Category Archives: SSL

04/15/12

How To the Deep Web

gAtO was-  asked by a friend how do I go into the deep web safely? I wrote this for that person I hope it help others:

I understand I was scared to go into the .onion myself but have found that it has a wealth of information yes about the good the bad and the ugly. For a security researcher It’s a gold mine to gather intelligence.

First step Tools:

I suggest a Mac or linux but even a windows box will work. I don’t use my windows machine because I have found that it leaks  too information and I want to be silent and observe and not be noticed.

If you really want to shield yourself go thru a VPN first. Personally you don’t need this unless your going into attack mode then you want to be really shielded.

Next – https://www.torproject.org/

You can use Tails which is a Ram Drive to boot from any machine this does not leave a trace on your computer and I am sure that smart bad guy’s use this, but I use - https://www.torproject.org/download/download-easy.html.en because I want the logs of my adventures for research.

Once the Tor Bundle is installed it comes with it’s own Firefox… Use their version, why because the regular version of firefox has plugins and what-nots and this is what leaks and like I said I want to be silent.

Warning: if you do find a say PDF or a DOC file click on it  – it will ask you if you want to launch Acrobat say yes, then only SAVE the FILE- Do not open it right in the browser like you would in the clearWeb. Once again information leaks. Save the file and open it separately I know I’m paranoid but I like to be very safe.

Once Vadalia starts it will also launches the (ToR) Firefox  browser will open and I would suggest go to:

Tor Check torcheck.xenobite.eu <http://torcheck.xenobite.eu/

this will give you your new IP and user info:  Warning: always use SSL the bundle gives you that choice.

I double check myself all the time on my site:

http://uscyberlabs.com/blog/2012/02/05/recon-deep-web/

you will see below the spinning world your user information like your IP address check you will see that your IP in the clear web is different from the IP in the Deep-Web.

I gave you that page from my site since I use it all the time I have lots of ToR sites on this page.

Cleaned Hidden Wiki should be a good starting point for your adventures:

http://3suaolltfj2xjksb.onion/hiddenwiki/index.php/Main_Page

This should get you started inside the .onion safely. Inside you will find that it is slow like the old day (modem slow) ha -ha

Warning: Some caution CP= child porn — PD is pedophile so be careful it’s these sick shit and these are some of the scum I would like to fuck-up but that’s another conversation. Lot’s of places have a login first – register as a throw away name and password unless you want an ID inside the .onion on that site. On every site you can register as a different user name so keep a log if you want to save your usernames for later…

ToR is slow and time consuming but there is lot’s inside for intelligence, the (ToR-Firefox) browser in Vadalia will work on the .onion web as well as the clearWeb.

Sorry for the long re-write but I wanted to give you the best advice I can and safety. There is so much more I could go on and on but I’m sure you will begin to see it’s full of information and crap. That’s the nature of the beast. I hope this helps…gAtO oUt

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
09/16/11

DigiNotar SSL Hack Diagram | Cyber Chatter

This is an ongoing diagram of the DigiNotar SSL Hack. I will update this as I work on it. I just think that this will help some people to understand the scope of this attack. This is from the spreadsheet I got from the TORProject… 

digiNotar_001-uscyberlabs.com/blog

Example A --gAtOmAlO

 Here is an update- from a different angle.

-uscyberlabs.com/blog

Here is an update- from a different angle. …interest

-uscyberlabs.com/blog

Example C --gAtOmAlO

 

 

More information can be found about this hack @ -http://www.gerbrand-ict.nl/2011/09/diginotar/

DigiNotar -SSL Hack NoteBook

The Hacker left us a calling card to let us know. There were 3 domain that did not exist. Thanks to an anonymous Farsi speaker, I now understand that the above certificate is actually a comment to anyone who bothers to read between the lines:?”RamzShekaneBozorg” is “great cracker”?”Hameyeh Ramzaro Mishkanam” translates to “I will crack all encryption”?”Sare Toro Ham Mishkanam” translates to “i hate/break your head”

But the real question If you did this hack why would you leave a calling card back to Iran. One source is an Iran Computer Science student who is from Turkey.

Hacker-Notes  ———-

*.SahebeDonyayeDigital.com  ——-  CN=*.SahebeDonyayeDigital.com,SN=PK000229200006592,OU=Elme Bikaran,L=Tehran,O=Daneshmande Bi nazir,C=IR

*.RamzShekaneBozorg.com   ————— CN=*.RamzShekaneBozorg.com,SN=PK000229200006593,OU=Sare Toro Ham Mishkanam,L=Tehran,O=Hameye Ramzaro Mishkanam,C=IR

*.JanamFadayeRahbar.com  —————CN=*.JanamFadayeRahbar.com,SN=PK000229200006594,OU=Sarbaze Gomnam,L=Tehran,O=Ke Jano Janan Toyi,C=IR

Sahebeh Donya => Possessor of the World e.g. God.?Sarbazeh Gomnam => Unknown Soldier?Elme Bikaran => Science/Knowledge of the idle/unemployed? Daneshmande Bi nazir => Peerless Scientist

Janam Fadaye Rahbar: I sacrifice my life leader. ?Sarbaze Gomnam: Sarbaze anonymous/unknown (Sarbaze means soldier in Persian; Gomnam means anonymous = anonymous soldier)?Ke Jano Janan Toyi: The inner Jano Janan (“Ke Jano Janan Toyi”= “because you are the soul of souls” this is mystical language used in fascist context; the speaker is talking to a great fascist leader)

On September 4th, 2011 Anonymous said:

Sahebeh Donya => Possessor of the World e.g. God.?Sarbazeh Gomnam => Unknown Soldier?Elme Bikaran => Science/Knowledge of the idle/unemployed?Daneshmande Bi nazir =>Peerless Scientist

RamzShekaneBozorg => Great Cryptanalyst?Toro Ham Mishkanam => I will breakTOR too?Hameye Ramzaro Mishkanam => Will break all cyphers

————————————- These are the main site hit with SSL problems

Google —- Knowledge Department—— *.google.com——–*.android.com    – yahoo.com   -Microsoft

www.update.microsoft.com———*.microsoft.com——–*.windowsupdate.com——-login.live.com

Skipes——Information Security,L=Luxembourg——-*.skype.com——-Skype Technologies SA

Facebook—–www.facebook.com —- 10million.org—–*.10million.org —- TORProject

Mozilla——-*.mozilla.org——-addons.mozilla.org  —–LogMeIn——- Secure Application Development——— *.logmein.com ————– Balatarin.com————– Israeli Lizard ————– azadegi.com

Twitter————–  aol.com——— *.aol.com———-my.screenname.aol.com

www.hamdami.com————– Thawte Root CA———- *.thawte.com

Equifax Root CA——— www.Equifax.com————–Comodo Root CA————– CyberTrust Root CA

www.cybertrust.com ————– DigiCert Root CA ————– www.sis.gov.uk——— Secret Intelligence Service ————– Wordpress——– *.wordpress.com ————– Israel,O=Teletel Communication Channels—— Isreal——- *.walla.co.il—— mossad—Ministry of Finance ——— *.mossad.gov.il ————– www.hamdami.com ————– USA-c=US  ——- CIA——-  Central Intelligence Agency      ——- ————– www.cia.gov ————– Thawte Root CA ————– VeriSign Root CA ————– *.*.com   ————-       WWW security Authority ————– *.*.org  —————-    WWW security Authority ————– *.azadegi.com ————– UK- ———— www.sis.gov.uk ———— www.sis.gov.uk —— Secret Intelligence Service ————– *.startssl.com ————   www.globalsign.com ——————– *.comodo.com ———————–*.globalsign.com ————————–*.digicert.com —————-GlobalSign Root CA

Following DigiNotar problem from the Dutch Government …

What’s going on with DigiNotar and government websites?

In July 2011 was broken into computer systems of DigiNotar, a company that issues security certificates for websites. Then the burglars have created hundreds of fraudulent security certificates. Right now is not known exactly how many and which certificates have been issued fraudulently.
The government can not guarantee that the secure sites actually safe. The Government has therefore confidence in the certificates of DigiNotar terminated and all certificates of in-house operational management DigiNotar taken. Certificates are needed to ensure that the Internet is secure.
Other agencies and businesses have confidence in DigiNotar terminated. Service providers that use DigiNotar certificates (both own-brand DigiNotar PKIoverheid as certificates) are recommended to replace the certificates certificates from another company.

Is only broken on the company’s computer systems DigiNotar?

Yes, as far as we know only broke into the company’s computer systems DigiNotar. The hacker (someone who breaks into computer systems) claims to have four companies that issue certificates to have been broken.
At present known only that the company GlobalSign’s claim very seriously and even an investigation. The company has decided not to issue certs to the investigation is complete.

The PKIoverheid DigiNotar revoked certificate?

  • We opt for a managed transition scenario in which the operational management of all certificates of Diginotar is taken.
  • Websites as soon as possible to go on to other PKIcertificatenleveranciers.

What are the main findings of the report from FOX-IT?

According to a survey by IT security firm Fox-IT that is not fully guarantee that all certificates of websites can be trusted. The reason is that there has been compromised in the systems which the government issued certificates.

Is it true that Fox-IT researches from other suppliers of certificates?

It could be, but not commissioned by the government. Fox-IT has been confirmed on 8 September 2011 a study in GlobalSys to boot.

Fox-IT who has commissioned to investigate the safety of the certificates in DigiNotar?

DigiNotar command to do so voluntarily given.

What impact has the software update from Microsoft for me?

Tuesday, September 6, 2011 Microsoft has worldwide automatic software update that blocks DigiNotar certificates in Windows. This will improve access to Web sites and systems that DigiNotar-use certificates are no longer possible. At the request of the Dutch government has decided to Microsoft software update in the Netherlands to postpone until Tuesday, September 13, 2011. Individuals and businesses can make software update manually.

To view the individual software update from Microsoft simply run. If you did, you when you visit Web sites that use certificates DigiNotar the warning that the site is unreliable. Also points you in principle, none of the software update.

For governments, businesses and other organizations is that the software update can affect communication with the (government) websites and systems for which a certificate is used DigiNotar. They are advised to the owner of the website or the relevant system information or communication depends on DigiNotar certificates. Companies that own a website or systems using DigiNotar certificates to quickly create new trusted certificates and they must inform their customers.

Deferred automatic software update from Microsoft gives governments, companies and other organizations more time to their websites and systems to provide reliable new security certificates. From Tuesday, September 13, the software update from Microsoft is no longer optional and is also automatically installed the Dutch Windows systems.

Municipalities in the West Indies may have problems with their systems. Partly due to the time difference is the automatic software update from Microsoft or through it. The Association of Dutch Municipalities (VNG) advises local auto software update off.

Deferred automatic software update from Microsoft for the Netherlands is a result of consultation between government, industry and the software business on the DigiNotar problems.

On the Windows website can be found icon-external.png More information about the software update . The website offers Waarschuwinsdienst icon-external.png more information about software updates .

There is talk in messages machine-to-machine (M2M) communication. What is that?

In machine-to-machine communication involves computer systems that exchange data with each other. It concerns, for instance encrypted data between servers, data for internal business processes and data between companies.
The problem with machine-to-machine communication is likely that computers using bi DigiNotar certificates will trust each other anymore. There is no communication between the systems set up and there is no longer possible data.
The failure of such systems can have major social implications because the services in many areas may be temporarily stopped to stand. An example of a problem is that there is no data base with the municipal administration (GBA) can be exchanged, causing problems in applying for passports and driving licenses.

In a fact sheet on the website you will find Govcert icon-external.png more information about machine-to-machine communication and computer systems administrators on steps that can go through to the impact that communications be limited.

Role of government

What does the government for this problem?

The government has taken the following measures to address the problems of security certificates to solve:

  • The government has confidence in the company terminated DigiNotar and all their services and certificates.
  • The government has the operational management of the certification systems inherited from DigiNotar.
  • All certificates issued by DigiNotar for websites of government organizations are replaced by other certificates (PKI) certificates suppliers. Private parties themselves choose a new supplier.

Furthermore, the government has the following legal measures:

  • The U.S. Attorney has been involved Friday, September 2, 2011.
  • The Public Prosecutor has investigated a fact.
  • The telecom regulator OPTA for closely involved in the problems with the DigiNotar certificates.
  • The government investigates who are involved in the hacking of DigiNotar.
  • The company DigiNotar is addressed to the responsibility and / or liability for negligence.

What is the advice for municipalities?

The VNG advises municipalities urgently implement the following actions:

  • Check whether you are a client with DigiNotar certificate and type certificate to decrease at this company. Pay attention to previous reports on the website of the VNG.
  • If you are a customer of DigiNotar, please ask as soon as possible replacement certificates via a different supplier. Consider queues.
  • Let your IT department to identify potential impacts.
  • Provide alternatives or a workaround for the digital workflow that fall out. You can also create your suppliers access to information.

The VNG also has a roadmap available for municipalities icon-external.png www.vng.nl . Municipalities should take action.

How does the Government that certificates of three other companies in the Netherlands Government PKI certificates are reliable?

The government has indicated that the certificates of three publishers of PKI public certificates are reliable. The reason is that these companies comply with its obligations under the icon-external.png Schedule of Requirements of PKI-government and that these companies are investigated by the AIVD (General Intelligence and Security Service). In this study we have examined whether the companies meet the requirements and looked at the safety of the systems. There is also examined for signs of intrusion. The audit reports of the certifiers are confidential, as it reports on data protection and confidential information.

In fact, Monday, August 29 DigiNotar already known that no reliable supplier anymore. Why does the government not intervened earlier?

The government does have something about it. For licenses issued under its responsibility DigiNotar GOVCERT has already advised to switch to another supplier. GOVCERT adheres behalf of the government concerned with Internet security and fighting incidents to the Internet.
Until Friday, September 2, 2011, there was no indication that the PKIoverheid DigiNotar certificates were also compromised and therefore no need for intervention.

Phone numbers and websites for more information

Where can I learn more?

  • Citizens can find more information on the website www.rijksoverheid.nl . Twitter via@minbzk.nl or call 0800-1351 (weekdays from 9.00 to 17.00).
  • Business customers DigiNotar PKIoverheid certificates should contact the Service Center of Logius. It is open weekdays from 8:00 a.m. to 9:00 p.m.. On the weekend of 10 and 11 September the service is open from 8:00 a.m. to 5:00 p.m.. You can use the service via 0900 555 4555 (10 cents p / m) or servicecentrum@logius.nl.
  • For licenses DigiNotar own responsibility issued you should DigiNotar call: 0251-268888.
Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit