02/26/2014

Discovery of 360 million mostly unencrypted logins to websites - firms even not informed of breach

Holden said he believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.

He said he believes the credentials were stolen in breaches that have yet to be publicly reported. The companies attacked may remain unaware until they are notified by third parties who find evidence of the hacking, he said.
http://www.nbcnews.com/tech/tech-news/big-data-breach-360...

but another problem

how do you rectify this, how do you inform 360 million people that their logins are not valid anymore

this also means - if these are really new ones - that in one year time we are arriving at nearly one billion lost records and logins

double authentification is the solution because logins are dead securitywise

but Hey Holden security, you are in my view starting to play with fire

it is all well and good to publish that information, but instead of seeking the limelight you should already have started contacting the different certs in the world to hand them the names of the breached firms or the emailaddresses with their country extension

than you are doing the good thing

Permalink | |  Print |  Facebook | | | | Pin it! |

RSA calls for international agreement against cyberweapons

First, he said, governments around the world need to renounce the use of offensive cyberweapons, and through treaties and mutual agreements make them as forbidden as nuclear, chemical, or biological weapons.

"The genie is out of the bottle on cyberweapons, they are easily propagated and can be turned on their developers," he said. "Those who seek military advantage by riding this tiger will end up inside it. We must have the same abhorrence to cyber war as we do to nuclear and chemical warfare."
http://www.theregister.co.uk/2014/02/25/make_cyberwar_as_...

something that has been said all along but the military planners just go along

even we have a plan for a cyberattack - in response - even if everybody knows that this is nuts because you can never proof to be absolutely sure that the attacker is not a victim itself

and cyberweapons are like biological weapons (a real virus) : once it is out in the wild there is no way you are going to be able to control it. Stuxnet is a perfect example they thought that they have programmed everything so that it would only attack the systems in the nuclear installations in Iran but it was found out because it was wrecking havoc on other systems

Permalink | |  Print |  Facebook | | | | Pin it! |

if you don't have securitypeople watching the logs and events you don't see 60.000 alerts and the money that is gone

The hackers who raided the credit-card payment system of Neiman Marcus Group set off alerts on the company’s security systems about 60,000 times as they slunk through the network, according to an internal company investigation.

 

The hackers moved unnoticed in the company’s computers for more than eight months, sometimes tripping hundreds of alerts daily because their card-stealing software was deleted automatically each day from the Dallas-based retailer’s payment registers and had to be constantly reloaded. Card data were taken from July through October.
http://mobile.businessweek.com/articles/2014-02-21/neiman...

So this proofs my point

you may invest millions in security

if there is no one regarding the logs and incidents or the flows

you are NOT secure - you may think it but you aren't

Permalink | |  Print |  Facebook | | | | Pin it! |

the totally secured laptop, belsec - sophos and safenet

You can say that I am always looking for problems - something I hear often enough

but I am also looking for solutions

I was one of the first to implement the reverse proxy in Belgium 2002

I was one of the first to implement the Auditvault of Oracle (best protection against Manning and rough admins)

And when I was looking for a solution for a complete secure telework laptop we have been looking at several solutions but none was really that global and so on - and it was all the same stuff all over again

so than two firms set in to develop a proof of concept to integrate everything into one

I have no money to invest but if security, full disk encryption and really good double authentification in a end 2 end encryption environment work together  than the possibilities to secure your data have new possibilities

and if other firms integrate products (or work together to integrate their solutions into one backoffice) than I am all for it  - if this becomes one day the standard, than that is the best news

there are too many seperate products for seperate problems with too many different standards, backoffices, licences and so on (no other product we use everyday could be built the way the ITsecurity works) A car is made of parts that are made by a great group of different firms that work together - in ITsecurity everybody wants to do everything for everybody and be the best in everything but forget that this is the holy grail that nobody has ever found in ITsecurity.

and if every important dataset would find itself protected by fulldiskencryption and hard double authentification because there is an integrated solution than this is better for all of us - whatever the firms that integrate their solutions

I don't work for myself here, I work to get more solutions that really make a difference for every kind of network

we will publish this evening the presentations and the videos of the first presentation before a selected group of people responsable for different big networks in Belgium

If deontologically things would change, you will be the first to know, this is not a submarine operation for some firms - and it never will be - but as it is my conceptual baby I really want now to help it to show it to the world (and have more data protected in a more correct way) and if those firms have put money where their mouth is than who am I to cross my arms and just stay aside

while the ITsecurityfirms are battling each other, the cybercrime groups are using every mistake in all the seperate different products to get more money and victims year after year

so when two big Itsecurityfirms work together to offer a more complete solution who am I not to applaud them for it and to say to the others to do the same thing

If I didn't I would be looking for problems, not for solutions

there are solutions if we work more together

Permalink | |  Print |  Facebook | | | | Pin it! |

website destexhe hacked

this is the website

this is the page that was added - what next ? Porn ?

Permalink | |  Print |  Facebook | | | | Pin it! |

02/25/2014

computrace needs some security hardening after new research about possible attacks

the practical thing first : you can follow the instructions from Kaspersky Lab to find and disable Computrace.

Computrace is placed in thousands of laptops as a standard firmware (and so it isn't discovered by the antivirus or securityproducts) to give you the ability if you have lost the laptop to wipe your harddisk when it comes online again (which is too late off course)

but in fact is it a trojan

"While Computrace is commercial software designed to do good, it employs many of the same tricks as malware, including using anti-debugging and anti-reverse engineering techniques, injecting memory into other processes, and encrypting configuration files. Sacco described the tool as a "latent toolkit" and noted the Windows agent has no authentication of any kind. Computrace communicates with the servers at Absolute Software over an unencrypted channel and stores information unencrypted. The network protocol can be used for remote code execution and is vulnerable to abuse, Sacco warned.
http://www.itproportal.com/2014/02/18/hackers-can-use-com...

so now the question is

* why is there not more encryption

* how do you update the clients so that it can't be manipulated by published trick

* why is it not a choice and aren't you informed and can't you turn it off when you start your computer

Permalink | |  Print |  Facebook | | | | Pin it! |

the hidden services of Tor are used to botnet android phones

The Android Malware dubbed as 'Backdoor.AndroidOS.Torec.a', using Tor hidden service protocol for stealth communication with Command-and-Control servers.

 

 

Researchers detected that the Trojan is running from .Onion Tor domain and working on the functionality of an open source Tor client for Android mobile devices, called 'Orbot', thus eliminating the threat of the botnet being detected and blocked by law enforcement authorities, although often it's not clear how many devices has been infected by this malware till now.
http://thehackernews.com/2014/02/first-tor-based-android-...

and no we still need no cert for the mobile traffic in Belgium as the CERT is not responsable and has no resources and the Telecom Operators have no clue what we are talking about and are concentrating on fraud.

Permalink | |  Print |  Facebook | | | | Pin it! |

highlevel anti-penetrationspecialists make perfect keylogger for Iphone which means that

the nsa or cybercrime organisations could do that also

"Researchers said they have identified a flaw in Apple's iOS that makes it possible for attackers to surreptitiously log every touch a user makes, including characters typed into the keyboard, TouchID presses, and adjustments to the volume control.

 

The vulnerability affects even non-jailbroken iPhones and iPads running iOS versions 7.0.4, 7.0.5, and 7.0.6, as well as those running on 6.1.x, researchers from security firm FireEye wrote in a blog post published Monday night. They said attackers could carry out the covert monitoring using an app that bypasses Apple's stringent app review process. The app uses multitasking capabilities built into iOS to capture user inputs. The blog post explained:
http://arstechnica.com/security/2014/02/new-ios-flaw-make...

Permalink | |  Print |  Facebook | | | | Pin it! |

check if your bitcoin wallet has been emptied by a botnet

go here https://www3.trustwave.com/support/labs/check-compromised-bitcoin.asp

We recently discovered yet another instance of a Pony botnet controller. Not only did this Pony botnet steal credentials for approximately 700,000 accounts, it’s also more advanced and collected approximately $220,000 (all values in this post will be in U.S. dollars) worth, at time of writing, of virtual currencies such as BitCoin (BTC), LiteCoin (LTC), FeatherCoin (FTC) and 27 others.

 

According to our data, the cyber gang that was operating this Pony botnet was active between September 2013 and mid-January 2014.
http://blog.spiderlabs.com

this is a picture - you have to go to the site to check

Permalink | |  Print |  Facebook | | | | Pin it! |

warning to national DNS operators : you are a target

there was no defacement of Google in Paraguay but the people were sent to a page that looked like a defacement

"Mormoroth published a number of screenshots to demonstrate that he had gained access to NIC.py’s backend systems. He leaked some user credentials and other information stolen from the site’s databases.

In a blog post on ha.cker.ir, the hacker has explained that he has leveraged a remote code execution (RCE) vulnerability to breach NIC.py.
http://news.softpedia.com/news/Google-Paraguay-Hijacked-v...

This means that national DNS operators should take more care about the security of their operations and networks

Permalink | |  Print |  Facebook | | | | Pin it! |

KBC representatives are looking at the problem with their certificate

good

now do something about it

fast

people with older browsers and infected (half a million belgian pc's) are vulnerable

and you can be ddossed

check for yourself here

https://www.ssllabs.com

and all the documentation needed to bring your certificate in order is present

Permalink | |  Print |  Facebook | | | | Pin it! |

02/24/2014

oostende.be digitaal loket without any SSL protection

oostende.be

en u kunt zelfs zonder enige bescherming deze gegevens intikken

http://www.oostende.be/EloketDetail.aspx?id=38

en dit kunt u voor nog een hele serie andere attesten

zonder ook maar enige bescherming natuurlijk

Permalink | |  Print |  Facebook | | | | Pin it! |

the prices for an online unstoppable DDOS attack

http://r00t1ng.besaba.com/index.php?action=pricing

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgacom story two

telefoon gaat

bent u persoon

ja dat ben ik

wel Belgacom heeft vastgesteld dat nogal wat computers geïnfecteerd zijn en slecht beveiligd zijn

de mijne toch niet specifiek ?

nee, maar we bieden een antivirus aan waarbij u goed beveiligd zou zijn

Ik heb al beveiliging maar ik denk dat dat geld gaat kosten

Ja voor 60 euro per jaar blalblablal 

spijtig voor u maar ik ben diegene die al jaren strijd om de verplichting op te leggen aan de ISP's om hen te verplichten van gratis dit te integreren in alle abonnementen die ze verkopen - u koopt toch ook geen wagen zonder remmen of u moet toch ook niet bijbetalen om remmen te krijgen in uw wagen ?

nee, maar ik ben maar de verkoopster "

grappig en triestig tegelijkertijd. Grappig dat ze bij mij terechtkomen en tien minuten een pleidooi moeten horen (ook op tape) waarom dit een normaal onderdeel van een internetabonnement zou moeten zijn (toch als een half miljoen pc's geïnfecteerd zijn in België) en spijtig dat ze nog altijd niet hebben begrepen dat je geen veilig netwerk zult hebben zonder dat elke pc een professionele minimale beveiliging heeft die toch al 90% van de aanvallen kan afslaan waardoor je minder geïnfecteerde posten in je netwerk hebt

Permalink | |  Print |  Facebook | | | | Pin it! |

belgacom story one

zo we krijgen een uitnodiging van Belgacom over informatieveiligheid

"Kom dan naar de Belgacom stand en ontdek er alles over onze convergente oplossingen voor “Secure Cloud Services”. Een team van specialisten staat voor u klaar en geeft u graag meer uitleg over:
- de opbouw van uw cloud;
- het gebruik van onze cloud;
- de beveilinging van uw cloud;
- het gebruik van veiligheidsoplossingen vanuit de cloud;
- geniet van onze 360° diensten.

Wij raden ook twee seminaries aan:
26/3 en 27/3
15u45-16u15 : APT Mitigation requires a new continuous security model door Bart Callens, ICT Security Product Manage (Theater 4: Case study sessions & solution)"

tsja euh tsja

 

Permalink | |  Print |  Facebook | | | | Pin it! |

virusemails from support@client.be

so virusmails are coming into mailboxes from client.be

but client.be has no website

and it is used by

and the person doesn't seem to come from Ukraine or russia or china or a fake address in the US

but at the same time his domain is losing its worth

because client.be will be blacklisted

no, it is even not blacklisted

even if you are receiving

Subject: Nous avons eu une erreur critique concernant votre compte PayPal
Sender: "Service PayPal" <support@client.be>
Recipient(s): "Recipients" <support@client.be>

the only really working link in that

Permalink | |  Print |  Facebook | | | | Pin it! |

securityfirm EC-Council hacked and thousands of copies of ID cards of military lost

there was already a whole lot of discussion among securityprofessionals of which most thought that even if the course on paper was a good oversight, the trainers were not real hackers and didn't have the finesse about the things they were supposed to train

but the website was hacked several times and the last time the hacker placed a warning that he has access to thousands of copies of passports of all kinds of worldwide military and other personnel that have followed their courses - falling for the marketing blitz they are frequently organizing

http://www.ehackingnews.com/2014/02/ec-council-official-website-hacked.html

Permalink | |  Print |  Facebook | | | | Pin it! |

website howest.be hacked (high schools)

Permalink | |  Print |  Facebook | | | | Pin it! |

scoutsnet.be hacked - if you want to make a secure platform, keep it secure

it is a good idea to keep your site secure if you want it to be a platform for local services so that they don't have to set up their own sites which has even more security risks

but than you have to secure your platform

Permalink | |  Print |  Facebook | | | | Pin it! |

politiebeersel.be hacked again

and soon again and afterwards again and again and again

Permalink | |  Print |  Facebook | | | | Pin it! |