HoneyPoint in a Point of Sale Network

Posted on February 6, 2014 by Brent Huston

We have been getting a LOT of questions lately about how HoneyPoint Security Server (HPSS) fits into a Point of Sale (POS) network.

To make it pretty easy and as a high level overview, below is a use case diagram we use to discuss the solution. If you would like a walkthrough of our technology, or to discuss how it might fit into your specific use cases, please let us know.

As always, thanks for reading and for partnering with MicroSolved, Inc.

PS – If the graphic below is difficult to read on your device, you can grab a PDF version here.

HP POSNetworks

Touchdown Task for January: Audit Your News Feeds

Posted on January 20, 2014 by Brent Huston

This month, our suggested Touchdown Task is for the security team to do an “audit” of their news/RSS feeds and the other mechanisms by which you get advisories, patch and upgrade alerts, breakout information and details about emerging threats.

Since RSS feeds and account names and such can change, it’s a good idea to review these sources occasionally. Are the feeds you depend on timely and accurate? Have you added new technology to your organization since you last reviewed your advisory feeds? Maybe you might need to add a vendor or regulator feed.

Have a discussion with all of your team members and understand who monitors what. Make sure you have good cross communication, but aren’t struggling with a lot of duplicated efforts.

Once you get your news and threat feeds in order, trace how the information is shared and make sure it is getting to the system and network admins who might need it. Do you have the right people getting the right information? If not, adjust.

Most teams can do this review in less than an hour. So focus, communicate and create a robust way to handle the flow of information.

As always, thanks for reading and stay safe out there!

How Risky is the Endpoint?

Posted on December 26, 2013 by Brent Huston

I found this article quite interesting, as it gives you a heads up about the state of endpoint security, at least according to Ponemon. For those who want to skim, here is a quick summary:

“Maintaining endpoint security is tougher than ever, security professionals say, thanks largely to the huge influx of mobile devices.

According to the annual State of the Endpoint study, conducted by the Ponemon Institute and sponsored by Lumension, 71 percent of security professionals believe that endpoint security threats have become more difficult to stop or mitigate over the past two years.

…More than 75 percent said mobile devices pose the biggest threat in 2014, up from just 9 percent in 2010, according to Ponemon. Some 68 percent say their mobile devices have been targeted by malware in the past 12 months, yet 46 percent of respondents say they do not manage employee-owned mobile devices.

…And unfortunately, 46 percent of our respondents report no efforts are in place to secure them.”

…While 40 percent report they were a victim of a targeted attack in the past year, another 25 percent say they aren’t sure if they have been, which suggests that many organizations don’t have security mechanisms in place to detect such an attack, the study says. For those that have experienced such an attack, spear-phishing emails sent to employees were identified as the No. 1 attack entry point.

…The survey found that 41 percent say they experience more than 50 malware attacks a month, up 15 percent from those that reported that amount three years ago. And malware attacks are costly, with 50 percent saying their operating expenses are increasing and 67 percent saying malware attacks significantly contributed to that rising expense.

…While 65 percent say they prioritize endpoint security, just 29 percent say their budgets have increased in the past 24 months.” — Dark Reading

There are a couple of things I take away from this:

Organizations are still struggling with secure architectures and enclaving, and since that is true, BYOD and visiblility/prevention efforts on end-points are a growing area of frustration.

Organizations that focus on secure architectures and enclaving will have quicker wins
Organizations with the ability to do nuance detection for enclaved systems will have quicker wins

Organizations are still focusing on prevention as a primary control, many of them are seriously neglecting detection and response as control families

Organizations that embrace a balance of prevention/detection/response control families will have quicker wins

Organizations are still struggling in communicating to management and the user population why end-point security is critical to long term success

Many organizations continue to struggle with creating marketing-based messaging for socialization of their security mission

If you would like to discuss some or all of these ideas, feel free to ping me on Twitter (@lbhuston) or drop me an email. MSI is working with a variety of companies on solutions to these problems and we can certainly share what we have learned with your organization as well.

Blast From the Past: D-Link Probes in the HITME

Posted on October 9, 2013 by Brent Huston

We got a few scans for an old D-Link router vulnerability that dates back to 2009. It’s interesting to me how long scanning signatures live in online malware and scanning tools. This has lived for quite a while.

Here are the catches from a HoneyPoint Personal Edition I have deployed at home and exposed to the Internet. Mostly, this is just to give folks looking at the scans in their logs an idea of what is going on. (xxx) replaces the IP address…

2013-10-02 02:46:13 – HoneyPoint received a probe from 71.103.222.99 on port 80 Input: GET /HNAP1/ HTTP/1.1 Host: xxxx User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) WebWasher 3.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://xxxx/ Authorization: Basic YWRtaW46dWA+NXhZQlU1d2VR Connection: keep-alive

2013-10-02 03:22:13 – HoneyPoint received a probe from 71.224.194.47 on port 80 Input: GET /HNAP1/ HTTP/1.1 Host: xxxx User-Agent: Opera/6.x (Linux 2.4.8-26mdk i686; U) [en] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://xxxx/ Authorization: Basic YWRtaW46InkwYi4qMF5wL05G Connection: keep-alive

This probe is often associated with vulnerable D-Link routers, usually older ones, those made between 2006 and mid-2010. The original release and proof of concept exploit tool is here. The scan has also been embedded into several scanning tools and a couple of pieces of malware, so it continues to thrive.

Obviously, if you are using these older D-Link routers at home or in a business, make sure they are updated to the latest firmware, and they may still be vulnerable, depending on their age. You should replace older routers with this vulnerability if they can not be upgraded.

The proof of concept exploit also contains an excellent doc that explains the HNAP protocol in detail. Give it a read. It’s dated, but remains very interesting.

PS – As an aside, I also ran the exploit through VirusTotal to see what kind of detection rate it gets. 0% was the answer, at least for that basic exploit PoC.

Scanning Targets for PHP My Admin Scans

Posted on October 7, 2013 by Brent Huston

Another quick update today. This time an updated list of the common locations where web scanning tools in the wild are checking for PHPMyAdmin. As you know, this is one of the most common attacks against PHP sites. You should check to make sure your site does not have a real file in these locations or that if it exists, it is properly secured.

The scanners are checking the following locations these days:

//phpMyAdmin/scripts/setup.php
//phpmyadmin/scripts/setup.php
/Admin/phpMyAdmin/scripts/setup.php
/Admin/phpmyadmin/scripts/setup.php
/_PHPMYADMIN/scripts/setup.php
/_pHpMyAdMiN/scripts/setup.php
/_phpMyAdmin/scripts/setup.php
/_phpmyadmin/scripts/setup.php
/admin/phpmyadmin/scripts/setup.php
/administrator/components/com_joommyadmin/phpmyadmin/scripts/setup.php
/apache-default/phpmyadmin/scripts/setup.php
/blog/phpmyadmin/scripts/setup.php
/cpanelphpmyadmin/scripts/setup.php
/cpphpmyadmin/scripts/setup.php
/forum/phpmyadmin/scripts/setup.php
/php/phpmyadmin/scripts/setup.php
/phpMyAdmin-2.10.0.0/scripts/setup.php
/phpMyAdmin-2.10.0.1/scripts/setup.php
/phpMyAdmin-2.10.0.2/scripts/setup.php
/phpMyAdmin-2.10.0/scripts/setup.php
/phpMyAdmin-2.10.1.0/scripts/setup.php
/phpMyAdmin-2.10.2.0/scripts/setup.php
/phpMyAdmin-2.11.0.0/scripts/setup.php
/phpMyAdmin-2.11.1-all-languages/scripts/setup.php
/phpMyAdmin-2.11.1.0/scripts/setup.php
/phpMyAdmin-2.11.1.1/scripts/setup.php
/phpMyAdmin-2.11.1.2/scripts/setup.php
/phpMyAdmin-2.5.5-pl1/index.php
/phpMyAdmin-2.5.5/index.php
/phpMyAdmin-2.6.1-pl2/scripts/setup.php
/phpMyAdmin-2.6.1-pl3/scripts/setup.php
/phpMyAdmin-2.6.4-pl3/scripts/setup.php
/phpMyAdmin-2.6.4-pl4/scripts/setup.php
/phpMyAdmin-2.6.4-rc1/scripts/setup.php
/phpMyAdmin-2.6.5/scripts/setup.php
/phpMyAdmin-2.6.6/scripts/setup.php
/phpMyAdmin-2.6.9/scripts/setup.php
/phpMyAdmin-2.7.0-beta1/scripts/setup.php
/phpMyAdmin-2.7.0-pl1/scripts/setup.php
/phpMyAdmin-2.7.0-pl2/scripts/setup.php
/phpMyAdmin-2.7.0-rc1/scripts/setup.php
/phpMyAdmin-2.7.5/scripts/setup.php
/phpMyAdmin-2.7.6/scripts/setup.php
/phpMyAdmin-2.7.7/scripts/setup.php
/phpMyAdmin-2.8.2.3/scripts/setup.php
/phpMyAdmin-2.8.2/scripts/setup.php
/phpMyAdmin-2.8.3/scripts/setup.php
/phpMyAdmin-2.8.4/scripts/setup.php
/phpMyAdmin-2.8.5/scripts/setup.php
/phpMyAdmin-2.8.6/scripts/setup.php
/phpMyAdmin-2.8.7/scripts/setup.php
/phpMyAdmin-2.8.8/scripts/setup.php
/phpMyAdmin-2.8.9/scripts/setup.php
/phpMyAdmin-2.9.0-rc1/scripts/setup.php
/phpMyAdmin-2.9.0.1/scripts/setup.php
/phpMyAdmin-2.9.0.2/scripts/setup.php
/phpMyAdmin-2.9.0/scripts/setup.php
/phpMyAdmin-2.9.1/scripts/setup.php
/phpMyAdmin-2.9.2/scripts/setup.php
/phpMyAdmin-2/
/phpMyAdmin-2/scripts/setup.php
/phpMyAdmin-3.0.0-rc1-english/scripts/setup.php
/phpMyAdmin-3.0.0.0-all-languages/scripts/setup.php
/phpMyAdmin-3.0.1.0-english/scripts/setup.php
/phpMyAdmin-3.0.1.0/scripts/setup.php
/phpMyAdmin-3.0.1.1/scripts/setup.php
/phpMyAdmin-3.1.0.0-english/scripts/setup.php
/phpMyAdmin-3.1.0.0/scripts/setup.php
/phpMyAdmin-3.1.1.0-all-languages/scripts/setup.php
/phpMyAdmin-3.1.2.0-all-languages/scripts/setup.php
/phpMyAdmin-3.1.2.0-english/scripts/setup.php
/phpMyAdmin-3.1.2.0/scripts/setup.php
/phpMyAdmin-3.4.3.1/scripts/setup.php
/phpMyAdmin/
/phpMyAdmin/scripts/setup.php
/phpMyAdmin/translators.html
/phpMyAdmin2/
/phpMyAdmin2/scripts/setup.php
/phpMyAdmin3/scripts/setup.php
/phpmyadmin/
/phpmyadmin/scripts/setup.php
/phpmyadmin1/scripts/setup.php
/phpmyadmin2/
/phpmyadmin2/scripts/setup.php
/phpmyadmin3/scripts/setup.php
/typo3/phpmyadmin/scripts/setup.php
/web/phpMyAdmin/scripts/setup.php
/xampp/phpmyadmin/scripts/setup.php
<title>phpMyAdmin

Telnet Passwords Used In Brute Force Attacks

Posted on October 4, 2013 by Brent Huston

Just a quick post today, but I wanted to give you some insight into the Telnet scans we have been seeing lately. Here are the passwords that have been used to target logins on port 23 on one of our HITME sensors in the United States. This particular system emulates a login, and the probes appear to be automated. We saw no evidence of any manual probes on this sensor in the last month that targeted telnet.

The passwords used in brute force attacks on telnet (used against the usual root/admin/etc users…):

default
1234
220
428
436
Admin
D-Link
admin
cobr4
dreambox
echo
enable
home-modem
l
password
private
public
root
sh
user

Keep a careful eye on any systems with Telnet exposed to the Internet. They are a common attraction point to attackers.

Just a Reminder, SIP is a Popular Scanning Target

Posted on October 2, 2013 by Brent Huston

I just wanted to give you a quick reminder that SIP scanning remains quite popular on the Internet. These probes can lead to compromise and fraud against your VoIP systems. Make sure you do not have VoIP systems exposed to the Internet without proper controls. If you review your logs on the Internet perimeter, SIP scans will look similar to this:

This was captured from the HITME using HoneyPoint Personal Edition.

