
17 September 2011

Will Americans finally take a stand? | #occupywallstreet #dayofrage #adbusters

There is less than 12 hours left until the start of the protest on
Wall Street and I can help to wonder what will happen. To be honest
with you I don't know what to expect and I am concerned for the
protesters that will be out there. Our democracy has an unfortunate
history of harming those who wish to fight to correct injustice and
disrupt the status quo. I am haunted by the ghosts of National
Guardsmen shooting protesters at Kent State and the police brutality
suffered by those fighting for civil rights. No my friends, America
does not take too kindly to dissent.

I'm trying to imagine what it would be like for 20,000 people to
physically occupy the Wall Street area for months and go unchecked by
the NYPD and frankly, I just don't see that happening. I know in my
heart that the NYPD will use whatever tactics they can to justify
violence against a peaceful protest - be it "homeland security" or the
"economic interest" of the nation. I'm worried because I know what
happened in London CAN happen here if those kids on Wall Street are
pushed to the limit and forced to defend themselves.

Things HAVE to change in this country and I am afraid that change is
not going to come as the result of a peaceful occupation of a little
piece of NYC real estate. As much as I hope for a peaceful end to the
corporate takeover of America, our history shows that nothing changes
for the better without first undergoing a violent and bloody period of
upheaval. Not to mention that the billionaires who now own this
country won't give up easily especially when they have the politicians
in their pockets.

I hope the average American understands what these kids are fighting
for because they are fighting for an America that existed before many
of them were even born. An America that I distinctly remember growing
up in and watching it slowly change from a respected freedom loving
democracy to a despised corporate cleptocracy. The love of freedom and
democracy have been somehow replaced by the need for fear and

My hope is that people of America are awakened from their slumber and
realize that the citizenry are the agents of change and not any
corporate-owned politician. I pray for the safety of all those who are
taking a stand down on Wall Street tomorrow and beyond. We need to
support them because that is what freedom and liberty is about. The
ability to question and change a government when it become destructive
and fails to serve its citizens is a fundamental right of a free

It is time that we stand up for ourselves instead of waiting for
someone to do it for us. Maybe after 235 years it is time to revisit
this system of government we created for ourselves.

- Damon Baldini

16 September 2011

Memories of the Nimda virus | #Sophos #virus #cybersecurity

Editor's note - Ten years ago the Nimba virus hit the Internet.  Here is a good article taking us down memory lane to simpler times in Internet security.

Nimda storms the internet

Boy, did Nimda show itself. It could spread every-which-way, and it did: by sending itself out to your email contacts; by breaking into web servers and infecting files all over your website; by spreading automatically across your network; and by parasitically infecting existing programs on your hard disk.

Read full article:

Intel and Google join hands on Android development | #zeroday #hackers #ITsecurity

Intel has revealed a new partnership with Google on Android, advances in the ultrabook device category and a new security technology that protects against zero-day exploits at its Intel Developer Forum.

Read full article:

0-Day SCADA Exploits Released, Publicly Exposed Servers At Risk | #Rockwell #Carel #zeroday

Luigi Auriemma made news back in March 2011 with the release of 34 zero-day (0-day) SCADA vulnerabilities. This week, he's back in the news with the release of 15 new 0-day advisories, 13 of which affect eight different SCADA products.

SCADA (supervisory control and data acquisition) systems monitor and control devices that can make physical changes in our world. Generally, they refer to systems that manage industrial, infrastructure, and facility processes -- systems where vulnerabilities could have devastating impact.

Read full article:

Anonymous Has a New Weapon In Its Arsenal, Plans to Use It Tomorrow | #RefRef #occupywallstreet #ddos

Word on the street is that Anonymous has been testing out a new weapon that they intend on using tomorrow as a cyber component to a physical protest on Wall Street. The new weapon, called #RefRef, is intended to replace their current weapon, the Low Orbit Ion Cannon (LOIC). Though designed to take down websites, #RefRef  is not merely an iteration on the LOIC but functions in an entirely new way.

