07/5/12

The Deep Dark Web -Book

gAtO sAy -mEoW you all- we have a new book coming out soon “The Deep Dark Web” and just wanted to write this as the foreword for the book, I thought it was interesting …//looking for peer review of book…write us

This book is to inform you about “The Deep Dark Web”. We hear that it’s a bad place full of crooks and hackers, but it is more a place were you have total anonymity as an online-user and yes there are ugly places in the dark web but it’s a small part of it. What it really is all about it’s freedom of expression, freedom of speech worldwide, supported by “us/we” the users of the network. It’s not controlled by any government, but blocked by a few like Syria, Iran, Ethiopia, China to name a few governments that want to deny their own people free access to information, to speak freely about their grievances and unite to tear down there walls of oppression.

Pierluigi and I (gAtO) share a passion for cyber security we write different blogs Pierluigi has http://securityaffairs.co/wordpress/ and my site is uscyberlabs.com . We also write at other blogs and print media. We did’nt know it at the time but, we were writing cyber history as the 2011- 2012 cyber explosion took off we were at ground zero writing about Stuxnet, HBGrays, the LulzPirates, Anonymous but the Arab Spring was an awaking :

The recent revolution in Egypt that ended the autocratic presidency of Hosni Mubarak was a modern example of successful nonviolent resistance. Social Media technologies provided a useful tool for the young activist to orchestrate this revolution. However the repressive Mubarak regime prosecuted many activists and censored a number of websites. This made their activities precarious, making it necessary for activists to hide their identity on the Internet. The anonymity software Tor was a tool used by some bloggers, journalists and online activists to protect their identity and to practice free speech.

Today we have lot’s of anonymity communication tools I2P, Freenet, Gnunet and Tor to name a few. Why did the TorProject.org Tor-.onion network become the facto application to get free, private, anonymized Internet access. My conclusion is it’s humble beginnings with “Naval Research Project & DARPA (Defense Advanced Research Project Agency) ” sponsored, maybe you heard of DARPA they kinda created the Internet a long time ago. The government wanted to have a communication secure media that would piggy-bak on the establish Internet. From my point of view when they saw how good this worked the government used it to allow it’s agents to quietly use the network for CIA covert operations (just to name a few alphabet soup government agencies that use it). For example a branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Journalist got a hold of this tool and they too were able to file reports before governments agents censored their interviews and film footage. The EFF (Electronic Frontier Foundation) got a hold of the Tor-networks and promoted it to maintaining civil liberties online. When the common business executive visited a foreign country (like China know to monitor foreigners Internet access) they now had a way to securely connect to their corporate HQ data-center without being monitored and giving away IP (Intellectual Properties). The Tor-Network became to good and the bad guy’s moved in to keep their illegal business safer from the law. The Internet Cyber-criminal has used the claer-web since the start so of course they went over to the Tor-.onion network because it works if you use it right and keeps you anonymous online.

With all this happening and the “Year of the Hack 2011” you can see why security geeks like Pierluigi and I became intrigued with this subject and we teamed up to write this manuscript hoping to answer some of the questions our friends, and peers were asking us about this mysterious hidden world call the deep dark web. We outlined a table of content and started to write about it in our blogs and the story unfolds from here to you. We hope to educate you on how this network works without too much geek talk (ok just a little). We cover the cyber criminals and their ecosystem we cover the financial currency (bitCoins) that is replacing fiat currencies all over the world during this unstable financial times. We tried to cover all the good , the bad and the ugly of the .onion network. We hope it will answer some of your questions but I am sure that more question will come up so feel free to come to our websites and give us a shout and ask your questions about the deep dark web…. - gAtO oUT

06/6/12

Tor Passive- Active -Directory Attacks on onion network

Passive attacks

Observing user traffic patterns. Observing a user’s connection will not reveal her destination or data, but it will reveal traffic patterns (both sent and received). Profiling via user connection patterns requires further processing, because multiple application streams may be operating simultaneously or in series over a single circuit.

Observing user content. While content at the user end is encrypted, connections to responders may not be (indeed, the responding website itself may be hostile). While filtering content is not a primary goal of Onion Routing, Tor can directly use Privoxy and related filtering services to anonymize application data streams.

Option distinguishability. We allow clients to choose configuration options. For example, clients concerned about request linkability should rotate circuits more often than those concerned about traceability. Allowing choice may attract users with different needs; but clients who are in the minority may lose more anonymity by appearing distinct than they gain by optimizing their behavior [1].

End-to-end timing correlation. Tor only minimally hides such correlations. An attacker watching patterns of traffic at the initiator and the responder will be able to confirm the correspondence with high probability. The greatest protection currently available against such confirmation is to hide the connection between the onion proxy and the first Tor node, by running the OP on the Tor node or behind a firewall. This approach requires an observer to separate traffic originating at the onion router from traffic passing through it: a global observer can do this, but it might be beyond a limited observer’s capabilities.

End-to-end size correlation. Simple packet counting will also be effective in confirming endpoints of a stream. However, even without padding, we may have some limited protection: the leaky pipe topology means different numbers of packets may enter one end of a circuit than exit at the other.

Website fingerprinting. All the effective passive attacks above are traffic confirmation attacks, which puts them outside our design goals. There is also a passive traffic analysis attack that is potentially effective. Rather than searching exit connections for timing and volume correlations, the adversary may build up a database of “fingerprints” containing file sizes and access patterns for targeted websites. He can later confirm a user’s connection to a given site simply by consulting the database. This attack has been shown to be effective against SafeWeb [29]. It may be less effective against Tor, since streams are multiplexed within the same circuit, and fingerprinting will be limited to the granularity of cells (currently 512 bytes). Additional defenses could include larger cell sizes, padding schemes to group websites into large sets, and link padding or long-range dummies.4

Active attacks

Compromise keys. An attacker who learns the TLS session key can see control cells and encrypted relay cells on every circuit on that connection; learning a circuit session key lets him unwrap one layer of the encryption. An attacker who learns an OR’s TLS private key can impersonate that OR for the TLS key’s lifetime, but he must also learn the onion key to decrypt create cells (and because of perfect forward secrecy, he cannot hijack already established circuits without also compromising their session keys). Periodic key rotation limits the window of opportunity for these attacks. On the other hand, an attacker who learns a node’s identity key can replace that node indefinitely by sending new forged descriptors to the directory servers.

Iterated compromise. A roving adversary who can compromise ORs (by system intrusion, legal coercion, or extralegal coercion) could march down the circuit compromising the nodes until he reaches the end. Unless the adversary can complete this attack within the lifetime of the circuit, however, the ORs will have discarded the necessary information before the attack can be completed. (Thanks to the perfect forward secrecy of session keys, the attacker cannot force nodes to decrypt recorded traffic once the circuits have been closed.) Additionally, building circuits that cross jurisdictions can make legal coercion harder—this phenomenon is commonly called “jurisdictional arbitrage.” The Java Anon Proxy project recently experienced the need for this approach, when a German court forced them to add a backdoor to their nodes [51].

Run a recipient. An adversary running a webserver trivially learns the timing patterns of users connecting to it, and can introduce arbitrary patterns in its responses. End-to-end attacks become easier: if the adversary can induce users to connect to his webserver (perhaps by advertising content targeted to those users), he now holds one end of their connection. There is also a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this latter problem.

Run an onion proxy. It is expected that end users will nearly always run their own local onion proxy. However, in some settings, it may be necessary for the proxy to run remotely— typically, in institutions that want to monitor the activity of those connecting to the proxy. Compromising an onion proxy compromises all future connections through it.

DoS non-observed nodes. An observer who can only watch some of the Tor network can increase the value of this traffic by attacking non-observed nodes to shut them down, reduce their reliability, or persuade users that they are not trustworthy. The best defense here is robustness.

Run a hostile OR. In addition to being a local observer, an isolated hostile node can create circuits through itself, or alter traffic patterns to affect traffic at other nodes. Nonetheless, a hostile node must be immediately adjacent to both endpoints to compromise the anonymity of a circuit. If an adversary can run multiple ORs, and can persuade the directory servers that those ORs are trustworthy and independent, then occasionally some user will choose one of those ORs for the start and another as the end of a circuit. If an adversary controls m > 1 of N nodes, he can correlate at most ????m N 2 of the traffic— although an adversary could still attract a disproportionately large amount of traffic by running an OR with a permissive exit policy, or by degrading the reliability of other routers.

Introduce timing into messages. This is simply a stronger version of passive timing attacks already discussed earlier.

Tagging attacks. A hostile node could “tag” a cell by altering it. If the stream were, for example, an unencrypted request to a Web site, the garbled content coming out at the appropriate time would confirm the association. However, integrity checks on cells prevent this attack. Replace contents of unauthenticated protocols. When relaying an unauthenticated protocol like HTTP, a hostile exit node can impersonate the target server. Clients should prefer protocols with end-to-end authentication.

Replay attacks. Some anonymity protocols are vulnerable to replay attacks. Tor is not; replaying one side of a handshake will result in a different negotiated session key, and so the rest of the recorded session can’t be used. Smear attacks. An attacker could use the Tor network for socially disapproved acts, to bring the network into disrepute and get its operators to shut it down. Exit policies reduce the possibilities for abuse, but ultimately the network requires volunteers who can tolerate some political heat.

Distribute hostile code. An attacker could trick users into running subverted Tor software that did not, in fact, anonymize their connections—or worse, could trick ORs into running weakened software that provided users with less anonymity. We address this problem (but do not solve it completely) by signing all Tor releases with an official public key, and including an entry in the directory that lists which versions are currently believed to be secure. To prevent an attacker from subverting the official release itself (through threats, bribery, or insider attacks), we provide all releases in source code form, encourage source audits, and frequently warn our users never to trust any software (even from us) that comes without source.

Directory attacks

Destroy directory servers. If a few directory servers disappear, the others still decide on a valid directory. So long as any directory servers remain in operation, they will still broadcast their views of the network and generate a consensus directory. (If more than half are destroyed, this directory will not, however, have enough signatures for clients to use it automatically; human intervention will be necessary for clients to decide whether to trust the resulting directory.)

Subvert a directory server. By taking over a directory server, an attacker can partially influence the final directory. Since ORs are included or excluded by majority vote, the corrupt directory can at worst cast a tie-breaking vote to decide whether to include marginal ORs. It remains to be seen how often such marginal cases occur in practice. Subvert a majority of directory servers. An adversary who controls more than half the directory servers can include as many compromised ORs in the final directory as he wishes. We must ensure that directory server operators are independent and attack-resistant.

Encourage directory server dissent. The directory agreement protocol assumes that directory server operators agree on the set of directory servers. An adversary who can persuade some of the directory server operators to distrust one another could split the quorum into mutually hostile camps, thus partitioning users based on which directory they use. Tor does not address this attack.

Trick the directory servers into listing a hostile OR. Our threat model explicitly assumes directory server operators will be able to filter out most hostile ORs.

Convince the directories that a malfunctioning OR is working. In the current Tor implementation, directory servers assume that an OR is running correctly if they can start a TLS connection to it. A hostile OR could easily subvert this test by accepting TLS connections from ORs but ignoring all cells. Directory servers must actively test ORs by building circuits and streams as appropriate. The tradeoffs of a similar approach are discussed in deny Bob service by flooding his introduction points with requests. Because the introduction points can block requests that lack authorization tokens, however, Bob can restrict the volume of requests he receives, or require a certain amount of computation for every request he receives.

Attack an introduction point. An attacker could disrupt a location-hidden service by disabling its introduction points. But because a service’s identity is attached to its public key, the service can simply re-advertise itself at a different introduction point. Advertisements can also be done secretly so that only high-priority clients know the address of Bob’s introduction points or so that different clients know of different introduction points. This forces the attacker to disable all possible introduction points.

Compromise an introduction point. An attacker who controls Bob’s introduction point can flood Bob with introduction requests, or prevent valid introduction requests from reaching him. Bob can notice a flood, and close the circuit. To notice blocking of valid requests, however, he should periodically test the introduction point by sending rendezvous requests and making sure he receives them.

Compromise a rendezvous point. A rendezvous point is no more sensitive than any other OR on a circuit, since all data passing through the rendezvous is encrypted with a session key shared by Alice and Bob.

http://uscyberlabs.com/blog/wp-content/uploads/2012/06/ToR-Relay_04.tiff

05/30/12

Hide SCADA in the ToR network – ..-hiding in plain site..

Hide SCADA in the ToR network – ..FREE-hiding in plain site..

any internet connection 2-ToR

gAtO cAn -now provide your company a FREE .onion network – reliable 24/7 secure / encrypted / untraceable communication between your SCADA systems talking to each other and the main office giving you real-time data from any remote SCADA site. As an example from Scheider Electric white paper on – Video Surveillance Integrated with SCADA – White Paper – we can now take that physical video security of all your remote video assets and transmit them securely, encrypted and untraceable to anyplace in the world to your datacenter. When going in and out of the invisible .onion network, you can control the entry and exit relays so picking safe verified relays to use is easy, or you can use your own relays, the more relays the better the system becomes at making you more invisible. The more people that use it the more untraceable and unmonitored it becomes. This kind of SCADA communication in the ToR- onion network redefines geo-political digital boundaries. Since it rides on any Internet connection it can be used anywhere.

in the ToR-.onion network merchants can’t spy on you and they can’t steal your information

Not if but when —business take over the ToR- .onion network it will change the landscape and give it more order but it will still give the user anonymity thats the key to this network your signal, your voice cannot be found but you can still communicate. The ToR- .onion network rides not on top or the bottom of the digital super-highway but thru it.

Let’s keep in mind that access to the ToR-.onion network is FREE to anyone and your company’s use of the network makes it safer for everyone since the more people use it the more unreachable-undetectable you become. But in business you also have to deal with hostile governments and protecting your people and assets thru a ToR .onion network becomes even more critical. You can still operate but be safe and secure in your business communications.

The ToRProject.org is something that is making an impact on the very lives of people that want to have a free safe secure voice. Just look at Mr Chen a dissident from China he was jailed because he spoke up about the disable in China. The ToRProject.com helps people like Mr. Chen speak and to remain in anonymity. But by adding real business -reays into the ToR- .onion network we will give these people and the business more transparency, it makes you more invisible on the internet. You can donate to the ToR project and it’s a 501(c), so it’s deductible. Look at the donors list and see who support this invisible network. U.S Naval Research, National Science Foundation- DARPA – National Christian Foundation are some of the people supporting the ToR Project, it’s not so bad if they use it— see lab Notes below -

How you gonna hack what you can’t find, can’t see and can’t trace to you?

Just think mr. bankers a free secret untraceable encrypted-communication place were you can do your banking deals -in secret- and nobody but you and your closes friends know it even exist, not the government, not your spouse and harder for criminals to find your valuable data. It hides you in an Internet bubble of packets were nobody knows who you are or how to find you. Try can’t even tell it’s a ToR- .onion network it hides it’s signal to blend into the bit’s and bytes of the landscape in the digital noise.

Technically it pretty cheap get the free software as many copies as you need FREE!!! No volume pricing no updates FREE!!! Once your computer that talks to the internet hooks up to a ToR- Relays it’s in the matrix. If you add your own ToR-Relays you can use trusted Relays as entry and exit nodes into the ToR-.onion network so you can let the program use it randomness or choose a path into a FREE invisible communication media accessible from any Internet connection. -

The ToRProject.org is currently still fighting censorship and monitoring in China, Iran, Syria and others were people are being killed and sent home in small boxes to their relatives. Because that person could not use a ToR-network access to his gmail account that was monitored they showed him his emails and his guilt and killed him. That’s how brutal it can become if you cannot have a safe secure access to a basic email to communicate with the world. Government will kill you for what you say. Donate to the ToRProject.org

It’s easy -if all else fails call the gAtO I can help your business become invisible in/on the Internet- gATO oUt.

We use the ToR network for all communication in SCADA systems. Here are a few SCADA White papers try them with ToR- .onion Networks.

lab Notes— gAtO 5/29/12

Tor: Sponsors

The Tor Project’s diversity of users means we have a diversity of funding sources too — and we’re eager to diversify even further! Our sponsorships are divided into levels based on total funding received:

Magnoliophyta (over $1 million)

An anonymous North American NGO (2008-2012)
Broadcasting Board of Governors (2006-2011)

Liliopsida (up to $750k)

Sida – Swedish International Development Cooperation Agency (2010-2012)

Asparagales (up to $500k)

Internews Europe (2006-2008)
National Science Foundation via Drexel University (2009-2011)

Alliaceae (up to $200k)

You or your organization?

Allium (up to $100k)

NLnet Foundation (2008-2009)
Naval Research Laboratory (2006-2010)
An anonymous North American ISP (2009-2012)

Allium cepa (up to $50k)

More than 2700 personal donations from individuals like you (2006-2012)
Google (2008-2009)
Google Summer of Code (2007-2011)
Human Rights Watch (2007)
Torfox (2009)
Shinjiru Technology (2009-2011)
National Christian Foundation (2010-2012)

Past sponsors

We greatly appreciate the support provided by our past sponsors in keeping the pre-501(c)(3) Tor Project progressing through our ambitious goals:

Electronic Frontier Foundation (2004-2005)
DARPA and ONR via Naval Research Laboratory (2001-2006)
Cyber-TA project (2006-2008)
Bell Security Solutions Inc (2006)
Omidyar Network Enzyme Grant (2006)
NSF via Rice University (2006-2007)

WiKi-Pedia

http://en.wikipedia.org/wiki/SCADA

SCADA (supervisory control and data acquisition) generally refers to industrial control systems (ICS): computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:

Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems.
Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption.

A SCADA system usually consists of the following subsystems:

A human–machine interface or HMI is the apparatus or device which presents process data to a human operator, and through this, the human operator monitors and controls the process.
A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.
Remote terminal units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.
Programmable logic controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.
Communication infrastructure connecting the supervisory system to the remote terminal units.
Various process and analytical instrumentation

http://uscyberlabs.com/blog/wp-content/uploads/2012/05/Scada_Comm_01-300x258.png

04/15/12

How To the Deep Web

gAtO was- asked by a friend how do I go into the deep web safely? I wrote this for that person I hope it help others:

I understand I was scared to go into the .onion myself but have found that it has a wealth of information yes about the good the bad and the ugly. For a security researcher It’s a gold mine to gather intelligence.

First step Tools:

I suggest a Mac or linux but even a windows box will work. I don’t use my windows machine because I have found that it leaks too information and I want to be silent and observe and not be noticed.

If you really want to shield yourself go thru a VPN first. Personally you don’t need this unless your going into attack mode then you want to be really shielded.

Next – https://www.torproject.org/

You can use Tails which is a Ram Drive to boot from any machine this does not leave a trace on your computer and I am sure that smart bad guy’s use this, but I use - https://www.torproject.org/download/download-easy.html.en because I want the logs of my adventures for research.

Once the Tor Bundle is installed it comes with it’s own Firefox… Use their version, why because the regular version of firefox has plugins and what-nots and this is what leaks and like I said I want to be silent.

Warning: if you do find a say PDF or a DOC file click on it – it will ask you if you want to launch Acrobat say yes, then only SAVE the FILE- Do not open it right in the browser like you would in the clearWeb. Once again information leaks. Save the file and open it separately I know I’m paranoid but I like to be very safe.

Once Vadalia starts it will also launches the (ToR) Firefox browser will open and I would suggest go to:

Tor Check torcheck.xenobite.eu <http://torcheck.xenobite.eu/

this will give you your new IP and user info: Warning: always use SSL the bundle gives you that choice.

I double check myself all the time on my site:

http://uscyberlabs.com/blog/2012/02/05/recon-deep-web/

you will see below the spinning world your user information like your IP address check you will see that your IP in the clear web is different from the IP in the Deep-Web.

I gave you that page from my site since I use it all the time I have lots of ToR sites on this page.

Cleaned Hidden Wiki should be a good starting point for your adventures:

http://3suaolltfj2xjksb.onion/hiddenwiki/index.php/Main_Page

This should get you started inside the .onion safely. Inside you will find that it is slow like the old day (modem slow) ha -ha

Warning: Some caution CP= child porn — PD is pedophile so be careful it’s these sick shit and these are some of the scum I would like to fuck-up but that’s another conversation. Lot’s of places have a login first – register as a throw away name and password unless you want an ID inside the .onion on that site. On every site you can register as a different user name so keep a log if you want to save your usernames for later…

ToR is slow and time consuming but there is lot’s inside for intelligence, the (ToR-Firefox) browser in Vadalia will work on the .onion web as well as the clearWeb.

Sorry for the long re-write but I wanted to give you the best advice I can and safety. There is so much more I could go on and on but I’m sure you will begin to see it’s full of information and crap. That’s the nature of the beast. I hope this helps…gAtO oUt

http://uscyberlabs.com/blog/wp-content/uploads/2012/02/DeepWeb-300x199.png

09/16/11

DigiNotar SSL Hack Diagram | Cyber Chatter

This is an ongoing diagram of the DigiNotar SSL Hack. I will update this as I work on it. I just think that this will help some people to understand the scope of this attack. This is from the spreadsheet I got from the TORProject…

Example A --gAtOmAlO

Here is an update- from a different angle.

Here is an update- from a different angle. …interest

Example C --gAtOmAlO

More information can be found about this hack @ -http://www.gerbrand-ict.nl/2011/09/diginotar/

DigiNotar -SSL Hack NoteBook

The Hacker left us a calling card to let us know. There were 3 domain that did not exist. Thanks to an anonymous Farsi speaker, I now understand that the above certificate is actually a comment to anyone who bothers to read between the lines:?”RamzShekaneBozorg” is “great cracker”?”Hameyeh Ramzaro Mishkanam” translates to “I will crack all encryption”?”Sare Toro Ham Mishkanam” translates to “i hate/break your head”

But the real question If you did this hack why would you leave a calling card back to Iran. One source is an Iran Computer Science student who is from Turkey.

