Trend Micro reports a zero-day vulnerability in Oracle's Java version 8 being used against NATO and United States Department of Defense targets. This incident further illustrates the stupidity of using the web browser as a run time for executing strange code as well as the special sort of idiocy that is running strange Java code.
Category Archives: Security
US Missiles Carry Out "unexplained" Commands in the Field
Reports are coming in that Patriot missile systems located in Turkey and operated by the German Bundeswehr have been the target of computer hackers.
Though details are scarce, the German media outlet Behörden Spiegel is indicating that "unexplained" commands were remotely issued to the US-produced weapons systems by an unknown individual or group of hackers. Though as yet unconfirmed, there remains some cause for concern that the Patriot (MIM-104) missile systems deployed in the field, which consist of six launchers, each with four missiles designed for either anti-air or long-range tactical ballistic missile interception, and several radar systems, could fall into enemy hands without a battle ever taking place.1 Unlike the US HUMVEEs now in the hands of ISIS, this attack demonstrates the possibility that no physical interaction would have to take place for NATO technology to turn on its creators2 and deployers.3 Continue reading
The Patriot missile system is also highly mobile as it's carried on M860 semi-trailers, which are then towed by large M983 HEMTT trucks. ↩
The Patriot missile systems are produced by Raytheon, Lockheed Martin, and Fire Control on US soil. ↩
Current operators of this system include Bahrain, Egypt, Germany, Greece, Jordan, Japan, Israel, Kuwait, the Netherlands, Qatar, Saudi Arabia, South Korea, Spain, Taiwan, the United Arab Emirates, and of course the United States of America. ↩
French TV Venture CANAL+ Hacked, Suppresses News with DMCA
TorrentFreak reports major French television Canal+ hits Github with DMCA complaint after experiencing a severe AWS breach. The hacker, who ran the “hooperp” Github repository, was able to steal “all the data and codes” regarding its new CRM project “Kiss deploy”, before using the server’s key to mine Bitcoin. Legal counsel for Canal+ revealed: Continue reading
Chain Fork Reveals BIP Process Broken
This weekend the Bitcoin Blockchain experienced a forking incident due a discrepancy between what the expectations of a group developing a Bitcoin network client named "Bitcoin Core" and the actual behavior of Bitcoin miners. The developers of the Bitcoin Core client through a process they refer to as "Bitcoin Improvement Proposals" or BIPs introduced a "soft" forking change into their client which would be triggered through a voting mechanism. In this case miners had appeared to vote in favor of BIP 66, which would have enforced stricter encoding of signatures in an attempt to address the transaction malleability issue which is most notable for having been used as a scapegoat by Mt Gox while actually having little to do with their collapse. Continue reading
Europol & Eurojust Take Down Cybercriminal Group
Reports are coming in that five "high-level cybercriminal" suspects have been arrested for "cybercrime" related to the ZeuS1 and SpyEye2 malware programs. After eight house searches were conducted across four different European cities, the Joint Investigation Team,3 supported by Europol and Eurojust, took down this "very active criminal group" that is allegedly responsible for infecting consumer and banking computers with Trojans. By infecting target machines, harvesting bank credentials, and compromising bank account information, the unnamed members of the group were able to make off with upwards of EUR 2 million. Continue reading
ZeuS or Zbot is a trojan computer program that exclusively infects computers running Microsoft Windows. (Run moar winbloze!™) ZueS function by form grabbing or man-in-the-browser keystroke logging and is also used to install the CryptoLocker ransomware program that has plagued police departments, county prosecutors, municipal governments, public schools, gamers, and other private individuals since at least 2013. ZueS is spread through phishing schemes and drive-by downloads. ↩
SpyEye is still another trojan computer program that exclusively infects computers running Microsoft Windows. Are you noticing a pattern here yet ? Spyeye works quite similarly to ZueS and has been previously used to obtain personal and financial information from Verizon customers in the US as well as infecting Amazon's Simple Storage Service as a platform for launching botnet attacks from the cloud service provider. ↩
JIT member countries include Austria, Belgium, Finland, the Netherlands, Norway and the United Kingdom, all of whom are also in the NATO Reich with the exception of Austria and Finland. ↩
OpenBSD Moving sudo to Ports
Earlier this month on a development mailing list Todd C. Miller, the current sudo developer and an OpenBSD contributor, announced that after consultation with Theo de Raadt the sudo utility in OpenBSD would be moving from the base system to the OpenBSD ports collection. The utility sudo was originally developed by Bob Coggeshall and Cliff Spencer at SUNY Buffalo for 4.1 BSD running on a VAX-11/750 sometime around 1980 and Todd C. Miller adopted sudo development in 1994. According to Theo de Raadt there are no immediate plans to introduce a tool to the base system as a replacement for sudo introducing a "gap" before considering potential base system replacements. The original superuser utility su will however remain a part of the base system.
Former US House Speaker Indicted on Attempting to Evade Financial Surveillance
Dennis Hastert, Speaker of the United States House of Representatives from 1999 through 2007, was indicted today on charges of structuring bank withdrawals to avoid mandatory bank reporting and lying about the purpose of the withdrawals to the Federal Bureau of Investigation. Hastert is alleged to have made the cash withdrawals to "compensate for and conceal" some past transgression against an unnamed individual which ended with Hastert and the other party reaching a privately negotiated settlement. Prior to his career in politics Hastert was a teacher at Yorkville High School in Illinois where he additionally coached wrestling and football. Continue reading
IRS Confirms Breach Reported 2 Months Ago
The United States Internal Revenue Service has now confirmed that a March 30th report by Brian Krebs where he revealed an online portal operated by the IRS for disseminating tax transcripts had been leaking personal information and tax records to parties who ought not to have been authorized to view them. According to the the IRS more than one hundred thousand records were accessed in this manner. This news follows an epic volume of falsified tax returns filed this year sending tax overpayments to fraudsters to the point where major tax preparation companies had to stop handling state tax returns. The gravity of this leak's potential impact on the tenth of a million affected persons can not be underestimated considering the manner in which the fiat state handles identity: Continue reading
Bitfinex Hot Wallet Possibly Compromised
Bitfinex has announced (archive) that their hot wallet may have been compromised and in a move reminiscent of the Bitstamp hack earlier this year is asking customers to cease deposits to older addresses at this time. The full statement reads: Continue reading
Social Engineering Attack Takes Bitcoin Talk Offline
Theymos of Bitcoin Talk has advised that a successful social engineering attack on the ISP NFOrce enabled an attacker to gain access to the server which hosts the once popular forum. Theymos writes (archive): Continue reading