Anonymous' distributed denial of service (DDoS) attacks generally employ botnets to flood the target servers with requests. While the past iterations on the LOIC have increased the number of requests in the flood, #RefRef executes a DDoS from the inside out. Instead of orchestrating an army of zombies to request the target server, #RefRef initiates a flood of processes on the target server itself. #Refref has reportedly been tested on a number of sites including Pastebin (see picture) and Wikileaks. According to Anonymous, #RefRef is to be released tomorrow in concert with physical protesters during #OccupyWallSt.

Read full article:

NYPD All Precincts Radio Feed | #dayofrage #occupywallstreet #anonymous

To open this link on your desktop computer, open iTunes and press
Ctrl+U or Command+U, and paste the above URL.

Sent using my app from

NYPD Special Operation Radio Feed | #occupywallstreet #dayofrage #sept17

To open this link on your desktop computer, open iTunes and press
Ctrl+U or Command+U, and paste the above URL.

Sent using my app from

How SMBs Can Minimize Denial-of-Service Risks | #hactivism #ddos #infosec

Is your online business ready for the holiday shopping spree? It might not be if you're making it too easy for hackers to take down your website.

Though denial-of-service (DoS) and similar, grander-scale distributed-denial-of-service (DDoS) attacks aren't new, like some other threats they've evolved over time--and have become more accessible to the bad guys in the process. According to Ted Swearingen, director of security operations atNeustar, such threats aren't just the bane of big government and big business. Rather, the increased ease with which DDoS attacks can be launched has led to a wider range of targets, including small and midsized businesses (SMBs).

Read full article:

DDoS is Cloud's security Achilles heel

Editor's note - While many companies are pushing to offer cloud-based services, I suspect that #DDoS attacks and software will become even more widely available. Expect some growing pains while companies figure out a way to deliver their services w/o interruption.

Cloud providers and customers are ignoring the importance of securing online services against distributed denial of service (DDoS) attacks at their own peril.

Read more: Computerworld :: DDoS News

That's the view of network security expert and Arbor Networks APAC solutions architect, Roland Dobbins, who argues that to date the availability aspect of information security has played a poor cousin to confidentiality and integrity.

Read full article:

BART Spokesman Linton Johnson in Trouble | #OpBART #SFBart #anonymous

One of the many demands Anonymous made in exchange for ending the weekly BART protests was that the transit agency fire its chief spokesman, Linton Johnson. And while the group might have succeeded in making him a target, it's had no luck in ousting him.

BART board members admit they aren't keen with the way Johnson, who has been out on leave for a month, has handled the ongoing BART protests -- including scripting passengers to offset the negative criticisms of the transit agency --- but they aren't planning to fire him.

Read full article:

FBI Investigating NBC Twitter Hack | #skiddies #hackers #FBI

The FBI is now investigating a Friday hack of the NBC News Twitter account, which falsely tweeted about an attack at Ground Zero.

At this point, the FBI is gathering information and has provided no additional details, according to MSNBC.

Read full article:

Spam relating to #DigiNotar certificates is detected | #spammers #malware #ssl

The DigiNotar hacking and subsequent trust revoke by major browsers has led to spam being detected relating to the incident.

Research by Barracuda Labs said that consumer confusion over DigiNotar certificate forgeries has resulted in spam emails being pitched directly to business customers of banks to convince them that their SSL certificate has expired.

Security researchers Dave Michmerhuizen and Luis Chapetti said that while the spam is very standard in its appearance, the message is much more dangerous.

Read full article:

U.S. Day of Rage — an Arab Spring in America? | #lupefiasco #occupywallstreet #sept17

Editor's note - Good article that highlights some interesting theories
on political protest in USA. Be sure to follow the link for Lupe
Fiasco's poem.

Read full article:

Website Claims Marxist Mob Plans to Occupy Wall Street | #occupywallstreet #dayofrage #NYC

Editor's note - Although I do not subscribe to this particular point of view we bring you this story as part of our goal to bring our readers " from all sides of the conflict".

The artwork associated with a political movement says a lot about that movement.

The US Day of Rage's Twitter feed features a photo of a defaced ten-dollar bill. Someone has added black hair and a Hitler moustache to Founding Father Alexander Hamilton, whom Congress honored in 1999 as "the man who more than any other designed the Government of the United States."

The Founders as Nazis: that's what the leftists who plan to occupy Wall Street tomorrow think of the American experiment. It's not as if the media-savvy organizers of the US Day of Rage don't understand the significance of the Founders. The event's website constantly invokes the name of Publius, the pseudonym that Hamilton, James Madison and John Jay shared as they wrote The Federalist Papers.

Read full article:

Wall Street Protesters Vow to Occupy Lower Manhattan for Months | #NCCIC #occupywallstreet #NYC

Sept. 16 (Bloomberg) -- Wall Street firms will be the target of a nonviolent demonstration in which organizers say they want 20,000 people to participate with tents, kitchens and "peaceful barricades."

Dubbed "#OccupyWallStreet," the goal of the protest in lower Manhattan is to get President Barack Obama to establish a commission to end "the influence money has over our representatives in Washington," according to the website of Adbusters, a group promoting the demonstration. Organizers plan to start on Sept. 17 and want participants to "occupy" the area for "a few months," according to the website.

Read full article:

SANS confirms 12 speakers for European Digital Forensics and Incident Response | #infosec #cyberwar #forensicsz

SANS Institute has announced its final roster of speakers presenting at the annual European Digital Forensics and Incident Response Summit this September over the 21st and 22nd at the Thistle Hotel Marble Arch. SANS has added Andrew Sheldon, a pioneer in areas of Remote Forensics and Triage; James Lyne, nicknamed the Mcguyver of Infosec by the BBC, and David Stubley, a Director with 7 Elements, a respected security consultancy, taking the roster to 12 influential and highly regarded experts who will be presenting during the event.

Read full article:

15 September 2011

Israeli-Turkish cyberwar begins | #hackers #DNS #hijack

Amid the current diplomatic 

impasse between Ankara and

Jerusalem, Turkish hackers

claim to have hijacked some 350

Israeli websites on Sunday

evening, launching a Domain

Name System (DNS) attack on

dozens of other websites as well.

Israeli IT analysts said last Tuesday the DNS hijacking is likely to be, in fact, a "test-run" ahead of a major attack on Israeli domains.

Read full article:

Cybercrime doing damage to Canadians | #spammers #crimeware #CASL

I'd like to correct a fundamental misstatement by Jason Magder in his piece on Canada's Anti-spam law, CASL. ("New anti-spam law 'good news' for public," Aug. 31).

Yes, certainly, there is a lot of foreign language spam that comes into our inboxes. Yes, there are Russian crime syndicates that control drug and body-part enhancement spam. But don't kid yourself that they do not have affiliates here in North America. Don't think for a minute that there are not hosting companies that have been turning a blind eye to the presence of massive spam rings, in light of the large amount of money criminals flash at them. And don't think for a minute some very large well-known brand-name companies don't spam. They do.

Read full article:

Cybercrime Ring Led by Russian hacker 'Soldier' Steals $3.2 Million | #SpyEye #ZuEs #crimeware

An international cybercrime gang is currently on the loose, orchestrating attacks on major U.S. corporations and government organizations to the tune of $3.2 million in the first six months of the year, or $17,000 a day.

The criminal syndicate is believed to be headed by a Russian man in his early 20s who goes by the name "Soldier," according to the security firm Trend Micro, which has been investigating the gang's exploits.

Read full article:

Oil and Gas cyber security are you at risk? | #nightdragon #APT #stuxnet

*Cyber espionage hit the headlines last week with reports of a series of hacker attacks—dubbed Night Dragon—aimed at major energy companies. The sophistication level of the attacks is significantly lower than that of the notorious  Stuxnet worm that was found infecting control system networks last year, experts say. But the Night Dragon attacks, believed to be largely the work of Chinese hackers, have nonetheless been successful in achieving their apparent objective—that of intellectual property theft from global oil and gas, energy and petrochemical companies.

Read full article:

Offensive or defensive? The law of cyber-warfare | #Australia #DHS #APT

Cyber warfare entered a new era since Stuxnet, James Farwell, a US-based strategic  communications, specialist, claims.

