Zeno Sloim - Security Politics - Analysis and Overview
17 August 2025
250817 insider info Critical SharePoint Zero-Day Exploit CVE-2025-53770
27 December 2021
211227 SwedBank Pay gives free Christmas Presents
Reference:
https://zenosloim.blogspot.com/2021/09/210930-swedbank-pay-security-flaw.html
It seems that SwedBank is very generous giving to anyone for free, Christmas presents.
Similar security flaw in the SwedBank Pay paying system, makes possible to order/buy anything and paying via SwedBank Pay (PayEx) payment system.
You'll never be invoiced.
The SwedBank Pay (PayEx) was informed about the new security flaw.
17 November 2021
211117 use chemical solvents as antihacking tool
Use chemical solvents as antihacking tool.
Guaranteed for any Apple, Android, BlackBerry, Windows Phone, Java, Linux, or any other platform using password for log in to access the device or using tokens for OAuth to banking services.
Background:
Using a password implies using a physical keyboard (ex. BlackBerry) or a virtual keyboard generated on the screen.
Every person has a particular way of making the input of password: timing between individual keystrokes, pressure of individual keystrokes, physiological health - amount of perspiration and fat substances on fingers, resulting in particular amounts of chemical traces left on surface of keyboard (physical or virtual).
Up to day there is no device with virtual keyboard which aleatory generates the geometry (disposal) of the individual tastes (buttons).
UV-analyzers used by enforcement agencies for taking fingerprints can map exactly the areas with specific amount of human perspiration and fat on surface. This identifies exactly which symbols were used in password.
Spectrometers can measure exactly the amount of rests, hence the older of each individual trace. This identifies the succession of the symbols.
So your password is revealed.
More: most token based OAuth for banking services are using only digits, making easier to reveal the password.
How many persons use to use a chemical solvent to wipe the keyboard of their device after use?
So, use a chemical solvent to wipe your keyboard or DO NOT USE A PASSWORD, only fingerprint or iris-recognition for login and banking services.
30 September 2021
210930 SwedBank Pay security flaw
210930 SwedBank Pay (PayEx) security flaw - Bugg i betalssystemet PayEx från SwedBank
A security flaw was discovered in SwedBank Pay (PayEx) payment system, allowing to buy anything from a customer using the above payment system, without paying in practice, because you will never be invoiced or debted by the bank.
The SwedBank Pay (PayEx) was informed via secured communication about the security flaw, detailed description and how to remedy the security flaw.
Buggfel har upptäckts i betalningssystemet PayEx tillhörande SwedBank, som tillåter att beställa via faktura tjänster och varor från företag som använder SwedBank Pay (PayEx).
Företaget för betalt från SwedBank Pay (köpet blir godkänt via faktura), men själva kunden som handlat blir ej debiterad, utan SwedBank får betala.
SwedBank Pay (PayEx) har informerats via säkrade kanaler om buggen, hur den uppstår och hur kan den korrigeras, med detaljerad information.
05 July 2021
210705 Kaseya or Application Specialist urgently needed
Recent Kaseya events just remind me of my comment on Solar Winds affair:
https://zenosloim.blogspot.com/2020/12/201222-from-solar-winds-hack-to.html
Well, same story happens again: blind and dumb trust in well-known US software company.
Or what happens when you cut costs by outsourcing at any price and not using own application specialists.
In Sweden we have full fun: major companies are completely blocked or partially blocked: Coop, SJ...
I remember when working as Application Specialist at SAAB, I provoked rumour when I said that I discovered hidden malware on a CD received from the renowned German company Rohde & Schwarz.
Impossible, absurd...but I was right in my assessment.
Nowadays, being an Application Specialist, is no longer important, who cares to test and reverse engineer/repack updates from Microsoft, Adobe, ... Kaseya, Solar Winds...?
Consequences? Russian hackers become rich on criminal activities and dumb arrogance of chiefs obsessed by cutting costs at any price.
We need Application Specialists in Windows softwares among others, only Linux techies are not enough...:), because advanced filtering firewalls from Israel Check Point are too expensive to be affordable.
Also not anyone is using multi- layered security solutions for email servers and intranet.
03 June 2021
210603 Google Play payment mechanism security issue - any paid app can be downloaded
210603 Google Play payment mechanism security issue - any paid app can be downloaded
I just discovered a security issue in Google Play payment system, which makes possible for an unauthorized person to download any paid app without payment.
Google was contacted for reporting and correction of the security issue.
19 March 2021
210319 after more than 4 years, Swedish State Authorities react in good direction
References:
https://zenosloim.blogspot.com/2016/02/it-services-outsourcing-between-cutting.html
https://zenosloim.blogspot.com/2017/07/transportstyrelsen-skandalen.html
Background:
During past years, keyword Outsourcing was the magic key for many Swedish responsibles from both government agencies, state authorities and big private companies.
Cutting costs without long term planning and analysis, became almost a catastrophic way of thinking and a 100% sure way to IT-security incidents and disasters.
Now it seems that many rational analysers have made their point listened and the result is here:
https://sverigesradio.se/artikel/regeringen-lagger-fram-ny-sakerhetslag
"Skärpt säkerhetslag ska skydda känslig information
Publicerat idag kl 10.30
Regeringen föreslår nu ändringar i säkerhetsskyddslagen som ska granskas av lagrådet.
Syftet är att hindra att känslig information kommer på avvägar. Till exempel måste myndigheter eller privata företag i vissa fall samråda med Säpo om IT-system ska läggas ut på entreprenad. Det kan gälla verksamhet med kopplingar till förvaret, energiförsörjning, eller telefon- och datanätverk.
Struntar de i samrådet kan de straffas med en avgift på upp till 50 miljoner kronor."
At last...
Sådana chefer som lägger allt inkl. känslig IT-drift på entreprenad, utan att tänka på konsekvenser, borde också lägga deras eget tjänst på entreprenad, så att någon mer kompetent ersätter dem.