17 May 2017

170517 Swedish National Forensic Center NFC needs to instruct their personal more in IT Security awareness

Swedish National Forensic Center NFC needs to instruct their personal more in IT Security awareness

Today I travelled back from Stockholm where I have been for an interview at Defence Ministry as Chief Engineer for IT Security.

Near me was a higher employee from Swedish National Forensic Center.
He was accompanied by several other persons from same authority.
He started to read some job related mails and talk with his mates about them.
I concluded they were on a job related matter travel at Stockholm and returned back.
The fact they were discussing openly job matters made me curious to check their security awareness.
Using a special modified Bluetooth scanner and promiscuous sniffer, 
I noticed they had mobile phones, tablet and smart watch widely open to Bluetooth attacks.
Well, I made a sign to their chief and asked to follow me few meters away to discuss a private matter.
He followed me, then I informed him about the risks he is exposing himself and confidential information from his workplace.
He replied he was aware.. but all the devices he used were ...his private..not official from NFC.
Strange... personal smartphone but from same phone he read official mails and messages to his job comrades.
I'll just to my duty and inform NFC about the events and that they need to rise awareness of their employees when it comes to IT Security.

16 May 2017

Finalist as Cyber Security analyst at Swedish Secret Service

Finalist i rekryteringen som:
Analytiker med inriktning cyber till enheten för taktisk säkerhetsanalys vid säkerhetsavdelningen för centrala stats ledningen.

Finalist in recruitment as:
Cyber Security analyst at the Unit for Tactical Security Analysis belonging Security Department of Swedish Secret Service under the leading of Swedish Prime Minister.

10 May 2017

Physical isolation - last step in securing own internal IT-infrastructure

Physical isolation - last step in securing own internal IT-infrastructure

I wrote 4 years ago in my analysis of how Iran got Stuxnet:
http://zenosloim.blogspot.com/2013/09/how-stuxnet-hit-iran-inside-story.html
and in insecurity of Cloud services:
http://zenosloim.blogspot.com/2013/09/cloud-services-and-politics-new-cold-war.html

that only way to total security is complete physical separation of national/internal IT-infrastructure from rest of the world.

Now my advice is confirmed and applied.
"Russia’s Communications Ministry has developed a program that would allow the isolation of all internal internet traffic on servers located within the country, thus minimizing the risk of foreign hackers meddling with sensitive data."

Quote from:
https://www.rt.com/politics/387835-communications-ministry-proposes-isolation-of/

And those naives still thinking that software solutions from "neutral" small countries is "secure" or "efficient" should think twice.
Being "small" increases the risk for "planting" backdoors ordered by US authorities.

19 April 2017

SWIFT.net penetration

Few days ago a Russian hackers group made public the info that US authorities had secret access to SWIFT.net network via until now secret kept backdoors in software.
Now, that this information is no longer a secret,
I can disclose that as early as 2010 April,  US authorities had direct hidden access in the French bankgroup BNP Paribas in Europe.
By using a special syntax and backdoor in Google servers and Google Bot, someone could access bank internal SWIFT.net data traffic intercepted and retransmitted to US located servers.
Similar backdoor was available in 2011-2012 for intercepting of data traffic from servers belonging Romanian Government and Finance Department regarding state contracts and aquisitions.

15 March 2017

170314 Social network VKontakte backdoor giving access to any personal files of any user without login


Never used VKontakte, but being curious of Russian representant to Eurovision 2017- Юлия САМОЙЛОВА  Julia SAMOYLOVA - I "visited" VKontakte.
So I discovered a "way" to access any file of any user, without login.
BURP Suite was used for traffic analysis.

14 February 2017

Critical security flaws with router ASUS RT-AC68U

Just tested a brand new router ASUS RT-AC68U with latest firmware, here in Sweden.
Looking inside the log, discovered interesting things, which ASUS must answer.
A lot of unknown IP-addresses appeared during booting of router.
IP's addressed  by router firmware.
I tested them.
Seems that router.asus.com leads to unauthorised access to other owners of Asus routerswho authorised WAN access to their routers.
I attach more screendumps.

Something is for sure WRONG!

And ASUS engineers must answer and correct these critical security flaws.
Not naming that trying to connect a network printer via LAN, it gets an IP address for about 20 seconds, then gets disconnected.

Waiting for ASUS to address these problems!