2013-09-30 17:02:18 – HoneyPoint received a probe from 207.127.61.156 on port 23

Input: OPTIONS sip:nm SIP/2.0

Via: SIP/2.0/TCP nm;branch=foo

From: <sip:nm@nm>;tag=root

To: <sip:nm2@nm2>

Call-ID: 50000

CSeq: 42 OPTIONS

Max-Forwards: 70

Content-Length: 0

Contact: <sip:nm@nm>

Accept: application/sdp

Keep an inventory of your VoIP exposures. They remain a high area of interest for attackers.

More on Persistent Penetration Testing from MSI

Posted on August 22, 2013 by Brent Huston

MicroSolved has been offering Persistent Penetration Testing (PPT) to select clients now for a couple of years. We have been testing and refining our processes to make sure we had a scalable, value driven, process to offer our full client base. We have decided to open the PPT program up to another round of clients, effective immediately. We will be open to adding three additional clients to the PPT group. In order to qualify, your organization must have an appetite for these services and meet the criteria below:

The services:

MSI will actively emulate a focused team of attackers for either a 6 or 12 month period, depending on complexity, pricing and goals
During that time, MSI will actively and passively target your organization seeking to reach a desired and negotiated set of goals (usually fraud or theft of IP related data, deeper than traditional pen testing)
Full spectrum attacks will be expressed against your organization’s defenses in red team mode, across the time window
Once an initial compromise occurs and the appropriate data has been identified and targeted, we will switch to table top exercises with the appropriate team members to discuss exploitation and exfiltration, prior to action
If, and only if, your organization approves and desires, then exploitation and exfiltration will occur (note that this can be pivoted from real world systems to test/QA environments at this point)
Reporting and socialization of the findings occurs, along with mitigation strategies, awareness training and executive level briefings
The process then repeats, as desired, through the terms and sets of goals

The criteria for qualification; Your organization must:

Have full executive support for the initiative, all the way to the C-level and/or Board of Directors
Have a mature detection and egress process in place (otherwise, the test will simply identify the needs for these components)
Have the will to emulate real world threat activity without applying compliance-based thinking and other unnatural restraints to the process
Have a capable security team for MSI to work with that has the capability to interface with the targeted lines of business in a rapid, rational and safe manner
If desired, have the capability to construct testing/QA platforms and networks to model real world deployments in a rapid and accurate fashion (requires rapid VM capability)
Be open to engaging in an exercise with an emulated aggressive adversary to establish real world risk and threat profiles
Be located in the US (sorry, we are not currently accepting non-US organizations for this service at this point)

If your organization meets these requirements and you are interested in discussing PPT services, please drop me a line (Twitter: @lbhuston), or via email at Info at microsolved dot com. You can also reach me via phone at (614) 351-1237 x 201.

China’s Report on US Military Cyber Troop Strength

Posted on August 19, 2013 by Bill Hagestad

(紅龍) Red Dragon’s statement: If you think you are paying too much for cyber threat intelligence and your current provider DID NOT SHOW this Chinese article to you…then you have paid too much for the incorrect type of Chinese Cyber Threat Intelligence…

Contact the Red Dragon (紅龍) @ MicroSolved, save money, stay better informed – find a capable cyber intelligence authority for less, much less….

whagestad@microsolved.com

謝謝您

紅龍

People’s Republic of China Report: U.S. network warfare unit’s equivalent to 7 over 8 million people equal to the 101st Airborne Division

At 08:49 on August 15, 2013 Source: Phoenix

Core Tip : According to Sing Tao Global Network reported that the U.S. share of global 29% of the number of hackers, the U.S. military about 3000-5000 information warfare experts, and 50000-70000 cyberwar soldiers, together with the original electronic warfare officer , the U.S. network warfare units should have eighty-eight thousand seven hundred people, the scale is equivalent to seven 101st Airborne Division, which will burden future wars weakened the enemy four into combat missions.

Phoenix August 14 “military observation room”, the following is the text Record:

Commentary: Snowdon event causes a foreign media speculation, in fact, the United States first established the largest network warfare units, the development of the world’s most advanced network warfare equipment, and bringing it to actual combat. Recently, the Sing Tao Global Network reported that the U.S. share of global 29% of the number of hackers, the U.S. military about 3000-5000 information warfare experts, and 50000-70000 cyberwar soldiers, together with the original electronic warfare officer, U.S. Army network warfare units should have eighty-eight thousand seven hundred people, the scale is equivalent to seven 101st Airborne Division, which will burden future wars to weaken the enemy four combat missions.

U.S. network army of four thousand people, the world’s top computer experts and hackers, including the CIA, NSA, FBI and other sector experts, all members of the average IQ of 140 or more, known as 140 troops from American four-star general Alexander lasted eight single-handedly built his independent command of the Tenth Fleet, including the Navy, the Air Force 24th Air Force and the Army Second Army, responsible for the training of the academic elite spy technology centers, as well as specialized eavesdropping embassies around the world special data collection center, the United States is being set up forty network security forces, including 13 as offensive forces, the main development network warfare weapons, another 27 troops mainly to protect DoD computer systems and data, all 40 teams will branch to be completed before the autumn of 2015.

“Military observation room” program broadcast in the Phoenix Chinese Channel ] [Program Area

Moderator: Dong Jiayao Moderator Zone]

First time: (Wednesday) 21:50-22:30

Playback time: (Thursday) 04:10-04:50,15:15-15:55

Statement : where marked “Phoenix” sources of work (text, audio, video), without the Phoenix authorization, any media, and individuals shall not be reproduced, link, posted or otherwise use; already authorized in writing by the webmaster at use must be marked “Source: Phoenix.” Violate the above statement, Ben Wang will pursue its legal responsibilities.

美國網路戰部隊逾8萬人 相當於7個101空降師2013年08月15日 08:49

來源：鳳凰衛視

核心提示：據星島環球網報道，美國駭客數量佔全球29%，美軍約有三千到五千名資訊戰專家，及五萬到七萬名網路戰兵，加上原有的電子戰人員，美軍網路戰部隊應該有八萬八千七百人，這個規模相當於七個101空降師，它在未來戰爭將負擔削弱敵人四成戰鬥力的任務。

鳳凰衛視8月14日《軍情觀察室》，以下為文字實錄：

解說：斯諾登事件引起中外媒體一輪炒作，其實美國最早建立規模最大的網路戰部隊，發展了世界最先進的網路戰裝備，並將其推向實戰。近日，星島環球網報道，美國駭客數量佔全球29%，美軍約有三千到五千名資訊戰專家，及五萬到七萬名網路戰兵，加上原有的電子戰人員，美軍網路戰部隊應該有八萬八千七百人，這個規模相當於七個101空降師，它在未來戰爭將負擔削弱敵人四成戰鬥力的任務。

美國網軍達四千人，由世界頂級電腦專家和駭客組成，包括中央情報局、國家安全局、聯邦調查局以及其他部門的專家，所有成員平均智商在140以上，稱為140部隊，由美國四星上將亞歷山大歷時八年一手打造，他獨立指揮權包括海軍第十艦隊，空軍第24航空隊以及陸軍第二軍，負責培訓間諜技術的學術精英中心，以及專門竊聽世界各國大使館的特殊數據收集中心，美國正在組建四十支網路安全部隊，其中13支為進攻性部隊，主要開發網路戰武器，另外27支部隊主要保護國防部的電腦系統和資料，所有40支部隊將於2015年秋季前全部建成。

《軍情觀察室》節目在鳳凰衛視中文臺播出【節目專區】

http://big5.ifeng.com/gate/big5/phtv.ifeng.com/program/jqgcs/

主持人：董嘉耀【主持人專區】

首播時間：（週三）21:50－22:30

重播時間：（週四）04:10－04:50，15:15－15:55

聲明：凡註明“鳳凰網”來源之作品（文字、音頻、視頻），未經鳳凰網授權，任何媒體和個人不得轉載、鏈結、轉貼或以其他方式使用；已經本網書面授權的，在使用時必須註明“來源：鳳凰網”。違反上述聲明的，本網將追究其相關法律責任。

http://big5.ifeng.com/gate/big5/phtv.ifeng.com/program/jqgcs/detail_2013_08/15/28642074_0.shtml

Cyber SA…Global Perspectives

Posted on August 12, 2013 by Bill Hagestad

Good Monday Folks;

Much news from Cyber~Land today – and thus, you may enjoy the most recent Global Perspectives of Cyber Situation Awareness (SA)…
Of particular note – information loss in the People’s Republic of China…now a crime bubbling to the service…Kenyan PC’s with Chinese malware and so much more in the China Section below, including missing US CBP & China cooperation posts; Iran’s Cyber Motivations & Actions…and of course, German and French Governments respond to PRISM…

All the cyber SA you might want in one dose!

中國人民共和國 – People’s Republic of China….

Infosecurity – Report: China Uses Taiwan as Test-Bed for US Cyber-Espionage Attacks
http://www.infosecurity-magazine.com/view/33553/report-china-uses-taiwan-as-testbed-for-us-cyberespionage-attacks/

People’s Republic of China: 1,213 arrested for personal information trafficking – People’s Daily Online
“… 468 gangs and arrested 1,213 people for suspected personal information trafficking, according to a statement released Sunday by the Ministry of Public Security.”
http://english.peopledaily.com.cn/90882/8360132.html
Stronger laws urged to protect personal information – People’s Daily Online
http://english.peopledaily.com.cn/90882/8305906.html
People’s Republic of China ‘top source’ of malicious software in Kenyan computers
http://www.nation.co.ke/business/news/China+top+source+of+malicious+software/-/1006/1944356/-/rj5e4/-/index.html
People’s Republic of China New York Times hackers strike again with evolved malware
http://www.v3.co.uk/v3-uk/news/2288076/new-york-times-hackers-strike-again-with-evolved-malware

Censorship, external authentication, and other social media lessons from China’s Great Firewall
http://www.techinasia.com/china-social-media-lessons-from-great-firewall/

China’s Xiaomi sells 100,000 units of new $130 phone in 90 seconds, chalks up 7.45m reservations |
http://thenextweb.com/asia/2013/08/12/chinas-xiaomi-sells-100000-units-of-new-130-phone-in-90-seconds-chalks-up-7-45m-reservations/
Xiaomi Beats Samsung To Top China’s Smartphone Charts | TechCrunch
http://techcrunch.com/2013/08/12/xiaomi-beats-samsung-to-top-chinas-smartphone-charts/

CBP – U.S. Customs and Border Protection / U.S., China Announce Results of First Joint Intellectual Property Operation
http://www.noodls.com/view/E418DA4AF877ADF8970BBEE9B0E38FDDAB89AC35
This original CBP Press relaese was removed from the web here:
http://www.cbp.gov/xp/cgov/newsroom/news_releases/local/07312013_7.xml

Also removed from South China Morning Post:
http://www.scmp.com/news/china/article/1293516/china-us-team-seize-fake-apple-samsung-dr-dre-electronics
U.S., People’s Republic of China team up to seize counterfeit goods in joint operation
http://www.reuters.com/article/2013/07/31/us-china-usa-counterfeit-idUSBRE96U0X120130731

HUAWEI…

Intelligence: People’s Republic of China Dodges Accusations
Chinese telecommunications equipment manufacturer Huawei continues to be dogged by accusations that it is acting as an economic and military espionage agent for the Chinese military.
http://www.strategypage.com/htmw/htintel/articles/20130810.aspx
People’s Republic of China’s Economy Slows but Its Influence Rises
http://blogs.cfr.org/asia/2013/08/12/chinas-economy-slows-but-its-influence-rises/
People’s Republic of China Rising, Huawei Team For Secure Virtualization Solutions – ChinaTechNews
http://www.chinatechnews.com/2013/08/12/19562-chinas-rising-huawei-team-for-secure-virtualization-solutions
People’s Republic of China’s Huawei partners w/Telematics to bolster Unified Communications capabilities in UAE, Qatar –
http://english.mubasher.info/DFM/news/2377832/Huawei-partners-with-Telematics-to-bolster-Unified-Communications-capabilities-in-UAE-Qatar
Serbian Railways Opts for People’s Republoc of China’s Huawei Solutions
http://enterprisechannels.com/ContentDetails.aspx?Moduleid=12159&&ModuleType=Serbian%20Railways%20Opts%20for%20Huawei%20Solutions
People’s Republic of China Blames Cisco for Huawei’s U.S. Woes
http://channelnomics.com/2012/10/12/china-blames-cisco-huaweis-u-s-woes/

It’s Not Just the People’s Republic of China: Indian Hacker Group Spied On Targets In Pakistan, U.S. And Europe – Forbes
http://www.forbes.com/sites/andygreenberg/2013/05/21/its-not-just-china-indian-hacker-group-spied-on-targets-in-pakistan-u-s-and-europe/
Pakistan Intelligence Agency ISI hacks India’s largest telco BSNL Systems by Social Engineering
http://www.thehackerspost.com/2013/08/pakistan-intelligence-agency-hacks-bsnl.html

Escalation Cause: How the Pentagon’s new strategy could trigger war with the People’s Republic of China
“…according to Air-Sea Battle, U.S. forces would launch physical attacks and cyberattacks against the enemy’s “kill-chain” of sensors and weaponry in order to disrupt its command-and-control systems, wreck its launch platforms (including aircraft, ships, and missile sites), and finally defeat the weapons they actually fire. The sooner the kill-chain is broken, the less damage U.S. forces will suffer — and the more damage they will be able to inflict on the enemy.”
http://www.chinausfocus.com/peace-security/escalation-cause-how-the-pentagons-new-strategy-could-trigger-war-with-china/
A Future Without War for the People’s Republic of China & the US |
http://www.chinausfocus.com/foreign-policy/a-future-without-war-for-china-and-the-us/
People’s Republic of China among top five countries on US’ surveillance list – TruthDive
“…the list of NSA’s spying targets, China, Russia, Iran, Pakistan and North Korea are of prime importance for surveillance, Der Spiegal reports.

According to the report, the US is especially interested in gathering intelligence related to the countries’ foreign policy, international trade and economic stability along with topics related to new technology and energy security which score low level priority.”

http://truthdive.com/2013/08/11/Pak-China-among-top-five-countries-on-US-surveillance-list.html
H-6K bombers used by PLA capable of reaching Hawaii: Kanwa Defense Review
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130812000082&cid=1101
The untold truth behind the US rebalancing policy…WantChinaTimes.com
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130811000079&cid=1703

People’s Republic of China investigates France’s Sanofi for alleged bribery: Xinhua
http://www.reuters.com/article/2013/08/10/us-sanofi-china-idUSBRE97902L20130810

ISLAMIC REPUBLIC OF IRAN ~ Cyber

Iran’s cyber warfare could hit public more than military: report
http://www.washingtontimes.com/news/2013/jul/29/irans-cyber-warfare-could-hit-public-more-military/
Iran’s Covert Cyber War
http://blog.heritage.org/2013/08/07/irans-covert-cyber-war/

INTERNATIONAL HACKING>>>

Inside the Tor exploit | ZDNet
http://www.zdnet.com/inside-the-tor-exploit-7000018997/
Hackers put a bull’s-eye on small business | PCWorld
http://www.pcworld.com/article/2046300/hackers-put-a-bulls-eye-on-small-business.html
Reported data breached records in US from 2005 to present exceed 500 million | ZDNet
http://www.zdnet.com/reported-data-breached-records-in-us-from-2005-to-present-exceed-500-million-7000018991/
Meet Darknet, the hidden, anonymous underbelly of the searchable Web | PCWorld
http://www.pcworld.com/article/2046227/meet-darknet-the-hidden-anonymous-underbelly-of-the-searchable-web.html

The Classifieds
“Are American spies the next victims of the Internet age?”
http://www.foreignpolicy.com/articles/2013/08/09/the_classifieds_open_source_intelligence_prieto?page=full
Deutsche Telekom and United Internet launch ‘made in Germany’ email in response to PRISM | ZDNet
http://www.zdnet.com/deutsche-telekom-and-united-internet-launch-made-in-germany-email-in-response-to-prism-7000019266/
Spy or Die – Can corporate suicide stop the NSA?
http://www.foreignpolicy.com/articles/2013/08/09/spy_or_die_nsa_lavabit_silent_circle?page=full

HACKSURFER
http://hacksurfer.com/
Fort Disco: The new brute-force botnet | ZDNet
http://www.zdnet.com/fort-disco-the-new-brute-force-botnet-7000019126/#%21
The Danger of Mixing Cyberespionage With Cyberwarfare
http://insights.wired.com/profiles/blogs/the-danger-of-mixing-cyberespionage-with-cyberwarfare#axzz2bmMnUKxL

France has its own PRISM system: Report | ZDNet
As the US and the UK admit that they are intercepting data for intelligence purposes, an investigative report has revealed that the French government is doing the same.
http://www.zdnet.com/france-has-its-own-prism-system-report-7000017694/

Enjoy!

Semper Fi,

謝謝
紅龍

MSI :: State of Security

Insight from the Information Security Experts

Category Archives: Threat-Centric