vrijdag 13 januari 2012

Lijst vrije twitter accounts 2e kamerleden

De tweede kamer wil mogelijk nep twitter accounts strafbaar maken.
Na de blokkade van The Pirate Bay dus wederom een vorm van censuur op het internet.
Het is vrij simpel, van internet blijf je met je poten af. Twitter accounts kunnen gewoon op authenticiteit worden gecontroleerd: Zie account Barack Obama.


Beste Politici, get used to it. Neem kennis van het Streisandeffect, en laat deze wind gewoon lekker overwaaien. Of beter, ga boeven vangen, en laat ons nog even plezier hebben met deze trollololllz.
Dus na mijn volledig legale manier om de blokkade richting The Pirate Bay te omzeilen, hierbij een lijst met twitter accounts van leden van de 2e kamer die nog niet geregistreerd zijn. Compleet l en I, O en 0, w en vv. You name it, it's in there!

http://pastebin.com/WqjPJGXJ

Enjoy!

woensdag 11 januari 2012

Blokkade The Pirate Bay omzeilen

Door de verplichte blokkade van The Pirate Bay wordt ONZE vrijheid afgepakt.
Ik ga even niet in op de discussie hierover. Dit Artikel gaat enkel over het omzeilen van deze pure vorm van censuur.

Het vonnis dat is opgelegd stelt dat 3 IP adressen worden geblokkeerd en 24 domeinnamen worden geblokkeerd. Dit wordt vanuit de provider gedaan. De exacte technische details zijn mij niet bekend. Dus ik ga er even vanuit dat de 3 ip adressen compleet niet bereikbaar zijn voor abonnees van XS4ALL en Ziggo.

Hoe kunnen we dit omzeilen?

Die vraag is vrij eenvoudig, verplaats jezelf naar het buitenland. En dat kan via de volgende oplossingen:
- VPN's (Lijst met VPN providers - Handleiding)
- Proxies (Lijst met Proxies - Handleidingen)
- Tor (Hier is TOR te downloaden)

Gebruik voor de zekerheid een alternatieve DNS server. De google DNS servers zijn aan te raden, te vinden op IP adressen 8.8.8.8 en 8.8.4.4.
Een ander alternatief is OpenDNS.
(Handleiding verkort onderaan - hier uitgebreid)

Vervolgens kan je ThePirateBay.org weer keurig benaderen en kan je je torrents downloaden. Als je eenmaal de torrents binnen hebt kan je naar hartenlust je spullen binnen halen aangezien de trackers niet via dit vonnis geblokkeerd worden. Download door middel van een torrent bestand werkt dus nog gewoon, enkel de toegang tot ThePirateBay.org wordt je ontnomen op dit moment.

Handleiding Alternatieve DNS instellen:
- Ga naar je Local Area Connection Properties
- Selecteer "Internet Protocol Version 4 (TCP/IPv4)"
- Klik op "Properties"
- Onderstaande verschijnt:
- Selecteer "Use the following DNS server addresses"
- Vul 8.8.8.8 en 8.8.4.4 in.

KLAAR!

Verder doe ik een oproep aan The Pirate Bay een API op te stellen zodat iedereen zijn eigen Pirate Bay kan creƫren met gebruik van de database van The Pirate Bay.

woensdag 4 januari 2012

Another Duqu mystery unraveled?

During the reverse engineering of Duqu, researchers discovered Duqu resolves the hostname kasperskychk.dyndns.org A strange domainname hosted by the company DynDNS. This artical discusses the apparent unwillingness of DynDNS to cooperate, and possible involvement with Duqu.
But let's start with some magic quotes:

“If you don't make mistakes, you don't make anything”
-Cyberwar

“Mistakes are painful when they happen, but years later a collection of mistakes is what is called experience.”
-Duqu and Stuxnet teach each other

“A man's mistakes are his portals of discovery.”
-Rickey Gevers (Author of this blog)

