No wonder Australia didn't allow Huawei or ZTE to participate in it's National network.
Canada is about to the do the same...
The Committee report asserts that undisclosed companies in the U.S. using Huawei or ZTE equipment have "experienced odd or
alerting incidents" using the Chinese manufacturers' equipment "which they declined to make public." The report says it heard
current and former employees tell of "flaws" in Huawei and ZTE equipment and "potentially unethical or illegal behavior by
Huawei officials."
http://www.networkworld.com/news/2012/100812-huawei-zte-report-263146.html?page=3
Wednesday, October 10, 2012
Wednesday, September 26, 2012
Oh wow - The first true iphone/ipad/etc Webkit jack
Now this is scary. Send an iphone to a website, execute some code, and suddently your personal data is visable to a remote hacker.
Scary!
Dutch hackers have exploited a WebKit bug in mobile web browser Safari to rinse an iPhone 4S of its photos, address book contacts and its browser history.
Scary!
Dutch hackers have exploited a WebKit bug in mobile web browser Safari to rinse an iPhone 4S of its photos, address book contacts and its browser history.
Face Plant - The odd moment when your Anti-Virus detects itself as malicious
The odd moment when your Anti-Virus detects itself as malicious.
"You may have seen many false alerts on your computer or network. These false alerts also prevented the updating of Sophos products and some other products."
In a note from the CEO
"While Technical Support call volumes have started to significantly subside and hold queues have started to drop, I understand that our hold queues still remain larger than normal, and in some instances, callers have been unable to connect with us."
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx
http://www.theregister.co.uk/2012/09/20/sophos_auto_immune_update_chaos/
"You may have seen many false alerts on your computer or network. These false alerts also prevented the updating of Sophos products and some other products."
In a note from the CEO
"While Technical Support call volumes have started to significantly subside and hold queues have started to drop, I understand that our hold queues still remain larger than normal, and in some instances, callers have been unable to connect with us."
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx
http://www.theregister.co.uk/2012/09/20/sophos_auto_immune_update_chaos/
Sunday, September 23, 2012
File-sharing deemed a religion - Kopimism
Kopimism is now a religion. The religion of information and copy.
A follower of this is a Kopimi (Copy Me)
"The organisation formalises a community that's been well spread for a long time already. The community of kopimi requires no formal membership. You just have to feel a calling to worship what is the holiest of the holiest: information and copy.
http://www.theregister.co.uk/2012/01/05/file_sharing_sweden_kopimism_religion/
A follower of this is a Kopimi (Copy Me)
"The organisation formalises a community that's been well spread for a long time already. The community of kopimi requires no formal membership. You just have to feel a calling to worship what is the holiest of the holiest: information and copy.
http://www.theregister.co.uk/2012/01/05/file_sharing_sweden_kopimism_religion/
Wednesday, September 12, 2012
Huawei Denies spying --- Duhhhh, of course!
I just had a laugh at another UK bigwig that jumped on board Huawei's "for hire" messaging.
When asked a direct question, this guy starts babling about manufacturing of other companies being done in India, China, etc.
Talk about not sidestepping the question.
Huawei, like its Chinese competitor ZTE, has been under investigation by the House of Representatives Permanent Select Committee on Intelligence for nearly a year, after multiple US government and military officials raised concerns about both companies' ties to the Chinese government.
"Chinese actors" are among the most active perpetrators of cyber espionage, and that Huawei's equipment could be rigged to make such attacks easier.
That's just politics, Suffolk says.
In his paper he describes Huawei as "a global organisation doing business in over 140 countries." Furthermore, he questions whether, in the era of the global supply chain, it is valid or even helpful to label a company's products as "foreign developed":
Alcatel-Lucent has one third of its global manufacturing done by Shanghai Bell; Ericsson's joint-venture Nanjing Ericsson Panda..... Blah blah blah...
Suffolk goes on to criticize the lack of laws, norms, standards, and protocols with regard to cyber security, and says the current environment allows nearly anyone to use malware and other internet-based attacks with impunity.
Because the laws, norms, standard and protocols have gaps, that means its ok?!?!?!
Are you really a babbling head for hire Mr. John Suffolk – a former UK government CIO who now serves as Huawei's global cyber security officer.
Update: After reading another article, it seems the 21st Century network Upgrade by BT, the CIO Matt Bross now moved to Huawei as well at their CTO.
Why is it all these people are selling out and just going as another high paid voice.
When asked a direct question, this guy starts babling about manufacturing of other companies being done in India, China, etc.
Talk about not sidestepping the question.
Huawei, like its Chinese competitor ZTE, has been under investigation by the House of Representatives Permanent Select Committee on Intelligence for nearly a year, after multiple US government and military officials raised concerns about both companies' ties to the Chinese government.
"Chinese actors" are among the most active perpetrators of cyber espionage, and that Huawei's equipment could be rigged to make such attacks easier.
That's just politics, Suffolk says.
In his paper he describes Huawei as "a global organisation doing business in over 140 countries." Furthermore, he questions whether, in the era of the global supply chain, it is valid or even helpful to label a company's products as "foreign developed":
Alcatel-Lucent has one third of its global manufacturing done by Shanghai Bell; Ericsson's joint-venture Nanjing Ericsson Panda..... Blah blah blah...
Suffolk goes on to criticize the lack of laws, norms, standards, and protocols with regard to cyber security, and says the current environment allows nearly anyone to use malware and other internet-based attacks with impunity.
Because the laws, norms, standard and protocols have gaps, that means its ok?!?!?!
Are you really a babbling head for hire Mr. John Suffolk – a former UK government CIO who now serves as Huawei's global cyber security officer.
Update: After reading another article, it seems the 21st Century network Upgrade by BT, the CIO Matt Bross now moved to Huawei as well at their CTO.
Why is it all these people are selling out and just going as another high paid voice.
DDOS Command/Control opts to use Tor Project
In the past, a Bonet Master used to control his zombie's PC's (think remote control attackers) via Internet Relay Chat (IRC) which is a popular chat application.
The problem with that is it was fairly easy to infiltrate the chat room and see what the "master" was doing and the commands he/she was sending to the controlled nodes.
Now it appears the masters have gotten smarter and started using a peer-to-peer mechanism hidden inside the Tor network. This makes the communications channel encrypted and very difficult to track by way of session randomization.
Very interesting.
http://blog.gdatasoftware.com/blog/article/botnet-command-server-hidden-in-tor.html
Tor Project - https://www.torproject.org/
The problem with that is it was fairly easy to infiltrate the chat room and see what the "master" was doing and the commands he/she was sending to the controlled nodes.
Now it appears the masters have gotten smarter and started using a peer-to-peer mechanism hidden inside the Tor network. This makes the communications channel encrypted and very difficult to track by way of session randomization.
Very interesting.
http://blog.gdatasoftware.com/blog/article/botnet-command-server-hidden-in-tor.html
Tor Project - https://www.torproject.org/
Monday, September 10, 2012
1,000,000 UDIDs, names, phone numbers, Apple tokens stolen from an FBI notebook.
Hackers have dumped online the unique identification codes for one
million Apple iPhones and iPads allegedly lifted from an FBI agent's
laptop. The leak, if genuine, proves Feds are walking around with data
on at least 12 million iOS devices.
The listed UDIDs, which include gadget serial numbers and other data so apps can distinguish between individual devices, appear to be genuine.
From the pastebin article from the FBI
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
Find the full pastbin dump here
http://pastebin.com/nfVT7b0Z
The listed UDIDs, which include gadget serial numbers and other data so apps can distinguish between individual devices, appear to be genuine.
From the pastebin article from the FBI
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
Find the full pastbin dump here
http://pastebin.com/nfVT7b0Z
Monday, September 3, 2012
Human Exploitation at Samsung- I thought that practice was reserved for...
From the following
http://global.samsungtomorrow.com/?p=18331
but we identified workers under the age of 18 on site. These workers are over the age of 16 and are student workers or interns, and their presence is legal.
A system of fines for lateness or absences was found to be in operation
Certain health and safety measures were inadequate, such as a failure to provide access to a medical clinic.
And my favourite of all
Although the Samsung inspectors did not identify any underage workers while they were on site, there are currently student workers or interns under the age of 18 years old on site, comprising approximately 19% , or 520 people, of HEG’s workface
So, enroll them in school, and you can have up to 30% of your workforce be unpaid student interns. Nice!
http://global.samsungtomorrow.com/?p=18331
but we identified workers under the age of 18 on site. These workers are over the age of 16 and are student workers or interns, and their presence is legal.
A system of fines for lateness or absences was found to be in operation
Certain health and safety measures were inadequate, such as a failure to provide access to a medical clinic.
And my favourite of all
Although the Samsung inspectors did not identify any underage workers while they were on site, there are currently student workers or interns under the age of 18 years old on site, comprising approximately 19% , or 520 people, of HEG’s workface
So, enroll them in school, and you can have up to 30% of your workforce be unpaid student interns. Nice!
Global Firepower - Nation Rankings
GFP provides a unique analytical display of data covering global military powers with statistics compiled through various sources.
http://www.globalfirepower.com/
AMD Website hacked
AMD's word-press based blog site hacked and a number of usernames, emails and a few password hashes were uploaded back to the site to prove they were swiped.
AMD replaced its blog with a holding message stating the site was undergoing "routine maintenance". A screenshot can be found here.
http://www.theregister.co.uk/2012/08/20/amd_blog_hack/
AMD replaced its blog with a holding message stating the site was undergoing "routine maintenance". A screenshot can be found here.
http://www.theregister.co.uk/2012/08/20/amd_blog_hack/
Son of Red Bull owner arrested for fatal hit-and-run after Ferrari drags the body 200 meters
Based on other similar cases, let me make a quick prediction as to the outcome:
1. Suspended sentence, accidental death verdict, community service, no jail time.
2. Someone finds their bank account swells considerably.
Here's the story
http://www.nationmultimedia.com/national/Son-of-Red-Bull-executive-nabbed-for-alleged-fatal-30189622.html
Pic of the black ferrari (damaged)
Ferrari
What makes it interesting is the Pol. Lt. tried to bring in a scapegoat to take the fall.
http://www.nationmultimedia.com/breakingnews/Crime-inspector-of-Thonglor-police-station-seconde-30189618.html
The trail of motor oil back to the house of the car owner. Duhhhhhhh!!!!
http://twitter.com/faajung_Galz/status/242462436165308417/photo/1/large
1. Suspended sentence, accidental death verdict, community service, no jail time.
2. Someone finds their bank account swells considerably.
Here's the story
http://www.nationmultimedia.com/national/Son-of-Red-Bull-executive-nabbed-for-alleged-fatal-30189622.html
Pic of the black ferrari (damaged)
Ferrari
What makes it interesting is the Pol. Lt. tried to bring in a scapegoat to take the fall.
The trail of motor oil back to the house of the car owner. Duhhhhhhh!!!!
http://twitter.com/faajung_Galz/status/242462436165308417/photo/1/large
Sunday, September 2, 2012
Taiwan to increase budget for cyber warfare
Pirate Bay co-founder Arrested
Pirate Bay founder arrested in Cambodia
Shades of Assange as international warrants unleashedhttp://www.theregister.co.uk/2012/09/02/piratebay_founder_tracked_down_in_cambodia/
Subscribe to:
Posts (Atom)