security - Page 45

  • Discovery of 360 million mostly unencrypted logins to websites - firms even not informed of breach

    Holden said he believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.

    He said he believes the credentials were stolen in breaches that have yet to be publicly reported. The companies attacked may remain unaware until they are notified by third parties who find evidence of the hacking, he said.
    http://www.nbcnews.com/tech/tech-news/big-data-breach-360-million-newly-stolen-credentials-sale-n38741

    but another problem

    how do you rectify this, how do you inform 360 million people that their logins are not valid anymore

    this also means - if these are really new ones - that in one year time we are arriving at nearly one billion lost records and logins

    double authentification is the solution because logins are dead securitywise

    but Hey Holden security, you are in my view starting to play with fire

    it is all well and good to publish that information, but instead of seeking the limelight you should already have started contacting the different certs in the world to hand them the names of the breached firms or the emailaddresses with their country extension

    than you are doing the good thing

  • RSA calls for international agreement against cyberweapons

    First, he said, governments around the world need to renounce the use of offensive cyberweapons, and through treaties and mutual agreements make them as forbidden as nuclear, chemical, or biological weapons.

    "The genie is out of the bottle on cyberweapons, they are easily propagated and can be turned on their developers," he said. "Those who seek military advantage by riding this tiger will end up inside it. We must have the same abhorrence to cyber war as we do to nuclear and chemical warfare."
    http://www.theregister.co.uk/2014/02/25/make_cyberwar_as_much_of_a_nono_as_nuclear_chemical_exchanges_says_rsa/

    something that has been said all along but the military planners just go along

    even we have a plan for a cyberattack - in response - even if everybody knows that this is nuts because you can never proof to be absolutely sure that the attacker is not a victim itself

    and cyberweapons are like biological weapons (a real virus) : once it is out in the wild there is no way you are going to be able to control it. Stuxnet is a perfect example they thought that they have programmed everything so that it would only attack the systems in the nuclear installations in Iran but it was found out because it was wrecking havoc on other systems

  • if you don't have securitypeople watching the logs and events you don't see 60.000 alerts and the money that is gone

    The hackers who raided the credit-card payment system of Neiman Marcus Group set off alerts on the company’s security systems about 60,000 times as they slunk through the network, according to an internal company investigation.

     

    The hackers moved unnoticed in the company’s computers for more than eight months, sometimes tripping hundreds of alerts daily because their card-stealing software was deleted automatically each day from the Dallas-based retailer’s payment registers and had to be constantly reloaded. Card data were taken from July through October.
    http://mobile.businessweek.com/articles/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-while-bagging-credit-card-data

    So this proofs my point

    you may invest millions in security

    if there is no one regarding the logs and incidents or the flows

    you are NOT secure - you may think it but you aren't

  • the totally secured laptop, belsec - sophos and safenet

    You can say that I am always looking for problems - something I hear often enough

    but I am also looking for solutions

    I was one of the first to implement the reverse proxy in Belgium 2002

    I was one of the first to implement the Auditvault of Oracle (best protection against Manning and rough admins)

    And when I was looking for a solution for a complete secure telework laptop we have been looking at several solutions but none was really that global and so on - and it was all the same stuff all over again

    so than two firms set in to develop a proof of concept to integrate everything into one

    I have no money to invest but if security, full disk encryption and really good double authentification in a end 2 end encryption environment work together  than the possibilities to secure your data have new possibilities

    and if other firms integrate products (or work together to integrate their solutions into one backoffice) than I am all for it  - if this becomes one day the standard, than that is the best news

    there are too many seperate products for seperate problems with too many different standards, backoffices, licences and so on (no other product we use everyday could be built the way the ITsecurity works) A car is made of parts that are made by a great group of different firms that work together - in ITsecurity everybody wants to do everything for everybody and be the best in everything but forget that this is the holy grail that nobody has ever found in ITsecurity.

    and if every important dataset would find itself protected by fulldiskencryption and hard double authentification because there is an integrated solution than this is better for all of us - whatever the firms that integrate their solutions

    I don't work for myself here, I work to get more solutions that really make a difference for every kind of network

    we will publish this evening the presentations and the videos of the first presentation before a selected group of people responsable for different big networks in Belgium

    If deontologically things would change, you will be the first to know, this is not a submarine operation for some firms - and it never will be - but as it is my conceptual baby I really want now to help it to show it to the world (and have more data protected in a more correct way) and if those firms have put money where their mouth is than who am I to cross my arms and just stay aside

    while the ITsecurityfirms are battling each other, the cybercrime groups are using every mistake in all the seperate different products to get more money and victims year after year

    so when two big Itsecurityfirms work together to offer a more complete solution who am I not to applaud them for it and to say to the others to do the same thing

    If I didn't I would be looking for problems, not for solutions

    there are solutions if we work more together

  • website destexhe hacked

    this is the website

    this is the page that was added - what next ? Porn ?

  • computrace needs some security hardening after new research about possible attacks

    the practical thing first : you can follow the instructions from Kaspersky Lab to find and disable Computrace.

    Computrace is placed in thousands of laptops as a standard firmware (and so it isn't discovered by the antivirus or securityproducts) to give you the ability if you have lost the laptop to wipe your harddisk when it comes online again (which is too late off course)

    but in fact is it a trojan

    "While Computrace is commercial software designed to do good, it employs many of the same tricks as malware, including using anti-debugging and anti-reverse engineering techniques, injecting memory into other processes, and encrypting configuration files. Sacco described the tool as a "latent toolkit" and noted the Windows agent has no authentication of any kind. Computrace communicates with the servers at Absolute Software over an unencrypted channel and stores information unencrypted. The network protocol can be used for remote code execution and is vulnerable to abuse, Sacco warned.
    http://www.itproportal.com/2014/02/18/hackers-can-use-common-anti-theft-tool-wipe-devices-remotely/

    so now the question is

    * why is there not more encryption

    * how do you update the clients so that it can't be manipulated by published trick

    * why is it not a choice and aren't you informed and can't you turn it off when you start your computer

  • the hidden services of Tor are used to botnet android phones

    The Android Malware dubbed as 'Backdoor.AndroidOS.Torec.a', using Tor hidden service protocol for stealth communication with Command-and-Control servers.

     

     

    Researchers detected that the Trojan is running from .Onion Tor domain and working on the functionality of an open source Tor client for Android mobile devices, called 'Orbot', thus eliminating the threat of the botnet being detected and blocked by law enforcement authorities, although often it's not clear how many devices has been infected by this malware till now.
    http://thehackernews.com/2014/02/first-tor-based-android-malware-spotted.html

    and no we still need no cert for the mobile traffic in Belgium as the CERT is not responsable and has no resources and the Telecom Operators have no clue what we are talking about and are concentrating on fraud.

  • highlevel anti-penetrationspecialists make perfect keylogger for Iphone which means that

    the nsa or cybercrime organisations could do that also

    "Researchers said they have identified a flaw in Apple's iOS that makes it possible for attackers to surreptitiously log every touch a user makes, including characters typed into the keyboard, TouchID presses, and adjustments to the volume control.

     

    The vulnerability affects even non-jailbroken iPhones and iPads running iOS versions 7.0.4, 7.0.5, and 7.0.6, as well as those running on 6.1.x, researchers from security firm FireEye wrote in a blog post published Monday night. They said attackers could carry out the covert monitoring using an app that bypasses Apple's stringent app review process. The app uses multitasking capabilities built into iOS to capture user inputs. The blog post explained:
    http://arstechnica.com/security/2014/02/new-ios-flaw-makes-devices-susceptible-to-covert-keylogging-researchers-say/

  • check if your bitcoin wallet has been emptied by a botnet

    go here https://www3.trustwave.com/support/labs/check-compromised-bitcoin.asp

    We recently discovered yet another instance of a Pony botnet controller. Not only did this Pony botnet steal credentials for approximately 700,000 accounts, it’s also more advanced and collected approximately $220,000 (all values in this post will be in U.S. dollars) worth, at time of writing, of virtual currencies such as BitCoin (BTC), LiteCoin (LTC), FeatherCoin (FTC) and 27 others.

     

    According to our data, the cyber gang that was operating this Pony botnet was active between September 2013 and mid-January 2014.
    http://blog.spiderlabs.com

    this is a picture - you have to go to the site to check

  • warning to national DNS operators : you are a target

    there was no defacement of Google in Paraguay but the people were sent to a page that looked like a defacement

    "Mormoroth published a number of screenshots to demonstrate that he had gained access to NIC.py’s backend systems. He leaked some user credentials and other information stolen from the site’s databases.

    In a blog post on ha.cker.ir, the hacker has explained that he has leveraged a remote code execution (RCE) vulnerability to breach NIC.py.
    http://news.softpedia.com/news/Google-Paraguay-Hijacked-via-NIC-py-Hack-429228.shtml

    This means that national DNS operators should take more care about the security of their operations and networks

  • KBC representatives are looking at the problem with their certificate

    good

    now do something about it

    fast

    people with older browsers and infected (half a million belgian pc's) are vulnerable

    and you can be ddossed

    check for yourself here

    https://www.ssllabs.com

    and all the documentation needed to bring your certificate in order is present

  • oostende.be digitaal loket without any SSL protection

    oostende.be

    en u kunt zelfs zonder enige bescherming deze gegevens intikken

    http://www.oostende.be/EloketDetail.aspx?id=38

    en dit kunt u voor nog een hele serie andere attesten

    zonder ook maar enige bescherming natuurlijk

  • the prices for an online unstoppable DDOS attack

    http://r00t1ng.besaba.com/index.php?action=pricing

  • Belgacom story two

    telefoon gaat

    bent u persoon

    ja dat ben ik

    wel Belgacom heeft vastgesteld dat nogal wat computers geïnfecteerd zijn en slecht beveiligd zijn

    de mijne toch niet specifiek ?

    nee, maar we bieden een antivirus aan waarbij u goed beveiligd zou zijn

    Ik heb al beveiliging maar ik denk dat dat geld gaat kosten

    Ja voor 60 euro per jaar blalblablal 

    spijtig voor u maar ik ben diegene die al jaren strijd om de verplichting op te leggen aan de ISP's om hen te verplichten van gratis dit te integreren in alle abonnementen die ze verkopen - u koopt toch ook geen wagen zonder remmen of u moet toch ook niet bijbetalen om remmen te krijgen in uw wagen ?

    nee, maar ik ben maar de verkoopster "

    grappig en triestig tegelijkertijd. Grappig dat ze bij mij terechtkomen en tien minuten een pleidooi moeten horen (ook op tape) waarom dit een normaal onderdeel van een internetabonnement zou moeten zijn (toch als een half miljoen pc's geïnfecteerd zijn in België) en spijtig dat ze nog altijd niet hebben begrepen dat je geen veilig netwerk zult hebben zonder dat elke pc een professionele minimale beveiliging heeft die toch al 90% van de aanvallen kan afslaan waardoor je minder geïnfecteerde posten in je netwerk hebt

  • belgacom story one

    zo we krijgen een uitnodiging van Belgacom over informatieveiligheid

    "Kom dan naar de Belgacom stand en ontdek er alles over onze convergente oplossingen voor “Secure Cloud Services”. Een team van specialisten staat voor u klaar en geeft u graag meer uitleg over:
    - de opbouw van uw cloud;
    - het gebruik van onze cloud;
    - de beveilinging van uw cloud;
    - het gebruik van veiligheidsoplossingen vanuit de cloud;
    - geniet van onze 360° diensten.

    Wij raden ook twee seminaries aan:
    26/3 en 27/3
    15u45-16u15 : APT Mitigation requires a new continuous security model door Bart Callens, ICT Security Product Manage (Theater 4: Case study sessions & solution)"

    tsja euh tsja

     

  • virusemails from support@client.be

    so virusmails are coming into mailboxes from client.be

    but client.be has no website

    and it is used by

    and the person doesn't seem to come from Ukraine or russia or china or a fake address in the US

    but at the same time his domain is losing its worth

    because client.be will be blacklisted

    no, it is even not blacklisted

    even if you are receiving

    Subject: Nous avons eu une erreur critique concernant votre compte PayPal
    Sender: "Service PayPal" <support@client.be>
    Recipient(s): "Recipients" <support@client.be>

    the only really working link in that

  • securityfirm EC-Council hacked and thousands of copies of ID cards of military lost

    there was already a whole lot of discussion among securityprofessionals of which most thought that even if the course on paper was a good oversight, the trainers were not real hackers and didn't have the finesse about the things they were supposed to train

    but the website was hacked several times and the last time the hacker placed a warning that he has access to thousands of copies of passports of all kinds of worldwide military and other personnel that have followed their courses - falling for the marketing blitz they are frequently organizing

    http://www.ehackingnews.com/2014/02/ec-council-official-website-hacked.html

  • website howest.be hacked (high schools)

  • scoutsnet.be hacked - if you want to make a secure platform, keep it secure

    it is a good idea to keep your site secure if you want it to be a platform for local services so that they don't have to set up their own sites which has even more security risks

    but than you have to secure your platform

  • politiebeersel.be hacked again

    and soon again and afterwards again and again and again