11/16/12

White Hat Bot-Nets

gAtO wAs - reading Bloomberg BusinessWeek “ The Hacker of Damascus” Karin a 31-year-old doctor had spent the previous months protesting against the government of Damascus, he refuse to give up his friends names.

Before the arrest-/ before the torture/- they found a simple vulnerability thru Skypes they also got into his hard drive and as Karin said they arrested his computers data first them him. So now we see the black hats, spammer, cyber criminal tricks against people from their own governments. Is this the way it’s going to happen, we see the news today about 2 ladies and their General boy toys and WOW -mEoW.

In Georgia detains ministry for using malware to access opposition leaders computers – This is just another example of governments using criminal cyber tactics to gain intelligence from it’s own people.

 

 

The other side of the cyber struggles in Syria is Anonymous and their role in all this: On the other side, the hacktivist group Anonymous has infiltrated at least 12 Syrian government websites, including that of the Ministry of Defense, and released millions of stolen e-mails.  

Cyberspace and it’s tools (weapons) like Facebook, Twitter – can be used by both sides  in this evolving landscape of digital warriors. That is why gATo is sadden by how basic normal Internet tools can become killers and liberators. I guess I see the fog of cyberwar thru gATO eYe’S we have only seen defensive cyber tools so far Suxnet and others are only the beginning and the new economies that had no choice but a digital path into their infrastructure need to look at their own security a wee bit more close. DId Huawei (China’s Telecom Giant accused of having backdoor ) sell you those Network infrastructure pieces at a very cheap price -(lowest bidder (or a no-bid)contract) -well guess who is watching you…

SCADA cyber controls security SUCKs = infrastructure things (energy/transportation/communication/water/air) = fix them NOW

Since no Cyber Bill has gone before congress -President Obama after a major election went and signed  a-

US secret CYber Law singed by Pres. Obama -Nov 15, 2012

Rather, the directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the fully array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.

This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the U.S. Constitution, including the President’s role as commander in chief, and other applicable law and policies. http://killerapps.foreignpolicy.com/posts/2012/11/14/the_white_houses_secret_cyber_order

So now even 31-year-old doctors need to worry what they do and who they talk to and WHAT they talk about -/ also- in Facebook, Skype or any other web-App-  By the way —>These basic vulnerabilities can be found and exploited in any web-app – So this person may of worked at the water plant – or the electric plant what could these White Hat Bots have obtained?? These little White Hat BotNets may go rouge or may be captured this is about virtual digital world with a click of a mouse I GOT YOU!!! -PWN

Will this become the standard? The good and bad guy’s do it NOW- plant a virus suck up your disk / then check it out – BUT “if you got nothing to hide” well it’s OK then — right - gAtO oUt

11/15/12

Iran Sites Open 2 Joomla -K-CMS Hacking

Iran Sites Open 2 Joomla -K-CMS Hacking

gAtO wAs – in the kitty box scratching and found some sites in Iran that have the same problem that Syria has. Outdated older Content Management systems like Joomla and KCMS_1.0[2] and many other sites have Microsoft Visual Studio.NET 7.0. These require more research as to vulnerabilities but we are working on that. But gAtO found you guessed it Joomla 1.5 CMS all over the place. The same vulnerabilities that Syria has they have

This is easy to do with any browser do a search on any search engine “site:.gov.ir” and you will get a list of all the .gov.ir sites everywhere. Now remember with a translate button(on your browser) you can read these site in any language you want. The other trick is once you get to any site on your browser just go to >>Edit>>Source Code. and lot’s of sites will tell you the content creation: All sites in any language the HTML is always in english.

<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management” />

If your smart and are doing this in a government site I would remove this information. Now besides Joomla 1.5 gAtO found lots of sites with KCMS_1.0[2] and you guessed it again they are older versions and have vulnerabilities.  So now gAtO will publish this list and update it as we find more and more vulnerabilities. Why doe gATo do this. It my way of showing the world that anyone can help, anyone with any talent can contribute to making this world a better world. I hope this informtion helps someone to be free- gAtO oUt.

Some site have this warning be careful :This site may harm your computer.

Research Notes:

IRAN site:.gov.ir

http://xforce.iss.net/xforce/xfdb/33437 Apr 4, 2007 – CVE-2007-2106: Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.x allows remote attackers to ..

K-CMS (Kai Content Management System) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request to the index.php script using the current_theme parameter to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server.