One of several specialists addressing the 2nd National Cyber Warfare Conference in Canberra this week, Farwell argues that a dominantly tactical approach to cyber warfare at a state level is flawed.

Read full article:

Security Lessons Learned from California Power Outage | #scada #cisp #DHS

The 9th of September 2011 saw a power outage in the U.S. affecting 5 million people in the area of Southern California — the root cause analysis of which is said to have been one single employee switching out a piece of problematic equipment. The upshot of this single act is nevertheless extremely worrying, as it manifested in traffic chaos, cancelation of flights, the shutting down of two nuclear reactors, a widespread impact on business, and on the residents.

This event does, however, raise a number of questions and points back to the long debate about the security of Supervisory Control and Data Acquisition (SCADA) systems, which are considered, in some cases, to host a soft underbelly for cyber attacks. There is also the question of timing — whilst I do understand the public notice, let us be honest here — if this were anything other than a mistake by an employee, would the public really expect to be told? Additionally, if a single employee's mistake, with just one piece equipment can have such a devastating consequence on what is national critical infrastructure, then what does this tell us about security, change management, and of course, business continuity?

Read full article:

Cyberwar: a Whole New Quagmire. Part 3: Conflating Threats | #cyberthreats #APT #DHS

Editor's note - Interesting article that compares cyberwar threat to Cold War propaganda.

Summary:  When cyberwar proponents talk about our vulnerability to attacks, they play on our fears by freely mixing things that are obvious and likely – such as malware and online crime, with things that are highly unlikely — such as an entire country being brought to its knees by an electronic attack.  The third in a series about cyberwar by guest author Marcus J. Ranum.

Read full article:

State-sponsored spies collaborate with crimeware gang | #APT #cybercrime #hackers

Hackers sponsored by the Chinese government and other nations are collaborating with profit-driven malware gangs to infiltrate corporate networks storing government secrets and other sensitive data, researchers say.

In many ways, the relationship between state-sponsored actors and organized crime groups that target online bank accounts resembles the kind of mutually benefiting alliances found in nature everyday. Just as human intestines create the ideal environment for certain types of bacteria – and in turn receive crucial nutrients and digestive assistance – crimeware operators often cooperate with government-backed spies perpetrating the kinds of APTs, or advanced persistent threats, that have pillaged GoogleRSA Security, and other US companies.

Read full article:

New weapon against cybercrime: chips | #deepsafe #Patmos #antivirus

An internet security company has demonstrated a new weapon against deeply rooted malware that takes control of PCs and turns them into zombies.

McAfee said it has activated built-in security features and added software to Intel microprocessors, known as chips, to stop cyber criminals from infecting PCs via advance persistent threatsrootkits and zero-day attacks. Infected PCs can be directed to steal private identities, financial data and to send out spam.

Read article:

Cyber security lacks engagement | #wallstreet #cybercrime #infosec

Editor's note - Still amazed that the financial industry is still largely taking a "head in the sand" approach to infosec.  I guess as long as those losses are covered by insurance then there is little need to act.

Cyber security should feature among the top three board-level concerns, according to a new report from Chatham House, with policy coming under the umbrella of traditional security arrangements and board directors involved in scenario-based training for cyber attacks.

The think tank identified only one example of an outstanding cyber security messaging strategy within the UK financial services sector, while at the other end of the spectrum the directors of one large insurance company admitted they had no idea how they should manage or mitigate a cyber attack.

Read full article:

U.S. defense firms face relentless cyberattacks | #APT #hackers #cyberwar

U.S. defense industries are facing relentless, sophisticated foreign attacks on their computer networks, a threat company leaders say poses a risk of significant damage and may require the government to take greater protective action.

Top U.S. defense contractors speaking at the Reuters Aerospace and Defense Summit said many of the attacks appeared to be state-sponsored and came from multiple countries, but they declined to point a finger at any particular government.

Read full article:

Financial Industry Especially Vulnerable to Cyberattacks | #infosec #cybercrime #wallstreet

Cybercrime is costing the world billions of dollars and current laws aren't enough to stop the loss of money and information, government and industry witnesses told a House subcommittee on Wednesday.

