Daily Archives: November 16, 2012

11/16/12

White Hat Bot-Nets

gAtO wAs - reading Bloomberg BusinessWeek “ The Hacker of Damascus” Karin a 31-year-old doctor had spent the previous months protesting against the government of Damascus, he refuse to give up his friends names.

Before the arrest-/ before the torture/- they found a simple vulnerability thru Skypes they also got into his hard drive and as Karin said they arrested his computers data first them him. So now we see the black hats, spammer, cyber criminal tricks against people from their own governments. Is this the way it’s going to happen, we see the news today about 2 ladies and their General boy toys and WOW -mEoW.

In Georgia detains ministry for using malware to access opposition leaders computers – This is just another example of governments using criminal cyber tactics to gain intelligence from it’s own people.

 

The Hacker of Damascus – http://www.businessweek.com/articles/2012-11-15/the-hackers-of-damascus  

Georgia detains Dozen Interior Ministry “Cyber Spies” http://www.brecorder.com/world/europe/91030-georgia-detains-dozen-interior-ministry-cyber-spies.html 

The other side of the cyber struggles in Syria is Anonymous and their role in all this: On the other side, the hacktivist group Anonymous has infiltrated at least 12 Syrian government websites, including that of the Ministry of Defense, and released millions of stolen e-mails.  

Cyberspace and it’s tools (weapons) like Facebook, Twitter – can be used by both sides  in this evolving landscape of digital warriors. That is why gATo is sadden by how basic normal Internet tools can become killers and liberators. I guess I see the fog of cyberwar thru gATO eYe’S we have only seen defensive cyber tools so far Suxnet and others are only the beginning and the new economies that had no choice but a digital path into their infrastructure need to look at their own security a wee bit more close. DId Huawei (China’s Telecom Giant accused of having backdoor ) sell you those Network infrastructure pieces at a very cheap price -(lowest bidder (or a no-bid)contract) -well guess who is watching you…

SCADA cyber controls security SUCKs = infrastructure things (energy/transportation/communication/water/air) = fix them NOW

Since no Cyber Bill has gone before congress -President Obama after a major election went and signed  a-

US secret CYber Law singed by Pres. Obama -Nov 15, 2012

Rather, the directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the fully array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.

This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the U.S. Constitution, including the President’s role as commander in chief, and other applicable law and policies. http://killerapps.foreignpolicy.com/posts/2012/11/14/the_white_houses_secret_cyber_order

So now even 31-year-old doctors need to worry what they do and who they talk to and WHAT they talk about -/ also- in Facebook, Skype or any other web-App-  By the way —>These basic vulnerabilities can be found and exploited in any web-app – So this person may of worked at the water plant – or the electric plant what could these White Hat Bots have obtained?? These little White Hat BotNets may go rouge or may be captured this is about virtual digital world with a click of a mouse I GOT YOU!!! -PWN

Will this become the standard? The good and bad guy’s do it NOW- plant a virus suck up your disk / then check it out – BUT “if you got nothing to hide” well it’s OK then — right - gAtO oUt

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/11/black_bots_-300x168.jpgDigg ThisSubmit to reddit
11/16/12

Secure BitCoin Trading Online

Bitcoin users may want to trade bitcoin directly with each other in what is known as an over-the-counter market. This topic is a guide on how to set up your online identity and includes some best practices for trading with others in the Bitcoin community.

Introduction:

Within the Bitcoin community, individuals should be careful with their security and identity, primarily for two reasons:

1. At this time, there is little in the way of law enforcement. No court has dealt directly with a significant theft of bitcoins or determined Bitcoin’s legal status. Bitcoin users are for the most part, on their own.

2. In lieu of legal action and lack of community trust outside the Bitcoin system itself, one’s reputation has become the focus for building trust relationships with others in the community. Traders will take very little risk with new users who have not proven themselves (as one user can easily commit continuous fraud using many different identities.

Credit Cards 2 BTC-Bitcoin – BTC-Bitcoin 2 Credit Cards

The Bitcoin community uses a few tools to help protect privacy, and thus identity. The first and most important is a secure computer.

Before proceeding please make sure you have completed the Securing Your Computer guide; this guide assumes that your computer is secure both physically and in software.

If you are trading within Canada you are encouraged to use Interac e-transfer and Clearcoin (now closed) as outlined on this page.

Creating a secure identity:

The first step is to create a cryptographically secure public-private key-pair. This will be used as the basis of keeping both your wallet (see Securing your wallet) and your identity secure.

Creating your first PGP key-pair

A PGP key-pair serves two very important functions:

1. To sign information with an unforgeable signature

2. To decrypt things that other people encrypt for you

This allows you to both conduct business privately (encryption), and give out promises that you cannot deny making (signature).

Installing GPG

Virtually all GNU/Linux distributions include GPG in their default configurations, but Microsoft Windows users will need to install additional software.

Microsoft Windows:

On Windows, the recommend package that contains GPG is the Git package by the msysgit project. This package contains a collection of Unix tools that are very useful for any Windows installation.

? Navigate to msysgit https://code.google.com/p/msysgit/downloads/list

? Select the latest Git package. (Git-1.7.4-preview20110204.exe)

? When installing Git on the Adjusting your PATH environment screen, select: Run Git and included Unix tools from the Windows Command Prompt

This option will install both Git and its supporting tools that include gpg into the Windows file PATH. This will enable any Windows application to access GPG.
It is possible that some other software on your system has installed GPG before. If you think this may be the case, it is advised to use the search tool or command prompt to find or run GPG respectively.

? After installation, GPG can be used by entering ‘gpg’ into any Windows Command Prompt (cmd).

Setting up OpenPGP email

Once you have GPG installed on your system, it is recommended that you use Thunderbird that works on both Windows and Linux systems:

All:

1. Install Thunderbird: https://www.mozillamessaging.com/en-GB/

2. Setup your email account with Thunderbird.

3. Install the Enigmail plugin for Thunderbird: https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/

Upon loading Enigmail, Thunderbird will ask you to make a new ‘identity,’ follow this wizard and you will have created your identity.
You should backup your private key in a secure place.
Secondary, you should create a revocation certificate and store that in a different secure place (maybe print it out and store it in your fire safe).

Register with

Follow the guide here:

Register the same username at the popular places: bit coin places?

Use a strong and different password for each of these places, keeping your passwords in a secure place. This will allow other people in the community to track you across the different Bitcoin related sites. Also making identity theft online more challenging.

Best Practices with trading

Use Bitcoin-OTC

The Bitcoin OTC acts as a secure ‘Address Book’ within the bitcoin community.

? Always require the user to become registered with #bitcoin-otc.

? Require a signed message from the fingerprint quoted at: http://bitcoin-otc.com/viewgpg.php

? Follow additional recommendations for avoiding fraud.

Using the Web-Of-Trust

One of the key features of the Bitcoin OTC is the Web of Trust, this allows users to ‘rate’ each other. One can have more confidence trading with a user that has many good ratings.

?

Make sure both parties agree to the terms of the trade with signed messages

? Get a PGP signed quote, and check the signature.

? Send a PGP signed receipt.

This allows either party to go public if the trade has become sour and stops your trading partner from claiming the details of the agreement were somehow different.

Search the Bitcoin Forum for the username of the person that you are trading with. Check if the user has provided constructive and useful advice to other parties. And, most importantly, check for any claims that the user has scammed.

 

Use an escrow

 

Trading might benefit from an escrow service such that bitcoins are disbursed only after contract terms have been met.

Additionally, found in Bitcoin’s community are trusted individuals willing to act as independent, third-party escrow brokers.

http://bitcoin-otc.com

Bitcoins at the British Museum – https://bitcointalk.org/index.php?topic=122274.0

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/09/bitcoin_visa.jpgDigg ThisSubmit to reddit