Many of Irans site use ArPortal 7.1.2 while many others us Microsoft Visual Studio.NET 7.0

<meta name=”generator” content=”Expans! 1.5 – Open Source Content Management

[1] security tips for Joomla Websites http://www.itoctopus.com/10-security-tips-for-your-joomla-website

<META NAME=”GENERATOR” CONTENT=”ArianaPortal 7.1.2″>

[2] <meta name=”generator” content=”KCMS 1.0″ />

K-CMS (Kai Content Management System) index.php file include

http://www.sarvabad.gov.ir/

<meta name=”generator” content=”KCMS 1.0” />

http://www.abhar.gov.ir/index.php?limitstart=63

<meta name=”generator” content=“Joomla! 1.5 – Open Source Content Management. Developed By MamboLearn.com” />

http://www.abhar.gov.ir/

<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management. Developed By MamboLearn.com” />

pishva.gov.ir

<meta name=”generator” content=”Expans! 1.5 – Open Source Content Management

http://www.zanjan.gov.ir/

<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management. Developed By MamboLearn.com” />

http://chaloos.gov.ir/

<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management” />

http://mianeh.gov.ir/

<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management. Developed By Mambolearn.com” />

http://easabt.gov.ir/protocol/

<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management. Developed By Navid Iranian Co. Ltd” />

Saman Information Structure

http://ea.mim.gov.ir/

http://www.sadra-ntoir.gov.ir/

<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management” />

http://www.sarvabad.gov.ir

News – ????? ??? ????? ? ????? ???

sabtyazd.gov.ir/index.php?option=com_newsfeeds…id…

This site may harm your computer.

Joomla 1.5.15 Released. The Joomla Project is pleased to announce the immediate availability of Joomla 2.5.0. This is a security release. Version 2.5.0 is is the

www.khodabandeh.gov.ir/ – Translate this page

Copyright © 2009 — Webdesign aus Tirol – All Rights Reserved. Template Demo Joomla 1.5 Template by pc-didi.. Translate By : Meisam Heidarzadeh | hotfa.ir.

www.sabtyazd.gov.ir/index.php?… – Translate this page

This site may harm your computer.

C:\Inetpub\vhosts\sabtyazd.gov.ir\httpdocs\libraries\joomla\session\session. php %PDF-1.5 3 0 obj < > endobj 4 0 obj < > stream x?U?k A ?? ? :? ?Zz s

http://www.leader.ir/langs/en/

http://www.president.ir/en/

http://www.saamad.ir

iten.behdasht.gov.ir – Site News

11/14/12

What Are ToR Hidden Service?

gAtO tHiNkInG - anonymity serves different interest for different user groups; To a private citizen it’s privacy, to a business it’s a network security issue. A business needs to keep trade secrets or have IP (knowledge base data-centers), communicate with vendors securely and we all know that business need to keep an eye on there competition – the competition can check your stats

update -11-14-2012 -uscyberlabs.com Tor Hidden Servicehttp://otwxbdvje5ttplpv.onion gAtO built this as a test sandbox / honeypot — cool logs stats -DOWN 4 upgrade – 06-11-2013

(http://www.alexa.com/siteinfo/uscyberlabs.com) and check on how your business is doing, what keywords your using, demographics of users hitting your site—— by the way in the Tor-.onion network a web site/service cannot be monitored unless you want it…

How would a government use a ToR-network I’m asked all the time —

// if I was an (agent/business-person)state actor doing business in China (and other countries too) well I would use a ToR-.onion connection to keep my

business private from a government that is know to snoop a bit on travelers to their country. The fact is governments need anonymity for their security -think about it “What does the CIA Google for?” Maybe they us ToR??? But this is about Hidden services right.

 

What is a hidden service in ToR-.onion network?

SImply put it’s a web site/service, a place in the ToR network were we have a service like:

  • Search Engine
  • Directories
  • web / pop3 email
  • PM Private Messages
  • Drop Box’s
  • Re-mailers
  • Bulletin Boards BBS
  • Image Boards
  • Currency exchange
  • Blog
  • E-Commercce
  • Social Networks
  • Micro-Blog -

Hidden Services are called hidden, because your website’s IP in ToR is hidden- they cannot see the IP of your server — they can’t track you- if they can’t find you how are they gonna hack you???? Sorry I had to say that -((more about that later)). Now how do I keep this secret (my IP) and let you the user use my services. In the normal web if your in uscyberlabs.com your on my site,— my server -you can do a whois and get my IP and geo-location— then you can attack my website with dDoS and other IP attack vectors, you also get my location so you can physically find me- my server/my website – maybe go dumpster diving in the trash and get my company secrets— mAyBe sI – nO,

Well in the ToR-.onion network you the client ask the business website if they can use the websites service / then decide and start a handshake to a rendezvous POINT to meet  —we meet at an OR ((onion relay))-a rendezvous POINT) not at my server/ my IP — so your never ever on the business site/server when your in onionLand, you can’t do a whois and get my IP because we meet at an OR, you cannot find my geo-location…..

We have heard of the killings of Iranians and Syrian rebels being killed in todays news, when an Iranian rebel is fighting for his and his families life if they(the government) finds his IP or the IP of the website he visited // they will hunt that person down and the Iranian police/government will kill the whole family sometimes. So keeping an IP from someone is not an evil act it is an act of privacy for safety on both sides the client and the business.

you need to look at Figure 2 to explains this better:

Now let’s focus on R2 OR the yellow key. That’s the spot were you(your company’s hidden website) and your client meet — I know it’s a sneaky way of doing business but once again if they can’t get to your IP at least that is one attack vector that can’t be used to hack you or ddos you. OK they can still hack you but it’s software then. How it’s all done – the magic —the technical thingy to this is below —/this is just an outline of events of the client /hidden web/service protocol:














I goes something like this –

  • ESTABLISH RENDEZVOUS cell
  • INTRODUCE1
  • INTRODUCE2 cell
  • INTRODUCE ACK cell.
  • INTRODUCE2 cell
  • RENDEZVOUS1 cell
  • sends a RENDEZVOUS2 cell Chat
  • sends a RENDEZVOUS2 cell Blog
  • RENDEZVOUS ESTABLISHED cell

1. Whenever the rendezvous point receives a RELAY_COMMAND_RENDEZVOUS1  with the same cookie as the OR sent in the RELAY_COMMAND_INTRODUCTION1 cell it logs the reception and the IP address of the immediate transmitter of the cell. At the same time, the OR middle node monitors the circuits passing through it. Whenever it receives a DESTROY  cell over a circuit it checks:

1) whether the cell was received just after the rendezvous point received the RELAY_COMMAND_RENDEZVOUS1 cell;

2) if the next node of the circuit at the middle node coincides with the previous node of the circuit at the rendezvous point;

3) whether the number of forwarded cells is exactly 2 cells up the circuit and 52 cells down the circuit.

More Geek network kinda stuff::

1. Jun 03 20:50:02.100 [notice] Tor 0.2.1.0-alpha-dev (r14739) opening new log file.

2. Jun 03 20:50:11.151 [notice] We now have enough directory information to build circuits.

3. Jun 03 20:50:12.697 [info] rend_services_introduce(): Giving up on sabotage as intro point for stuptdu2qait65zm.

4. Jun 03 20:50:18.633 [info] rend_service_intro_established(): Received INTRO_ESTABLISHED cell on circuit 1560 for service stuptdu2qait65zm

5. Jun 03 20:51:18.997 [info] upload_service_descriptor(): Sending publish request for hidden service stuptdu2qait65zm

6. Jun 03 20:51:22.878 [info] connection_dir_client_reached_eof(): Uploaded rendezvous descriptor (status 200 (“Service descriptor stored”))

People ask me how can these hidden services be attacked???

It’s all the same as in the surface web you find the software the hidden service is using /// let’s say Worpress (or flatPress) if they use an old version with vulnerabilities then, that site can be hacked by traditional hacking attack vectors— gAtO can’t wait till USCyberLabs.com will have a sandbox in the .onion were we can have a honeypot for people to hack and learn from.  (we need Funding for these project donate please – we will share) gAtO has not tried Backtrack 5 on ToR-.onion network – mAyBe sI -nO – uscyberlabs.com has been hacked a few times already and is consistently fighting bot’s and spammer, it goes on and on.everywhere-.-.-.-

Here are some technologies used in the ToR-.onion network:

update -11-14-2012 -uscyberlabs.com Tor Hidden Service = http://otwxbdvje5ttplpv.onion gAtO built this as a test sandbox and it turned into a honeypot — cool logs stats

TorStatusNet – http://lotjbov3gzzf23hc.onion/   is a microblogging service. It runs the StatusNet microblogging software, version 0.9.9, available under the GNU Affero General Public License.

FlatPress is a blogging engine like -Wordpress blog http://flatpress.org/home/   – http://utup22qsb6ebeejs.onion/

Snapp BBS works fine in OnionLand - http://4eiruntyxxbgfv7o.onion/ -

PHP BBS – http://65bgvta7yos3sce5.onion/

Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.  – http://ay5kwknh6znfmcbb.onion/torbook/

Anyway I hope this open up the mystery of a hidden service in ToR – it’s just a website, you go to a rendezvous point and do your business — your IP and the business IP are totally secure. No digital breadcrumbs. Now a word to the wise in the ToR-.onion network you have some very tech savvy people and some are very stupid be a critical-cyber user always -gAtO oUt.

11/13/12

Protocol-Level Hidden Server Discovery -WRONG

sOrRy – AROGANT gAtO - Open letter to:zhenling – jluo -wkui – xinwenfu – at seu.edu.cn cs.uvic.ca cs.uml.edu  – I wrote to you and gave you a chace to reply so her it goes for everyone to see that you rigged your lab in real life it does not work like you claim – gATO OuT – may be wrong mAyBe Si -nO 

zhenling@seu.edu.cn
jluo@seu.edu.cn
wkui@cs.uvic.ca
xinwenfu@cs.uml.edu

Protocol-Level Hidden Server Discovery

Since entry onion router is the only node that may know the real IP address of the hidden service— -note [3] The assumption was made in virtually all attacks towards the Tor network. This is reasonable because onion networks routers are set up by volunteers.

WRONG folks — So criminals work in these sterile structured surrounding – following rules and making assumptions that I’m stupid enough to not know how to control ENTRY and EXIT nodes into my Tor Website— COme on Dudes this is not school it’s the real world… otwxbdvje5ttplpv.onion here is my site now find my IP —

WHo am I – Richard Amores – @gAtOmAlO2 – I run http://uscyberlabs.com – I just finished a boot -“ The Deep Dark Web” Amazon New eBook -The Deep Dark Web – http://www.amazon.com/dp/B009VN40DU   Print Book – http://www.amazon.com/The-Deep-Dark-Web-hidden/dp/1480177598 :- I do a we bit of real life research and I disagree — I go thru a proxie and a VPN in EU… before I go into Tor so the chances that you will find my IP just went up a notch or too. But I’m a legit – Security Researcher – imagine if I run Silk Road — making a bunch of Bitcoins a DAY— how many layers do they have—

how about a basic BRIDGE RELAY — and there it goes – u can’t touch this — how about a simple modification of the torrc file with these
HiddenServiceAuthorizeClient AND – HidServAuth
with these few modification the Tor site is hidden unless you have the key (HiddenServiceAuthorizeClient) in your browser/- that was generated to match the HidServAuth)-of the server– I think that your chances of finding my mean ass hidden service ip address —are ZERO…

I like what you’ll did cool analyst and you explained it great – but this puts fear into people – dissidents will maybe not use Tor because of what you guy’s say and maybe they may get caught and killed… It’s not only CRIMINALS — I know that gets grants money — but Tor is used to communicate and it allows – Freedom of Speech in Cyberspace- I’m gonna write something about this and I want to be nice so please explain why — you can say from an educational place of knowledge and allow this – “in the box” thinking that is being hacked everyday because they say— we did everything they told us to do— this is wrong and not true —

If you could get the IP of Silk Road — or better yet – PEDO BEAR the largest PEDO directory in TOR — tell me the IP and I will take it down myself— but don’t come at me saying we are right and every hacker is wrong  — learn please our world is depending on your great minds —

later,
RickA- @gAtOmAlO2 http://uscyberlabs.com

Here is the original paper —http://www.cs.uml.edu/~xinwenfu/paper/HiddenServer.pdf
A recent paper entitled Protocol Level Hidden Server Discovery, by Zhen Ling, Kui Wu, Xinwen Fu and Junzhou Luo.  Paper is starting to be discussed in the Tor community.  From my perspective, it is a nice attack to reveal the IP address of a hidden service.  It would require resources to actually implement effectively, but for Law enforcement trying to shutdown and arrest owners of illegal websites selling drugs, weapons, or child pornography and are hiding behind Tor, it is an option.  Of course that also means the capability to find anyone that might be doing something a government or large entity does not agree with. The paper is here.
This stuff reminds me of a statement a professor said to a class I was in once:  “Guns are not good or bad.  It depends on who is holding the gun and which end is pointed at you.”

11/13/12

CYber Investigation over General Patraeus

CYber Investigation over General Patraeus

gAtO rEaD – NO CRIME committed- that the investigation for the top CIA general was because someone sent an eMail that said” I saw you touching the Generals leg at Dinner -Stop It” Yeah so one lady said to another lady – STOP MESSING WITH MY MAN – Pow – ZAP they get a court order to go thru someones eMail.

So if we take this premise that Judges will sign -COURT ORDERS to search your emails and any other emails that link it because of a jealous lover. It looks to gAtO that they have to much POWER – or the FBI is gonna search everyones emails now – legally. Court Ordered

This should send shock waves thru our industry – everyone is now warned that anyone’s email can be open to LE anytime and just about for any reason. I trusted the system, I trusted the Judges but lack of a crime should of not happened. There was NO CRIME committed the investigation turned out. But it has now taken down the reputation of 2 generals. NO CRIME

Now these are 2 famous generals what chance do mere mortals have that our eMails are going to be court order to investigate why simply because they can now. This shows to me the lack of justice or the erosion of justice that is coming down the cyber pipelines. If this is now a wake up call for security professionals to wake up and smell the coffee. Your email will be next unless we support less government control of our digital rights.

Freedom of Speech in cyberspace is a right not a privilege -gAtO oUt

http://www.cbsnews.com/8301-18563_162-57548694/fbi-role-in-petraeus-investigation-questioned/

mEoW

11/7/12

FEMA Cyber alert for Storm

gATO got- this email from FEMA after the election that’s pretty cool for government – gATO is the first to bItCh and mEoW about Governments – but Good Job Cyber FEMA….- gAtO OuT

Community Preparedness e-Brief

Follow us on Twitter for preparedness tips and announcements!

Nor’easter Impacting Areas Still Recovering from Hurricane Sandy – Ensure You Are Prepared

A Nor’easter is approaching the northeast today, including those areas still recovering from Hurricane Sandy. This Nor’easter is expected to bring strong winds, rain and even snow throughout today into Thursday. As the storm makes its way up the coast, we are asking you to do the following:

  1. Read and share this email;
  2. Visit http://www.ready.gov/winter-weather;
  3. Like and share FEMA’s Facebook page posts;
  4. Follow and retweet @ReadyDotGov tweets; and
  5. Download and share these useful apps: FEMA – Android, Apple, Blackberry

Given the power has not yet been fully restored in some areas, state and local governments are opening warming stations in anticipation of the Nor’easter. To find more about these warming stations and other open shelters, visit:

New York State

www.dhses.ny.gov/oem/

www.nyc.gov/html/misc/html/2012/warming_ctr.html

 

New Jersey

www.nj.gov/nj/home/features/spotlight/hurricane_sandy.shtml

www.nj211.org/hurricane.cfm

 

Connecticut

www.ct.gov/sandy

For those within an area expected to be impacted by this current storm, below are some simple steps one should take now to prepare:

  • Follow the direction of local officials – if told to evacuate, listen to the direction of your local officials and evacuate immediately.
  • Know the forecast for your area – listen to your NOAA weather radio and local news reports, or visit weather.gov for conditions in your area.
  • Check on your neighbor – make sure they are also prepared for the weather.
  • Have an adequate communication planbe sure friends and family know how to contact you. Text messages can often get around network disruptions when a phone call might not get through.

FEMA continues to support both recovery operations as a result of Hurricane Sandy as well as preparedness efforts associated with the Nor’easter. Additional commodities including food, water, blankets, and generators are currently being delivered to distribution points across the region impacted by Sandy. FEMA is also pre-positioning even more resources and supplies for its state and local partners to respond, if necessary, to the Nor’easter.

Community Relations Teams are on the ground, going door-to-door, letting individuals know how to register with FEMA for financial assistance and how to prepare for the upcoming storm.  More than 277,000 people have applied for financial assistance, and more than $250 million in assistance has been approved.

Prepare for hazards in YOUR area

Although you may not be in the path of this forecasted storm, now is a good time to review the potential hazards where you live. Knowing likely risks for your area, whether snow storms, earthquakes or tornadoes and knowing what to do when a disaster strikes is a critical part of being prepared and may make all the difference when seconds matter.

Local emergency management offices can help you identify hazards in your community and can outline the local plans and recommendations for each. Be sure to share this information with family, neighbors, colleagues and friends – talking about preparedness helps everyone be ready, “just in case.” Use the links below to make your family, business and community safer, more resilient and better prepared for any disaster event.

For further information regarding these safety tips or other post hurricane safety recommendations, visit www.fema.gov or www.ready.gov.

We want to hear your suggestions on how we can improve our communications to you, be sure to email us at citizencorps@dhs.gov.

 

11/6/12

Dutch government to give law enforcement authorities the power to hack into computers. This also means hidden servers on tor

gAtO ThInK - It’s time to fight back and tighten the security!

The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations.

The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations.

In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the government’s plan to draft a bill in upcoming months that would provide law enforcement authorities with new investigative powers on the Internet.

According to the letter, the new legislation would allow cybercrime investigators to remotely infiltrate computers in order to install monitoring software or to search them for evidence. Investigators would also be allowed to destroy illegal content, like child pornography, found during such searches.

These investigative powers would not only cover computers located in the Netherlands, but also computers located in other countries, if the location of those computers cannot be determined.

However, if the investigators can establish that a computer of interest is located in a foreign country, they will have to ask for assistance from the authorities in that country.

In his proposal, Opstelten used a case in which investigators from the Dutch National Police infiltrated “hidden” Tor websites that hosted child pornography, as an example of a situation in which the geographical location of the computers couldn’t be determined.

The Tor network allows its users to set up so-called “hidden services” that are only accessible from within the network using special addresses. When accessing such a service, a user’s connection is routed through several random Tor nodes, which prevents him from determining the real Internet Protocol (IP) address of the server hosting the service.

The Dutch police investigation referenced by Opstelten in his letter took place in August 2011 and two of the infiltrated Tor websites were hosted on servers located in the U.S.

The new legislation will provide strict safeguards for the proposed investigative powers, Opstelten said. Law enforcement authorities will only be able to exercise such powers when investigating offenses that carry a maximum prison sentence of four years or more and only after obtaining authorization from a judge, he said. Furthermore, all such actions will be automatically logged and the logs will be accessible for later review.

Cybercrime is a serious problem that needs to be tackled, but the proposed measures are not the right ones and they pose a serious risk to cybersecurity, Ot van Daalen, the director of Dutch digital rights organization Bits of Freedom, said Friday.

First of all, allowing police investigators to hack computers in other countries might encourage other governments to introduce similar legislation, but not necessarily with the same limitations, van Daalen said. “This could escalate into a digital arms race.”

The proposed legislation would create an incentive for governments to keep software vulnerabilities secret because they would need to exploit those vulnerabilities to attack systems used by cybercriminals, van Daalen said.

There are already security companies and independent researchers that sell zero-day exploits — exploits for unpatched vulnerabilities — to governments instead of reporting the vulnerabilities to vendors. In addition, some governments have openly admitted to developing military cyberoffensive capabilities.

Van Daalen believes that expanding the potential use of such exploits by law enforcement agencies will help the zero-day exploit market grow, which in turn will result in fewer vulnerabilities being reported and patched.

Governments could also pressure vendors to delay fixing vulnerabilities, van Daalen said. An example of this was when the Dutch government convinced Microsoft to delay the blacklisting of the DigiNotar digital certificates on Windows computers in the Netherlands for a few days in order to allow the government to take measures, despite the fact that the issue represented a security risk for all Windows users in the country, he said.

“There’s no doubt that there’s already a growing (and disquieting) market in the for-fee disclosure and exploitation of vulnerabilities, and this proposal could certainly further legitimize it: the possible advantages in terms of action against criminals (leaving aside ethical objections) have to be balanced against the likely, deleterious effects on the community of Internet users as a whole,” said David Harley, a senior research fellow at antivirus vendor ESET, via email on Friday.

Harley agrees with van Daalen that the proposed legislation could have a global impact. “It’s not possible to guarantee that the effects of these measures will be restricted to criminal elements: if the proposal succeeds in its present form, collateral damage in terms of the application of monitoring and attack technologies could be worldwide,” he said.

“Is it really feasible to take this approach effectively without breaching the sovereignty of other states? Even if agreement could be reached with other states on international legislation, does this proposal take into account the quid pro quo of giving foreign agencies such sweeping rights of access to the systems of its own citizens?,” Harley asked. “It seems to me that there’s a parallel here with the fact that many in the U.S. seem quite happy with alleged cyberespionage and sabotage against Iran yet show surprise and discontent that those claims have been used as justification for similar action by other nations.” - gATO OuT

 

11/4/12

FBI and Cyber-Security oxymoron

gAto rEaD -The FBI is planning to have a geek squad to look for the coders of Botnets -WRONG they should go after the Bot’s and c&c already online—

Kevin Mitnick discounted the FBI’s plans to build a “cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code.” – Kevin knows that hackers trade code and pick / slice and dice functions and code in hacker sites.

gAtOmAlO sAy’s

Some sites train n00bs – newbies bot-masters to send them out-/ they get caught and the commercial ones the ones that learned and survived share the knowledge.

“The signal goes everywhere and so do I” -gAtOmAlO -

We can’t stop the knowledge and we can’t stop the coders new ones come and go everyday – new ones quit and new ones start. Code is a function and the same function can be written in so many different ways.

Crunch away FBI scientist while new FUD mask the next wave of Bot-nets with a simple variant of Zeus or SpyEye and you got a new Bank attempt. They are all free in the wild so anyone that wants the code get’s it Free…. check YouTube guy’s “How 2 Zeus”

If you want to go after the Bot-nets you work with the front lines ISP and system admins – If the FBI would only tap into the FREE information that is available from some of the best minds. Just ask us and we will help. I hear Penetta Scream “Cyber 9/11” come on –If we need cyber security people  just go on LinkedIn and pick and ASK US we will help in ways that you have no idea.

Crowd source problems into the web and see who comes up with a solution to a problems- we have so many new ways to use the masses of people in cyberspace and social media to help and protect not just our country but we can help any other country as we learn more about cyber security. We are your biggest problem and your biggest solution to the cyber security problem…

Sorry gATO’s dealing with the FBI and the lack of respect they give people that help them, makes me sick. But keep on- keeping on FBI -and the rest of the White Hats – don’t you see, open your eyes…where here to help -gATO OuT 

FBI cybersecurity shift draws skepticism from experts

Kevin Mitnick, the former hacker turned security consultant, is one who doubts focusing on criminals rather than attacks would slow them

http://www.csoonline.com/article/720331/fbi-cybersecurity-shift-draws-skepticism-from-experts

11/4/12

Chuck Norris “The Programmer” Jokes

1. When Chuck Norris throws exceptions, it’s across the room.

2. All arrays Chuck Norris declares are of infinite size, because Chuck Norris knows no bounds.

3. Chuck Norris doesn’t have disk latency because the hard drive knows to hurry the hell up.

4. Chuck Norris writes code that optimizes itself.

“The Programmer” Chuck Norris

5. Chuck Norris can’t test for equality because he has no equal.

6. Chuck Norris doesn’t need garbage collection because he doesn’t call .Dispose(), he calls .DropKick().

7. Chuck Norris’s first program was kill -9.

8. Chuck Norris burst the dot com bubble.

9. All browsers support the hex definitions #chuck and #norris for the colors black and blue.

10. MySpace actually isn’t your space, it’s Chuck’s (he just lets you use it).

11. Chuck Norris can write infinite recursion functions…and have them return.

12. Chuck Norris can solve the Towers of Hanoi in one move.

13. The only pattern Chuck Norris knows is God Object.

14. Chuck Norris finished World of Warcraft.

15. Project managers never ask Chuck Norris for estimations…ever.

16. Chuck Norris doesn’t use web standards as the web will conform to him.

17. “It works on my machine” always holds true for Chuck Norris.

18. Whiteboards are white because Chuck Norris scared them that way.

19. Chuck Norris doesn’t do Burn Down charts, he does Smack Down charts.

20. Chuck Norris can delete the Recycling Bin.

21. Chuck Norris’s beard can type 140 wpm.

22. Chuck Norris can unit test entire applications with a single assert.

23. Chuck Norris doesn’t bug hunt as that signifies a probability of failure, he goes bug killing.

24. Chuck Norris’s keyboard doesn’t have a Ctrl key because nothing controls Chuck Norris.

25. When Chuck Norris is web surfing websites get the message “Warning: Internet Explorer has deemed this user to be malicious or dangerous. Proceed?”.