Archive for 2012/09/18

Only One Dutch Newspaper And One Dutch MEP Dare To Make Mention Of Demmink Case

Posted: 2012/09/18 in Education / Awareness, Enforcement, Organized Crime, Public Policy, Stats / reports

Most ‘traditional’ Dutch newspapers and their online equivalents are afraid to report on the matter (out of fear of losing access to the Dutch political realm and out of fear of being sued by high profile Dutch law firms) but the Dutch newspaper ‘Katholiek Nieuwsblad’ is reporting – courageously - that Freedom Party MEP Lucas Hartong is showing support for the initiative of 3 U.S. Members Of Congress to reopen (or open at all) the case against Joris Demmink, the Secretary General of the Dutch Ministry of Justice.

A fourth Member of Congress, Mr. Ted Poe, has also written a letter to Prime Minister Erdogan of Turkey about this particular issue. Poe believes that Demmink has used his power and influence to block any attempts to investigate the child abuse accusations against him.

Hartong is of the opinion that a bit of pressure in the direction of the Dutch prosecution authorities by folks from the U.S. couldn’t hurt and is even justified in this particular matter. Hartong has asked the Chair of the U.S. Delegation of the EU Parliament, Mr. Christian Ehler, to put this topic on the agenda and (join the) call for an investigation.

Dutch language news article:
http://www.katholieknieuwsblad.nl/nieuws/item/2568-pvv-steunt-verzoek-heropening-zaak-demmink.html

Background information:
http://vrritti.com/?s=demmink&submit=Search

UPDATE: In an article published on 13th September 2012, Katholiek Nieuwsblad suggests that the Dutch Ambassador to the U.S. Mr. Rudolf Bekink did not present the facts entirely correctly when writing his recent letter to the U.S. Members of Congress. The newspaper argues that Dutch police investigators weren’t able to establish whether or not Secretary General Demmink had been in Turkey during the alleged cases of abuse of Turkish teenagers. The Ambassador however, argues that everything has been thoroughly investigated and that it had been established that Mr. Demmink had not been in Turkey at the relevant moments in time. The newspaper also suggests a certain trade-off. In return for the Turkish government keeping quiet in relation to the child abuse incidents, Demmink would have imprisoned a Turkish citizen who had knowledge about Turkish government officials being involved in drug trafficking. Just one week ago, Advocate-General Mr. Diederik Aben has advised the Dutch Supreme Court to reopen the case that has resulted in the imprisonment of this Turkish individual.

Dutch language news article:
http://katholieknieuwsblad.nl/nieuws/item/2558-ambassadeur-in-vs-in-actie-vanwege-aantijgingen-tegen-joris-demmink.html

Digital fiction book sales soar, Publishers Association says

Posted: 2012/09/18 in Education / Awareness, New Business Models, Stats / reports, Tech Evolution

A “huge increase” in the value of digital book sales in the UK has been announced by trade organisation the Publishers Association.

The value of digital fiction sales in the first half of 2012 was up 188% on the same period in 2011.

Physical book sales saw a drop in value, dipping 0.4% year on year.

Industry experts said that while the figures were healthy, other areas of the industry, such as bookshops, continued to struggle financially.

More:
http://www.bbc.co.uk/news/technology-19626076

Dutch Government Promises To Keep Out Any ACTA Inspired ‘Trojan Horses’

Posted: 2012/09/18 in Copyright, Education / Awareness, Enforcement, Legislation, Public Policy, Stats / reports

Members of parliament needed reassurance that foreign countries or Brussels would not go and sneak ACTA-type regulation into other treaties and legislative proposals.

Dutch language news article:
http://webwereld.nl/nieuws/111823/verhagen-belooft-verzet-tegen-stiekeme-acta-klonen.html

According to a Silicon Valley web developer, any first-year coder can bust into a Virgin Mobile U.S. subscriber’s account, see who they call and text, register a different phone on the account and even purchase a new iPhone

Posted: 2012/09/18 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection, Stats / reports

http://www.wired.com/threatlevel/2012/09/virgin-mobile/

Iraqi-American who’s trying to create Iraq’s first hackerspace

Posted: 2012/09/18 in Education / Awareness, New Business Models, Stats / reports

http://www.wired.com/dangerroom/2012/09/iraq-hackerspace/

Feds Charge Activist with 13 Felonies for Rogue Downloading of Academic Articles

Posted: 2012/09/18 in Copyright, Education / Awareness, Enforcement, Illegal File Sharing, Public Policy, Stats / reports

http://www.wired.com/threatlevel/2012/09/aaron-swartz-felony/

Movie and TV Show Pirates Hid Topsite Server Inside ISP Network

Posted: 2012/09/18 in Copyright, Education / Awareness, Enforcement, Illegal File Sharing, New Business Models, Public Policy, Stats / reports, Tech Evolution

The individuals, mainly employees of ISPs in Finland, allegedly hid their operation inside their company’s networks and rerouted monitoring software so that the existence of the server wouldn’t be uncovered.

This week four alleged operators of a Scene topsite called Hayabusa / Rainbow (HBR / RBW) are appearing before a Finnish court charged with copyright offenses. The individuals are described as IT professionals which is hardly a surprise, but perhaps of more interest is that three of them worked for a pair of Finnish Internet service providers. Their positions appear to have proven crucial to the site’s operations.

According to an investigation carried out by the police, the topsite servers of HBR / RBW were installed by employees of Saunalahti, a company owned by prominent Finnish ISP Elisa. Taking full advantage of Elisa’s position, it’s claimed that these servers were installed in Elisa’s machine room and connected to the Internet using the ISP’s super-fast fiber connection.

Then, to complete the stealth installation, it’s alleged that the defendants modified Elisa’s network monitoring software so that the IP addresses and traffic generated by the servers went unnoticed by the company.

Nevertheless, police investigations eventually led to Elisa and the company was asked to provide the identity of the people behind the server. But inside the ISP the news that the police were looking for the Hayabusa / Rainbow operators traveled fast.

After hearing of the investigation one of the defendants is said to have taken down the site and attempted to destroy evidence.

More:
http://torrentfreak.com/movie-and-tv-show-pirates-hid-topsite-server-inside-isp-network-120918/

Miscreants can crash or infiltrate banks and help desks’ touch-tone and voice-controlled phone systems with a single call, a security researcher warns

Posted: 2012/09/18 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection, Stats / reports

Rahul Sasi, who works for iSight Partners, said audio processing algorithms in office telephone networks and speech-driven command software are liable to crash when bombarded with unusual data in so-called fuzzing attacks.

More:
http://www.theregister.co.uk/2012/09/18/dtmf_phone_system_hack_attack/

Mobile Banking Crosses the 300 Million Users Mark Worldwide as Financial Institutions Seek to Capture Developing Markets

Posted: 2012/09/18 in Education / Awareness, Mobile tech, New Business Models, Stats / reports

http://www.prnewswire.com/news-releases/mobile-banking-crosses-the-300-million-users-mark-worldwide-as-financial-institutions-seek-to-capture-developing-markets-170063636.html

Germany proposes ban on surveillance software exports to totalitarian regimes

Posted: 2012/09/18 in Blocking, Education / Awareness, New Business Models, Public Policy, Stats / reports

http://www.zdnet.com/germany-proposes-ban-on-surveillance-software-exports-to-totalitarian-regimes-7000004379/

When it comes to cybersecurity law, where do we draw the line on information sharing?

Posted: 2012/09/18 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection, Public Policy, Stats / reports

Information sharing in law enforcement and national security is essential, but in a democracy, so is privacy. The challenge is how we balance those two factors.

http://www.zdnet.com/when-it-comes-to-cybersecurity-law-where-do-we-draw-the-line-on-information-sharing-7000004415/

Virgin Media UK SuperHub Still Afflicted by Corrupted Downloads Bug

Posted: 2012/09/18 in Education / Awareness, Network Security, Stats / reports

Customers of cable operator Virgin Media are continuing to complain of problems with the ISPs SuperHub wireless router / modem kit, which is shipped alongside their superfast broadband packages. Thankfully a new firmware is on the way and this one might just fix the device for good; but we did say “might“.

Sadly some customers appear to have suffered no end of problems with the SuperHub since it was first released almost two years ago. Since then owners of the device have experienced all sorts of problems from slow speeds (here) to unstable wireless connectivity, random rebooting and most recently corrupted internet downloads.

More:
http://www.ispreview.co.uk/index.php/2012/09/virgin-media-uk-superhub-still-afflicted-by-corrupt-broadband-downloads.html

U.S. Caught Creating Three New Computer Viruses

Posted: 2012/09/18 in Cybercrime, Education / Awareness, Network Security, New Business Models, Privacy / Data Protection, Public Policy, Stats / reports

Researchers working for both Kaspersky and Symantec have separately discovered that the United States is almost certainly responsible for three new viruses that are being used in Lebanon and Iran to conduct espionage, having already been identified as the culprits behind the 2010 Stuxnet virus and this year’s closely related Flame virus.

More:
http://www.infowars.com/u-s-responsible-for-newly-discovered-computer-viruses/

Google Developer Hints at Possibility of an Internet Without Site Log-ins

Posted: 2012/09/18 in Education / Awareness, Google, New Business Models, Stats / reports, Tech Evolution

http://gizmodo.com/5944045/google-developer-hints-at-possibility-of-an-internet-without-site-log+ins

Google Play Finally Starts to Catch Up With 600 New Fox Titles

Posted: 2012/09/18 in Education / Awareness, Google, New Business Models, Stats / reports

http://gizmodo.com/5944160/google-play-finally-starts-to-catch-up-with-600-new-fox-titles

Google eyes Facebook, Instagram with purchase of Snapseed

Posted: 2012/09/18 in Education / Awareness, New Business Models, Stats / reports

http://arstechnica.com/business/2012/09/google-buys-instagram-rival-snapseed-set-to-integrate-into-google/

Many ways to break SSL with CRIME attacks, experts warn

Posted: 2012/09/18 in Education / Awareness, Network Security, Privacy / Data Protection, Stats / reports

Despite browser fixes, disabling SSL compression on servers may be best defense

More:
http://arstechnica.com/security/2012/09/many-ways-to-break-ssl-with-crime-attacks-experts-warn/

Two men admit to $10 million hacking spree on Subway sandwich shops

Posted: 2012/09/18 in Cybercrime, Education / Awareness, Enforcement, Litigation, Stats / reports

Two Romanian men have admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts. The heist, which spanned the years 2009 to 2011, racked up more than $10 million in losses, federal prosecutors said.

More:
http://arstechnica.com/security/2012/09/romanians-cop-to-10-million-hacking-spree/

The state of technical support from most major vendors these days is so abysmal that an actual good support experience is almost shockingly noteworthy

Posted: 2012/09/18 in Education / Awareness, Stats / reports

http://arstechnica.com/information-technology/2012/09/ars-asks-whats-wrong-with-tech-support/

ReWalk ushers in the age of the exoskeleton

Posted: 2012/09/18 in Education / Awareness, New Business Models, Stats / reports, Tech Evolution

http://arstechnica.com/science/2012/09/rewalk-ushers-in-the-age-of-the-exoskeleton/

Dutch Ministry Of Justice: The National Cyber Security Center Is Not A Regulator, It Only Has An Advisory Role

Posted: 2012/09/18 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection, Public Policy, Stats / reports

As such, the National Cyber Security Center (NCSC) does not investigate nor demand information about the security measures taken by businesses and organizations and does not know whether these entities may or may not use SCADA and ICS related web and software applications by Siemens.  The NCSC does not know whether these organizations use VPNs for safer use of these applications or the extent to which these SCADA systems have been separated from the public internet (for example by use of firewall software and hardware).

The Center only has an advisory role (proactive) and will respond to security incidents (reactively).

Dutch language memo (published on 20th August, in response to questions from a Member of Parliament posed on 13th June 2012):
https://zoek.officielebekendmakingen.nl/ah-tk-20112012-3156.html

Previously:

Siemens SIMATIC HMI is a software package used in many industries, including food and beverage, water and wastewater, oil and gas, and chemical
Independent researchers Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov from Positive Technologies have identified multiple vulnerabilities in the Siemens WinCC application. In evaluating these reported vulnerabilities, Siemens identified an additional vulnerability that is included in this advisory. Siemens WinCC 7.0 SP3 web server and web applications are affected. These vulnerabilities may allow an attacker to gain unauthorized access, read from, or write to files and settings on the target system.
http://vrritti.com/2012/06/08/siemens-simatic-hmi-is-a-software-package-used-in-many-industries-including-food-and-beverage-water-and-wastewater-oil-and-gas-and-chemical/

List of 2,000+ SCADA IP addresses posted to increase Cyber security awareness
http://vrritti.com/2012/06/21/list-of-2000-scada-ip-addresses-posted-to-increase-cyber-security-awareness/

Dutch Minister For Infrastructure Schultz van Haegen: Dutch SCADA Systems Are Safe
http://vrritti.com/2012/03/12/dutch-minister-for-infrastructure-schultz-van-haegen-dutch-scada-systems-are-safe/

Dutch hackers were able to manipulate SCADA system of swimming pool, remotely via the internet
http://vrritti.com/2012/02/20/dutch-hackers-were-able-to-manipulate-scada-system-of-swimming-pool-remotely-via-the-internet/

See also:
http://vrritti.com/?s=scada&submit=Search

“Six Strikes” Anti-Piracy Scheme Overly Secret and Unfair, Says Professor Annemarie Bridy

Posted: 2012/09/18 in Copyright, Education / Awareness, Enforcement, Illegal File Sharing, New Business Models, Public Policy, Stats / reports, Three Strikes

University of Idaho Law Professor Annemarie Bridy reviewed the plan to see whether it respects basic consumer protection norms. The results were just published online and the report includes harsh critique as well as some positive notes.

Much more:
http://torrentfreak.com/six-strikes-anti-piracy-scheme-overly-secret-and-unfair-says-professor-120917/

Microsoft: Use Of Internet Explorer 6, 7, 8 Or 9 Is A Bit Unsafe Now. Here Are Some Remedies That May Not Really Work

Posted: 2012/09/18 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection, Public Policy, Stats / reports

..because they could affect overall usability of the browser. Blocking trusted sites for example…

We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue.

More:
http://blogs.technet.com/b/msrc/archive/2012/09/17/microsoft-releases-security-advisory-2757760.aspx

See also:

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9. Internet Explorer 10 is not affected. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability.

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

More:
http://technet.microsoft.com/en-us/security/advisory/2757760