projects and products

    meanwhile Microsoft products are becoming ever more secure

    so secure that the hacking attacks aren't against microsoft but Linux environments

    and most intrusions on microsoft systems are done by leaking third products not because of microsoft

    they still need to close down better Internet Explorer

  • after the Target breach US businesses want to move fast to European protection of credit cards

    About 60 of the 80-plus countries now using EMV cards require that cardholders enter a PIN when using the card at a payment terminal.

     

    In a statement Friday, the National Retail Federation (NRF), which represents thousands of retailers and other businesses, called on MasterCard and Visa to implement the same model in the U.S..

     

    "We remain insistent that U.S. retailers' customers be given the same protections as consumers," in the other countries, NRF general counsel Mallory Duncan said.

     

    "There is no single solution to the complex issue of criminal hacking and we know PIN and Chip is just a bridge on the long road to a safer payment system, but it is an important step in the right direction."

     

    Signatures are a virtually worthless form of authentication, Mallory noted in the statement. "Insisting on chip-and-signature cards is like installing an alarm on the front door of a home while leaving the back door wide open. It doesn't make sense when the technology exists to secure the entire house," he said.
    http://www.cio.com/article/749452/U.S._Retailers_Insist_on_PIN_Requirement_in_Smartcard_Rules

    another thing that just lowered the level of fraud was the obligation to inform the bank before you went on holiday outside of Europe so that your card would be activated over there

    if not, all the transactions from your (stolen or hacked) card from that and any other country than the one you live in would have been blocked (behavioural scanning) - the only trouble is that the amount before those checks are implemented full is too high

    it is easier to steal 40 Euro's from a few thousand accounts than 40.000 from some

  • more than 2000 .be sites hacked at

    this is from zone-h.org

    and only at .be there are already more than 2000 pages who had a defaced page added

    this team is very very active http://www.zone-h.org/archive/notifier=d3b~X

    they are specialised muslum hackers from Indonesia 

    A famous Indonesian hacker going with the handle of SultanHaikal from Gantengers Crew has hacked and defaced total 6 official domains of Ubuntu One. The targeted domains redirect users to one.ubuntu.com. Ubuntu One which is a cloud service and OpenID-based single sign on service operated by Canonical Ltd, had 6 of its domains defaced few hours ago. SultanHaikal from Gantengers [...]
    http://hackread.com/tag/gantengerscrew/

    they have a twitter account  https://twitter.com/GantengersCrew  because you would like to monitor this

  • #oprussia exportfirm hacked with data about military airplanes

    Today Russian hacktivist @Rucyborg has announced a big leak of files from Russian Defence Export ROSOBORONEXPORT (http://www.roe.ru/).

    The leak was announced just a short time ago from twitter and has been posted to cyberguerrilla. The leaked files are just the first part of a few to come from the Russian government.

    The data leaked is related to parts ordered and quotations from the Russian air-force, division of military technical, Hindustan Aeronautics Limted (HAL), documents from cosmoo travels ltd about flight costs in and out of Russia, Russian delegates information with full passport details as well as copies of those passports in image format

    http://www.cyberwarnews.info/2014/03/06/russian-defence-export-hacked-500mb-data-leaked-by-rucyborg/

    but attention there are some trojans in the data - not sure if they were infected before or after the leak

     

     

  • #kiev about the jew Blue Helmets brigade at Maidan

    (JTA) — He calls his troops “the Blue Helmets of Maidan,” but brown is the color of the headgear worn by Delta — the nom de guerre of the commander of a Jewish-led militia force that participated in the Ukrainian revolution.

     

    Under his helmet, he also wears a kippah.

     

    Delta, a Ukraine-born former soldier in the Israel Defense Forces, spoke to JTA Thursday on condition of anonymity. He explained how he came to use combat skills he acquired in the Shu’alei Shimshon reconnaissance battalion of the Givati infantry brigade to rise through the ranks of Kiev’s street fighters.

     

    He has headed a force of 40 men and women — including several fellow IDF veterans — in violent clashes with government forces.

     

    Several Ukrainian Jews, including Rabbi Moshe Azman, one of the country’s claimants to the title of chief rabbi, confirmed Delta’s identity and role in the still-unfinished revolution.

     

    The “Blue Helmets” nickname, a reference to the U.N. peacekeeping force, stuck after Delta’s unit last month prevented a mob from torching a building occupied by Ukrainian police, he said.
    http://www.veteransnewsnow.com/2014/03/06/403550-in-kiev-an-israeli-army-vet-led-a-street-fighting-unit/

  • what is the workflow of a spambot (Gamut)

    this is a very good example

    and shows how infected posts are kept alive by not overusing them

  • mobile adware is now much more malvertising (advertising with malware behind)

    Pornography is no longer the leading source of malware on mobile devices, according to a new study.

    The non-honor now goes to Web-based ads, according to Blue Coat, a security firm that analyzed data from more than 75 million global users for a report it released Wednesday.

    As of last month, a whopping one in five mobile users who were directed to malware got there by clicking on a Web ad, Blue Coat said. That's more than triple the 5.7 percent rate logged in November 2012, when ads were the No. 4 delivery system of mobile malware.
    http://www.nbcnews.com/tech/security/porn-dethroned-top-source-mobile-malware-n44371

    who would think there is malware behind the flash, the banner or the image you are seeing ?

    if you go on porn sites you know malware and badware are everywhere

  • the easiest hack thanks to the network admin : his login in a phishing page

    The objective is simple — to gain access," Whitaker told the audience of information-technology professionals. "We target SCADA engineers. You know how to get into industrial control systems."

    SCADA, or supervisory control and data acquisition systems, are the largest form of computerized industrial control systems, and use both hardware and software to monitor and control large industrial processes. "So how do we gain access?" Whitaker asked. "We often just ask for an engineer's username and password."

    Whitaker said his team crafts simple phishing attacks, usually consisting of a brief email message that looks like it comes from a staffer in the company's IT department. "We're made some recent changes to our Web-based Outlook access," reads the message. "When you get a free minute, please try logging in using your network credentials and let me know if you have any problems."
    http://www.tomsguide.com/us/hack-power-grid,news-18397.html

    this is to penetrate an electricity network of an American city but it can be used against any network where double authentification for network and application administrators isn't implemented

  • new kind of attack against encrypted channels and https

    We present a new class of attacks against applications that rely on the TLS Internet Standard for securing their communications. In contrast with recent attacks that rely on implementation errors, our attacks follow from the unexpected composition of standard features of the protocol: session resumption followed by client authentication during renegotiation. We propose short-term application-level mitigations, and we propose protocol-level changes to strengthen the standard and its users against such attacks.

    To summarize the attacks briefly, if a TLS client connects to a malicious server and presents a client credential, the server can then impersonate the client at any other server that accepts the same credential. Concretely, the malicious server performs a man-in-the-middle attack on three successive handshakes between the honest client and server, and succeeds in impersonating the client on the third handshake.

    We have confirmed that our attacks can be mounted on popular web browsers and HTTPS libraries, when they are used to perform certificate-based authentication at servers that enable both resumption and renegotiation. Variations of the attack (that do not rely on renegotiation) can be used to impersonate other TLS-based authentication mechanisms such as PEAP, SASL (SCRAM, GS2), and Channel ID.
    https://secure-resumption.com

  • 6 important conclusions out of 6 trillion security-incidents in 2013

    source http://www.net-security.org/malware_news.php?id=2722

    some industries should take note (financial for Phishing) and some concepts like BOYD will be dead soon and drive by infections are also more popular why the sheer volume of spam and malware-by email oblige you to have very robust installations and checks with very strict rules

  • something sometimes forgotten : ATM heists still happen in our country

    it is not because we tell our media time after time that most of our cards are better protected than US cards, that one can't empty cards from our ATM's

    and example is showed here http://www.the41st.com/public/ATM%20Heist%20Infographic_41st%20Parameter.jpg

    and the proof that they were also operating with mules in Belgium

    it is also clear that this asks for an international investigation

  • major securityflaw in securitycode of linux GnuTLS library makes people rush to updates (direct links)

    A source code mistake in the GnuTLS library – an open-source software building block used in a large number of different Linux distributions to handle secure Internet connections – could prove a serious threat to the privacy of Linux users, as developers rush to patch the vulnerability.
    http://www.networkworld.com/news/2014/030414-linux-security-279392.html

    these are the links to the updates

    Debian has updated gnutls26 (certificate verification issue).

    Fedora has updated easy-rsa (F20; F19: weak keys), file (F19: denial of service), and python-tahrir (F20; F19: insecure openid login).

    Mageia has updated egroupware (remote code execution), gnutls (certificate verification issue), python-logilab-common (multiple unspecified temporary file vulnerabilities), and qt5 (denial of service).

    Oracle has updated gnutls (OL6; OL5: multiple vulnerabilities).

    Red Hat has updated activemq (multiple vulnerabilities) and gnutls (RHEL6; RHEL5: certificate verification issue).

    Scientific Linux has updated gnutls (SL6; SL5: certificate verification issue).

    Slackware has updated gnutls (certificate verification issue).

    SUSE has updated gnutls (SLE11 SP3; SLES10 SP3 LTSS; SLES10 SP4 LTSS; SLES11 SP1 LTSS; SLES11 SP2 LTSS: certificate verification issues).

    Ubuntu has updated gnutls26 (certificate verification issue), php5 (multiple vulnerabilities), and python2.6, python2.7, python3.2, python3.3 (code execution).
    http://lwn.net/Articles/589235/

  • the 10 untruths of the Belgacom hack

    1. Your internal routers and switches can't be hacked

    2. Your internal BSD, Linux, Solaris and windows servers can't be hacked

    3. Your internal PC's can't be infected, rooted, booted and malvirtualised (NSA ware)

    4. Your internal Active Directory can't be extracted

    5. Your internal mail server doesn't have to be secured

    6. Your internal trusted traffic doesn't have to be checked

    7. You don't have to change the clean-up teams and you just keep throwing money at them

    8. You give information to everyone in the enterprise so that it leaks to the press

    9. You don't have to think about double authentification for your internal most important workers

    10. You don't have to check all the incidents by a monitoring team that has the time to monitor and analyze them

    ps welcome to all readers from Belgacom - the best way to stay updated is the newsletter

    and if you want to read more about Belgacom - and understand better some of the things written here above just type Belgacom in the search of this blog (and be surprised) especially if you type belgacomhack as term

  • meetup.com goes down after refusing to pay ddos-ransom to hackers

    The attack was the first in the site's 12-year history, and Heiferman defended the move not to pay the paltry ransom.

    "We made a decision not to negotiate with criminals," he said in the post. "Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spread in the criminal world."

    Meetup has almost 17 million members and, when online, was signing up between 15,000 and 20,000 people every day.
    http://www.reuters.com/article/2014/03/03/us-meetup-cyberattack-idUSBREA221TR20140303?feedType=RSS&feedName=technologyNews

    the sum they asked was 300 dollars which would mean that afterwards they would have many more of those attacks while with big sum you also buy a sort of insurance against more or less any attacks