11/05/2014

this is why you should control and correct your SSL certificates

we will responsable not publish the name of the server but it is governmental, Belgian and is responsable for organizing all kinds of authentification processes online (now that is important no ? )

and how does that certificate do in the test ? see for yourself  (http://www.ssllabs.com) 

Poodle attack, old breakable certificates, not compatible with the new encryption standards and so on..... 

certificate.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

the drones that are flying over the nuclear reactors in france

"French law prohibits individuals from operating drones in crowded areas, near airports, and near sensitive sites like military bases or nuclear plants, said Eric Heraud, spokesman for France's civil aviation authority.

Authorities will open legal cases for every suspected violation and those convicted could face fines of up to 75,000 euros ($94,000) and a year in prison, said the prime minister's general secretariat for defense and national security, known as SGDSN.

"The objective apparently sought by this type of organized provocation is to disrupt the chain of surveillance and protection at these sites," it said.

Other officials were increasingly quiet about France's response to the incidents. Interior Minister Bernard Cazeneuve said on French radio last week that authorities had ways to "neutralize" drones, but didn't elaborate. On Monday, he told RTL "the best way to be effective in this area is not to say what we're doing."
http://www.stripes.com/news/europe/mystery-drone-flights-...

I am not sure that we have such a law in Belgium and not sure either that we have permanently manned observation center around those strategic places against drones with the capability to shoot them down - if needed

if I would be paranoid, i would say it is Putin again :)

Permalink | |  Print |  Facebook | | | | Pin it! |

11/04/2014

the easy contactless jackpotrobbing of contactless creditcards

read this, this is really a jackpot 

don't ask people for money, steal sitting on the ground (with a groundstation in your backpack)

"because the cards allow for contactless transactions, wherein consumers need only to have the card in the vicinity of a reader without swiping it, a thief carrying a card reader designed to read a card that’s stored in a wallet or purse could conduct fraudulent transactions without the victim ever removing their card.

 

Since the transaction is done offline without going through a retailer’s point-of-sale system, no other security checks are done.

 

“With just a mobile phone we created a POS terminal that could read a card through a wallet,” Martin Emms, lead researcher of the project that uncovered the flaw, noted in a statement about the findings. “All the checks are carried out on the card rather than the terminal so at the point of transaction, there is nothing to raise suspicions. By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction.”

 

In tests the researchers conducted, transactions took less than a second to be approved.

http://www.wired.com/2014/11/chip-n-pin-foreign-currency-...

one million people have signed in to contactless Apple pay for their iphone and some banks are promoting contactless payment by phone 

in a few years from there the percentage of loss because of contactless robbery will be that high that the cost of securing it will become worthwhile and urgent (while it should have been considered in the first place) 

Permalink | |  Print |  Facebook | | | | Pin it! |

it was an upgrade of the PC's that discovered stuxnet

from a new book about stuxnet

"When he used a DVD or CD to transfer files from an infected system to a clean one, everything was fine, he wrote. But when he used a flash drive to transfer files, the new PC started having the same problems the other machine had. A USB flash drive, of course, was Stuxnet’s primary method of spreading. Although Behrooz and his colleagues scanned for viruses, they found no malware on their machines

http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

with Belgacom it was also a new patch or upgrade to the mailsever that made the discovery of the virus espionage tool

Permalink | |  Print |  Facebook | | | | Pin it! |

how safe is your SSL installation - test it with this free tool (only professionals)

If you would do it without the permission of the targeted firm than you could be prosecuted. This is only for use for professionals who want to test the security of their SSL installation.

Latest release: sslsplit-0.4.9.tar.bz2 (.asc) (sslsplit(1)) (NEWS)

"SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. For HTTP and HTTPS connections, SSLsplit removes response headers for HPKP in order to prevent public key pinning, for HSTS to allow the user to accept untrusted certificates, and Alternate Protocols to prevent switching to QUIC/SPDY."

https://www.roe.ch/SSLsplit

Permalink | |  Print |  Facebook | | | | Pin it! |

Apple OS from 10.8 can get easily hacked and rooted - how to protect (take a pc:))

"Yosemite OS X users are advised to follow the below steps in order to protect yourself from the exploitation of the Rootpipe:
  • Avoid running the system on a daily basis with an admin account. An attacker that will gain control on this account will obtain anyway limited privileges.
  • Use volume encryption Apple’s FileVault tool, which allows encryption and decryption on the fly, protecting your information always.
However, the best way to protect yourself from such security vulnerabilities is to ensure that the operating system running on your system is always up-to-date, and always be careful to the links and documents others send to you.