Hacker-Notes ———-

*.SahebeDonyayeDigital.com ——- CN=*.SahebeDonyayeDigital.com,SN=PK000229200006592,OU=Elme Bikaran,L=Tehran,O=Daneshmande Bi nazir,C=IR

*.RamzShekaneBozorg.com ————— CN=*.RamzShekaneBozorg.com,SN=PK000229200006593,OU=Sare Toro Ham Mishkanam,L=Tehran,O=Hameye Ramzaro Mishkanam,C=IR

*.JanamFadayeRahbar.com —————CN=*.JanamFadayeRahbar.com,SN=PK000229200006594,OU=Sarbaze Gomnam,L=Tehran,O=Ke Jano Janan Toyi,C=IR

Sahebeh Donya => Possessor of the World e.g. God.?Sarbazeh Gomnam => Unknown Soldier?Elme Bikaran => Science/Knowledge of the idle/unemployed? Daneshmande Bi nazir => Peerless Scientist

Janam Fadaye Rahbar: I sacrifice my life leader. ?Sarbaze Gomnam: Sarbaze anonymous/unknown (Sarbaze means soldier in Persian; Gomnam means anonymous = anonymous soldier)?Ke Jano Janan Toyi: The inner Jano Janan (“Ke Jano Janan Toyi”= “because you are the soul of souls” this is mystical language used in fascist context; the speaker is talking to a great fascist leader)

On September 4th, 2011 Anonymous said:

Sahebeh Donya => Possessor of the World e.g. God.?Sarbazeh Gomnam => Unknown Soldier?Elme Bikaran => Science/Knowledge of the idle/unemployed?Daneshmande Bi nazir =>Peerless Scientist

RamzShekaneBozorg => Great Cryptanalyst?Toro Ham Mishkanam => I will breakTOR too?Hameye Ramzaro Mishkanam => Will break all cyphers

————————————- These are the main site hit with SSL problems

Google —- Knowledge Department—— *.google.com——–*.android.com – yahoo.com -Microsoft

www.update.microsoft.com———*.microsoft.com——–*.windowsupdate.com——-login.live.com

Skipes——Information Security,L=Luxembourg——-*.skype.com——-Skype Technologies SA

Facebook—–www.facebook.com —- 10million.org—–*.10million.org —- TORProject

Mozilla——-*.mozilla.org——-addons.mozilla.org —–LogMeIn——- Secure Application Development——— *.logmein.com ————– Balatarin.com————– Israeli Lizard ————– azadegi.com

Twitter————– aol.com——— *.aol.com———-my.screenname.aol.com

www.hamdami.com————– Thawte Root CA———- *.thawte.com

Equifax Root CA——— www.Equifax.com————–Comodo Root CA————– CyberTrust Root CA

www.cybertrust.com ————– DigiCert Root CA ————– www.sis.gov.uk——— Secret Intelligence Service ————– Wordpress——– *.wordpress.com ————– Israel,O=Teletel Communication Channels—— Isreal——- *.walla.co.il—— mossad—Ministry of Finance ——— *.mossad.gov.il ————– www.hamdami.com ————– USA-c=US ——- CIA——- Central Intelligence Agency ——- ————– www.cia.gov ————– Thawte Root CA ————– VeriSign Root CA ————– *.*.com ————- WWW security Authority ————– *.*.org —————- WWW security Authority ————– *.azadegi.com ————– UK- ———— www.sis.gov.uk ———— www.sis.gov.uk —— Secret Intelligence Service ————– *.startssl.com ———— www.globalsign.com ——————– *.comodo.com ———————–*.globalsign.com ————————–*.digicert.com —————-GlobalSign Root CA

Following DigiNotar problem from the Dutch Government …

What’s going on with DigiNotar and government websites?

In July 2011 was broken into computer systems of DigiNotar, a company that issues security certificates for websites. Then the burglars have created hundreds of fraudulent security certificates. Right now is not known exactly how many and which certificates have been issued fraudulently.
The government can not guarantee that the secure sites actually safe. The Government has therefore confidence in the certificates of DigiNotar terminated and all certificates of in-house operational management DigiNotar taken. Certificates are needed to ensure that the Internet is secure.
Other agencies and businesses have confidence in DigiNotar terminated. Service providers that use DigiNotar certificates (both own-brand DigiNotar PKIoverheid as certificates) are recommended to replace the certificates certificates from another company.

Is only broken on the company’s computer systems DigiNotar?

Yes, as far as we know only broke into the company’s computer systems DigiNotar. The hacker (someone who breaks into computer systems) claims to have four companies that issue certificates to have been broken.
At present known only that the company GlobalSign’s claim very seriously and even an investigation. The company has decided not to issue certs to the investigation is complete.

The PKIoverheid DigiNotar revoked certificate?

We opt for a managed transition scenario in which the operational management of all certificates of Diginotar is taken.
Websites as soon as possible to go on to other PKIcertificatenleveranciers.

What are the main findings of the report from FOX-IT?

According to a survey by IT security firm Fox-IT that is not fully guarantee that all certificates of websites can be trusted. The reason is that there has been compromised in the systems which the government issued certificates.

Is it true that Fox-IT researches from other suppliers of certificates?

It could be, but not commissioned by the government. Fox-IT has been confirmed on 8 September 2011 a study in GlobalSys to boot.

Fox-IT who has commissioned to investigate the safety of the certificates in DigiNotar?

DigiNotar command to do so voluntarily given.

What impact has the software update from Microsoft for me?

Tuesday, September 6, 2011 Microsoft has worldwide automatic software update that blocks DigiNotar certificates in Windows. This will improve access to Web sites and systems that DigiNotar-use certificates are no longer possible. At the request of the Dutch government has decided to Microsoft software update in the Netherlands to postpone until Tuesday, September 13, 2011. Individuals and businesses can make software update manually.

To view the individual software update from Microsoft simply run. If you did, you when you visit Web sites that use certificates DigiNotar the warning that the site is unreliable. Also points you in principle, none of the software update.

For governments, businesses and other organizations is that the software update can affect communication with the (government) websites and systems for which a certificate is used DigiNotar. They are advised to the owner of the website or the relevant system information or communication depends on DigiNotar certificates. Companies that own a website or systems using DigiNotar certificates to quickly create new trusted certificates and they must inform their customers.

Deferred automatic software update from Microsoft gives governments, companies and other organizations more time to their websites and systems to provide reliable new security certificates. From Tuesday, September 13, the software update from Microsoft is no longer optional and is also automatically installed the Dutch Windows systems.

Municipalities in the West Indies may have problems with their systems. Partly due to the time difference is the automatic software update from Microsoft or through it. The Association of Dutch Municipalities (VNG) advises local auto software update off.

Deferred automatic software update from Microsoft for the Netherlands is a result of consultation between government, industry and the software business on the DigiNotar problems.

On the Windows website can be found More information about the software update . The website offers Waarschuwinsdienst more information about software updates .

There is talk in messages machine-to-machine (M2M) communication. What is that?

In machine-to-machine communication involves computer systems that exchange data with each other. It concerns, for instance encrypted data between servers, data for internal business processes and data between companies.
The problem with machine-to-machine communication is likely that computers using bi DigiNotar certificates will trust each other anymore. There is no communication between the systems set up and there is no longer possible data.
The failure of such systems can have major social implications because the services in many areas may be temporarily stopped to stand. An example of a problem is that there is no data base with the municipal administration (GBA) can be exchanged, causing problems in applying for passports and driving licenses.

In a fact sheet on the website you will find Govcert more information about machine-to-machine communication and computer systems administrators on steps that can go through to the impact that communications be limited.

Role of government

What does the government for this problem?

The government has taken the following measures to address the problems of security certificates to solve:

The government has confidence in the company terminated DigiNotar and all their services and certificates.
The government has the operational management of the certification systems inherited from DigiNotar.
All certificates issued by DigiNotar for websites of government organizations are replaced by other certificates (PKI) certificates suppliers. Private parties themselves choose a new supplier.

Furthermore, the government has the following legal measures:

The U.S. Attorney has been involved Friday, September 2, 2011.
The Public Prosecutor has investigated a fact.
The telecom regulator OPTA for closely involved in the problems with the DigiNotar certificates.
The government investigates who are involved in the hacking of DigiNotar.
The company DigiNotar is addressed to the responsibility and / or liability for negligence.

What is the advice for municipalities?

