Monthly Archives: September 2011

Sep 26 2011
Leave a comment
Hacking/Breaking, Information Security

Digital Hacktivism on Display

The term digital hacktivism means the use of computers and hacking knowledge to protest for a certain cause or promote political agenda.  Among other thing, it involves the defacement of websites and making resources on the web unavailable.  In a nutshell, it is the equivalent of holding a placard and protesting outside a certain entity.

One group that has been busy lately hacking and protesting online is the famous Anonymous group which was responsible earlier this year for bringing down among others, Mastercard’s website for refusing to accept payment for Wikileaks.

Just recently the group has been busy supporting the revolution in Syria and actively defacing the Syrian government websites.  Recently the websites below have been defaced and an interactive map of the victims of the oppression have been posted.

Homs, Aleppo, Latakia, Damascus, Tartous, Deir Ezzor and Palmyra

 

 

 

Sep 15 2011
Leave a comment
Information Security, User awareness & education

Data Leakage via Cloud Services

What do the cloud based backup services such as Evernote, Dropbox and Spideroak have all in common?  In some form or another they all give us the ability to centrally store our digital assets such as our photos, documents, music files, or virtually anything that is digital to their cloud based servers and give us the ability to access them from anywhere in the world.  That seems a very cool thing since for many of us it will simplify the storage and retrieval of our digital assets.  Just drop it on the cloud and then retrieve whenever you need it.  For personal usage i think these services offer great convenience by allowing us to store our files and have them accessed anytime from anywhere.  With proper security precautions it shouldn’t be a problem using these services.

In enterprise networks, there should be a careful study of why these services are needed, who should have access to them, and what information is or is not allowed to be posted to these services.  With the proliferation of these cloud services, their usage becomes a real concern because of the opportunity it presents for sensitive corporate to leave the corporate boundary.  For this reason i think it should be an important topic that should visible on the radar of IT security departments.

Most of these services use either the HTTP or HTTPS protocols to send and synchronize data between the client and their servers.  Hence, it will be very difficult for the IT controls most organizations have to detect malicious users using these channels to leak important data.  Unless a stringent information security policies coupled with technological controls such NAC, DLP, and Web filtering are in place, these channels will fast become proffered channels for data to leave the boundaries of an organization.

Some related articles

Sep 08 2011
Leave a comment
Hacking/Breaking

First it was Commodogate and now Diginotargate

Posting the comments from the hacker who is making huge noise in the security industry.

