Follow by Email

Thursday, July 31, 2014

Pretty good news for privacy-oriented people! BitTorrent unwraps its new instant messaging program that doesn’t store your metadata and helps you with encrypted communication to keep your online conversations private, whether its voice or text communications.
BitTorrent named its Online chat service as "Bleep", a decentralised peer-to-peer voice and text communications platform that offers end-to-end encryption, therefore is completely safe from the prying eyes. In order to spread users’ voice and text conversations, Bleep make use of the BitTorrent distributed network rather than a centralised server.
Unlike Skype or Google Hangouts, Bleep comes with with a completely decentralized design, giving you extremely strong anonymity.
"We never see your messages or metadata," said Jaehee Lee, the senior product manager for Bleep, in a blog post announcing the new app on Wednesday. "As far as we're concerned, anything you say is 'bleep' to us."
Bleep chat application promises security and privacy of your conversations that go through different nodes of encrypting instant message traffic by using the same decentralized approach which is behind torrents.

For now, the company has released Bleep invite-only pre-alpha for Windows 7 and Windows 8 users, so you can sign up now.
According to the Bleep project head Farid Fadaie, there are two main components to its architecture:
The new peer-to-peer communication platform, which was built on a fully distributed Session Initiation Protocol (SIP) server engine.
The User Interface, a chat-and-voice-enhanced application that will be continuously updated over time to provide a great messaging experience.
"BitTorrent does not track or store information on who is communicating with whom, or when communications happen," Fade said in a post. "We are not even storing data temporarily on servers and then deleting it. We never have the meta data in the first place. Person A finds Person B through other nodes in the network. We never track or store who is looking for whom."
Till now, there is no possible security or privacy weaknesses listed by the company, but if attackers could succeeded in spoofing nodes of the BitTorrent traffic, they would intercept or redirect communications.
BitTorrent chat app uses secure encryption protocols such as curve25519, ed25519 , salsa20, poly1305, and others for end to end encryption of whole communications, which according to him, "should be the new normal in the post-Snowden era".
It is very simple to use. You can sign up now with an email address, phone number, or even as unlisted so that you don't have to provide any personal identifiable information. After that you can invite your friends and can also import your Google address book.

Instant messaging apps that offers end-to-end encryption have surfaced fast in the wake of NSA revelations made by global surveillance whistleblower Edward Snowden.
One such promising service is Invisible.IM chat service, an anonymous Instant Messenger (IM) that leaves no trace as it is supposed to use the Tor anonymizing network to distribute chatter wrapped in OTR encryption.
Also Tor Browser Bundle is currently working on a new Privacy tool called 'Tor Instant Messaging Bundle' (TIMB), that will help you with encrypted communication to keep your online conversations private.

India’s security market to hit $1.06 billion by 2015

Security market in India is expected to touch $ 1.06 billion by 2015 as an increasing number of enterprises invest in these solutions to protect their business especially in the digital world, research firm Gartner today said.

According to Gartner, security vendor revenue (hardware, software and services) in India will grow from $ 882 million in 2013 to $ 953 million in 2014. This is forecast to reach USD 1.06 billion in 2015, it added.

“Organisations are today increasingly more aware of security considerations in India, driven by factors like highly visible security incidents, increasing financially (corporate espionage, underground economy) and politically (hacktivists and nation states) motivated advanced targeted attacks and renewed regulatory focus on security and privacy,” Gartner said.

Of the total market, security services (consulting, implementation, support and managed security services) accounted for more than 55 per cent and this trend is expected to continue into the foreseeable future.

“Enterprises in India that traditionally did not focus on, or invest in, a lot of security technologies are now beginning to realise the implications that a weak security and risk posture can have on their business,” Gartner Principal Research Analyst Sid Deshpande said.

Verticals like banking and financial services, that have had a strong focus on security, are now preparing themselves for IT digitalisation.

They are investing in technology approaches that can enable them to grow their business securely while embracing digital business models, he said.

Though this heightened awareness is creating increased budget allocations for security, there is a skills deficit in the security space in India (relative to the demand), which is a challenge.

Gartner said though security awareness is increasing steadily among enterprises, consumer security sub-segment will display modest growth.

“The importance of data privacy and security is not well understood by consumers in India and this situation is likely to continue to affect market growth in the consumer security space,” Gartner said.


Russia demands apple to submit the source code

Just few days after the announcement that Russian government will pay almost 4 million ruble (approximately equal to $111,000) to the one who can devise a reliable technology to decrypt data sent over the Tor, now the government wants something which is really tough.

Russian government has asked Apple to provide the access to the company’s source code in an effort to assure its iOS devices and Macintoshes aren’t vulnerable to spying. Not just this, the government has demanded the same from SAP as well, which is an enterprise software that manages business operations and customer relationships.
Russia proposed this idea last Tuesday when Communications Minister Nikolai Nikiforov met SAP’s Russian managing director Vyacheslav Orekhov, and Apple’s Russian general manager Peter Engrob Nielsen, and suggested that both the companies give Russian government access to their source code.
Russia has put out a tender on its official government procurement website for anyone who can identify Tor users. The reward of $114,000 seems pretty cheap for this capability. And we now get to debate whether 1) Russia cannot currently deaonymize Tor users, or 2) Russia can, and this is a ruse to make us think they can't.

Conference on Deception

There was a conference on deception earlier this month. Sophie Van Der Zee has a summary of the sessions.

The Costs for NSA

New America Foundation has a new paper on the costs of NSA surveillance: economic costs to US business, costs to US foreign policy, and costs to security.
News article.

Monday, July 28, 2014

Linux File System / Linux Directory Structure

Lets discuss about the Linux file System structure. This is a Common Topic of Linux because in this topic you can understand Linux core concept. Mostly when you are working on live environment. You need many time Linux File System for create new documents. Every Directory of Linux File System has particular mean. If you want to understand easily Linux directory Structure then read below.

Levels of Linux File System Structure

0 ‘s ( root(/) ) Level Linux File System:-

This is core level of Linux file system. Under this section only one part and name is root directory (/).Every Linux File System are start from root directory only super user ( Administrator ) has privileges to write file or directory in this section.

1’s level Linux File System

/bin – User binaries

This directory has all local user binary executable files. Which command you used in daily purpose or not have root privileges are part in this directory. Like as ps, ls, grep, cp and many more.

/sbin – User Binaries

This directory has all super user privileges commands. Which command only can used if you have super user or equal privileges. Directory /sbin also have executable file like as ifcfg , mkfs , init, fdisk , lsmod, etc.

/etc – Configuration Files

Basically this directory is mostly used because mostly program configuration file present here. If you want to edit or configure file then you need /etc directory. If you need to start and stop service of any particular program then also need it. For Example: yum.conf , host.conf, ntp.conf, resolve.conf etc.

/dev – Device Files

/dev Directory contain system related devices files. Here you can find out terminal related files or your secondary storage devices also present in /dev directory.

/tmp-Temporary Files

/tmp Directory contain temporary files. This is created by Users of System. When System is restart your previous temporary files are remove automatically.

/proc – Process Information

/proc Directory contain system information mean all about physical server. How much resources do you have? Means if you want to find out your system Primary memory then you should check under this directory #cat meminfo. Under this directory you can find various important file like as cpuinfo, meminfo, patitions, diskstat, services, uptime, version..etc.

/var – Variable Directory

/var Directory contains variable files. And also contain system log file or error files related to executed application. If you want to find out your system log then you should check under /var/log directory.

/home – Home Directory

/home Directory contains all local user personal files or directories. For Example : /home/sham, /home/john, /home/merry ..etc.

/lib – System Libraries

/lib Directory contains system library files. These file support binary located under /bin or /sbin. For Example:,,

/boot – Boot Loader Files

/boot Directory contain boot related files. Means kernel related files like as initrd, grub files, vmlinux ..etc.

/mnt – Mount Directory

/mnt Directory contains mount point of physical hard disk or partitions.

Saturday, July 26, 2014

Automating your own botnet in cloud

Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but there's no reason this can't scale to much larger numbers.

Internet Explorer Vulnerabilities Increase 100%

Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities. Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.

Dropbox Head Responds To Snowden Claims About Privacy

When asked for its response to Edward Snowden's claims that "Dropbox is hostile to privacy", Dropbox told The INQUIRER that users concerned about privacy should add their own encryption. The firm warned however that if users do, not all of the service's features will work. Head of Product at Dropbox for Business Ilya Fushman says: "We have data encrypted on our servers. We think of encryption beyond that as a users choice. If you look at our third-party developer ecosystem you'll find many client-side encryption apps....It's hard to do things like rich document rendering if they're client-side encrypted. Search is also difficult, we can't index the content of files. Finally, we need users to understand that if they use client-side encryption and lose the password, we can't then help them recover those files."

