24 July 2017

Transportstyrelsen skandalen

Transportstyrelsen skandalen är bara bekräftelsen på min äldre artikel publicerad redan 2016-02-28:

IT-services Outsourcing - Between cutting costs and major security risks
https://zenosloim.blogspot.se/2016/02/it-services-outsourcing-between-cutting.html

Och det är flera företag och myndigheter som gjort likadant, bara för att spara pengar.

IT-säkerhets incidenten på Barsebäck Kärnkraft som finns nämnt på min LinkedIn sida:
https://www.linkedin.com/in/zeno-sloim-6121a6136
var också orsakat av outsourcing.

Förra året var jag finalist i rekryteringen som IT-Säkerhets Arkitekt på Transportstyrelsen.
Vid intervjun uttryckte jag min åsikt om de stora riskerna med outsourcing till IBM.
Förgäves, dåvarande IT-Säkerhetschef ej lyssnade på mig.

Det är samma problem med Barsebäck.

Och samma problem med Saab och amerikanska CSC - numera omdöpt till DXC Technology.

Och det finns flera.


Att spara pengar på kort sikt och begå "självmord" med IT-säkerhet och Sveriges nationell säkerhet,
det är ett katastrof tänkande bland dem som resonerar billigt och oansvarigt.




19 July 2017

Hack and access of laptop belonging Czech Secret Service.

Hack and access of laptop belonging Czech Secret Service.
Hack and access any secret service-military organization-corporation using HDD encryption and security suite for system protection.
All from inside Android.

When McAfee and Symantec sucks and encrypted laptop belonging Czech Secret Service gets hacked.
Endpoint Encryption unlocks the hdd but whole system remains unprotected until Endpoint Security is fully loaded and protects.
It's a gap of 10 to 15 seconds when with appropriate Python script or other software you can extract a lot of information from the widely open laptop.
Or plant an execution script which starts after full OS and security suite load, and can do anything.
Remember, all such laptops are centrally administrated and controlled, when they are inside own intranet.
The planted script mimics the central command server sent scripts.

Backdoor in Google Bot helps us to verify that laptop MAC address exists in a database of trusted MAC addresses belonging Czech Interior Ministry.
For those who once ironised the unknown power of backdoors in Google Bot (Dag Ströman FMV-CSEC).

How to find when is the moment?
Use a modified Wifi Kill, ARP protection is bypassed, system defended by Endpoint Security hangs and the owner will restart the system.
Now it's time.
Cause: most bios will activate Wifi before OS initialization.
Affected: most from Dell, Asus, HP.

Affected all laptops belonging to any secret service, military organisations and agencies using Symantec or McAffee or other similar security suites for hdd encryption and system protection.

Conclusion: trust and follow blindly the "recommendations" from CommonCriteria and ISO27000. :)

Remedy: very simple, disable automatic wifi start.
Start wifi manually after full OS and security suite load.
Awkward for lazy big chiefs :)

Advice nr.  2:
Do not dope your laptop with fancy cryptic names alike:
A12B34C56
it will only reveal the departmental structure of your organisation.
Use instead simply numbers:
12345678
and have a totally separate database to organise all your laptops.
Don't disclose indirectly your organisation structure by giving logical related names.


Backdoor discovery at Romanian Transport Ministry - Department for Railways Security and Certification AFER

Backdoor discovery at Romanian Transport Ministry - Department for Railways Security and Certification AFER
afer.ro

As usual, backdoor in Google Bot help to discover backdoor leading to intranet access inside Romanian Transport Ministry - Department for Railways Security and Certification AFER.
Responsible were informed.