security - Page 76

  • there is no encrypted protection like good encrypted protection (and that is not free and easy)

    Security expert Steve Thomas, who discovered the hole, wrote on his blog that any users of Cryptocat between 17 October 2011 and 15 June 2013 should assume that their messages were compromised, as well as those of whomever they were talking to.

     

    Cryptocat, for its part, says that the hole was open from versions 2.0 up until (and not including the latest, fixed version) 2.0.42. That period covers seven months, Cryptocat says.

     

     

    During his 70-minute discussion, Kobeissi owned up to mistakes, including having hired code auditors rather than cryptographers.
    http://nakedsecurity.sophos.com/2013/07/06/cryptocat-encrypted-group-chats-may-have-been-crackable-for-7-months/?utm_source=feedburner&utm_medium=feed&utm_content=Netvibes&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29

    first lesson : even the best encrypted services are broken by bad coding

    second lesson : even online encrypted services should be combined by TOR or a secure proxy (not in the USA, UK or another Echelon partner) before loggin on

    third lesson : protection is not timeless (that is why NSA is keeping all encrypted communications of interest on servers)

    fourth lesson : if your information from your organisation is worth much to others than you should protect itself accordingly - even if that is going to cost some money (travel a bit less or hold fewer receptions)

  • do you protect your webcam with a post-it ?

    the software of webcams or the flash that is using it or the browser in which it plays have from time to time several securitybuts which are being used by hackers to collect videos to

    * spy on you (especially if you are stupid enough to keep your computer in your room with the cam seeing anything else than a wall if you are not there) for exemple make a video when you changing yourself or doing other things with your boy or girlfriend

    * blackmail you with the pictures from above to have you do a striptease and so on (selling those to pornsites with real camnudity - not those bad actors acting as if they are sexy)

    You should offcourse update your software (but these updates are just running behind facts) or disable your camera when you aren't using it (but how many times do you forget it) or buy a seperate cam

    camjacking_postit

  • even for the biggest Belgian hosters is cleaning up infected sites not too difficult

    it all depends on resources

    and when they tell you that they don't have the resources to clean the sites, or bring them down or even respond to your cases, than there is not so much a problem of resources but of priorities

    if we look at the number of websites that are infected according to Google (and are being blocked by Google which makes it even more important to act swiftly) we are talking about around 30 infected websites each month that are discovered by Google. Not 3000 a day, 30 a month.

    you also see that the situation is not getting dramatically better and that if not much resources are put into place Telenet (and others) will only have more problems because malware comes to webservices like worms to rotten fruit

  • Google indications of infected Belgian sites during one year

    same source but only for hosters with more than a 1000 scanned sites (this doesn't mean that all the websites were scanned)

    another remark is that if you look at the numbers of the cert for the number of incidents in Belgium, there is a huge gap (and even those numbers are only one indicator)

    you see also that telenet seems to have a securityproblem and this is important because they were the main lobbymachine against the obligation in the new telecomlaw to give to each client of an ISP in Belgium a free securitypackage. The argument they used was that they would protect their networks and that these would be the safe havens for their users, but it seems that even the websites that are hosted in these safe havens can be infected and injected far too easy

  • Google confirms the three most dangerous ISP's for visitors of their websites in Belgium

    they are hosting the biggest number of attacksites - which are sites that will try to infect visitors or redirect them to sites who will try to infect the computers of their visitors

    these names are wellknown to people who are observing since years the securitysituation in Belgium

  • the infection of belgian industrial networks according to Google

    http://www.google.com/intl/en/transparencyreport/safebrowsing/malware/#region=BE&period=365&size=ALL&compromised&asn=36057&aggregation=RATE&page=1

    Look at the picture and you will that there are two industrial networks - playing ISP for their own networks - that were infected with some kind of virus or redirect of iframe or whatever ..... you before didn't know about

  • not all url-filtering methods are equal in browsers

     

    image

     

     

    It’s an interesting comparison; you can see that IE10 gains most of it’s protective behaviour from “URL reputation”, Chrome from “Download Protection”.  “Application reputation” had only a small part to play.
    http://msmvps.com/blogs/spywaresucks/archive/2013/07/02/1834276.aspx?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SpywareSucks+%28Spyware+Sucks%29&utm_content=Netvibes

    they all say that they protect the user against online malware, adware and other fakes but the methods they are using or not makes the difference

    * the reputation of the URL is the hardest and the least effective because you have to combine so many sources so quickly and to send the updates the browsers in realtime that it is hardly effective. Any protection that is only based upon reputation of the website is doomed to fail.

    * the reputation of the application that is being downloaded is another level of protection that is easier to set up because the same application is most often being offered to the visitors of thousands of sites at the same time. It is even more effective if it doesn't look only at the name of the application but also at the characteristics of the code and application.

    * the downloadprotection in which the browser closes down any way to do stealth downloads from the browser before the user knows it is the best third level of protection

    you still need a firewall, an antimalware and if possible a safe dns like opendns or other proxy

  • the top10 fake online pharmacy networks (and spam belgian and your networks)

    Name    Network

    101generic.com RxCash.biz

    topills.com MyRxCash.com

    xlpharmacy.com XLPharmacy

    canadianhealthcaremall.net evapharmacy.ru

    trustedmedsonline.org Rx-Partners

    v-medical.com MyRxCash.com

    bmpharmacy.com Sey Pharma

    half-price-pharmacy.com Cash.md

    rx-acs24.com Pharmcash

    SuperSaverMeds.com BestLifeRx

    pharmacyrxone.com MyRxAffiliateProgram

    shopeastwest.com ShopEastWest

    4rx.com 4Rx
    http://www.legitscript.com/research

    if you use those domainnames and test Google you will find out if they are spamming you

    site:yoursite "domainname" (and eventually the latest week, month or 24 hours)

  • The most friendly registrars for fake pharmacies - maybe they should lose other business

    the only way - since 10 years - to pressure businesses to stop delivering services to malware, spam and cybercrime businesses is by retiring or blocking legitimate business from them, or stopping any cooperation with the. It is also clear that those registrars don't respond to reports and complaints and prefer doing business with those crooks than to have a legitimate business. 

    hurt them where it hurts most, in their pockets

    Some of them do business with dns.be ......

    Fake pharmacies are a big problem for several reasons of which the most important is that they are selling products that are fake, dangerous or outdated. It is in other words a health problem and should be treated as such.

    The current Top 10 rogue registrars are:

    1. TodayNIC

    2. BizCN

    3. Joker.com

    4. WebNIC.cc

    5. Tucows

    6. GMO Internet Inc./Onamae

    7. Momentous Group/Rebel.com

    8. Dattatec

    9. Paknic

    10. IPMirror

    Early warnings: 1 & 1 and OnlineNIC continue to be friendly to rogue Internet pharmacy operators and have a significant number of rogue websites on their platforms.

    http://blog.legitscript.com/2013/06/rogues-and-registrars-top-10-list-june-2013/

  • OVH biggest hoster of spammers in France is closing down its loophole

    There is always the excuse of serviceprodivers that they can't install antispamfilters because that would influence too much the productivity on all of its users. OVH is one of the biggest and fastest growing providers and had to find a solution for a spamproblem that was beginning to threaten the legal and financial basis of their business itself. The solution is not cheap (you need some human intelligence, but isn't that the best intelligence you can get and clear procedures to re-act immediately)

    ------------------------------------------------------------------------------------------------------------

    We are carrying out setup tests on the duplication of outgoing email flow.The idea is to duplicate all the traffic created by customers, going out through port 25 (smtp) on an anti-spam network, and then to analyse the sample of emails leaving our network in real time by IP, in order to control whether the IP sends spam or not. If we detect an IP that does send spam, the aim is to be able to block the flow of (only) port 25, in less than 5 seconds after spam is first detected. All this without affecting the service performance for the customers that do not spam.
    http://blog.dynamoo.com/2013/06/are-ovh-finally-taking-action-against.html

    they will need some whitelisting because newsletters could have problems

  • adware sites use these anonymous networks to hide themselves

    cdnsrv.com
    tracksrv.com
    cdnloader.com
    secure-content-delivery.com
    mydatasrv.com

    http://blog.dynamoo.com/2013/07/adware-sites-to-block-1713.html

    you can't block them on IP address because they are useing cloudservices (Amazon for example)

  • free translation service babylon.com installs nearly 4000 adware and trojans and advice for network admins

    use Google translate or Bing translate instead

    The last time Google visited this site was on 2013-07-02, and the last time suspicious content was found on this site was on 2013-07-02.Malicious software includes 3954 trojan(s).
    http://blog.dynamoo.com/2013/07/babylon-and-3954-trojans-or-whore-of.html

    and that is all legal because it is incliuded in the user agreement

    the situation is becoming so enormous that even most antivirus products now try to stop the installation

    https://www.virustotal.com/en/domain/babylon.com/information/

    the networks and domains to block  are 

    As far as I can tell, at the moment the Babylon software is downloaded from the following IPs which you may want to block (all operated by Singlehop):
    69.175.87.109
    81.93.185.144
    81.93.185.145
    173.236.48.139
    173.236.91.147
    184.154.40.59
    184.154.151.19
    198.143.175.67
    216.104.42.91

    The following domains are also related to Babylon and its associated adware, again you may want to block these:
    babylon.com
    babylon-services.com
    dl.babylon.com
    dl.babylon-services.com
    dl.cdn-services.com
    buenosearch.com
    claro-search.com
    dalesearch.com
    delta-search.com
    golsearch.com
    holasearch.com
    myfreegame.net
    search-goal.com
    searchgol.com
    soft-downloads.net
    software-files.net
    tera-search.com
    uno-search.com

  • SSL 2048 bits is a better defence against evesdropping

    Facebook will change its SSL strength to the top 2048 level which makes intercepting and breaking it without social engineering or stealing the keys from the providers extremely difficult

    Google has already changed its SSL to this level since the Chinese were in fact spying Google inside-out in such a way they even had to leave China for Hongkong (but also governed by the Chinese)

    dropbox and other services have or are in the process of upgrading their ssl encryption

    have you ?

    ps this doesn't protect against an order from the police or intelligenceservices to get access to all of your communications

  • how to break in icloud from Apple (and how the police is doing it)

    So then I talked a little about how we did it. We used the classic man-in-the-middle attack, intruding into the private domain of a doomed electronic device bought in the nearest iStore on a cold Russian night… Well, except for the “night” part, it was exactly like that.

     

    And then we discussed a little about who can use our tools. “Is it legal?” I expected that question. Always asked, even at underground hackers’ meetings. Well, it’s certainly legal in Russia, and none of our US customers complained either. I mean, we have US Secret Services, the FBI, Army and Navy and multiple police departments all over the US and Canada as our valued customers, and they never suggested we’re doing something wrong, so it must be legal. Right?
    http://blog.crackpassword.com/2013/07/recon-2013-breaking-apple-icloud/

    the presentation is here

    www.elcomsoft.com/PR/recon_2013.pdf

    so is the cloud not more and more just sand in your eyes blinding you from seeing how some try to centralise the control over content and communication on the internet

  • all the tools you need to be anonymous or encrypted online whatever you do

    it is one of those big organized lists that are not that easy for the newbies and dummies - you still have to find all the information yourself and you still have to install some stuff yourself and for for example the OS using live distros from other operation systems is something what more complicated to do

    http://prism-break.org/

  • prism, NSA, echelon and international spying : we knew it all along

    it is a bit amusing to read the comments from all those politicians and governments that they are spied against

    off course you are, you are maybe even spying amongst yourself

    what is spying ?  information-gathering to be able to analyse better a situation and to be prepared during negotiations or a crisis

    it is the urge to know more before you act and to be sure that you have all the necessary information so you can take the (hopefully good) decisions on solid information and facts

    that is the reason why - in some way - everybody does it (even spouses do it sometimes between themselves)

    so being surprised that you are being spied upon is just ridiculuous because it shows something else - that is much more dangerous - that you are totally unprotected

    if Snowden didn't tell them that conference rooms, telephone lines and internet communications were bugged or intercepted and stored for analysis or decryption attacks than what would have happened ?

    they would have continued to use those rooms, telephone lines and internet services as if we are living in a beautiful world of respect, total privacy and hippy ideals

    we are not living in a world like that and we will never live in a world like that (and the same goes for enterprises and research departments from universities)

    and we knew that all along since the Echelon reports from the .... European Parliament

    the fact that you are now introducing 'unannounced security and bugging checks' in buildings and networks shows only that you didn't take the threat seriously enough before (and makes you wonder what else of confidential information has been intercepted by whatever public or private spy-organisation or operation)

  • snowden, hero or traitor or just plain stupid

    He may look like a hero and he will be treated as a traitor and prosecuted as long as he lives but what he did was just plain stupid

    what did he think or expect

    that the journalists would declare him a hero and would be his protection only because he gave them some information ? journalists turn sides for whatever reason or pressure and you will be forgotten one day, whatever the damage that has been done to your life (locked up in an embassy for example)

    that even one of the most principled countries about free press (elsewhere in the world because Ecuador does prosecute its own journalists who investigate too much) would risk a freetrade agreement with the US giving a job to tens of thousands of people (and to the elected politicians including the president)

    that Russia would risk its status as second world power next to the US by in fact declaring a cold spy war with the US and by that fact with all the western spy agencies (when in fact they are more working together against terrorism and nuclear smuggling and cybercrime - they say)