Friday, July 25, 2014

Most Secure-OS Under Caution

I'd like more information on this.

Wednesday, July 23, 2014

Update your web browser to Mozilla Firefox 31 to patch 11 security bugs

Mozilla Firefox recommends its users to install the security update as soon as possible, warning that the three critical vulnerabilities discovered in its browser could be exploited by attackers and leverage them to "run attacker code and install software, requiring no user interaction beyond normal browsing".

The three major vulnerabilities are as follows:
  1. MFSA 2014-62 - This is one of the three critical vulnerabilities reported by Patrick Cozzi and get fixed in the newer version of the browser. The vulnerability allows the exploitation of a WebGL crash with Cesium JavaScript library. Much details about the flaw are not known at the time, but Mozilla notes that the flaw cannot be exploited through email in the Thunderbird client because scripting is disabled.
  2. MFSA 2014-59 - The second critical flaw discovered in the browser, reported by Mozilla community member James Kitchener, refers to a use-after-free vulnerability when handling DirectWrite font. The vulnerability could be exploited by an attacker to crash Firefox due to an error in the way it handles font resources and tables, when rendering MathML content with specific fonts. However exploiting this flaw would be possible only on Windows platform, it does not affect OS X or Linux systems.
  3. MFSA 2014-56 - This vulnerability refers to miscellaneous memory safety hazards, identified by Mozilla developers, that affected Mozilla version 30. Mozilla fixed several memory safety bugs in its browser engine used in Firefox and other Mozilla-based products in order to safeguard its customers.
Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla wrote.
Mozilla also addresses two high rated vulnerabilities that cause a potential danger, as they could be used by an attacker to fetch users’ personal and sensitive information from other websites they visit or inject malicious code into those websites to infect users.
Moreover, the security issues fixed in the latest revision of Firefox mostly refer to use-after-free vulnerabilities, in Web Audio, with the FireOnStateChange event and when manipulating certificates in the trusted cache.
Also, to provide more security to its customers, the company has announced a protection mechanism against malicious downloads in its latest build. The feature relies on the Safe Browsing API from Google and leverages application reputation information to detect malware in file downloads.
The protection mechanism consists in verifying the metadata, such as download URL, SHA-256 hash, details about the certificate, belonging to the item requested by the user, and comparing it to a given block list.
Based on a local list of files and remote one, the verification of the metadata is carried out. If a match is found the file is not saved to disk. On the other hand, when files are signed, they are matched from a given whitelist, and the binary is marked as trusted and as a result of it, the remote check is no longer performed.
Additionally, a new SSL/TLS certificate verification is now available on Firefox latest build 31 that uses a more powerful and easier to maintain “mozilla::pkix” library. No doubt this change would go unnoticed by the regular user, but it would protect its users from the compatibility issues arose for websites that do not use an authorized certificate accepted in the Mozilla CA Program.
Update your Mozilla Firefox and Thunderbird as soon as possible. Stay Safe! Stay Secure!

Edward Snowden: 'If I end up in chains in Guantánamo I can live with that'

The 31-year-old former US National Security Agency (NSA) contractor Edward Snowden has warned that during surveillance, among other things, NSA system administrators also intercepted and routinely passed the nude photos of people in "sexually compromising" situations among other NSA employees.
In a video interview, NSA whistleblower speaks with the Guardian editor-in-chief Alan Rusbridger and reporter Ewen MacAskill in Moscow, which was then published by the Guardian on Thursday.

"You've got young enlisted guys, 18 to 22 years old. They've suddenly been thrust into a position of extraordinary responsibility where they now have access to all of your private records," he said in the video interview.
"During the course of their daily work they stumble upon something that is completely unrelated to their work in any sort of necessary sense – for example, an intimate nude photo of someone of in a sexually compromising situation, but they're extremely attractive. So what they do? They turn around in their chair and show their co-worker."
The co-worker says: ‘Hey that's great. Send that to Bill down the way.’ And then Bill sends it to George and George sends it to Tom. And sooner or later this person's whole life has been seen by all of these other people. It's never reported.
When Guardian's Alan Rusbridger asked Snowden, “You saw instances of that happening?
Snowden responded positively saying, “Yeah.
It's routine enough, depending on the company that you keep, it could be more or less frequent," Snowden says. "These are seen as the fringe benefits of surveillance positions."
The person’s whose private life has been exposed never know about it, because the internal auditing procedures at the NSA are incredibly weak that there is no comeback of those intercepted naked photos.
“The fact that your private images, records of your private lives, records of your intimate moments have been taken from your private communications stream from the intended recipient and given to the government without any specific authorization without any specific need is itself a violation of your rights,” he added and questioned, “Why is that in a government database?”
Edward Snowden said cloud storage service Dropbox is "hostile to privacy," and called for more companies to offer services that prevent government snooping.
Snowden spread light on the cloud storage provider company, Spideroak, which offers greater protection to its users. The only fact behind it is that the company stores all the users data for backups, but in an encrypted form. So, its employees do not have access to the encrypted user data. Also if the government ask for user data, the company cannot hand over any meaningful or decrypted content.
Snowden calls Dropbox, a "PRISM wannabe." He asserted that the cloud storage Dropbox has recently appointed former US Secretary of State Condoleezza Rice to its board of directors, who Snowden said is “hostile to privacy” and described her as "the most anti-privacy official you can imagine."
Accountants, lawyers, and doctors should all level up their skills, Snowden said, and journalists in particular should be aware that a single slip up could compromise their sources.
Snowden addressed a number of things, noting that if he ended up in US prison facility at Guantánamo Bay, Cuba, he could “live with” that. He again dismissed any claim that he was or is a Russian spy or agent, describing those allegations “bullshit.”
"I'm not going to presume to know what a jury would think, or to say what they should or should not think. But I think it's fair to say that there are reasonable and enduring questions about the extent of these surveillance programs, how they should be applied and that should be the focus of any trial," he said.
The NSA’s spokesperson said such activity wouldn’t be tolerated, but didn’t explicitly deny the Snowden’s claim.
NSA is a professional foreign-intelligence organization with a highly trained workforce, including brave and dedicated men and women from our armed forces,” said spokesperson Vanee Vines by email. “As we have said before, the agency has zero tolerance for willful violations of the agency’s authorities or professional standards, and would respond as appropriate to any credible allegations of misconduct.

Securing Thermostat

A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nest's remote data collection.

Tuesday, July 22, 2014

Pros And Cons of Employee File Sharing

The growth in the use of mobile devices and cloud-based services brings many benefits, including providing workers with greater freedom to work in ways that suit them best. But they also bring many challenges to organizations regarding how corporate data is handled and stored. One particular area of growth in terms of cloud services is file sharing.

There are many options to choose from in terms of cloud file-sharing and storage services, many of which consumers can sign up for themselves and are not sanctioned for use by the organization for which they work. If employees use unsanctioned services for storing and sharing work-related information, that information is therefore out of the purview of the organization, meaning that it loses control and visibility over its data and the audit trail is lost. There is also greater risk that the information could be lost or accessed inappropriately, leading to a security breach.
According to a recent study conducted by the Association of Information and Image Management professionals (AIIM), 30% of respondents are seeing increasing use of unofficial cloud content-management and file-sharing services. However, only 5% have an official cloud-based option provided to them. In terms of policies for the use of consumer-oriented file-sharing services, 45% state that their organization has an official policy, although only 12% state that this policy is enforced. A full 37% state that their organization has no policy whatsoever. The reasons given for the use of such services are firstly the need to share content with project groups, followed by convenience, simplicity, and better mobile access.

In order to control such activity, organizations need not only to develop and enforce policies regarding the use of document-sharing services, but also educate their employees regarding the dangers of using unsanctioned services for file sharing and storing corporate information.
However, given the growing popularity of cloud-based file-sharing services, the best option is for organizations to provide their employees with a secure, centrally managed file-transfer service so that they have visibility over what information is being stored there, as well as who is accessing it.
When providing such a service to employees, there are a number of factors that should be considered. Security must be robust, providing strong authentication and access-control mechanisms, synchronization with the organization’s user directories, and including encryption for all data in transit and stored within the service. Mobile device management capabilities, such as providing the ability to remotely wipe data from devices used to access the service, are an important consideration. The service should enable policies to be determined and managed from a central management console, allowing restrictions to be placed according to context, such as restricting access from insecure networks (for example, WiFi networks offered by hotels) and requiring stronger controls for users looking to share information with those external to the organization. The central management console should also collate all information pertaining to user activity and what data is stored in the service, and this information should be made available as detailed reports and provide the necessary audit trail for compliance purposes.

The use of cloud-based file-sharing services provides many benefits for organizations, not least of which is the ability to reduce costs related to data storage. However, the use of such services can increase the risk of the organization suffering serious security breaches that could lead to financial loss and reputational damage if their use is not handled correctly. Brought fully under the control of the organization, the benefits will far outweigh the risks and will allow its employees the freedom to work in the way that suits them best.

Fingerprinting PC By Enabling ToDraw Images

Here's a new way to identify individual computers over the Internet. The page instructs the browser to draw an image. Because each computer draws the image slightly differently, this can be used to uniquely identify each computer. This is a big deal, because there's no way to block this right now.
Article. Hacker News thread.

Monday, July 21, 2014

4 Secrets to Starting a Company Without a penny

So you have the Big Idea. You have the passion. You have the business plan. You can see your future success. All you need now is money in the bank, right?
Probably nine out of 10 startups are where you are, in need of operating capital. There’s no question ample cash reserves make launching a new business considerably easier, yet it’s possible to bootstrap a product, even a company, without investors or a big credit line.
Focus, energy and determination are critical to entrepreneurial success—but so is knowledge. After starting multiple companies from scratch, here are four of the most important insights I’ve gained:

1. Iteration is your most critical resource. Of course you need a strong core concept in place but that’s just the beginning. You must iterate from your original idea to overcome roadblocks, recover from and failures and capitalize on opportunities.
Mark Zuckerberg’s first website was shut down by Harvard. Sir James Dyson developed over 5,000 vacuum cleaner prototypes before he got one right. Henry Ford didn’t succeed in the automobile business until his fourth time around. And we’ve all read that it took 1,000 (or was it 10,000?) attempts before Thomas Edison invented the light bulb.
Business models rarely survive in their original form. Stay fixed on your initial mission but flexible how you get there. Don’t be afraid to change directions or explore new avenues quickly. Let the market dictate your path, and iterate to success.

2. Establish a comfort level with your prospects. Just because you have a great idea doesn’t guarantee your prospective customers will embrace it, or you. Particularly in specialized fields, it’s important to develop a persona, image and business culture that puts your buyers at ease.
In the earliest stages, many startups find it necessary to “act as if” by creating the impression of a more substantial company. That’s great but it may be smart to do just the opposite, especially if your success depends on other small businesses. A scrappy reputation may be more appropriate.

Remember that image isn’t just about your website or business card. Interact with practitioners in your target field whenever you can. Listen carefully, picking up on both the jargon and the business needs. “Become” your prospect and you’ll have the rapport necessary to land the sale.

3. Hustling is more valuable than cash. "Life hacking'' is a popular buzz phrase these days. One of the arguments in life hacking is that quality of work is more important than quantity. While that’s true to some extent, I’ve found that quality comes from quantity. Practice makes better.
It’s simply a fact of life that investors are attracted to success. They will invest in a startup, as long as the founder has a track record. If you don’t have that kind of entrepreneurial resume, your “seed capital” has to be personal drive.

That this is not necessarily bad. Hard work can prove, or disprove, the validity of an idea. Without putting serious capital at risk, hustling will demonstrate “progress,” which is more valuable than “promise.” Investors are always more attracted to progress over promise, so hustle.

4. Profits cure all. There’s no better way to create and maintain control of your destiny than to become profitable as early as possible. Profit creates leverage, and it’s leverage that leads to control.
 Zynga, in the early days, accepted lower quality advertising that provided the company with the much-needed cash flow to become profitable nearly from Day One. Zynga has since backed off from its liberal advertising policies but that early proof-of-concept through profitability helped Zynga, now a billion-dollar enterprise, provided them with leverage to raise capital on their terms and retain control.

Not every business can begin operations with zero seed capital but in our digital age barriers to entry are reduced and playing fields leveled. It’s easier than ever to get an idea in front of potential customers. The business world today favors companies with imagination, ambition and the willingness to adapt. If you have the vision and a plan, go for it. Don’t wait for the money.


