security - Page 44

  • 300 000 home routers hacked to intercept your banking credentials

    Effected brands of Routers including D-Link, Tp-Link, Micronet, Tenda and many others were found to be vulnerable to multiple exploit techniques including a recently disclosed authentication bypass vulnerability in ZyXEL Cirmware and Cross-Site Request Forgery (CSRF) techniques similar to those reported in late 2013. said the report

    Affected devices had their DNS settings changed to use the IP addresses 5.45.75.11 and 5.45.75.36. As with the DNS Changer malware, unwitting victims are vulnerable to a loss of service if the malicious servers are taken down, as both primary and secondary! DNS IP addresses are overwritten, complicating mitigation.

    These attacks had similarities with a n recent attack in Poland which involved hijacked router used by hackers to redirect victim to Phishing websites to grab their online banking credentials.
    http://www.techworm.net/2014/03/300000-home-routers-hijacked-can-be.html

    they just change the DNS so instead of going to your bank you go to a fake site (but you don't know it because it is on another IP address) to intercept your login credentials.

    if they can't hack the sites or the computers, they will hack what is between them and the most vulnerable link is your home router because nobody thought that these would be hacked one day on this scale

  • hackers become very quicky very very rich by hacking vulnerable bitcoinexchange

    look at the sums they earn with one simple hack in mostly very badly written code without all the resources to defend their money exchanges

    as other hackers will be seeing these sums, they will also start hacking exchanges or big portefolio's

    " Flexicoin a Bitcoin Bank was hacked and hackers made off with 896 bitcoin worth $614,300 (at current market price).   As the Flexicoin was a small Bitcoin bank without the resources or assets to recoup the loss, it had to shut operations from Tuesday.  Ironically, just six days ago, the company had issued a presser boasting that it was unscathed by the closure of MtGox, once the world’s largest bitcoin exchange

    In a separate incident, another Bitcoin Exchange 'Poloniex' said that it had been hacked and lost 12.3 % of total bitcoins it held. In a thread on Bitcointalk, Busoni, owner of Poloniex spelt out exactly how the hackers managed to breach its security and steal the BTC. 
    http://www.techworm.net/2014/03/flexicoin-bitcoin-bank-and-poloniex.html

    a full explanation of the used method is also on the site

    it is a vulnerability that is knows since the MT.gox breakdown and that apparantly hasn't been closed down by the other exchanges - just trust them yeah

    the holders of Poloniex have lost 12.3% of the number of their bitcoins (so if you had 10 of them which would now be around 5000 dollar you have lost approx 500 dollar in an instant)

  • mt.gox code is leaked online and the code is very badly written

    The code which has been leaked on Pastebin and can be read here. The hackers have released the data on another mirror site which can be read here.  The code has been thought to have been co-authored by the Mt.Gox CEO, Mark Karpeles.  Programmers and coders online have been quick to analyse the code and make their own submissions about the mistakes in the code.  One of the coders, Nilzor from Haker News came up with a interesting reply

    Wow. This code is pretty bad. I mean, it's bad for a college project. It's horrible for a company dealing with large sums of money.

    http://www.techworm.net/2014/03/mtgox-source-code-leaked-by-hacker-on.html

    this is what we have been writing about since the beginning

    this was a volunteer project that even was more about the anonimity and than about the protection of the money because the first goal was that the money arrived at Wikileaks

    on basis of this code the rest was written but if your basis is bad the rest can't be good

  • #Kiev European cybercrisis incident workshop has something real before their eyes

    Participants from all the EU Member States gather today in Athens for a two day workshop, to plan and discuss the technical and operational part of Cyber Europe 2014 (CE2014).

     

     

     

    CE 2014 is a multi-level pan European cyber-exercise that will take place throughout 2014. Cross-border collaboration is a fundamental element for it to succeed as well as synergies between public and private sectors.

    The exercise is based on simulating incidents and running exercises to test response capabilities across the EU with the ultimate goal to enhance Network and Information security contingency plans and improve the overall security and resilience of Europe’s Critical Information Infrastructures.

    ENISA is a key facilitator of these exercises, CE2014 being the third exercise of its kind.
    http://www.enisa.europa.eu/media/news-items/eu-cyber-crisis-cooperation-workshop-in-athens-4-5-march-2014

    well you don't have to look for any scenario's

    you have Ukraine before you

    look at the IPX internet exchanges and how you should defend them

    and think about an European intervention team that can be sent to whatever European country where this could be needed because of situations like in Ukraine or because of internal turmoil or international attacks

  • #kiev Anonymous hacked the mail of the UDAR party in Ukraine

    We are Anonymous Ukraine

     

    We promised to strike at the web resources of Western hirelings and fascists that are trying to hurl Ukraine into chaos.

     

    For a start we’ve hacked e-mail account of one of the regional offices of the Vitali Klitschko’s UDAR party and downloaded all the stuff we found there.

     

    We strongly recommend everyone to look through these documents. You will find out a lot of interesting details about how Klitschko and his party dirt not only on their opponents but on their allies too in their race for power and money.

     

    Some of the most interesting e-mails are here

     

    http://www.mediafire.com/download/i3cz64e3z1ehk46/most+interesting.7z

     

    http://www.filefactory.com/file/79ulg6yhbzvj/most%20interesting.7z

     

    http://www.sendspace.com/file/xa3f86

     

    https://www.4shared.com/archive/MOA7_q2nba/most_interesting.html

     

    You can download all the recent e-mails of the regional office of the UDAR party here

     

    http://www.mediafire.com/download/6njvy4bv6odmmpk/udar.chernivtsi.reg%40gmail.com.7z

     

    http://www.filefactory.com/file/2nxtehj0hcm3/udar.chernivtsi.reg%40gmail.com.7z

     

    http://www.sendspace.com/file/rb8vke

     

    https://www.4shared.com/archive/fLWo2HQBce/udarchernivtsireggmailcom.html

     

    Once again we appeal to the President Yanukovych. People of Ukraine urge you to restore order and bring calm and stability. It’s time to disperse this gang of robbers and Nazis!

     

    Ukraine must be unified and independent!!

     

    #OpIndependence continues… Expect us

     

    https://www.cyberguerrilla.org/blog/?p=17397

     

    We are Anonymous Ukraine.

     

    We are the Patriots of our country.

     

    We Do Not Forgive.

     

    We Do Not Forget.

     

    Expect Us.

    https://www.cyberguerrilla.org/blog/?p=17402

  • #kiev according to stolen emails by Anonymous Lithuania helped finance ex president Ukraine

    Hello

     

    We are Anonymous Ukraine

     

    We’ve hacked e-mail account of Laurynas Jonavicius – the adviser to the President of Lithuania. We’ve downloaded all the e-mails that were sent to him and discovered letters from Vitali Klitschko.

     

    The content of these letters shows how Western countries finance and control Vitali Klitschko through intermediary of Lithuanian government.

     

    You can download these letters, they speak for themselves

     

    http://www.mediafire.com/download/2jl25ef29c2laat/klitschko+letters.7z

     

    http://www.filefactory.com/file/5znjeiuu980f/klitschko%20letters.7z

     

    https://www.4shared.com/archive/86Iyyu0dce/klitschko_letters.html

     

    http://www.sendspace.com/file/seivqh

     

    You can also download other correspondence of the adviser to the President of Lithuania here

     

    http://www.mediafire.com/download/4p6kfcwfc9t3tq2/laurynas+jonavicius+all+mails.7z

     

    http://www.filefactory.com/file/4qtgyx6zg2yv/laurynas%20jonavicius%20all%20mails.7z

     

    https://www.4shared.com/archive/VYnGgpwVce/laurynas_jonavicius_all_mails.html

     

    http://www.sendspace.com/file/if70gl

     

    Ukraine must be unified and independent!!

     

    #OpIndependence continues… Expect us

     

    https://www.cyberguerrilla.org/blog/?p=17397

     

    https://www.cyberguerrilla.org/blog/?p=17402

     

    We are Anonymous Ukraine.

     

    We are the Patriots of our country.

     

    We Do Not Forgive.

     

    We Do Not Forget.

     

    Expect Us.

    https://www.cyberguerrilla.org/blog/?p=17432

    One thing even more imporant, if they have all the emails from the advisor to the President of Lithuania - a country who is now in a difficult position because of the russian minority on its soil and the Putin doctrine - than there is a big securityproblem

    they have only published some emails - but what will they do with the rest

  • If your Apple is Old you should update it or throw it away (or disconnect it from the internet)

    Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system.

    As Apple issued an update for Mavericks, or OS X 10.9, as well as for its two predecessors, Mountain Lion (10.8) and Lion (10.7), Apple had nothing for Snow Leopard or its owners yesterday.

    Snow Leopard was also ignored in December, when Apple patched Safari 6 and 7 for newer editions of OS X, but did not update Safari 5.1.10, the most-current Apple browser for the OS.

    Apple delivered the final security update for Snow Leopard in September 2013.
    http://www.darknet.org.uk/2014/02/apple-retires-support-leaving-20-macs-vulnerable/

  • Microsoft is not the most important vulnerability anymore

    Continuing an ongoing trend, in 2013 Microsoft's products -- which made up 33 (66%) of the 50 most popular applications -- accounted for a relatively low number of vulnerabilities. For example, of the vulnerabilities affecting the 50 most-used PC applications on private PCs in 2013, Secunia found that only 16% of the bugs affected Microsoft products or operating systems, up from 8% in 2012. The increase was largely due to Windows 8 bundling more third-party software than Windows 7, as well as more Microsoft applications being among the top 50. The other vulnerabilities affected operating systems (5.5% of all total vulnerabilities) but were overwhelmingly due to non-Microsoft applications (86%).
    http://www.informationweek.com/security/application-security/ibm-software-vulnerabilities-spiked-in-2013/d/d-id/1114028

    it all began with their internal processos of source control and vulnerability finding community programs

    nobody is a Leonardo Da vinci

    If Acrobat should do the same thing this would already change a lot of things

  • new free sql injection tool sculptor

    download here  http://sculptordev.com/#

  • target breach shows that big databreaches can never be covered by cyberinsurance

    Cates explained how customers he has worked with have listed a data breach as the second biggest risk on their books after natural disasters. He used the Target breach as an example. “To date, the cost of remediation has been $61m, and $44m of that is covered by cyber-insurance”, he said. “The costs will continue and will eventually total and hundreds of millions. Gartner says that for every $5.6 a data breach costs you, the prevention would have cost only $1.”
    http://www.infosecurity-magazine.com/view/37169/rsa-2014-target-breach-has-bigger-impact-on-data-security-than-snowden-says-vormetric-/

    tell that to your CIO who never will believe that anything like that is possible and that those small investments are even necessary and have numerous different advantages

  • exBelgian Globalsign supports certificate transparancy

    “When implemented, Certificate Transparency helps guard against several types of certificate-based threats, including misissued certificates, maliciously acquired certificates, and rogue CAs. These threats can increase financial liabilities for domain owners, tarnish the reputation of legitimate CAs, and expose Internet users to a wide range of attacks such as a website spoofing, server impersonation, and man-in-the-middle attacks,” Google’s description of the framework says.

    The method requires the CAs to cooperate and submit their certificates to these public logs, and that’s one of the things that’s holding up its broad adoption.

     

    “We need to get the CAs to change their behavior so they emit certificates this way,” Chris Palmer, a security engineer on the Chrome team at Google, said in a talk at TrustyCon here Thursday.
    http://threatpost.com/fixing-trust-through-certificate-transparency/104563

    big customers or other CA should put pressure on their CA to do the same thing

    if they have nothing to hide they have nothing to lose

  • something for the FCCU or an European agency an European db of malware

    For example, the FBI has been building a database of malware samples, snappily dubbed the Binary Analysis, Characterization, and Storage System (BACSS), for its investigators. Later this year a declassified version of this, dubbed Malware Investigator, will be made available to security partners, said Comey, who was sworn in as director in September.

    "If a company has been hacked you can send the malware back to us and, in most cases, get a report back in hours about how it works, who it might be targeting and where we've seen it before," he told the conference today.

    "Our goal is to make BACSS the same kind of repository that we have long maintained for fingerprints, criminal records and DNA."

    The FBI will also expand its eGuardian program that allows companies to automatically update the agency about data security breaches involving classified and non-classified material.
    http://www.theregister.co.uk/2014/02/27/new_fbi_boss_pledges_cyber_crime_not_terrorism_will_dominate_agency_in_the_next_decade/

  • yourdeal.be unsecure login and defaced

    so this is the non-secured login

    this is the defacement, luckily they didn't place a phishing page

  • free SANS tool to test if your network can eliminate 85% of all attacks with these 4 settings

    source https://www.qualys.com/forms/sans-top-4-security-controls/

  • ex security guru from the US says NSA can hack European cloudservers to proof they are not safe

    "NSA and any other world-class intelligence agency can hack into databases even if they not in the US," said former White House security advisor Richard Clarke in a speech at the Cloud Security Alliance summit in San Francisco on Monday. "Non-US companies are using NSA revelations as a marketing tool."
    http://www.theregister.co.uk/2014/02/24/richard_clarke_csa_comments/

    well that is a reason to have a look at your logs not ?

     

  • the next (in)security frontier : connected medical devices (that are hacked)

    But another troubling aspect is that once attackers gain access to these devices, they can use them to launch attacks on other devices. 

     

    Indeed, the report tracked the origin of some of the malicious traffic coming out of medical sites that had been hacked: 

     

    "The findings of this study indicate that 7% of traffic was coming from radiology imaging software, another 7% of malicious traffic originated from video conferencing systems, and another 3% came from digital video systems that are most likely used for consults and remote procedures."

     

    In following the trails of this malicious traffic, Norse found detailed information about the layouts of hospitals and specifications of various lifesaving equipment.
    http://www.latimes.com/business/technology/la-fi-tn-study-epidemic-of-cyberattacks-have-compromised-healthcare-orgs-20140218,0,4761289.story#axzz2tiW03nec

    the same old song : first the product than the security

    and in between the incidents and articles and products to secure something that should have been secured from the beginning - before it came to market

    why is it so difficult to let a new medicine on the market and why is it so easy to place unsecured vulnerable connected devices on the market

    deconnect them - period

  • the first wifi virus that automatically attacks unprotected Access points

    Researchers from the University’s School of Computer Science and Electrical Engineering and Electronics, simulated an attack on Belfast and London in a laboratory setting, and found that “Chameleon” behaved like an airborne virus, travelling across the WiFi network via Access Points (APs) that connect households and businesses to WiFi networks.

     

    Areas that are more densely populated have more APs in closer proximity to each other, which meant that the virus propagated more quickly, particularly across networks connectable within a 10-50 metre radius.

     

    Alan Marshall, Professor of Network Security at the University, said: “When “Chameleon” attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi APs that it could connect to and infect.”

     

    “Chameleon” was able to avoid detection as current virus detection systems look for viruses that are present on the Internet or computers, but Chameleon is only ever present in the WiFi network. Whilst many APs are sufficiently encrypted and password protected, the virus simply moved on to find those which weren’t strongly protected including open access WiFi points common in locations such as coffee shops and airports.
    http://scienceblog.com/70678/scientists-demonstrate-first-contagious-airborne-wifi-virus/

    as there is no antivirus on the Access Points it is more easy to infect and it doesn't need to do more as everything goes through the access points (passwords, information,....)

  • our Belgian 2014 Datanews cyberpersonality and how to manipulate the online form

    we have worked with the FCCU to set up a process to stop the fastflux botnet attacks using .be names and to stop the publishing of part of half a million personal files of VOO last year

    we are NO hackers we are security and privacy-activists and although we don't agree with everything or have second thoughts  (the stop page for example) we have the deepest respect for the hard work he does - even if the ISP's refuse to invest enough in the security of its users and others don't respect in their webservices even the most fundamental rules of security (and nobody gives them a fine for it even if you would be closed down if you were a real shop who wouldn't respect any of the rules and conditions)

    So who-ever datanews choses as cyberpersonality of the year in Belgium we congratulate Luc Beirens with his nomination and we can only hope that more people will start effectively listen to him

    and to our minister of justice - stop talking about optimalisation to disband the FCCU or take away its resources - if there is no central central of coordination and knowledge managment you will always be the loser in the battle against the cybercrime corporations

    this is the jury who has the last word

    but if I look at some candidates and compare it to the jury I have some deontological questions .....

    there is also a vote for companies that you can easily manipulate

    this is the form to vote for the companies

    and than you will have to fill in a simple form

    and there is no confirmation mail that you have to click on - so you even don't have to own the emailaddress and there is no refusal of general emailaddresses like yahoo, google and so on .....

    makes it worthless in fact

  • the totally secured laptop - presentations and so on

    we have convened that the presentations and so on will be available on the platforms of Sophos and Safenet because that is also the place where all the feedback, latest versions and news has to be

    the feedback from the selected audience from this 'preview' was rather positive

    as said - I don't work or am I not paid anything by Sophos or Safenet in whatever way - I just want my conceptual baby to become a school of thought as an integral part of a totally secured environment (even if that is totally isolated within a larger one) and I know that you can use it as part of your security legobox.

    just one slide of a pic - and this is because many people were surprised by it (except for those who come to know my straight no bullshit talks)

    but it makes something clear, a totally secure laptop works best in a secured environment with a security awareness. It limits the risks and damages in less secure environments and networks but that is all it does.

    You will find me and the technical teams and the commercials on infosecurity.be the 26th and 27th of march. Do not forget to pre-subscribe to the presentation about the secure laptop (which is an understatement) one of the two days, as the number of interested persons is increasing daily.

    Inside both companies other departments and international responsable people are taking notice what these small belgian teams are accomplishing and seeing an idea catching on.....

    I am a very happy man and very happy to promote this secure laptop as a gamechanger with which it is possible to secure mobile data or departments within networks in a simple way.

    If only more people would be interested in the totally secured Oracle database ....... they are but Oracle is making it too expensive I suppose.