171203 - Famous Softwares Shame-list and spying

171203 - Famous Softwares Shame-list and spying

Just few coments on new-old trends of spying via softwares which shamelessly pretend to defend your privacy.
Despite contacting the authors few years ago and promises, nothing yet.
But on contrary, new spying methods introduced, under the umbrella of improvements, new features, bug updates, and so on.
In reality, the old issues were totally ignored.

1. Mozilla Firefox.
- years ago asked for local import of bookmarks (html file)in Android.
- nothing yet

- recent blacklist and coming future block of MHT plugins, allowing only third-part cloud solutions for it
- from now on, all your saved files will be reported to U.S. authorities

- WebRTC introduced in recent versions of almost all browsers, bypasses VPN proxy solutions, revealing your real IP
- Mozilla Firefox, Chrome,...list is long...
- same in Android
- however still exist browsers in which WebRTC can be disabled


2. Siber Systems AI RoboForm
- years ago asked for local import of bookmarks (RFP files)in Android.
- nothing yet
- all your data is in cloud, at disposal of U.S. authorities

170924 Crypto Currencies - limits, risks, backdoors, legitimity, crypto algorhytms

170924 Crypto Currencies - limits, risks, backdoors, legitimity, crypto algorhytms


Crypto currencies:
https://en.wikipedia.org/wiki/List_of_cryptocurrencies


Limits:
1. Will never be accepted worldwide by nations, corporations.
   Why?
   Because no state, government or bank will ever guarantee for it.
   Because none of above actors issued it.

2. Limited acceptance on internet, mostly for illegal and criminal activities.

3. In most optimistic estimates, only limited group of nations, geographically neighbours, will accept a crypto currency.
   This will be solution in case of local or global armed conflicts when Swiftnet will be useless or politically biased/boycotted.
   Geographically neighbours due to secure communications lines and avoid of sabotage or intercept.
  
  
Risks:
1. No authority guarantee its course versus real currencies or gold.

2. Without internet connection, is completely useless. In case of armed conflicts, totally useless.

3. In case of political conflicts between states, due to present internet infrastructure, USA and allies can anytime eliminate internet access and block any crypto 
   currency.
  
4. Crypto currency needs access to secure communications lines, nowadays internet as it is, is completely vulnerable physically. That is why only geographical 
   neighbours can build and assure a secure communication line.


Backdoors:
1. Despite so-called "open control", because of lack of state/government/bank control, anything can happen such as frauds, hacks and lack of integrity of crypto currencies depos or sites administering assets of crypto currencies.

2. Any major government/state have physical and technical possibility to stop encrypted communications and blocking any crypto currency.


Legitimity
1. Crypto curencies continue to exist and mostly be used for illegal and criminal activities because they are silently tolerated by state authorities and also used
   in same illegal activities.
  
2. Due to actual international situation and global tendencies of world biggest corporations which aim to supress national states sovereignity in order to achieve
   world dominance, Swiftnet, US Dollar and Euro will gradually no-longer be accepted by more and more countries like: Russia, China, India, Brazil, Venezuela, Iran, ... they will adopt other means for their inter-transactions.

Crypto algorhytms
1. Whole race for more secure communications and algorhytms is useless without physical securing the communication lines.
   Nowadays only physically mark located lines can be secured. Forget about satellites, they can be very easy destroyed.
  
2. Which means only geographical neighbours will group and form a common local crypto currency.

170913 Saab

2014 arbetar jag som IT-Security Consultant och Application Specialist på Saab.

Bland annat som IT-Administrator för Saab globala nätverk antivirus och brandvägg.

Efter upptäckt av allvarliga säkerhetsbrister och rapportering till Saab översta ledning fick jag sluta.

Min närmaste chef får också sluta och en hel avdelning avvecklas.

Även Saab CISO (Chief Information Security Officer) fick sluta !

2016 deltar i rekryteringen som IT-Security Specialist till Saab ICT.

Efter utmärkt första intervju, plotsligt får jag nej med motiveringen att Saab högsta ledning sagt nej.

2017 deltar i rekryteringen som IT-Security Analyst till Saab ICT.

Utmärkt första intervju, sedan nej. HR-rekryteraren ringer mig och mycket förvånad frågar varför Saab sagt nej.

2017 blir kallad och deltar i rekryteringen som ... Saab IT-Security Manager... på Saab!

Saab IT-Chef deltar vid intervju och jag gör ett bra intryck med hänvisning till min erfarenhet inom IT-Security och mina meriter listade på LinkedIn.

Svaret inkommer efter 1 vecka: Saab högsta ledning sagt nej igen.

Utan att bryta mot sekretess lagen och att nämna att jag är enbart svensk medborgare, registerkontroll RK2 godkänt och genomgått IT-Security och Information Security Management på Saab,

villle bara offentligt fråga Saab översta ledning varför?

Att Saab IT-Chef kallar mig till intervju för tjänsten Saab IT-Security Manager säger mycket.

Också att en hög tjänsteman på Saab HR ringer mig och kallar mig till intervju som Saab IT-Security Manager också säger något.

Så?

Vördsamt

Zeno Sloim

Transportstyrelsen skandalen

Transportstyrelsen skandalen är bara bekräftelsen på min äldre artikel publicerad redan 2016-02-28:

IT-services Outsourcing - Between cutting costs and major security risks

https://zenosloim.blogspot.se/2016/02/it-services-outsourcing-between-cutting.html

Och det är flera företag och myndigheter som gjort likadant, bara för att spara pengar.

IT-säkerhets incidenten på Barsebäck Kärnkraft som finns nämnt på min LinkedIn sida:
https://www.linkedin.com/in/zeno-sloim-6121a6136
var också orsakat av outsourcing.

Förra året var jag finalist i rekryteringen som IT-Säkerhets Arkitekt på Transportstyrelsen.
Vid intervjun uttryckte jag min åsikt om de stora riskerna med outsourcing till IBM.
Förgäves, dåvarande IT-Säkerhetschef ej lyssnade på mig.

Det är samma problem med Barsebäck.

Och samma problem med Saab och amerikanska CSC - numera omdöpt till DXC Technology.

Och det finns flera.


Att spara pengar på kort sikt och begå "självmord" med IT-säkerhet och Sveriges nationell säkerhet,
det är ett katastrof tänkande bland dem som resonerar billigt och oansvarigt.

Hack and access of laptop belonging Czech Secret Service.

Hack and access of laptop belonging Czech Secret Service.
Hack and access any secret service-military organization-corporation using HDD encryption and security suite for system protection.
All from inside Android.

When McAfee and Symantec sucks and encrypted laptop belonging Czech Secret Service gets hacked.
Endpoint Encryption unlocks the hdd but whole system remains unprotected until Endpoint Security is fully loaded and protects.
It's a gap of 10 to 15 seconds when with appropriate Python script or other software you can extract a lot of information from the widely open laptop.
Or plant an execution script which starts after full OS and security suite load, and can do anything.
Remember, all such laptops are centrally administrated and controlled, when they are inside own intranet.
The planted script mimics the central command server sent scripts.

Backdoor in Google Bot helps us to verify that laptop MAC address exists in a database of trusted MAC addresses belonging Czech Interior Ministry.
For those who once ironised the unknown power of backdoors in Google Bot (Dag Ströman FMV-CSEC).

How to find when is the moment?
Use a modified Wifi Kill, ARP protection is bypassed, system defended by Endpoint Security hangs and the owner will restart the system.
Now it's time.
Cause: most bios will activate Wifi before OS initialization.
Affected: most from Dell, Asus, HP.

Affected all laptops belonging to any secret service, military organisations and agencies using Symantec or McAffee or other similar security suites for hdd encryption and system protection.

Conclusion: trust and follow blindly the "recommendations" from CommonCriteria and ISO27000. :)

Remedy: very simple, disable automatic wifi start.
Start wifi manually after full OS and security suite load.
Awkward for lazy big chiefs :)

Advice nr.  2:
Do not dope your laptop with fancy cryptic names alike:
A12B34C56
it will only reveal the departmental structure of your organisation.
Use instead simply numbers:
12345678
and have a totally separate database to organise all your laptops.
Don't disclose indirectly your organisation structure by giving logical related names.

Backdoor discovery at Romanian Transport Ministry - Department for Railways Security and Certification AFER

Backdoor discovery at Romanian Transport Ministry - Department for Railways Security and Certification AFER
afer.ro

As usual, backdoor in Google Bot help to discover backdoor leading to intranet access inside Romanian Transport Ministry - Department for Railways Security and Certification AFER.
Responsible were informed.

170607 Swedish Digital Identification System BankID from Finansiell ID-Teknik BID AB byepassed on Android

 170607 Swedish Digital Identification System BankID from Finansiell ID-Teknik BID AB byepassed on Android

Quote from:
https://www.bankid.com/en/om-bankid/detta-ar-bankid

"BankID is the leading electronic identification in Sweden.
Many services are provided where citizens can use their BankID for digital identification as well as signing transactions and documents.
The services vary from online and mobile banking, e-trade to tax declaration and are provided by government, municipality, banks and companies.
BankID is used both for identification as well as signing.
According to Swedish law, and within the European Union, BankID is an advanced signature and a signature made with a BankID is legally binding.
The customer’s identification is guaranteed by the bank issuing the BankID.
Authorities, companies and other organizations must check the validity of the customer’s identity and signature.
BankID is available on smart card, soft certificate as well as mobile phones, iPads and other tablet devices."

Android app:
Google Play:
https://play.google.com/store/apps/details?id=com.bankid.bus

Quote from:
https://www.swedbank.se/privat/digitala-tjanster/mobilt-bankid/?contentid=CID_378591

"Jag har skaffat en ny smartphone. Kan jag flytta över mitt Mobilt BankID till den?

Nej, det går av säkerhetsskäl inte att flytta ett Mobilt BankID men har du fortfarande tillgång till din gamla smartphone så kan du använda den för hämta ett nytt Mobilt BankID.

    Ladda ner BankID säkerhetsapp från Google Play eller App Store till din nya smartphone.
    Tänk på att telefonen behöver vara ansluten till internet via antingen wifi eller 3G.
    Logga in i internetbanken med din gamla smartphone och beställ ett nytt Mobilt BankID under Tillval – BankID
    Starta BankID säkerhetsapp och skapa en säkerhetskod ange aktiveringskoden som du fick i internetbanken.

Vi rekommenderar också att du spärrar ditt Mobilt BankID som var kopplat till din gamla smartphone. Detta gör du internetbanken under Tillval – BankID"

Unfortunately, I discovered a way to copy and restore Mobilt BankID on a device after full system restore.
And have it completely functional with all services using it.
No longer reauthentication with bank and create a new Mobilt BankID, as they say for security reasons.
That means the whole authentication system based on Mobilt BankID from Finansiell ID-Teknik BID AB is byepassed.
Tested with Swedbank.

Further escalation would be to test recreate the Mobilt BankID on an other device.

I informed Finansiell ID-Teknik BID AB and Swedbank about the critical security flaw which byepasses the leading electronic identification in Sweden.

No technical details are given publicly.
Only directly (no phone/email/other internet based communication) to implied authorities.

170517 Swedish National Forensic Center NFC needs to instruct their personal more in IT Security awareness

Swedish National Forensic Center NFC needs to instruct their personal more in IT Security awareness

Today I travelled back from Stockholm where I have been for an interview at Defence Ministry as Chief Engineer for IT Security.

Near me was a higher employee from Swedish National Forensic Center.
He was accompanied by several other persons from same authority.
He started to read some job related mails and talk with his mates about them.
I concluded they were on a job related matter travel at Stockholm and returned back.
The fact they were discussing openly job matters made me curious to check their security awareness.
Using a special modified Bluetooth scanner and promiscuous sniffer, 
I noticed they had mobile phones, tablet and smart watch widely open to Bluetooth attacks.
Well, I made a sign to their chief and asked to follow me few meters away to discuss a private matter.
He followed me, then I informed him about the risks he is exposing himself and confidential information from his workplace.
He replied he was aware.. but all the devices he used were ...his private..not official from NFC.
Strange... personal smartphone but from same phone he read official mails and messages to his job comrades.
I'll just to my duty and inform NFC about the events and that they need to rise awareness of their employees when it comes to IT Security.

Finalist as Cyber Security analyst at Swedish Secret Service

Finalist i rekryteringen som:
Analytiker med inriktning cyber till enheten för taktisk säkerhetsanalys vid säkerhetsavdelningen för centrala stats ledningen.

Finalist in recruitment as:
Cyber Security analyst at the Unit for Tactical Security Analysis belonging Security Department of Swedish Secret Service under the leading of Swedish Prime Minister.

Physical isolation - last step in securing own internal IT-infrastructure

Physical isolation - last step in securing own internal IT-infrastructure

I wrote 4 years ago in my analysis of how Iran got Stuxnet:
http://zenosloim.blogspot.com/2013/09/how-stuxnet-hit-iran-inside-story.html
and in insecurity of Cloud services:
http://zenosloim.blogspot.com/2013/09/cloud-services-and-politics-new-cold-war.html

that only way to total security is complete physical separation of national/internal IT-infrastructure from rest of the world.

Now my advice is confirmed and applied.
"Russia’s Communications Ministry has developed a program that would allow the isolation of all internal internet traffic on servers located within the country, thus minimizing the risk of foreign hackers meddling with sensitive data."

Quote from:
https://www.rt.com/politics/387835-communications-ministry-proposes-isolation-of/

And those naives still thinking that software solutions from "neutral" small countries is "secure" or "efficient" should think twice.
Being "small" increases the risk for "planting" backdoors ordered by US authorities.

SWIFT.net penetration

Few days ago a Russian hackers group made public the info that US authorities had secret access to SWIFT.net network via until now secret kept backdoors in software.
Now, that this information is no longer a secret,
I can disclose that as early as 2010 April,  US authorities had direct hidden access in the French bankgroup BNP Paribas in Europe.
By using a special syntax and backdoor in Google servers and Google Bot, someone could access bank internal SWIFT.net data traffic intercepted and retransmitted to US located servers.
Similar backdoor was available in 2011-2012 for intercepting of data traffic from servers belonging Romanian Government and Finance Department regarding state contracts and aquisitions.

170314 Social network VKontakte backdoor giving access to any personal files of any user without login

Never used VKontakte, but being curious of Russian representant to Eurovision 2017- Юлия САМОЙЛОВА  Julia SAMOYLOVA - I "visited" VKontakte.
So I discovered a "way" to access any file of any user, without login.
BURP Suite was used for traffic analysis.

Critical security flaws with router ASUS RT-AC68U

Just tested a brand new router ASUS RT-AC68U with latest firmware, here in Sweden.
Looking inside the log, discovered interesting things, which ASUS must answer.
A lot of unknown IP-addresses appeared during booting of router.
IP's addressed  by router firmware.
I tested them.
Seems that router.asus.com leads to unauthorised access to other owners of Asus routerswho authorised WAN access to their routers.
I attach more screendumps.

Something is for sure WRONG!

And ASUS engineers must answer and correct these critical security flaws.
Not naming that trying to connect a network printer via LAN, it gets an IP address for about 20 seconds, then gets disconnected.

Waiting for ASUS to address these problems!