No trust without independent control - Page 11

  • more mediawar than war during first day of protests in Belgium

    First the riots during the first big demonstration in Brussels were the result of two unforseen factors

    * the riots broke out at the beginning of the demonstration and not at the end of it, as each playbook will tell and has always been the case in Belgium. This made it extremely hard for the police to intervene 'en force'.

    * as there were no big riots in Belgium for the last 20 years nor the police nor the organizers had planned for this because the probabllity of such riots was minimal. What both didn't really understand - like the media - is how angry people are over here and that some people want to show this in some particular (but unacceptable) way..... The last three weeks we have been daily bombarded with bad news for people who earn their wages from working.

    This was the reason that there was also no real internal 'service d'ordre' that could isolate such elements, coordinate with the police and try to push back onwatchers and keep a distance between the demonstration and the riots.

    so since than the governmental parties and the media have kept up the pressure - letting it sound as if we are going to some kind of civil war and rumours without any substance about Hooligans from Holland coming over and other hardened groups were coming to Antwerp. The NVA mayor has mobilized all possible police forces and is awaiting anxiously the first incident 'to intervene' as he has declared in the press.

    and the media went with it as some socalled political analysts playing megaphone

    and comments in other papers as everything is calm but for how long, when will the street battles begin

    how sad they will be that the whole of the big industrialised Port of Antwerp and other industrial zones are going nearly totally down being blocked where they should have been blocked (at the entrance) and there will be no riots (if everything goes to plan) except if DeWever sends his troops to clear the streets and break the strike.

    He has set a trap for the unions in Antwerp (demonstrate and I will intervene with all my forces after the first stone) but there is now a trap for him (you have all those forces and we are blocking everything that is economically important in Antwerp, so come and show that you want to break a strike).

    at the end of the day we will know who won or if it is just remise (chess)

    we will have another 4 days of strikes before the holidays

    the media and the public officials should tone down their wartalk. There is no war, there is a show of force and determination. War is in Ukraine. That is war. Every day since a year.

  • this is why financial and governmental institutions need a protected range of phonenumbers

    "Pindrop Security today warned financial institutions and their customers about a telephone scam they've dubbed the "misdial trap."


    Fraudsters buy phone numbers similar to legitimate businesses, and pose as that business's customer service line when customers misdial -- not unlike how some fraudsters buy domain names similar to legitimate online businesses and create sites that mimic them, according to Pindrop.


    The numbers fraudsters typically choose will have the same first six digits as the legitimate business, with only the final digit changed, or they will have the same seven-digit number but a different area code -- a toll-free number area code, for example.When they hook a customer, they pretend they are customer service for the company in question and request sensitive data from customers -- sometimes offering a free gift card in exchange.


    Some 103 of the 600 financial institutions examined by Pindrop Security were affected by the misdial trap

    just as domainnames should be forbidden to include the household names of banks and other financial services if they aren't operated by them (like mastercard, dexia, etc....)

    otherwise the problem of vishing will only increase (phishing by phone)

    but don't forget with VOIP it is possible to hijack numbers or to impersonate numbers because the only thing it takes is a server online (which will disappear once the money is taken)

  • #regin where does it come from and did it target Belgacom ?

    first look at the countries that are NOT in this table

    than which countries are NOT in that list ?

    and which countries are enormously interested in what passes through Mobile towers and phone companies ?

    Belgacom and some other telephone companies may have some scanning to do just to be sure that they aren't impacted. Belgacom is very interesting for a spy because it has so many telephone firms and alliances in so many countries of which a few are very interesting for any espionage agency that follows presumed or real terrorists and their networks and supporters.


  • #regin is a perfect example of why espionageware attacks are 'OPERATIONS'

    they are not the one in and out attack

    they are deliberate operations that consist of different stages with as only goal to get information on a longterm basis with all the necessary rights and in which it is paramount not to be discovered too fast and to have enough backdoors to get the information without being discovered

    it is just like an espionage operation, nothing more - nothing less

    1. you drop a file on the computer and wait to see if it passes the defenses and virusanalyses and if the user has enough rights to install it (that is why installing files should be the exception for users, not the rule)

    2. than you load the files that are in the dropper and you start loading them with the next startup after which it drops its files in the kernel so that they won't be seen by the antivirus (or very rarely)

    3. you start looking at the files of the user, his passwords, his connections and routines and you start working

    The definition of the process by Symantec is a perfect description of an espionage operation

    "As outlined in a new technical whitepaper from Symantec, Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage.  Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages.  Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.


    this is why I personally think that securitypeople in highly confidential and strategic networks should read and learn more about espionage and espionage operations

    this is no different

    probably it is even made by an espionage agency and by people who are programmers but who are trained as spies and think like spies and have the same goals and strategies and reflexes like spies

    and thus my last quote just proofs my case, it is espionageware written by spies for spies

    "What makes Regin different is who it attacks. Instead of going only after high-worth targets, Regin attacks many different targets in an attempt to piece together contextual information. Of the 9% of Regin attacks in the hospitality industry, 4% targeted low-level computers, presumably for this information.

    “The average person needs to be aware,” O’Murchu says. “A lot of the infections are not the final target. They are third parties providing some extra information to get to a final target. Lot of people think, ‘I don’t have anything of importance, why would anyone get on my computer?’ Ordinary people who may not think they’re targets in fact are.”

    this is nothing other but an operation - an intelligence operation

  • #regin these are the md5 files and the discovery rates of Virustotal (and some thoughts)

    and this explains why some were not discovered anyway on 52 security tools analyzed 3 hours ago  30 discovery 37 discovery  28/43  3 years 4 months (2011)  4/42  2 years  23/48  1 year ago

    and there are more of them but we can conclude the following

    because the antivirus and security industry doesn't work together and because they give different names to the same viruses and don't exchange technical information it takes years to get the full picture and so even if some of the files of the virus were found to be malicious not all the files were found to be malicious especially not by all the securityprograms at the same time

    it also means that we have to change the general perception of an antivirus. People just install an antivirus and than look if it finds viruses (normally it does) and than make sometimes some general report about it but don't analyse what it is and what the consequences are that the file or virus has been found on a server or a pc and if there are other files that or traffic or behaviour for that machine that have to be researched and that have to be integrated in the report

    it is intelligent analysis that will make the difference in high value environments, not putting just machine after machine after machine hoping that that will do the trick

  • federale wetgeving van het laatste jaar kan ongrondwettelijk zijn

    ""De Belgische grondwet voorziet niet dat een zetelende koning afstand kan doen van de troon en dat er dus een opvolger komt terwijl dat de koning in functie nog in leven is", legt grondwetspecialist Ghysels uit. Volgens hem zit koning FIlip dan ook ongrondwettig op de troon. Dat brengt natuurlijk ook heel wat gevolgen met zich mee waarschuwt de jurist. "Strikt genomen zijn alle besluiten die koning Filip ondertekent, die dat niet grondwettig geworden is, ongeldig.

    dit betekent dat het federaal veiligheidscentrum niet kan worden opgericht en dat de directeuren er niet kunnen benoemd worden, maar zo zijn er 1500 andere wettelijke besluiten op federaal vlak (de koning tekent niet meer de regionale besluiten).

    het is dus hoogdringend dat hierin klaarheid wordt geschept voor het voor de rechtbank komt en één of andere rechter het nodig vindt om hier al was het gedeeltelijk in mee te gaan en te vergeten dat het recht niet alleen gebaseerd is op formalistische regels maar op uiterst belangrijke principes zoals het verzekeren van de publieke dienstverlening.

  • why the new TOR drugmarket Evolution is even more advanced than Silk Road

    "Evolution doesn’t just offer an escrow, but also takes advantage of a more advanced feature built into bitcoin known as multi-signature transactions. That feature is designed to prevent both scams and seizure of escrow funds by law enforcement. It requires two out of three parties—the buyer, the user, and the site itself—to sign off on a deal before the escrowed bitcoins can be transferred. Evolution has also had much faster pageload times than competitors, most of whom run painfully slowly thanks to Tor’s process of routing web traffic among randomly chosen computers around the world. (Just how Evolution managed those speeds despite running on Tor itself isn’t clear.) And it has been online far more reliably: The website Darknet Stats counts Evolution as online 97 percent of the time, compared with 83 percent for Agora and 93.5 percent for Silk Road 2 at last check in September.

    I think the Achilles Spees of Evolution is how they arrive at these speeds because it may be that not all traffic is as TOR protected as is should or they have invested enormous money in SSL accelators and other hardware stuff on their servers.

    The protection that is given to Bitcoin shows that not all bitcoins are equal and that some are even not that anonymous, it all depends on how they configurate it and that is something the receiver of bitcoins doesn't always has any control over.

  • hacked and leaked ?

    find the link on my twitter account

    some hacktivists are hacking and leaking giga's of information every month but withouit all the press attention that others got

  • the first lesson belgian insurance companies should learn is itsecurity and not getting hacked

    this is their blablablablabla

    and on the same site this is the real reality of belgian insurance companies and websites online (and no one is really responsable to control their security for the moment)

  • putin pays extreme right in Europe for its support (another stalin-hitler pact)

    "Front national, nouveau « parti de l’étranger » ? La question risque de hanter le congrès du parti d’extrême droite, qui s’ouvre samedi prochain, au centre des congrès de Lyon. Selon les informations obtenues par Mediapart, la présidente du FN a décroché, en septembre, un prêt de 9 millions d’euros de la First Czech Russian Bank (FCRB), une banque fondée en République tchèque aujourd’hui basée à Moscou.

    and so it goes throughout nearly the whole extreme right in Europe which is fascinated by his authoritain leadership and guided by its anti-americanism

  • meanwhile in #Mexico - 43 students become the symbol of a nation in protest

    by murdering those students the bandits have accomplished what no corrupt government at any level at any time in Mexican history has accomplished

    bring thousands and thousands of people in the street during weeks to protest for more democracy and legality and just a normal life

    but they ain't going to wait or stand still

  • the new complete Man in the Middle attack : Double Direct (and they get it all)

    "DoubleDirect uses ICMP Redirect packets (type 5) to modify routing tables of a host. This is legitimately used by routers to notify the hosts on the network that a better route is available for a particular destination[2]. However, an attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP. As a result, the attacker can launch a MITM attack, redirecting the victim’s traffic to his device. Once redirected, the attacker can compromise the mobile device by chaining the attack with additional Client Side vulnerability (e.g: browser vulnerability), and in turn, provide an attacker with access to the corporate network.


    With the detection of DoubleDirect in the wild we understood that the attackers are using previously unknown implementation to achieve full-duplex MITMs using ICMP Redirect. Traditional ICMP Redirect attacks has limitations and known to be half-duplex MITM. Zimperium Mobile Security Labs researched the threats and determined that the attackers are able to predict the IPs being accessed by the victim. We have investigated the attacks and also created a POC tool to prove that it is possible to perform full-duplex ICMP Redirect attacks. ICMP Redirect attacks are not easy to emulate because the attacker must know beforehand which IP address the victim has accessed. (There isn’t a systematic way to forward all the traffic from the victim through the attacker.)

    so if they earn all the traffic from and to your machine because it goes through their servers than there is not a lot you can do to protect yourself and if you aren't fully encrypted from end to end than you just lose everything.

  • why should malware only take one password if it could copy all your passwords

    "IBM Trusteer researchers found a new configuration of Citadel that is being used to compromise password management and authentication solutions. It instructs the malware to start keylogging (capturing user keystrokes) when some processes are running.


    The relevant part of the configuration is shown below (in IBM Trusteer’s proprietary format):


    Snippet form the Citadel configuration file (in IBM Trusteer

    so in fact this means that now with a passwordmanagement software but later with whatever identification file or system on your computer it can be intercepted or copied

    that is way in the safe portable (sophos) the identification files are not in root or kernel or system of windows but on a preboot encrypted seperated system (and this is why it doesn't work with the Belgian EID but only with a token from safenet)

  • Snowden and Greenwald are politically dead in the US

    "Now it looks very much like Greenwald is becoming a voice in the blogging wilderness again, and Snowden is watching from Moscow, once again isolated, as his explosive revelations fizzle out politically. On Tuesday, led by Republicans voting en masse, the U.S. Senate defeated a motion to vote on the USA Freedom Act, which would have curbed the NSA's bulk collection of Americans' phone records. The new, harder-line Republican Congress coming in January doesn’t seem likely to pass the bill either

    Now those two are lamblasting the system and the judicial system and the stupid public and whatever they can think off (the media for example) but they seem to forget - as we have said here months ago - that Putin has changed as much the perception of the discussion as 9/11 had when we were discussing Echelon in 2001.

    Putin has brought us to the brink of the cold war again and his permanent madness of sending bombers and submarines to our coasts - sometimes nuclear-capable - with all the risks of military incidents or collasions with civil airlines is just too mad to understand. It brought the possibility of military incidents right at our border instead of somewhere in some far part of Ukraine where there is everyday some shooting but nothing that could be really called a real big war.

    ISIS has helped also off course.

    And it just doesn't seem the right time now to dismantle the NSA now. You never know what they may miss because of the reorganisation, the limited resources or capabilities. They missed an 9/11 once because they didn't have enough translators and analysts.

    as long as there is more oversight - for the moment not enough people care enough

  • truste fined by the US FTC for forgetting to check yearly the security of all its clients

    "The US Federal Trade Commission (FTC) has charged TRUSTe, US-based provider of privacy certifications for online businesses, for deceiving consumers about its recertification program for companies’ privacy practices. The FTC Chairwoman, Edith Ramirez, said that “TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge. Self-regulation plays an important role in helping to protect consumers.  But when companies fail to live up to their promises to consumers, the FTC will not hesitate to take action."


    The FTC alleges that from 2006 until January 2013, TRUSTe failed to conduct annual re-certifications in over 1,000 cases, but its website informed consumers that companies holding TRUSTe Certified Privacy Seals receive recertification every year.

    they have some explanation but whatever they say it ain't right and so it proves that if one wants to set up such a procedure than one needs to do it right

  • HP does the right thing : no slave labor to make your computer or printer

    "The electronics manufacturer HP has announced a series of landmark policy changes on labor practices throughout its global supply chains, becoming the first U.S. information technology company to halt the common use of recruitment agencies for hiring foreign migrant workers among its suppliers.


    Recruitment agencies, which often hire poor workers in one country for employment in another, have for years been criticized for a range of practices that can facilitate forced labor and slavery. Advocates thus see requiring the direct employment of migrant workers by suppliers of multinational corporations as a key opportunity to crack down on bonded labor and other rights abuses in the international economy.


    “Workers who are employed by labor agents are more at risk of forced labor than those employed directly,” Dan Viederman, the head of Verité, a Massachusetts-based NGO that worked with HP to develop the new recruitment policies, said in a statement.

    maybe all governmental and big contractors should put the same obligation in their contracts

  • explaining the electrocal (electric electoral) shocks and waves in the US lately

    "There is one finding that can well explain the unusual volatility and disaffection of so many American voters over the last decade. In 2000, 16 percent of households were headed by people without high school diplomas, and another 51 percent were headed by people without college degrees. From 2002 to 2012, the median income of the first group, across age cohorts, declined at an average annual rate of 2.4 percent, year after year; and the median income of the second group, across age cohorts fell at an average annual rate of 1 percent, year after year. That tells us that two-thirds of American households have suffered persistent income losses as they aged from 2002 to 2012, through eight years of economic expansion along with two years of serious recession. The median income of the remaining households, headed by college graduates, increased over this period—but at only one-third of the rate of households headed by college graduates in the 1980s and 1990s.


    These trends have enormous electoral consequences. They explain why, in recent years, overall positive economic numbers and growth are not translating into feelings of shared prosperity. That’s why so many Americans are angry and ready to turn on whichever party has most recently failed to restore the broad income progress that almost everyone experienced in the 1980s and 1990s.

    and this is what will happen in Belgium as we going through a wave of protests and afterwards huge reductions in wages, pensions, subsidies and available income

    the same thing can be seen since 2007 in other countries and recently in France

    Economists and investors are talking about growth and invesments and returns but the people who do the work don't see much of it, on the contrary