http://thehackernews.com/2014/11/rootpipe-critical-mac-os...  (read the article about how easy your mac - so safe they safe - can be totally hacked quite easily) 

this advice is crap because it doesn't give you any protection

First of all you will probably have installed enough users with admin credentials and given a number of games and software rights to the root. The best thing to do is to make a new account with very limited rights - no installs for the time being so that no 'admin rights' are becoming a gateway for the attacker

Secondly the encryption of your information on your harddisk is not necessarily a protection if you are 'ROOTED' because the hacker will be able to have, access or see your information from the root without any encryption. He will become a trusted user or process because he will have assigned these rights and trust to himself. Encryption is a protection when you want to transfer that information to an unknown destination or over an unknown channel. 

How bad is the possible infection and defect 

it is something that we haven't seen in Windows for years, is coming back in full force for linux and Mac is in fact a nice cover put on the motor of OPENBSD which is in fact a kind of linux 

When will it be corrected 

well, that is another matter of discussion because they will try to have it upgraded and tested before the middle of january which means another two months 

this means another two months that you will have to be extremely careful with downloads and links and all that kind of stuff

some advice that is useful 

make a folder on your D drive and install all your downloads (files, films and so on) in that folder 

use only online email and don't download anything you don't have to 

close down your firewall and give very limited rights to all the programs 

install several free antimalwares or one professional macintosh anti malware package 

scan and update your machine BEFORE you start surfing

use Firefox or Chrome as a browser and close them down with as little possibilities as necessary 

Permalink | |  Print |  Facebook | | | | Pin it! |

70.000 Bitcoin access accounts hacked at btc-e.com and sold online

  •     BTC-e.com  - https://www.btc-e.com/ - Bitcoin Wallets
  •     ////BTC-e acc's database dump.sql hack 2014
  •     This database dump contains a handful of users, 74,000+ active accounts.
  •     Breach by: #SH4d0w1984, 2014/11/04
  •      
  •     Below a few examples.. We've devided the list in 1000 accounts batches:
  •     Send 0.13 btc to: 1DZEnM5jN8wvXaASvEw7PnNKNE8TQGLyD8 per batch.
  •      
  •     You -must- provide your email address in the transaction notes.
  •     ////////////////////
  •     Below is a list of the first accounts from the leak.
  •     ////////////////////
  •     mccordero       chel_cordero@yahoo.com
  •     rowena_ds23     rowena_ds23@yahoo.com
  •     jim_merin       jim_merin@yahoo.com
  •     de_guzman.mariel        de_guzman.mariel@yahoo.com
  •     lei.pacariem    lei.pacariem@gmail.com
  •     danrosva        drosales06@gmail.com
  •     ljhei   telle_pg08@yahoo.com
  •     xmiartx undiscovered_history_23@yahoo.com
  •     Mariel Balba    m.balba@stolt.com
  •     hinnata_07      hinnata_07@yahoo.com
  •     rommelmanzano   rommel@capoband.com

http://pastebin.com/6cFUZam3

wow you can maybe steal from 74.000 people in one sweep - Megacrime 

this is why bitcoin is not safe for the moment - it has no safe environment for the moment

Permalink | |  Print |  Facebook | | | | Pin it! |

10/28/2014

Apple has already one million creditcards in its Pay systems that work with hackable NFC

read and enjoy 

The NFC trouble 

Permalink | |  Print |  Facebook | | | | Pin it! |

the FBI sets up waterholing webpages since 2007

waterholing webpages are pages or sites that look legitimate but have software installed that will 'mark' or infect the visiting computer 

it is a normal procedure of real attack against a person or organisation 

"The FBI in Seattle created a fake news story on a bogus Seattle Times Web page to plant software in the computer of a suspect in a series of bomb threats to Lacey’s Timberline High School in 2007, according to documents obtained by the Electronic Frontier Foundation (EFF) in San Francisco.

 

The deception was publicized Monday when Christopher Soghoian, the principal technologist for the American Civil Liberties Union in Washington, D.C., revealed it on Twitter.

 

In an interview, Soghoian called the incident “outrageous” and said the practice could result in “significant collateral damage to the public trust” if law enforcement begins co-opting the media for its purposes.

http://seattletimes.com/html/localnews/2024888170_fbinews...

Permalink | |  Print |  Facebook | | | | Pin it! |

POS (POINT of sales) hardware connected to the internet is a new goldmine for hackers

yep, they are doing it again

connecting things to the internet without the big defenses for it (proxies, vpn, ....) so you can't get to the machine itself (that costs too much)

no, you connect for maintenaince your Point of Sales hardware directly to the internet so it can be directly updated and managed from the internet (easy it looks and everybody is doing it)

now that they have laid of all that staff that was giving technical support to their POS because they did it 'over the internet' they are paying dearly for this 'cheap' solution 

in fact they are paying millions every month because thousand and thousands of systems are infected (and how are you going to clean all that without all the technical staff that you have laid off, brother ?) 

and if at the same time you don't encrypt the data from end to end and the technical staff that has access to those systems use default or bad passwords and doesn't react to all those securityalerts for months (because not enough staff for too much work doing all those things over the internet, and hey it is not in my job description (which is right, you need some-one doing nothing else but looking at all those things happening everywhere) 

than you lose millions of data and millions of dollars and what is even worse you lose enormously much money to clean up the mess and your stock takes a hit and according to a survey last week more than half of all customers won't go to the chains that were impacted by the latest attacks on their POS infrastructure (maybe you should install big moneymachines in those shops so people can get the cash out and pay with cash as they don't trust your POS infrastructure for their cards and accounts)

and they have any reason to worry because it now seems that what the banks and financial institutions were saying in the beginning that they didn't see any fraud with those thousands or millions of financial data that was lost, is not true anymore. It looks as if the data has been sold to some operators or that some accounts are only attacked or emptied right now (when maybe everybody is losing attention because it is already some time ago)

and meanwhile the attackers have learnt so much and have so much money in their pockets (and that of their women who are very happy about their naughty boys) that they can now bypass any firewall or antivirus and can only be stopped by ..... threat intelligence. Ohlalalala this means that you need people who watch, who analyse and that the big economy you think you were going to have in the first place is now also up in smoke because you will have to pay enough people enough money to look every day every moment at logs and events and check and doublecheck and investigate thinks. If you think that this can be done by a computer or robot, think again. Programs can help but they can't stop the attackers. 

and so to keep themselves rich and their women happy they are now attacking in full force the POS installations and software because it is the biggest moneyfarm that is available for free now and that is not being defended as it should be - why make life difficult with hacking banks if you can get the same information just by those POS installations of some supermarket chain (and know what, once you get into one, you can get in all of them because they have set them up all the same way - economies you know)

Permalink | |  Print |  Facebook | | | | Pin it! |

10/27/2014

websites of local policeforces are not always what they seem when hacked

this is what it is 

 

policeath.PNG

 

and this what it looked like

but remember those local websites  - just as those from the city councils are a very important part of the crisiscommunication if something would go terribly wrong there 

but just as with schools they would need secure platforms where a central team of securitypeople are responsable for defending and upgrading and securing their websites 

oh and if you want to start an investigation, go first to France if you get a demand for international assistance in order and all that stuff and than file a complaint under French law and all of that 

policeath2.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

yahoo is incapable of stopping predictable accountphishing against her users

one may ask themselves why they can't get that kind of phishing scams out of their systems

you can filter on titel or because the shown link and the real link are different or whatever 

yahoo.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

yahoo is incapable of stopping predictable accountphishing against her users

one may ask themselves why they can't get that kind of phishing scams out of their systems

you can filter on titel or because the shown link and the real link are different or whatever 

yahoo.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

the story of 4 carders who found a jail in the US instead of love and sex

"One particularly interesting case of how a carder was apprehended involved a law enforcement professional who was working undercover in the carding world. The female agent befriended a carder and over time developed a relationship. As the relationship matured, the female agent convinced the carder to come to Las Vegas to marry her.

 

Once the carder arrived in the United States, he was apprehended. However, that wasn't the end of the story. The agent took her carder "fiancé" to various locations in Las Vegas and took pictures of both of them at various landmarks, and later posted the photos on social media. The agent then invited the carder's friends to come to the wedding in Las Vegas. In total, Lenik said, four people were arrested after traveling to Las Vegas for the wedding
http://www.eweek.com/security/sector-speaker-shows-how-cr...

the cyberworld is no different from undercover- and spy-operations even if it is against the criminals

now that all over the world policeservices are getting more power to use online the same techniques they use in the real world, you will end up asking yourself each time you try to do something illegal if that ain't a cop or intelligence officier at the other side of the conversation

and being tricked to travel to the states is one that has been used several times and it is surprising that it still works 

Permalink | |  Print |  Facebook | | | | Pin it! |

drones are forbidden to fly over specific places in France

but recently several drones where seen flying over the nuclear sites in France. They could not hit or destroy the nuclear reactors themselves but the best they can do is to hit to cooling places which would leave radioactive material into the air

"French law prohibits individuals from operating drones in crowded areas, near airports, and near sensitive sites like military bases or nuclear plants, said Eric Heraud, spokesman for France's civil aviation authority.

 

Authorities will open legal cases for every suspected violation and those convicted could face fines of up to 75,000 euros ($94,000) and a year in prison, said the prime minister's general secretariat for defense and national security, known as SGDSN.

 

"The objective apparently sought by this type of organized provocation is to disrupt the chain of surveillance and protection at these sites," it said.

 

Other officials were increasingly quiet about France's response to the incidents. Interior Minister Bernard Cazeneuve said on French radio last week that authorities had ways to "neutralize" drones, but didn't elaborate. On Monday, he told RTL "the best way to be effective in this area is not to say what we're doing."
http://www.stripes.com/news/europe/mystery-drone-flights-...

I am not sure Belgium has such a law prohibiting drones

we even don't have a law - as far as I know - prohibiting taking pictures of certain places (as in GB)

Permalink | |  Print |  Facebook | | | | Pin it! |

drones are forbidden to fly over specific places in France

but recently several drones where seen flying over the nuclear sites in France. They could not hit or destroy the nuclear reactors themselves but the best they can do is to hit to cooling places which would leave radioactive material into the air

"French law prohibits individuals from operating drones in crowded areas, near airports, and near sensitive sites like military bases or nuclear plants, said Eric Heraud, spokesman for France's civil aviation authority.

 

Authorities will open legal cases for every suspected violation and those convicted could face fines of up to 75,000 euros ($94,000) and a year in prison, said the prime minister's general secretariat for defense and national security, known as SGDSN.

 

"The objective apparently sought by this type of organized provocation is to disrupt the chain of surveillance and protection at these sites," it said.

 

Other officials were increasingly quiet about France's response to the incidents. Interior Minister Bernard Cazeneuve said on French radio last week that authorities had ways to "neutralize" drones, but didn't elaborate. On Monday, he told RTL "the best way to be effective in this area is not to say what we're doing."
http://www.stripes.com/news/europe/mystery-drone-flights-...

I am not sure Belgium has such a law prohibiting drones

we even don't have a law - as far as I know - prohibiting taking pictures of certain places (as in GB)

Permalink | |  Print |  Facebook | | | | Pin it! |

this is what the Cert of the EU is responsable for (but don't ask if they got the resources)

and to understand it well

sit down and read aloud one line after another

and think about what the consequences would be if one of them got breached 

instead of spending millions on 'awareness' one should spend money on resources to defend your infrastructure and data before people become aware that you are a king without clothes (not against the people of certeu off course)

and the situation in Belgium is not better ...... 

certeu.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

this is how the cert of the NATO is organised

from a presentation 

and they seem to get ever more resources, the question is if it is enough and how much you need to increase it when you see what Putin is doing on the level of electronic warfare 

but it looks as if they are getting processes and disciplines in order 

as long as they learn that you will lose the next war when you prepare for it as you did for the last war .... 

certnatio.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

#opnl is Anonymous moving on the Netherlands

let's see if this will fizzle out or not

at the time of Lulzsec some operators of that network were in Holland and some of the people arrested or indicted for participation in one of the several ddos campaigns against banks and creditcardcompanies were also from Holland 

but that was all a long time ago

just something to look out for without turning into a mad paranoid securitybear 

opnl.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |

Hackers are doxing Swift what is next ?

doxing means that they are publishing all the information they are finding by public channels or by extracting without reaching the real innercore of your infrastructure

it is a kind of scanning but more concentrated on the human aspect of an attack strategy 

when that starts, one knows that more is coming and one needs to make the doxed persons aware of that  

and no, it will not be with known viruses but by zerodays in the mail and phonecalls to the persons impersonating others 

I know it is a holiday, but isn't that the best social engineering period ? 

swift.PNG

Permalink | |  Print |  Facebook | | | | Pin it! |