  1. Hi again
  2. Some more clarification seems to be needed…
  4. a) What you did affected Iranian users, you attacked Iranian people, etc. etc. etc. bla bla bla
  5. First of all people against Iranian government or Islam, even if they live inside Iran, we can’t count them as Iranian people, I can’t! If they get power to harm Islam and Iranian government, spying for foreign spying agencies (Mossad, CIA, MI6), they won’t miss it. If they get paid from a foreign secret service, they can gather and send ANY information THEY CAN. These are not people of Iran, these type of people was my target, not normal people, people who don’t have anything to do with secret services, Iran’s enemies, Islam’s enemies, etc.
  6. Second: this time attack was limited to Iran, next time, I’ll own as more as gateways in Israel, USA, Europe, as more as ISPs and attack will run there. You know man, I give promises and I keep them, I say words and they just happen, I told you wait and see previous time (Comodo case), now you see more. For an example ask a little from LMI.NET Berkley’s ISP, ask about user Todd and password loc!666 (for example), ask if they detected that I was owned their all Linux boxes and I got access to their DNS servers, you see? I’m really sharp, powerful, dangerous and smart! I told in Comodo hack case that I rule the internet, I’ll bring equality of controlling internet like USA for myself and you see I’m simply doing it, huh? How you are going to stop me you Mossad animals? Like this: http://www.silviacattori.net/article1421.html ? Israel still lives in age of stones, they kill people they just can’t see, they kill Palestinian children and women, believe me, they shouldn’t exists in this world. Hope to see that day soon…
  7. Third: Do you know meaning of “Unstoppable Genius Digital Hacker?”
  10. b) Some small brains said in their articles that it was easy hack, passwords was weak, it was a simple DNN bug, etc. etc. etc. bla bla bla blaaaa
  12. First: If I gave all hackers of the world, ALL hackers by it’s real meaning, they wouldn’t be able to reach that network behind all those firewalls, routers and final networks without any access to internet which even doesn’t have internet connection. So shut the ….
  14. Second: You think I generated SSL and code signing certificates by sending some SQL queries or sending some requests or using some ready made in desktop applications with 1234 password default? Ahhh man! Stop taking people’s work easy… There was netHSM with OpenBSD OS, only 1 port open, totally closed/protected with RSA SecurID and SafeSign Token management systems, they had around 8 smart card totally (a company with a lot of employees, only 8 smart card for SSL generation), you see? It’s not “simple DNN bug”, ok? I had remote desktop access in last RSA Certificate Manager system which had no any connection to internet, all files was coded in XUDA (there is no reference to XUDA programming language, even a single line), no one can access those server via Remote desktop, there was enough firewalls and routers which even blocked their own employeee to access that network. That network had different domain controller with different users, man! There is so much thing to explain, I’ll do it later, just know it is most sophisticated hack of all time, that’s all!
  16. Third: You only heards Comodo (successfully issued 9 certs for me -thanks by the way-), DigiNotar (successfully generated 500+ code signing and SSL certs for me -thanks again-), StartCOM (got connection to HSM, was generating for twitter, google, etc. CEO was lucky enough, but I have ALL emails, database backups, customer data which I’ll publish all via cryptome in near future), GlobalSign (I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain, hahahaa)…. BUT YOU HAVE TO HEAR SO MUCH MORE! SO MUCH MORE! At least 3 more, AT LEAST! Wait and see, just wait a little bit like I said in Comodo case.
  20. P.S. In wikipedia of SSL, it should be added for future that I caused to remove SSL or CA system security model, I have a special idea for private communication via browsers which could be used instead of SSL, but why should I share it and cause trouble for my own country? When USA and Israel can read all emails they want in Gmail, in Yahoo, data in Facebook, Twitter, etc. How my country should control those services? I’ll help my own country for it as I did and you saw it. If my country get equal right as USA in controlling emails, I may share my brilliant unbreakable encryption system for replacement of SSL and CA system.
  22. World is shocked just by my Comodo and DigiNotar hack, what would happen if I show my other skills in cryptography, cryptanalysis, binary analysis (assessment), reversing, kernel programming, other high profiles servers I hacked and extracted all needed information from them, etc. etc. Ohhh! May they change internet model, hahahahaaaaa
  24. P.S.S. never forget, I’m just 21, you have to see much more from me!
  26. By the way, I heard that Comodo CEO (poor Melih) have talked again and said it was again State sponsored and I’m not a single hacker bla bla… Dear Melih, please wake up, I’m the only hacker, just I have shared some certs with some people in Iran, that’s all… Hacker is single, just know it

 

 

 

 

 

 

 

 

 

 

 

Sep 07 2011
Leave a comment
Hacking/Breaking

Is the current secure web communication infrastructure broken?

Certificates are used to convince users of a particular website that they are indeed visiting the legitimate website they intended to see such as when we are accessing our banking site or email provider .  These certificates are issued and verified by the various Certificate Authorities or CAs that have been delegated these task.  Certificates are a necessary component of encrypted communication used by SSL protocol.

So what if someone breaks into one of these CAs and is able to issue fake certificates for your banking site or let say Google for example?   These individuals can then have the ability to either intercept and read your encrypted traffic if they have the ability to route your traffic to their intended destination.

Well this is what seemed to happen with a Dutch CA called Dignotar. Hackers were able to break into their system and issues fake certificated to several websites including the top level domain of Google (*.google.com).   Excellent commentaries and analysis of the event and warnings have been posted by several prominent bloggers as well as Google, Mozzila, Microsoft and other companies which i am posting below.

The question remains if we are to blindly trust the CAs which are issuing these certificates, who should be monitoring and certifying these CAs for their security infrastructure they have in place.
Excellent articles & blogs on the Dignotar Incident: