No trust without independent control - Page 11

  • federale wetgeving van het laatste jaar kan ongrondwettelijk zijn

    ""De Belgische grondwet voorziet niet dat een zetelende koning afstand kan doen van de troon en dat er dus een opvolger komt terwijl dat de koning in functie nog in leven is", legt grondwetspecialist Ghysels uit. Volgens hem zit koning FIlip dan ook ongrondwettig op de troon. Dat brengt natuurlijk ook heel wat gevolgen met zich mee waarschuwt de jurist. "Strikt genomen zijn alle besluiten die koning Filip ondertekent, die dat niet grondwettig geworden is, ongeldig.
    http://www.demorgen.be/binnenland/-koning-filip-zit-ongrondwettelijk-op-de-troon-a2129722/

    dit betekent dat het federaal veiligheidscentrum niet kan worden opgericht en dat de directeuren er niet kunnen benoemd worden, maar zo zijn er 1500 andere wettelijke besluiten op federaal vlak (de koning tekent niet meer de regionale besluiten).

    het is dus hoogdringend dat hierin klaarheid wordt geschept voor het voor de rechtbank komt en één of andere rechter het nodig vindt om hier al was het gedeeltelijk in mee te gaan en te vergeten dat het recht niet alleen gebaseerd is op formalistische regels maar op uiterst belangrijke principes zoals het verzekeren van de publieke dienstverlening.

  • why the new TOR drugmarket Evolution is even more advanced than Silk Road

    "Evolution doesn’t just offer an escrow, but also takes advantage of a more advanced feature built into bitcoin known as multi-signature transactions. That feature is designed to prevent both scams and seizure of escrow funds by law enforcement. It requires two out of three parties—the buyer, the user, and the site itself—to sign off on a deal before the escrowed bitcoins can be transferred. Evolution has also had much faster pageload times than competitors, most of whom run painfully slowly thanks to Tor’s process of routing web traffic among randomly chosen computers around the world. (Just how Evolution managed those speeds despite running on Tor itself isn’t clear.) And it has been online far more reliably: The website Darknet Stats counts Evolution as online 97 percent of the time, compared with 83 percent for Agora and 93.5 percent for Silk Road 2 at last check in September.
    http://www.wired.com/2014/11/the-evolution-of-evolution-after-silk-road/

    I think the Achilles Spees of Evolution is how they arrive at these speeds because it may be that not all traffic is as TOR protected as is should or they have invested enormous money in SSL accelators and other hardware stuff on their servers.

    The protection that is given to Bitcoin shows that not all bitcoins are equal and that some are even not that anonymous, it all depends on how they configurate it and that is something the receiver of bitcoins doesn't always has any control over.

  • openbank.ru hacked and leaked ?

    find the link on my twitter account

    some hacktivists are hacking and leaking giga's of information every month but withouit all the press attention that others got

  • the first lesson belgian insurance companies should learn is itsecurity and not getting hacked

    this is their blablablablabla

    and on the same site this is the real reality of belgian insurance companies and websites online (and no one is really responsable to control their security for the moment)

  • putin pays extreme right in Europe for its support (another stalin-hitler pact)

    "Front national, nouveau « parti de l’étranger » ? La question risque de hanter le congrès du parti d’extrême droite, qui s’ouvre samedi prochain, au centre des congrès de Lyon. Selon les informations obtenues par Mediapart, la présidente du FN a décroché, en septembre, un prêt de 9 millions d’euros de la First Czech Russian Bank (FCRB), une banque fondée en République tchèque aujourd’hui basée à Moscou.
    http://www.mediapart.fr/journal/france/221114/marine-le-pen-decroche-les-millions-russes

    and so it goes throughout nearly the whole extreme right in Europe which is fascinated by his authoritain leadership and guided by its anti-americanism

  • meanwhile in #Mexico - 43 students become the symbol of a nation in protest

    by murdering those students the bandits have accomplished what no corrupt government at any level at any time in Mexican history has accomplished

    bring thousands and thousands of people in the street during weeks to protest for more democracy and legality and just a normal life

    but they ain't going to wait or stand still

  • the new complete Man in the Middle attack : Double Direct (and they get it all)

    "DoubleDirect uses ICMP Redirect packets (type 5) to modify routing tables of a host. This is legitimately used by routers to notify the hosts on the network that a better route is available for a particular destination[2]. However, an attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP. As a result, the attacker can launch a MITM attack, redirecting the victim’s traffic to his device. Once redirected, the attacker can compromise the mobile device by chaining the attack with additional Client Side vulnerability (e.g: browser vulnerability), and in turn, provide an attacker with access to the corporate network.

     

    With the detection of DoubleDirect in the wild we understood that the attackers are using previously unknown implementation to achieve full-duplex MITMs using ICMP Redirect. Traditional ICMP Redirect attacks has limitations and known to be half-duplex MITM. Zimperium Mobile Security Labs researched the threats and determined that the attackers are able to predict the IPs being accessed by the victim. We have investigated the attacks and also created a POC tool to prove that it is possible to perform full-duplex ICMP Redirect attacks. ICMP Redirect attacks are not easy to emulate because the attacker must know beforehand which IP address the victim has accessed. (There isn’t a systematic way to forward all the traffic from the victim through the attacker.)
    http://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/

    so if they earn all the traffic from and to your machine because it goes through their servers than there is not a lot you can do to protect yourself and if you aren't fully encrypted from end to end than you just lose everything.

  • why should malware only take one password if it could copy all your passwords

    "IBM Trusteer researchers found a new configuration of Citadel that is being used to compromise password management and authentication solutions. It instructs the malware to start keylogging (capturing user keystrokes) when some processes are running.

     

    The relevant part of the configuration is shown below (in IBM Trusteer’s proprietary format):

     

    Snippet form the Citadel configuration file (in IBM Trusteer
    http://securityintelligence.com/cybercriminals-use-citadel-compromise-password-management-authentication-solutions/#.VG8L2YuUeT0

    so in fact this means that now with a passwordmanagement software but later with whatever identification file or system on your computer it can be intercepted or copied

    that is way in the safe portable (sophos) the identification files are not in root or kernel or system of windows but on a preboot encrypted seperated system (and this is why it doesn't work with the Belgian EID but only with a token from safenet)

  • Snowden and Greenwald are politically dead in the US

    "Now it looks very much like Greenwald is becoming a voice in the blogging wilderness again, and Snowden is watching from Moscow, once again isolated, as his explosive revelations fizzle out politically. On Tuesday, led by Republicans voting en masse, the U.S. Senate defeated a motion to vote on the USA Freedom Act, which would have curbed the NSA's bulk collection of Americans' phone records. The new, harder-line Republican Congress coming in January doesn’t seem likely to pass the bill either
    http://www.politico.com/magazine/story/2014/11/edward-snowden-nsa-reform-113073_full.html

    Now those two are lamblasting the system and the judicial system and the stupid public and whatever they can think off (the media for example) but they seem to forget - as we have said here months ago - that Putin has changed as much the perception of the discussion as 9/11 had when we were discussing Echelon in 2001.

    Putin has brought us to the brink of the cold war again and his permanent madness of sending bombers and submarines to our coasts - sometimes nuclear-capable - with all the risks of military incidents or collasions with civil airlines is just too mad to understand. It brought the possibility of military incidents right at our border instead of somewhere in some far part of Ukraine where there is everyday some shooting but nothing that could be really called a real big war.

    ISIS has helped also off course.

    And it just doesn't seem the right time now to dismantle the NSA now. You never know what they may miss because of the reorganisation, the limited resources or capabilities. They missed an 9/11 once because they didn't have enough translators and analysts.

    as long as there is more oversight - for the moment not enough people care enough

  • truste fined by the US FTC for forgetting to check yearly the security of all its clients

    "The US Federal Trade Commission (FTC) has charged TRUSTe, US-based provider of privacy certifications for online businesses, for deceiving consumers about its recertification program for companies’ privacy practices. The FTC Chairwoman, Edith Ramirez, said that “TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge. Self-regulation plays an important role in helping to protect consumers.  But when companies fail to live up to their promises to consumers, the FTC will not hesitate to take action."

     

    The FTC alleges that from 2006 until January 2013, TRUSTe failed to conduct annual re-certifications in over 1,000 cases, but its website informed consumers that companies holding TRUSTe Certified Privacy Seals receive recertification every year.
    http://www.privacylaws.com/Int_enews_21_11_14

    they have some explanation but whatever they say it ain't right and so it proves that if one wants to set up such a procedure than one needs to do it right

  • HP does the right thing : no slave labor to make your computer or printer

    "The electronics manufacturer HP has announced a series of landmark policy changes on labor practices throughout its global supply chains, becoming the first U.S. information technology company to halt the common use of recruitment agencies for hiring foreign migrant workers among its suppliers.

     

    Recruitment agencies, which often hire poor workers in one country for employment in another, have for years been criticized for a range of practices that can facilitate forced labor and slavery. Advocates thus see requiring the direct employment of migrant workers by suppliers of multinational corporations as a key opportunity to crack down on bonded labor and other rights abuses in the international economy.

     

    “Workers who are employed by labor agents are more at risk of forced labor than those employed directly,” Dan Viederman, the head of Verité, a Massachusetts-based NGO that worked with HP to develop the new recruitment policies, said in a statement.
    http://www.mintpressnews.com/hp-becomes-first-tech-company-eliminate-foreign-labor-recruiters/199108/

    maybe all governmental and big contractors should put the same obligation in their contracts

  • explaining the electrocal (electric electoral) shocks and waves in the US lately

    "There is one finding that can well explain the unusual volatility and disaffection of so many American voters over the last decade. In 2000, 16 percent of households were headed by people without high school diplomas, and another 51 percent were headed by people without college degrees. From 2002 to 2012, the median income of the first group, across age cohorts, declined at an average annual rate of 2.4 percent, year after year; and the median income of the second group, across age cohorts fell at an average annual rate of 1 percent, year after year. That tells us that two-thirds of American households have suffered persistent income losses as they aged from 2002 to 2012, through eight years of economic expansion along with two years of serious recession. The median income of the remaining households, headed by college graduates, increased over this period—but at only one-third of the rate of households headed by college graduates in the 1980s and 1990s.

     

    These trends have enormous electoral consequences. They explain why, in recent years, overall positive economic numbers and growth are not translating into feelings of shared prosperity. That’s why so many Americans are angry and ready to turn on whichever party has most recently failed to restore the broad income progress that almost everyone experienced in the 1980s and 1990s.
    http://www.brookings.edu/blogs/fixgov/posts/2014/11/18-economic-foundations-of-midterm-elections-shapiro

    and this is what will happen in Belgium as we going through a wave of protests and afterwards huge reductions in wages, pensions, subsidies and available income

    the same thing can be seen since 2007 in other countries and recently in France

    Economists and investors are talking about growth and invesments and returns but the people who do the work don't see much of it, on the contrary

  • Chinese networks are attacking US networks live here (not a game)

    this is just small sniper fire

    http://map.ipviking.com/

    if you don't need traffic from China, don't accept traffic from China, just block it at the router or the firewall

  • networks are slow because the biggest DDOS attacks ever are happening

    this is a  picture

    it is around 400 GBPS a second

    OVH in France in implicated like several servers in the US

    the strangest thing is that nobody is seeing this or doing something to stop it

    we really need an international center that could cut those servers or routers or hosters untill they have cleaned up their act

  • Fake leaks, fake hacks but real leaks and possible leaks

    There are some fake leaks around and as an alert blog you will get caught by them. The reason that we can get caught by them is that we have no authority whatsoever to test them. If we would test them than we would be breaking the law and than every stupid lawyer or just some of all the decisionmaker over here which would rather see me go could land me in court so I could lose my job and so on. Because whatever you do or say the fact that you land up in court means that you lose and there is no way that you can correct this. People will always think that there is still something to it and that suspicion will always stay - even if you are looking for another or better job.

    So since ten years I have never been in court and I tend to keep it his way even if I was reporting and researching or discovering all kinds of leaks and breaches.

    So we never test those leaks because the only test would be that I would try to use the published credentials to get access and that is illegal whatever you say about it.

    It is up for the people who own these credentials or the services they use to do the tests and to take immediate measures of protection if that should be needed.

    There are also sometimes hacks that aren't hacks because as in the case of some forum the forum wasn't hacked but the old admin had copied all the information of the members and placed it online. It is maybe not a hack but it is a leak and as such it stays a big problem.

    So the information we publish here are possible leaks. Something some services need to check out and if it ain't a leak than it was worth testing it because if it would be a real leak than there would be a lot of trouble and work.

  • NATO stops 200 million cyberattacks a day of which 5 very serious each week

    source http://news.sky.com/story/1377444/natos-cyber-war-games-amid-surge-in-attacks

    that is why training is so important and that has to be according to scenario's because attacks follow a complicated scenario's in which there are several different aspects that in case of discovery or breach have to be treated at the same time and of which some have to be visible to the attacker and others don't because it is all a mindgame in the first place (chess)

  • US legal framework for information sharing about cyberincidents is stalled

    the reason is that it isn't seperated from the more overal discussion about information sharing with the intelligence and securityservices and as such is part of the global discussion about surveillance, democracy and what is a security threat

    these things are much clearer in cybersecurity and it is necessary that such discussions and agreements are seperate from discussions about terrorism, subversion and surveillance

    they should talk about ddos, hacking attemps, botnets, phishing attacks and so on

    source article that follows http://justsecurity.org/17653/takeaways-house-intelligence-committee-cybersecurity-hearing/

    On information sharing, Representatives Rogers and Ruppersberger pushed for passage in the lame-duck session of a bill to permit sharing of cyber threat information between the private sector and the government. Rogers and Ruppersberger’s bill on the issue, the Cyber Threat Information Sharing & Protection Act (“CISPA”), passed the House in April 2013, but drew a veto threat from the White House and generated broad public opposition due to privacy concerns about the businesses providing Internet users’ information to the government. A Senate information sharing bill, the Cybersecurity Information Sharing Act, has prompted similar concerns. Proponents of cyber threat information sharing see it as crucial to facilitating increased security for U.S. systems and networks, but such information sharing has been pulled into the broader debate about surveillance reform and the flow of information to the intelligence community. The failure of the USA FREEDOM Act earlier this week substantially dims the chances for information sharing legislation until the new Congress.
    http://justsecurity.org/17653/takeaways-house-intelligence-committee-cybersecurity-hearing/