    that the US would not act as it did with Wikileaks  using every means in its power - forgotting everything about international law and democratic principles and all of that - to be able to limit or diminish the treat (you)

    oh yes, you will make press headlines, you may change a few things here and now but you did it in such a stupid way that you are paying an enormous price and in fact you are all alone blocked in the transit zone in Russia without any passports waiting for some country to send and airplane to get you out of there

    if you have information that is too hot to handle you should inform your democratically elected officials and if they don't want to respond or react to it - well you did your job and they didn't (also their power to protect their sources are much greater than those of journalists) and yes you have to be patient but patience is.... golden (in the long run)

    and no, the US will not let go, snowden is their example they want to set for once and for all (to see) and the best thing that may happen is for snowden to calm down, sign a non-disclosure agreement and get somewhat of a life somewhere (because every spy organisation in the world wants to have the information he has but doesn't want him to be an example for anyone working for them)

    now it is up for the parliaments and governments to get to the bottom of this and for our firms and institutions to take the necessary steps to protect our privacy and security knowing it is best protected by our own laws on our own servers in our own countries (fuck the cloud)

  • Anonymous launches operation against NSA

    Anonymous Press Release Operation NSA (#opNSA - Join us!).

     

    Greetings world, we are Anonymous,

     

    This is an official statement regarding Operation NSA. Recently, it has been announced that the National Security Agency has also taken to wiretapping and infiltrating the European Union, outside the national jurisdiction of the NSA.

     

    As would be expected, we were not only outraged by these revelations, but ashamed of the United States government. The National Security Agency is a highly corrupt and unconstitutional organization, which wants nothing more than to infringe on

     

    • YOUR privacy, YOUR rights, YOUR freedom.

     

    In response, we will be organizing a swift retaliation.

     

    • However, citizens need to know: “How can we act?

     

    Operation NSA needs more than just programmers, penetration testers, and writers to be successful - it needs you, the people. No matter what skills you may possess, you can and will be a great asset to our cause. Penetration testers and programmers are encouraged to work with us, or under the umbrella of our core purpose to heroically leak, invade and otherwise infiltrate cyber infrastructure, which so happily pulls at the strings of our personal lives.

     

    Why should we, the people of the World, be monitored by the USA without any say?

     

    Anonymous is more than what the public eye perceives.
    Anonymous is an idea.
    We have no leaders, or hierarchy.
    We are nothing more than individuals fighting for a just cause.
    If you believe in the total destruction and eradication of PRISM, you can make a difference. Join us now!
    http://www.rezoanonymous.eu/anonymous-operation-nsa-join-us.html

  • Microsoft puts her active antibotnet info in real time in the cloud

     

    Posted by TJ Campana
    Director of Security, Microsoft Digital Crimes Unit

    Protecting people is at the forefront of the Microsoft Digital Crimes Unit’s fight against cybercrime. When we launched the Project MARS (Microsoft Active Response for Security) program in 2010 to proactively combat botnets, we knew that cleaning the malware-infected computers of people around the world was just as important as disrupting the threats. We have been actively sharing information from our botnet operations with Internet Service Providers (ISPs) and Computer Emergency Response Teams (CERTs) worldwide since the beginning of this effort. By tapping into Microsoft’s vast cloud resources, however, we are now able to share that information on known botnet malware infections with ISPs and CERTs in near real time. The new Windows Azure-based Cyber Threat Intelligence Program (C-TIP) will allow these organizations to have better situational awareness of cyber threats, and more quickly and efficiently notify people of potential security issues with their computers.
    http://blogs.technet.com/b/microsoft_on_the_issues/archive/2013/05/28/microsoft-takes-botnet-threat-intelligence-program-to-the-cloud-provides-near-real-time-data.aspx

    but what are you with that information if you do nearly nothing with it or you don't have the legal powers to shut them immediately down

  • the 200 internetcable interception echelon spynetwork and P2P traffic

    We hear every so many days that the P2P download traffic on the web is more than half, that cables and services are breaking down because of it and so on

    well the first really objective numbers are now possible because there has never been such a filtering and intercepting operation on any scale every before (and it wouldn't even be legal to do it - except by extra-legal services under the umbrella of antiterrorism)

    The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%.
    http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa?CMP=twt_gu

    for administrators of big networks this also shows that you can reduce your traffic with at least 30% if you block this kind of traffic (which means no upgrades of proxies, firewalls, monitors, routers, antivirus, backup, ......)