201222 From Solar Winds hack to Symantec hack, McAffee hack, F-Secure hack, Avecto hack and...SAAB

 201222 From Solar Winds hack to Symantec hack, McAfee hack, F-Secure hack, Avecto hack and...SAAB

Latest Solar Winds hack could have been discovered long time ago, and avoid so much dammage as it is partially recognized today.

Main cause: many companies and state authorities have a blind belief in an already established trusted software company, especially if it is located in USA or UK.

Responsible with IT Security Management, Repacks and Application Specialists trust blindly any version and update if it is "signed" with a "verified" digital signature.

They get for granted above and do not trust if any would reverse-engineer a certain software for backdoors discovering.

How about if a certain famous software company have backdoors in their intranet or update servers and unauthorized strangers get access to their intranet and signing tools and certs or special access cookies which can emulate authorized external access?

This was the case few years ago with all famous names: Symantec, McAfee, Avecto, F-Secure.

All above, reputated security software companies from USA, UK, Finland-Sweden, actively used in many global companies and state/military/sigint authorities.

Imagine a high-security encrypted laptop being left completely open.

Imagine a cloned RSA Security USB-stick for unauthorised access.

Imagine an intranet antivirus server "cooked" with modded virus-definitions updates.

Imagine a "poisoned" Access Server, with modded records if unauthorized access records installed.

Imagine a user getting hidden local/global admin rights, after "getting unauthorized access" to Active Directory records of others.

Unfortunately, the practice described above (trust blindly and refuse to accept "unpleasant" discoveries) is well spread mostly among Corporate CEOs and high-rank officers and responsibles. 

If someone discovers "the incredible", it's like whistling in the church and gets punished instead of using precious info with critical timing.

Few years ago I worked as IT-Security Administrator SAAB Global Network.

After discovering similar issues, SAAB leading thought I whistled in the church.

What is more serious is that a lot of hacking info discovered by me was found via my direct hacking of certain servers located in Russia.

I'm sure if any IT Security responsible in any affected country/company/authority affected by Solar Winds hack, would not have trusted blindly any software (update) and digcert, the situation today would have been completely different.

Zeno Sloim

IT-Security Specialist, MSC in Computer Sciences

ex. SAAB Global Network IT-Security Administrator

IQ test done years ago in 2011

 I did an IQ test back in 2011. Got 144-158.

200913 När bankernas drömmar väcks av realiteten

 

Stefan.Ingves@riksbanken.se

registratorn@riksbank.se

registrator.riksdagsforvaltningen@riksdagen.se

finansdepartementet.registrator@regeringskansliet.se

Referenser:

https://www.fplus.se/ingves-vi-behover-fysiska-kontanter-om-nagot-hander/a/0KEQ6o

https://omniekonomi.se/ingves-vi-behover-fysiska-kontanter-om-nagot-hander/a/x3RgkV

https://www.bloomberg.com/news/articles/2020-09-12/sweden-s-cashless-future-reveals-a-whole-world-of-hidden-risks

https://zenosloim.blogspot.com/2018/11/181107-swedish-digital-bank-id-hacked.html

https://zenosloim.blogspot.com/2019/09/190912-latest-attack-vector-on-digital.html

https://zenosloim.blogspot.com/2020/01/200105-swedish-people-lose-swedish.html

Det verkar som att varken Linux eller Python, Java och C++ kan ersätta elström och fungerande internet, för att garantera ett fungerande ekonomi och normal handel för Sveriges befolkning.

För en tid sedan och fortfarande, fanns det gott om "snillar" inom Linux, Java och Python, som påstod att kontanter ska försvinna och digitaliseringen ska ersätta allt.

Idéen var mest omtyckt av bankernas direktörer samt om de flesta affärsägare som påstod att kostnaderna för kontanthantering och rånriskerna blivit alldelles för höga.

Stackars Securitas personal, riskerade massarbetslöshet.

Men tack vare en allt mer aggressivt Ryssland och Kina, insåg de ansvariga på Riksbanken att internationella politiska konflikter och cyberattacker kan göra ännu mera skador och ingen snille i världen eller Sverige kan använda Linux eller Java och Python för att ersätta elström och fungerande internet.

Men som bankdirektörerna drömt, total digitalisering kan fortfarande bli sambo med en kompromiss lösning.

Man kan fortfarande eliminera kontanterna.

Hur?

Enkelt. 

Förse alla affärsinnehavare med pappersregister som på 1900 och som fortfarande finns i Afrika eller Mellanöstern.

Ifall om elström eller internet är borta pga krig, kriser, cyberattacker...och dylikt, alla transaktioner registreras med penna på papper i pappersregistret.

När allt blir normalt igen, alla pappersregistrar lämnas in till bankerna, och bankernas personal kan skanna in och uppdatera alla konton och transaktioner.

Behövs ej längre någon Securitas, eftersom ingen vore intresserad att stjäla pappersregistrarna.

Så, vi ej längre behöver kontanter.

Bara pappersregistrar.

Smart?

Hälsningar till alla "snillar" i Linux, Java och Python, oavsett om de arbetar på Riksbanken, Finansdepartementet, FRA eller MUST.

Mvh

Zeno Sloim

200105 Swedish people lose, Swedish Banks profits, when 'naive technocrats' try to eliminate Swedish Krona as bank-notes and coins

The past years "fight" of "naive technocrats" to totally eliminate Swedish Krona on bank-notes and coins, has just received their first cold shower when Swedish Government decided to adopt the law that imposes all Swedish banks to assure normal Swedish Krona bank-notes for all people of Sweden.
The frenezy with digital e-krona and elimination of Cash has received a serious blow.
The Swedish Government also recognized the huge risks associated with elimination of normal bank-notes and coins, in case of international conflicts and natural disasters.

My previous warning articles addressed to the Swedish State, have been read and understood.

See:

190912 Latest attack vector on digital payment systems
https://zenosloim.blogspot.com/2019/09/190912-latest-attack-vector-on-digital.html

181107 - Swedish Digital Bank-ID hacked again - How secure is e-krona - open letter to the Swedish State
https://zenosloim.blogspot.com/2018/11/181107-swedish-digital-bank-id-hacked.html

But recent decision of Swedish Government comes a bit too late, after enough damage already done on the international credibility of Swedish Krona.
The result of the inconsistent policy regarding future of Swedish Krona has dropped the credibility for the Swedish Krona internationally, more exactly,
most foreign banks from non-euro area, no longer accept the Swedish Krona.
Swedish people travelling abroad in non-euro countries, are losing in average about 30% of their money, when exchanging swedish crowns to national valuta of respective country, at all Swedish banks and exchange companies like Forex.
Concrete example: Romania, non-euro European country.
Exchanging to Romanian valuta in Sweden at Swedish banks or Forx, you lose about 30%, compared to exchanging Swedish crowns directly to Romanian valuta, in Romania.
Same situation is valid for all other world countries non-using euro.
In Romania, 3 years ago, all major banks (at least 8) accepted and exchanged directly Swedish crowns.
Nowadays, no bank longer, accepts Swedish crowns, due to fear that Swedish crown will disappear, as a result of the inconsistent and naive policy for eliminating of paper/coin money.

Who is the major loser: all swedish people travelling abroad, many foreign tourists visiting Sweden, all Swedish merchants selling in open markets, not every one affords having a wireless portable payment terminal.

Who profits: Swedish banks and Forex.

Hope only that recent decision of Swedish government will repair and reestablish the lost international credibility for Swedish Krona.