The VNG advises municipalities urgently implement the following actions:

Check whether you are a client with DigiNotar certificate and type certificate to decrease at this company. Pay attention to previous reports on the website of the VNG.
If you are a customer of DigiNotar, please ask as soon as possible replacement certificates via a different supplier. Consider queues.
Let your IT department to identify potential impacts.
Provide alternatives or a workaround for the digital workflow that fall out. You can also create your suppliers access to information.

The VNG also has a roadmap available for municipalities www.vng.nl . Municipalities should take action.

How does the Government that certificates of three other companies in the Netherlands Government PKI certificates are reliable?

The government has indicated that the certificates of three publishers of PKI public certificates are reliable. The reason is that these companies comply with its obligations under the Schedule of Requirements of PKI-government and that these companies are investigated by the AIVD (General Intelligence and Security Service). In this study we have examined whether the companies meet the requirements and looked at the safety of the systems. There is also examined for signs of intrusion. The audit reports of the certifiers are confidential, as it reports on data protection and confidential information.

In fact, Monday, August 29 DigiNotar already known that no reliable supplier anymore. Why does the government not intervened earlier?

The government does have something about it. For licenses issued under its responsibility DigiNotar GOVCERT has already advised to switch to another supplier. GOVCERT adheres behalf of the government concerned with Internet security and fighting incidents to the Internet.
Until Friday, September 2, 2011, there was no indication that the PKIoverheid DigiNotar certificates were also compromised and therefore no need for intervention.

Phone numbers and websites for more information

Where can I learn more?

Citizens can find more information on the website www.rijksoverheid.nl . Twitter via@minbzk.nl or call 0800-1351 (weekdays from 9.00 to 17.00).
Business customers DigiNotar PKIoverheid certificates should contact the Service Center of Logius. It is open weekdays from 8:00 a.m. to 9:00 p.m.. On the weekend of 10 and 11 September the service is open from 8:00 a.m. to 5:00 p.m.. You can use the service via 0900 555 4555 (10 cents p / m) or servicecentrum@logius.nl.
For licenses DigiNotar own responsibility issued you should DigiNotar call: 0251-268888.

http://USCyberLabs.com/blog/

http://cyber.uscyberlabs.com

http://ChinaCyberWarfare.wordpress.com

http://HacktivistBlog.wordpress.com/

http://normacluster.wordpress.com/

http://uscyberlabs.com/blog/wp-content/uploads/2011/09/digiNotar_003.png

contraseña vIeJa

Weaponize the Tor Network:

Mapping Tor Relays

Cyber Illuminate – Prism

Government use of Cyber Weaponized Exploits

Stopping Pedophile websites in Tor

Tor friendly ISP

Tor Websites over 1/3 TANGO DOWN

Do You Want To Play a Cyber War Game China?

Tor OR-relay map of Italy

Finding Tor Websites –geo-location

Tor – Unix Commands

Tor Tells It’s Secrets

Tor is NOT the ONLY Anonymous Network

China Hackers found in Tor

Finding the Bad Guy’s in Tor -triangulated irregular network

Tor Website 36% are Criminals Sites

Mapping Tor Websites

Currency of the Cyber Economy

Cyber Women and Hollywood

China Cyber Attack -AGAIN

@gAtOmAlO2 tweets
Loading tweets ...
Follow @gatomalo2 on twitter.

-0-1-0-1-0-1-0-1-0-1-0-1-
.onion network Anonymous Banks BitCoins Black Hats China Attacks china cyber china espionage China Hack China security Chinese Goverment cyber-spies cyber-thieves Cyber Criminals Cyber Dissident Cyber Espionage Cyber Financial Cyber Intelligence Cyber Monitoring Cyber Notebook Cyber Policies Cyber Politics Cyber Reputation Cyber Revenue Cyber Strategy Cyber Study Cyber Threats Cyber Tools Cyber War Cyber Warfare Cyber Weapon Dark Web Deep Web Goverment Hackers Hacks Hacktivist human rights Information Warefare Infrastructure Notes to Myself Onion Web Social Media ToR Tor Network

mUsIcA by gAtO

Celtic Salsa

d-beat of my heart

classical Maggie

alissa's song

gAtO_jam 01

gravity down

mandy's soundsbox

gAtO_jam 02

1-cry-4-d-night

Copyright Notice 2012

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of USCyberLabs.com and the USCyberLabs member that posted this content--this includes using our RSS feed for any purpose other than personal use. ©Copyright ™uscyberlabs.com 2012

USCyberLabs

Cyber Security Notebook

Category Archives: SSL