Cyberattacks may not kill people, but officials say there is little doubt about their potential to harm financial and economic systems.

Read full article:

ANZUS to cover cyber attack risk | #cyberwar #treaty #DOD

Editor's note - Expect to see more treaties amended to include cyberattacks and the Internet as an emerging battlespace.

The ANZUS treaty will be extended to cover the threat of cyber attacks, recognising cyberspace as one of the fundamental threats to a country's military systems.

On the 60th anniversary of the ANZUS alliance between Australia and the United States, Defence Minister Stephen Smith said cyber attacks were one of the biggest challenges facing national security.

Read full article:

Want to beat hackers? Know the risks and know thy enemy | #44con #infosec #Hollywoodleaks

Barely a day passes without news of another major computer security breach. Last week a hacking network named "Hollywood Leaks" began their attack on the personal data of celebrities, officially adding the glitterati to a roll of shame that already includes targets as diffuse as Sony, the Church of Scientology and PayPal.

Read full article:

BART Protests Losing Attendance, Gaining Naked People | #OpBART #SFBART #anonymous

As you know, the OpBART protests organized by the loose hacker collective Anonymous and well-attended by the media continued last night for the fifth straight week since the group began protesting BART's August 11th cellphone shutdown. As you might expect for a weekly event, the attendance appears to be tapering off.

Read full article:

Revolutionary fever may overwhelm Syria next | #arabspring #Assad #Libya

First Egypt, then Libya. Beloved, I am fairly confident Syria's aggressively violent and dictatorial rule against its own under-privileged and those who are at the top of the intellectual population is probably next to fall. 

Unfortunately, because of the horrible nature of this repressive regime and the terrorism they have used to hold on to power, I am also confident that it will take a much bloodier effort on the part of Syria's internal insurgents and their out-of-state friends around the world to uplift the current leadership from the seat of power.

Read full article:

Microsoft patches 15 bugs, nukes more SSL certificates | #diginotar #comodo #windows

The company also dealt with more fallout from the June hack of DigiNotar by flipping the "kill switch" on SSL (secure socket layer) certificates issued by Dutch certificate authority, or CA.

But none of the information Microsoft released today about the five updates or the 15 bugs was news: On Friday, the company leaked drafts of the security bulletins, the term Microsoft uses for the advisories that accompany each update.

Read full article:

13 September 2011

Dutch Government Struggles to Deal With DigiNotar Hack | #ssl #infosec #comodo

Editor's note - The first lesson in crisis management is when you find a mistake or problem you must get it out in the open ASAP.   That's the reason why Comodo is still in business and why Diginotar is D.O.A.

Read full article:

Has Apple handled the DigiNotar attack effectively? | #iPhone #iPad #ssl

Editor's note - Apple has been slammed in the past for their tardy approach toward security issues.  Perhaps they are still working under some old assumptions that they are invulnerable to hacker attacks.  

Researchers are once again slamming Apple [AAPL], this time for what they see as the firm's slow delivery of an essential security update to patch a problem caused byComodoHacker's recent subversion of small digital security certification provider, DigiNotar.

Read full article:

Comodohacker: I can issue fake Windows updates | #diginotar #ssl #Microsoft

Editor note: Although I am skeptical about Comodohackers claim, who would have guessed that SSL certs could be forged or stolen a few months ago.  The drama around this story makes it worth the read anyway...

Following his recent attack against Dutch security company DigiNotar, the hacker known as Comodohacker is now threatening to exploit Microsoft's Windows Update service.

Read full article:

Arrests During Test Run for #OccupyWallStreet | #sept17 #dayofrage #anonymous

Organizers of this event are now discouraging bringing tent due to legal issues, although sleeping bags would be OK.

Read full article:

Dozens of BART protesters march along Market Street | #OpBART #SFBART #anonymous

About two-dozen anti-BART protesters marched along San Francisco's Market Street Monday evening in the fifth consecutive weekly rush-hour demonstration organized by the hacker group "Anonymous."

Read full article:

Federal authorities take on Anonymous hackers | #FBI #DHS #cybercrime

The computer hackers, chat-room denizens and young people who make up the loosely affiliated Internet collective have drawn the attention of the FBI, the Department of Homeland Security and other federal investigators. What was once a small group of pranksters has become a potential national security threat, federal officials say.

Read full article:

12 September 2011

GlobalSign halts issuing SSL certificates after hack scare | #diginotar #comodo #mozilla

Mozilla warns Web certificate issuing companies to show proff that their systems are safe or risk being blocked

GlobalSign has become the second company to halt issuing SSL certificates or certificates guaranteeing the security of websites, after an anonymous hacker claimed to have breached its security.

Read full article

Nuclear warheads could be next Stuxnet target | #cisp #DoD #DOE

Due to the complexity and sophistication of the code contained within the Stuxnet worm, the possibility of it being used to take control of a nuclear warhead is high, according to a security expert.

At Check Point's Sydney conference this week, Check Point Israel security evangelist, Tomer Teller, said he analysed the code of the Stuxnet worm, which was used to take control of a nuclear facility in Iran in June, 2009.

Read full article:

Is a 'cyber 9/11′ inevitable? | #cyberwar #DoD #cisp

Another day, another report warning that the U.S. is dangerously unprepared for the realities of 21st century cyber-warfare. Monday's study, which was the subject of a story by AP's Lolita Baldor and which is slated for full release in the coming weeks, doesn't say anything you haven't heard before: The computer networks of the military-industrial complex, and the U.S. generally, are very vulnerable to mischief and attack because the feds can't talk amongst themselves and also can't coordinate with the private sector.

Read full article:

How to avoid cyber fraud - Las Vegas Review | #malware #hackers #cybercrime

Computer technology and the Internet have transformed the way we live. While continually advancing technology heightens convenience in both work and play, it also increases our susceptibility to Internet scams.

Cyberfraud takes many forms. It includes diverse activities such as distributing damaging viruses, stealing money, and posting confidential information.These are just a few of the threats presented online.

Read full article:

Cybercrime costs Indians over $ 7 bn in 2010 | #hackers #india

Approximately 29 million people in India fell victim to cybercrimes and cumulatively suffered a loss of US$7.6 billion in 2010, a report by Norton has said.

Of the total amount, US$4 billion is direct financial loss, while US$3.6 billion is in terms of time spent to resolve the crime, the Norton Cybercrime Report 2011 said.  The study was conducted by the cyber security firm across 24 countries in February this year.

Read full article:

Arming the country for cyber attack | #cyberwar #infosec #DHS

THE internet is a dangerous place, but is it a battlefield? Will future wars be fought in cyberspace? Many people think they will, and our government seems to agree, at least up to a point. But a glance at history suggests some of these fears may be exaggerated.

The government is certainly acting as if it takes cyber war seriously. Cyber threats loomed large in the 2009 defence white paper, and in January last year the government opened a big new Cyber Security Operations Centre where 130 people will take command of Australia's cyber skirmishes. Then in July it announced a white paper specifically on cyber security, preceded by a public discussion paper, which is expected soon.

Read full article:

18 infosec fails that let criminals win | #cybercrime #hackers #fail

The Operation Aurora attacks against Google, Adobe, Rackspace, Juniper Networks and othersrevealed in early 2010, for example, involved 12 distinct steps. Nine of them were actions that could have been detected or prevented by more comprehensive defences. If any one of these steps had failed, the attack would have failed.

In one step, victims were sent links to malicious websites via email. "The links inside the emails should have been checked by some antivirus or gateways or anything else," Aseev said.

Read full article:

Anonymous 'URGE' Program Hijacks Twitter's Trending Topics | #hackers #socialmedia #hactivist

Though Twitter's trending topics sometimes inform users of breaking news, the list is often littered with phrases or hashtags that are puzzling or just plain stupid. Right now, for example, #wifeymaterial tops the list.

But while most of us probably don't consider the content of these trending topics to be a major problem that needs solving, hacker group Anonymous thinks otherwise. The organization announced this week that it has developed a program that "hijacks trending topics of our choice and ... lets us tweet messages within them."

Read full article: