No trust without independent control - Page 6

  • #tor buy stolen bitcoin wallets

    they are being stolen

    not sure if this is a scam or not but it is being advertised

  • the only reference to Belgium in the US Senate torture study

    it is a known as a fact since long time that torture does only very rarely bring real information

    just reading a book about the Great purges under Staline (nothing Great among them)

    but sometimes people just don't want to listen to real specialists who will tell you that it won't work with people who are really convinced of their case and willing to die for it and that other people will just invent thing only to make you stop

  • new #luxleaks from new sources about Skype, Koch brothers and Disney

    you can read more here http://www.icij.org/project/luxembourg-leaks/new-leak-reveals-luxembourg-tax-deals-disney-koch-brothers-empire

  • #sonyhack digital signatures of sony used on malware

    source https://securelist.com/blog/security-policies/68073/destover-malware-now-digitally-signed-by-sony-certificates/

    the same that was used earlier by North Koreans against South Korea

    it means that all certificates from Sony will have to be changed - what we said earlier

  • #ukraine now it is Finland that has put her army on a heightened state of alert

    the airtraffic over baltic where tensions are increasing daily now http://www.flightradar24.com/RYR75LM/500f160

  • De voorzitter van de Belgische Privacycommissie over de rol van de privacycommissie

    Naar aanleiding van het Mensura incident had ik voorgesteld dat ik de dossierbehandelaar zou ontmoeten om de verschillende elementen en mijn ontdekking te bespreken. Deze vraag werd in het directiecomité besproken maar om procedurale en juridische redenen afgewezen.

    In de email legt de voorzitter van de privacycommissie - die me het recht geeft om hieruit te citeren - ook een aantal elementen voor van hoe de Belgische privacycommissie haar rol ziet.

    We kunnen niet anders dan wachten op het Europees kader die deze 'poedel' (indien er geen minnelijke schikking komt kunnen we niets doen en we hebben geen enkel administratief sanctierecht) in een bulldog die alleen al door haar verschijning netwerk en websiteverantwoordelijken automatisch een betere beveiliging doet installeren om ze toch maar niet op bezoek te krijgen.

    Dit wordt verwacht in 2015 -2017 of indien de staatssecretaris voor privacy eindelijk eens begint te begrijpen wat privacy is en hoe belangrijk dat wel is en met enkele kleine wijzigingen aan de wet de Privacycommissie opeens wel de nodige administratieve bevoegdheden geeft om op zijn minst waarschuwingen te geven en indien deze niet worden opgevolgd de stekker eruit te trekken. Net zoals we restaurants sluiten die niet hygiënisch zijn, auto's van de straat houden die niet veilig zijn en electriciteitswerken niet aansluiten op het algemene netwerk omdat ze gewoon slecht gelegd zijn of logische fouten hebben.

    Wij zullen blijven met nieuwe zaken naar de privacycommissie te sturen iedere keer we dit nodig achten. Dit is onze rol. Volgend jaar nemen we trouwens een ander orgaan in het vizier - niet om het te bekritiseren maar om te proberen haar aan te zetten om de volheid van haar mogelijke bevoegdheden te gaan gebruiken.

    Juridisch formalisme is niet iets wat ons voluntarisme zal tegenhouden. Indien dit zo was dan hadden we al 10 jaar geleden gestopt.

  • Mensura nieuws sommige instellingen die klant waren zijn NIET getroffen door het lek

    het blijkt dat sommige instellingen en organisaties geweigerd hebben om gebruik te maken van de online formulieren van Mensura voor het aanvragen van medische controles

    Deze instellingen en organisaties zijn dan ook NIET getroffen door het datalek omdat ze enkel gebruik hebben gemaakt van email of van de veiliger fax

    Het staat uw instelling of bedrijf ook vrij om NIET gebruik te willen maken van online formulieren of procedures die u onveilig of gevaarlijk lijken (test de site vb eens op https://www.ssllabs.com) of waarop teveel informatie wordt gevraagd die in feite niet nodig zijn of beter niet online staan

    Verschillende andere instellingen hebben GEEN online formulier voor het aanvragen van een aanvullende medische controle.

    U bent de klant, u kunt weigeren van een dergelijk online formulier in te vullen. Uw vakbondsvertegenwoordiger kan in uw bedrijf of organisatie eisen dat dergelijke online formulieren niet worden gebruikt (zeker niet als uw rijksregisternummer, persoonlijke informatie en medische informatie online wordt verzameld)

    De enige uitzondering zou zijn wanneer de applicatie voor het invullen van de gegevens volledig is afgescheiden van de publieke website en achter een VPN met een sterke login staat.

  • what will come in the place of bitcoin ?

    "It wouldn’t be the least bit surprising to see the best bits of Bitcoin be grafted into new products and services (like facilitating international transfers),” said David Yermack, professor of finance at New York University Stern School of Business, to CNN.

     

    “A lot of the breakthrough products tend to get taken over pretty quickly by improved versions and I think that’s likely going to be the fate of Bitcoin. It’s certainly played a role in raising issues and opening possibilities that people were only dimly aware of before. But if I owned Bitcoins, I would be a seller at the current market price as I think a year from now they may be all but worthless.”

    http://www.mintpressnews.com/bitcoin-hype-spent-whats-next-2/199680/

    first they seem to forget that some - even essential parts - of bitcoin (like for example the encryption) seem to have some fundamental logical mistakes which makes it insecure an sich. So incorporating parts of bitcoin into new digital currencies that are part of the normal financial systems can introduce some grave mistakes into the normal financial system. 

    secondly the biggest advantage of Bitcoin is that it is anonymous but governments all over the world are trying to limit the anonimity of money transfers because they want to receive the right amount of due taxes. So this fundamental part of bitcoin won't ever be incorporated without a backdoor for tax and law agencies. It will also be much easier to follow digital currencies through their CHAIN if there is such a backdoor than with our present ways of paying. 

    and last but not least

    bitcoin has shown what the internet have shown in so many other industries and that is that if there is an unfair interference from businesses in a normal process it can and will be replaced by an internetbased direct system. It costs much too much to transfer money around the world - and even across accounts. But I don't see the bitcoin replace the dollar as an international currency. It will be much easier to have a 'digital dollar' with the possibilities of a digital bitcoin than a bitcoin with the financial trust of the dollar. 

    and so

    there will always be anonymous digital currencies because there is a reason for them to exist and if you use them for that reason (to give anonymously to support causes by example) whatever the value of the bitcoin at any moment. But it will never become a real investment product (except as pure speculation with the risk of losing nearly everything) because it is insecure, prosecuted by law agencies and not supported by any financial institution. 

    if you use bitcoin, use it to do something with the same value you have bought it 

  • java is the low hanging (rotten) fruit of the Google App engine

    "According to the security firm, the flaws can be exploited by attackers to achieve a complete Java VM security sandbox escape, as well as to execute an arbitrary code. The researchers estimate that the number of issues is "30+ in total."

     

    By exploiting the vulnerabilities, security researchers were able to bypass Google App Engine whitelisting of JRE Classes and gain access to full JRE (Java Runtime Environment). They discovered 22 full Java VM security sandbox escape issues and were able to exploit 17 of them successfully.

     

    Moreover, the researchers were able to execute native code, specifically to issue arbitrary library/system calls and to gain access to the files (binary/classes) comprising the JRE sandbox. They even siphoned off DWARF information from binary files, PROTOBUF definitions from Java classes and PROTOBUF definition from binary files among others.

     

    However, the researchers have been unable to finish their research because Google suspended their test Google App Engine account.

    http://thehackernews.com/2014/12/google-app-engine-hosting-security.html?

    it is a bit cloudy with heavy storms expecting in some programming and security departments while it will be icy in the managmentsdepartments of Google App Engine 

    sunshine is expected later this week when the securityresearchers and Google exchange their results and start working on solutions 

    I never liked Java because I think it is too open and too insecure and maybe I will like it when they change course the way Microsoft did one day and become more closed, better monitored and with a huge security infrastructure and a set of clear procedures and frequent updates 

  • #regin is espionageware from the NSA say those two researchers

    "Prins, the researcher whose company was hired to investigate the Belgacom hack, has no doubts. Based on Snowden documents leaked last year and the analysis that his company has done of the Regin malware, Prins said he is fully convinced that the NSA and the GCHQ are behind Regin.

     

     

    UNITEDDRAKE and STRAIGHTBIZARRE are codenames of NSA programs, according to leaked documents. While those codenames are not mentioned in the malware, Prins explained that their description in the Snowden documents matches with "the functionality of parts of the Regin framework."

     

    Kaspersky researchers, however, did find codenames of a somewhat similar style inside parts of the Regin malware.

     

    http://mashable.com/2014/11/25/regin-spy-malware-nsa-gchq/

    except if this is done to fool everybody and it is the Russians installing it to follow the mobile phones of NSA agents in the Middle East  

    it seems logical but it is not because it seems logical that in the spyworld this is the right answer - it is a normal and a fast answer but not necessarily the only possible answer 

    exceot in this case these infections at Belgacom coincide with the Snowden files that come from the intranet of the NSA - so there are two independent sources 

  • #regin was responsable for the #Belgacomhack says Foxit in this article

    "This is why the recent disclosure of Regin is so disquieting. The first public announcement of Regin was from Symantec, on November 23. The company said that its researchers had been studying it for about a year, and announced its existence because they knew of another source that was going to announce it. That source was a news site, the Intercept, which described Regin and its U.S. connections the following day. Both Kaspersky and F-Secure soon published their own findings. Both stated that they had been tracking Regin for years. All three of the antivirus companies were able to find samples of it in their files since 2008 or 2009.

     

    So why did these companies all keep Regin a secret for so long? And why did they leave us vulnerable for all this time? To get an answer, we have to disentangle two things. Near as we can tell, all the companies had added signatures for Regin to their detection database long before last month. The VirusTotal website has a signature for Regin as of 2011. Both Microsoft security and F-Secure started detecting and removing it that year as well. Symantec has protected its users against Regin since 2013, although it certainly added the VirusTotal signature in 2011.

     

    Entirely separately and seemingly independently, all of these companies decided not to publicly discuss Regin’s existence until after Symantec and the Intercept did so. Reasons given vary. Mikko Hyponnen of F-Secure said that specific customers asked him not to discuss the malware that had been found on their networks. Fox IT, which was hired to remove Regin from the Belgian phone company Belgacom’s website, didn’t say anything about what it discovered because it “didn’t want to interfere with NSA/GCHQ operations.”

     

    My guess is that none of the companies wanted to go public with an incomplete picture. Unlike criminal malware, government-grade malware can be hard to figure out. It’s much more elusive and complicated. It is constantly updated. Regin is made up of multiple modules—Fox IT called it “a full framework of a lot of species of malware”—making it even harder to figure out what’s going on. Regin has also been used sparingly, against only a select few targets, making it hard to get samples. When you make a press splash by identifying a piece of malware, you want to have the whole story. Apparently, no one felt they had that with Regin.

    http://www.technologyreview.com/view/533136/antivirus-companies-should-be-more-open-about-their-government-malware-discoveries/

    we have information that there are newer versions of Regin and that there would also be a Regin version for Linux and Unix machines - but as you should have understood from the article above - our sources are not allowed to talk nor to give us such versions 

    but fox-it said so also because it calls Regin something that is made up of modules and something that is a platform and that nobody has all the different parts 

    this is why a working group Regin would have have to be formed between the different biggest security companies 

    the sensationalistic stories from the AV companies that have come out with some information pose more questions than they give answers and should make us feel safe because they discover some files, some destinations or some functions of the virus 

    at the same time some antivirus softwares seem to be much stricter about the process of normal software and are giving in a complicated network with an enormous list of different old and diverse software big problems because they are starting to block processes and files that they didn't even look at before

    this means that the functionality of whitelists and program management is a necessary part of any securitypackage that you would install nowadays in your businesscritical environment 

  • some infected .be domains that should be cleaned (there are a lot .eu domains)

    http://barns.be/search/search_term/android/admin.php,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
    http://boatcare.be/top-quality.html,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
    http://decrolyschool.be/backup/1_1_777.exe,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
    http://ever-move.be/Info.zip?R5KCZDA0=metalproject1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
    http://home.base.be/vt6279514/martien/bio/biopage.html,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
    http://kleinamsterdam.be/wp-admin/js/images/docss/Login.html,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
    http://msport.be/,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
    http://preud-homme.be/agivenlike.exe,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
    http://topcongo.be/site2/logs/bmw.exe,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
    http://users.telenet.be/smart.projects/downloads/isobuster/dlls/Korean.dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
    http://www.saveursettraditions.be/libraries/phputf8/jj/?XSBWEU5JGF3B44VJQZR3EMF0I74X37IFJRWLVHXSJHUVICE6A5RHSGN8IEB6FLHP14BO8ILFHXISTXS5PNM93NRIE2FRODADCTN6EW6FAQ241X2GZKDD89Q862DRSJ1ELWTZHNKTZWGR30776TZW97L0SE95S4KTODV7GSVKKHQTZ18A7HHS5HCPA6YUN12LN8TRAA2P1EV9S54R4IV3W8YIO0JZEADRIEMPZ738BPW2GLULWW5PK0FPXR1G1YKA91B2LG13IET81GHTJO9Q3PSA3MCBI1N8UYVR23SBLGLRGO1F4U95HJ183VKKVFLHBBBUD4GYJV0ORAEEID5WRQ5JYHN759F6N1MALH1YCOSZX0NQS0V2WB59PHM69E57W4T5O9FC2V7OZMSGYJHJX0ZACUGI8XPLZKVBMDQ4MFGPXCTJZ8ZGTLPQUL704U6DYETWGVW83DM6PGP1W8DPLABJ9QSDT6HJTMMV7RY,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                          
    http://www.toll-net.be/images/stories/14814.c,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    

    https://www.linkedin.com/groupItem?view=&item=5947476674869231619&type=member&gid=2677290&trk=eml-b2_anet_digest_weekly-hero-9-grouppost-0&midToken=AQGp6q-sNRDBFA&fromEmail=fromEmail&ut=3Pyl6mhlUgE6w1

  • #sony hack : two new facts that are important to consider for securitypeople

    first they used open and vulnerable networks of universities and hotels to attack, extract and publish

    "An Internet Protocol address the malware used to communicate with the hackers was also located at a university in Thailand, this person said. Hackers often take advantage of open university networks in initiating attacks. Katie Roberts, a spokeswoman for Starwood Hotels & Resorts Worldwide Inc. (HOT), which owns the St. Regis Bangkok, didn’t respond to emails seeking comment.

     

    If the hackers were indeed at the St. Regis Hotel in Bangkok, they were essentially hiding in plain sight by using a busy wireless network available to hundreds of guests.
    http://www.bloomberg.com/news/2014-12-07/sony-s-darkseoul-breach-stretched-from-thai-hotel-to-hollywood.html

    this also says something about the security of the networks they are offering their clients if hackers can get inside and out and abuse it at their own will

    secondly after they have penetrated the network and after they have extracted the information (just look at the dates of the different packages they are leaking) they have decided to destroy as much as possible and they have launched that attack real fast

    "Kurt Baumgartner, principal security researcher at Kaspersky Lab in Denver, Colorado, also found similarities. As in South Korea, the destructive programs were compiled less than 48 hours before the attack, he said. In both instances, the hackers also defaced websites with skeleton images and vaguely political messages
    http://www.bloomberg.com/news/2014-12-07/sony-s-darkseoul-breach-stretched-from-thai-hotel-to-hollywood.html

    this means that your incident response team should have the resources and the instruments and the authority to intervene immediately on the whole of the network if such a 'wiperattack' is happening and doesn't have to wait for other people to begin to understand what is happening and holding on to some authority while the whole network is just disappearing at an ever increasing rate

    get a snort in your network

  • #ukraine : the fall of the Ruble in one pic

    source http://www.bloomberg.com/news/2014-12-07/ruble-s-rout-is-tale-of-failed-threats-missteps-and-blown-cash.html

    let's hope that this will foce Putin to come back to his senses

  • tool to abuse vulnerabilities to ddos sites off the web

    " After making public release of DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html), I've made next update of the software. At 23rd of October DAVOSET v.1.2.1 was released - DDoS attacks via other sites execution tool (http://websecurity.com.ua/davoset/). Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I Also yesterday I opened a repository for DAVOSET: https://github.com/MustLive/DAVOSET Download DAVOSET v.1.2.1: http://websecurity.com.ua/uploads/2014/DAVOSET_v.1.2.1.rar In new version there was added support of attacks via WordPress, based on XML support since v.1.1.2 (released at 31.07.2013). After vulnerability in XML-RPC PingBack API in WordPress was found last year, I added support for XML in DAVOSET (to use with XXE vulnerabilities, but it also can be used with this vulnerability). After that people many times asked me to add this support, but nobody wanted to do it by himself, so I added it. Also there were added new services into both lists of zombies and removed non-working services from lists of zombies. In total there are 175 zombie-services in the list. I added 3 and removed 18 zombie-services. I removed a lot of vulnerable sites from the lists, because admins became fixing holes at their web sites in summer - after significant increase of use of my tool.
    http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2014-October/009057.html

    which means that if your site or webservice is vulnerable it can now not only be hacked but also be abused to attack other sites with an DDOS and abusing about your traffic (if you don't have an unlimited account or just getting your blog or site of the web because it is being abused in such an attack)

  • ukranian cyber-forces hacked Russian ministery of interior and leaked documents

    source https://www.youtube.com/watch?v=wyBZp4UXvCI

    this has only any sense if somebody who knows the russian language makes sense out of it all and translates it in english

  • ukranian cyber-forces hack securitycamera's for espionage in realtime online

    just as anybody else in the intelligence business I think

    more can be found here https://www.youtube.com/channel/UCAXdfFRi-lhKqlKV1JLSCsQ