Since the beginning of the discovery of Stuxnet and Duqu people have been speculating about its origin. Most references are based on the code. But does one seriously think the authors will leave a note to reveal their identity? We are talking about warfare here!
No doubt Stuxnet was used as a weapon, a weapon to conduct warfare, cyber-warfare. Stuxnet is considered the first peace of cyber warfare that has been discovered. And since it's one of the first creations chances are pretty big that mistakes have been made. In warfare any clue regarding your identity can be considered a mistake. That's probably one of the reasons why Duqu used hacked servers located all over the world.
As the author of Duqu you don't want any part of your code connecting to anything related to you, or directly to your country. You have got to create a maze in such a way that researcher will never get the chance to examine every peace of the maze. In the case of Duqu the community cooperated amazingly well and even 2 images of hacked servers were given to Kaspersky for examination. The community did a very good job and have come a long way investigating the route via which information was leaked.

But we've got to keep one thing in mind. Relying on hacked servers that can be taken down at any moment brings a risk. And this is probably the reason why the following 'check' is performed by Duqu. The DNS resolving of kasperskychk.dyndns.org. Some say it does this check to see whether there is an internet connection, it also checks www.windows.com, but as anyone can see kasperskychk.dyndns.org is a fundamental different domainname. Why kasperskychk? and why DynDNS.org?
DynDNS offers free domain hosting with several extensions; dyndns.org was used in this case. From the moment of its discovery kaspersky.dyndns.org never resolved to anything. And from the moment of its discovery the domainname has been in use, and never free for registration. Even though DynDNS deletes accounts within 35 days of no activity. Apparently this account is still in use or DynDNS has blocked usage of it. Statistics of the usage of the domainname could deliver valuable information in the research regarding Duqu. But, according to kaspersky, DynDNS never offered to help, they only stated they will monitor the situation. As the whole community trusts kaspersky and some even send complete forensic images of compromised systems to them, DynDNS apparently does not.



Looking further into DynDNS several things come popping up. It's an American company located in Manchester, New Hampshire, United States. As blogged previously they are known to cooperate with the FBI. And probably what's most important in this case: DynDNS confesses they log every DNS look-up, including originating IP addresses. But they are not legally permitted to share this information with commercial parties. Most important is they do log the information. Let me explain to you why this is so important.

If you're going to attack an unknown environment and you need your malware to connect to the outside world via the internet without getting noticed, you will have to implement several steps from where you can check whether you were successful or not. In the case of Duqu they most likely used documents that were infected. The usage of a 0-day gives you the assurance the infection process to (at least) start. After the victim is infected you want to know what its connection capabilities are. And here is where there comes another critical phase the attackers have little control over because they don't control its environment. The traffic originating from your target can be monitored and blocked in multiple ways. Intrusion Detection is a big enemy in this phase. The likeliness of a simple DNS lookup via UDP arriving at kaspersky.dyndns.org is pretty big. And because DynDNS logs every DNS request including its originating IP address you have a good clue whether your infection succeeded and whether there is an active intrusion detection system implemented or not. It's exactly this information that's of very very big value, such big value that it's worth taking extra risk. You don't want to rely on infrastructure that's not trustworthy or out of your legal control. DynDNS is the one that can provide you with this infrastructure and is within your controlled jurisdiction. And considering they are commonly known for their free registration and massive usage within the scriptkiddie community, will anyone notice?

Hacking and setting up a secure reliable environment, within an actively monitored and rapidly changing DNS system that also logs every connection made is a real challenge. And within such a critical phase of the infection you maybe do want to take a little more risk.



If we compare Stuxnet with Duqu the big difference is that Stuxnet was programmed to spread massively and Duqu had more specific targets. A connection check implemented as in Duqu is of no need for Stuxnet, since there's no need to know whether it can connect to the internet or whether there's an intrusion detection system inbetween.

Considering the above, there is reason to believe DynDNS is a specifically chosen partner to cooperate in the Duqu operation.