Topic: SECURITY - on December 29, 2011 at 1:03:00 PM CET
STRATFOR Offers Members Free Identity Protection
I'm Fred Burton, STRATFOR's Vice President of Intelligence. As you may know by now, an unauthorized party illegally obtained and disclosed personal information and related credit card data of some of our members.
As a result, we have arranged for all STRATFOR members to receive 1 year of free identity protection coverage from CSID, a leading provider of global identity protection.
... Link (0 comments) ... Comment
Topic: SECURITY - on December 27, 2011 at 10:20:00 AM CET
"Behind Enemy Lines": Hackerkongress 28C3 in Berlin gestartet
Der Chaos Computer Club (CCC) diskutiert ab heute auf seinem "Chaos Communication Congress (28C3)" über netzpolitische Themen und nimmt Sicherheitlücken ins Visier. Der größte Hackerverein Europas erwartet bis zu 4000 Teilnehmer im Berliner Congress-Center am Alexanderplatz.
derstandard.at Official Streams and Recordings – 28C3 youtube 28c3's Channelold shit
... Link (0 comments) ... Comment
Topic: SECURITY - on December 25, 2011 at 10:56:00 PM CET
stratfor private EU client list
360∞ MEDIZIN 7Q Financial Services Ltd Abaxon ABB Accendx Management, LLC Accenture Actagon AB Acuitas (London) Ltd Aegis Defence Services
Aerospace Defence Italy s.r.l. Alcatel-Lucent Assembly of Western European Union
Austria Tabak GmbH Austrian Armed Forces
Bank Julius Bär BASF Corporation Bausch and Lomb Belux Bp Exploration (Caspian Sea) Limited
Credit Suisse Das Kapital Capital DER SPIEGEL DEUTSCHE BANK Deutsche Bank AG Deutsche Bank AG Hong Kong Branch Dresdner Kleinwort
Embassy of Italy Embassy of Romania Embassy of Sweden Euro Guild eurocology Europacific Marketing, Inc.
EUROPEAN COMMISSION European Commission - League of Arab States Liaison Office European Commission ECHO Amman European Parliament Europol INTERPOL National Bank of Romania NATO nestle Shell Shell Chemical Shell Chemical Co. Shell International E&P Siemens Sigillum GmbH SWF Swift Swiss & Global Asset Management Swiss Agency for Development and Cooperation Swiss Agency for Development and Cooperation Swiss Agency for Development and Cooperation Swiss Federal Chancellery Swiss Reinsurance Company Ltd telekom deutschland gmbh Weiss & Partner Zumtobel Lighting Ltd. Zurich State Police
... Link (0 comments) ... Comment
Topic: SECURITY - on December 25, 2011 at 9:46:00 PM CET
Stratfor hack NOT Anonymous ?
A press release is circulating, saying that the Stratfor hack is not the work of Anonymous. However, it is difficult to tell who is correct. -----------------------------
Emergency Christmas Anonymous Press Release
-------------------------------------------
12/25/2011
THE STRATFOR HACK IS NOT THE WORK OF ANONYMOUS
Stratfor is an open source intelligence agency, publishing daily reports on data collected from the open internet. Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait.
The leaked client list represents subscribers to a daily publication which is the primary service of Stratfor. Stratfor analysts are widely considered to be extremely unbiased. Anonymous does not attack media sources. In this excerpt from Time, there is a brief description of how Stratfor analysts uncovered a possible US backed coup in Iraq preceding the US invasion.
Update: The team responsible for #Stratfor is neither located on nor affiliated with #AnonOps. AnonOps was just used for public chan.
Update2: SPECIAL NOTICE: We are aware that there has been some confusion as to whether the STRATFOR hack is an "official" Anonymous operation, due to a ridiculous "Emergency Anonymous Press Statement" being circulated, undermining our work while also making baseless accusations that we frequently see perpetrated by agent provocateurs. Whether this is the work of malicious counter-intelligence,, some butthurt pacifists, or stratfor employees themselves is unknown. Unfortunately, some main stream news agencies have picked up on this statement, looking for any reason to highlight and exploit any potential "inner divisions” within Anonymous. However, there has been no such squabble or infighting regarding the STRATFOR target, or any other LulzXmas target for that matter. Anyone can claim to be Anonymous, but because of the inherent decentralized nature of Anonymous, without central top-down leadership, no individual is in a place to speak to the legitimacy of another individual or group’s operation. Furthermore, our history of owning high profile targets as Anonymous has been well documented at the #antisec embassy (ibhg35kgdvnb7jvw.onion) and is well known and respected within all Anon communities. Case closed. Update2
... Link (0 comments) ... Comment
Topic: SECURITY - on December 25, 2011 at 9:07:00 PM CET
Anonymous - Lulzxmas
... Link (0 comments) ... Comment
Topic: SECURITY - on December 25, 2011 at 5:22:00 PM CET
Hackers target US security think tank
Hackers on Sunday claimed to have stolen 200 GB of e-mails and credit card data from United States security think tank Stratfor, promising a weeklong Christmas-inspired assault on a long list of targets.
Members of the loose hacking movement known as "Anonymous" posted a link on Twitter to what it said was Stratfor's secret client list - including the U.S. Army, the U.S. Air Force, Goldman Sachs and MF Global.
"Not so private and secret anymore?," the group taunted in a message on the microblogging site.
Anonymous said it was able to get credit details, in part, because Stratfor didn't bother encrypting them - an easy-to-avoid blunder which - if true - would be a major embarrassment for any security company.
ap.org washingtonpost.com cbsnews.com businessinsider.com mashable.com huffingtonpost.com stratfor private client list Full message On stratfor.com This is a CACHE (mirror) page of the site when it was saved by our robot on 2011-12-24 20:39:14 stratfor.com Stratfor [wiki]
... Link (0 comments) ... Comment
Topic: SECURITY - on December 25, 2011 at 5:06:00 PM CET
Stratfor: "Schatten-CIA" von Anonymous gehackt
Mitglieder von Anonymous und LulzSec haben einen Angriff auf die geopolitische Beraterfirma Stratfor durchgeführt und eigenen Angaben zufolge 200 Gigabyte an E-Mails und Kreditkarten-Daten ergattert. Als Beweis veröffentlichte Anonymous die geheime Liste an Unternnehmenskunden, die auf die Beratungsdienste des US-Unternehmens zurückgreifen, wie etwa die US Army, US Air Force und Goldman Sachs. Stratfor gilt zudem als wichtige Informationsquelle der CIA.
... Link (0 comments) ... Comment
Topic: SECURITY - on December 20, 2011 at 1:53:00 PM CET
Full-Disk-Encryption Crash-Course - Bradley Manning hat forensisch wiederherstellbare Spuren hinterlassen
OK, Leute, guter Vorsatz fürs neue Jahr: lernt, wie man Full Disk Encryption benutzt, und wie man alle Daten auf einem System wegnullt. Das sind heutzutage essentielle Fähigkeiten, die jeder haben sollte, ob er nun was zu leaken plant oder nicht. Dämlicher Anfängerfehler, wegen sowas dann überführt zu werden.
This is not a hacking presentation, no vulnerabilities are presented. It’s a crash-course in full-disk-encryption (“FDE”) concepts, products and implementation aspects. An overview of both commercial and open-source offerings for Windows, Linux, and MacOSX is given. A (programmer’s) look at the open-source solutions concludes the presentation.
wegnull
Für das Überschreiben existieren international anerkannte Standards. Der 5220.22-M-Standard des US-Verteidigungsministeriums gibt beispielsweise vor, vertrauliche Daten ein Mal mit einem beliebigen Bitmuster zu überschreiben, und anschließend drei weitere Male mit einem jeweils anderen Muster. Der VSITR-Standard des Bundesamtes für Sicherheit in der Informationstechnik hingegen verlangt eine siebenmalige Überschreibung der Daten, wobei bei den ersten sechs Durchgängen das Bitmuster des vorherigen Durchgangs umgekehrt wird.
Im letzten Löschvorgang wird der gesamte Datenträger mit dem Muster "01010101" überschrieben. Zu den bekannteren Ansätzen gehören noch die unterschiedlichen Löschungs-Algorithmen der Sicherheitsexperten Bruce Schneier und Peter Gutmann - dessen sichere, aber sehr zeitaufwändige Methode der Datenzerstörung ganze 35 Überschreibungsvorgänge empfiehlt.
DoD 5220.22-M National Industrial Security Program Operating Manual (NISPOM) [pdf] Gutmann-Methode [wiki] Secure Deletion of Data from Magnetic and Solid-State Memory Darik's Boot And Nuke
Das wird immer inkriminierender, was die Forensiker von Mannings Macbook gepopelt kriegen. Jetzt haben sie Chatlogs gefunden, die angeblich zwischen Manning und Assange spielen und von dem nochmal-schicken von Regierungs-Daten handeln.
While the chat logs were encrypted, Johnson said that he was able to retrieve the MacBook’s login password from the hard drive and found that same password “TWink1492!!” was also used as the encryption key.</p>
... Link (0 comments) ... Comment
Topic: SECURITY - on December 20, 2011 at 1:46:00 PM CET
Neue Spuren führen zu Wikileaks-Gründer Assange
Die Beweislast gegen Bradley Manning wächst. Dateien scheinen zu belegen: Der US-Soldat war die Quelle Abertausender Geheimdokumente, die WikiLeaks veröffentlichte. Neue Hinweise gibt es auch für eine Verbindung zwischen Manning und Julian Assange - für den viel auf dem Spiel steht.
Bradley Manning hat versucht, Spuren zu verwischen. Das sagten Computerforensiker im Prozess gegen den ehemaligen Obergefreiten der US-Armee aus. Manning verschlüsselte demnach Dateien, nutzte abhörsichere Kommunikationskanäle und überschrieb seine Festplatte. Und doch scheint der Soldat erdrückende Beweismittel dafür hinterlassen zu haben, dass er die Quelle Abertausender geheimer Dokumente der US-Armee und des US-Außenministeriums war, die schließlich bei WikiLeaks landeten.
Im Moment wird entschieden, ob Manning vor ein Kriegsgericht kommt - wird er der schwersten Anschuldigungen überführt, droht ihm lebenslange Haft. Doch die Anhörung, die derzeit stattfindet, hat nicht nur Implikationen für den 24-jährigen Manning. Auch die Zukunft von WikiLeaks-Gründer Julian Assange könnte vom Verlauf des Prozesses abhängen.
... Link (0 comments) ... Comment
Topic: SECURITY - on December 20, 2011 at 10:57:00 AM CET
Tip for Bad Guys: Burn, Don't Shred
To most people, 10,000 slivers of shredded paper are as good as trash. To three coders in San Francisco, they’re a challenge—especially when the jumbled mass of paper once made up five classified government documents.
The trio were not hackers trying to steal state secrets, but participants in a contest run by the Defense Advanced Research Projects Agency (Darpa), the government group that funds high-tech military research. In October, Darpa offered $50,000 to the first group to piece together the shredded documents or the one that made the most progress by Dec. 4. In previous Darpa tournaments, participants have been asked to build robotic cars or use the Internet to find balloons scattered across the country. The goal of the paper shredder puzzle was to unearth technologies that could be used for national security.
... Link (0 comments) ... Comment
Topic: SECURITY - on December 19, 2011 at 10:43:00 PM CET
Forensic Examiner Found No Match of Cables on Manning’s Laptop to WikiLeaks’
A day after a government forensic expert testified that he’d found thousands of diplomatic cables on the Army computer of suspected WikiLeaks source Bradley Manning, he was forced to admit under cross-examination that none of the cables he compared to the ones WikiLeaks released matched.
Special Agent David Shaver, a forensic investigator with the Army’s Computer Crimes Investigations Unit, testified Sunday that he’d found 10,000 U.S. diplomatic cables in HTML format on the soldier’s classified work computer, as well as a corrupted text file containing more than 100,000 complete cables that had been converted to base-64 encoding.
Six months after Manning was arrested for allegedly leaking documents to WikiLeaks, the site began publishing 250,000 U.S. diplomatic cables that ranged in date from December 1966 to the end of February 2010. But Shaver said none of the documents that he found on Manning’s computer, and that he then compared to those that WikiLeaks published, matched the WikiLeaks documents.
... Link (0 comments) ... Comment
Topic: SECURITY - on December 19, 2011 at 1:01:00 PM CET
'XSS on steroids' crafted to highlight web security holes
A hacker has published code for potent cross-site scripting attacks that he claims go beyond the usual cookie stealing and phishing for users' private details.
Cross-site scripting (XSS) flaws allow attackers to present content under their control in the context of a vulnerable yet trusted site, thus tricking marks into handing sensitive information to miscreants. As well as creating a means to present pop-ups that link to a hacker-controlled site, XSSes can also lead to cookie theft.
Niklas Femerstrand is the hacker who in October 2011 discovered that a debugging tool on the American Express website was vulnerable to an XSS flaw. He developed an "XSS on steroids" script while researching a similar flaw on the website of an unnamed Swedish bank.
... Link (0 comments) ... Comment