Sunday, July 20, 2014

Australian Website Waits Three Years To Inform Customers of Data Breach

Australian daily deals website Catch of the Day waited three years to tell its customers their email addresses, delivery addresses, hashed passwords, and some credit card details had been stolen. Its systems were breached in April 2011 and the company told police, banks and credit cards issuers, but didn't tell the Privacy Commissioner or customers until July 18th.

IDaaS Vendor Symplified Acquired by RSA / EMC

Symplified technology will be integrated into overall RSA identity strategy
On Thursday, identity management as a service (IDaaS) vendor Symplified was acquired by RSA/EMC for an undisclosed sum.
An RSA spokeperson provided the following:
RSA/EMC took advantage of an unexpected opportunity to acquire certain technology assets of privately held Symplified based in Boulder, CO, a provider of identity management solutions. Symplified’s technology is a strategic addition to RSA’s Identity portfolio and will be integrated into RSA’s Identity solutions. RSA did not acquire Symplified’s existing business operations.
RSA will be integrating Symplified technology into our overall Identity strategy and will not have an immediate operational capability. We did not acquire ongoing Symplified operations.  We expect Symplified will be continuing to work with its current customers in terms of their relationships.
Symplified’s technology complements RSA’s Identity portfolio.  Its focus on user simplicity through federation; enterprise needs through a breadth of integrations with enterprise resources and flexibility with both cloud and on-premise deployment options.  These features will help enable RSA to continue creating innovative Identity solutions to help enterprises ensure secure, convenient access to applications, networks and information across enterprise, mobile and cloud resources.
RSA expects to fully explore the capabilities of the Symplified solution. While we will evaluate all options, it is likely we will first examine the potential integration with both Identity Management and Governance and other authentication solutions.
This isn’t the first and probably won’t be the last casualty of the maturing IDaaS market. Less successful vendors are acquired by larger companies looking to jump-start their presence in IDaaS, while some vendors (for example Microsoft) are rapidly building out their native identity capabilities to provide IDaaS services.

New Malware Targeting Linux and UNIX-Like Servers 

Russian security researchers have spotted a new malware named Mayhem that has spread to 1,400 or so Linux and FreeBSD servers around the world, and continues to look for new machines to infect. And, it doesn't need root to operate. "The malware can have different functionality depending on the type of plug-in downloaded to it by the botmaster in control, and stashed away in a hidden file system on the compromised server. Some of the plug-ins provide brute force cracking of password functionality, while others crawl web pages to scrape information. According to the researchers, Mayhem appears to be the continuation of the Fort Disco brute-force password cracking attack campaign that began in May 2013."

How Many Employees Microsoft Really Need ?

Yesterday, word came down that Microsoft was starting to lay off some 18,000 workers. As of June 5th, Microsoft reported a total employee headcount of 127,005, so they're cutting about 15% of their jobs. That's actually a pretty huge percentage, even taking into account the redundancies created by the Nokia acquisition. Obviously, there's an upper limit to how much of your workforce you can let go at one time, so I'm willing to bet Microsoft's management thinks thousands more people aren't worth keeping around. How many employees does Microsoft realistically need? The company is famous for its huge teams that don't work together well, and excessive middle management. But they also have a huge number of software projects, and some of the projects, like Windows and Office, need big teams to develop. How would we go about estimating the total workforce Microsoft needs? (Other headcounts for reference: Apple: 80,000, Amazon: 124,600, IBM: 431,212, Red Hat: 5,000+, Facebook: 6,800, Google: 52,000, Intel: 104,900.)

Russia Prepares  Internet War Against Malaysian Jet

The investigation of a Malaysian passenger jet shot down over Ukrainian rebel held territory is heating up. U.S. and U.K. news organizations are studiously trying to spread the blame, Russian ITAR, which, just earlier today was celebrating the downing of a large aircraft by rebel missiles in Torez (Google cache) is reporting that the rebels do not have access to the missiles needed for such attacks. The rebel commander who earlier today reported the downing of the aircraft has also issued a correction to earlier reports that they had captured BUK air defense systems with Russian sources now stating that the rebels do not posses such air defenses. The Ukrainian president has been attempting to frame the incident as a "terrorist attack". President Obama made contact with Vladimir Putin and has been instead treating it as an accident, calling it a "terrible tragedy" and saying that the priority is investigating whether U.S. citizens were involved. With control of the black box and its own internet propaganda army Russia may be in a good position to win the propaganda war.

Saturday, July 19, 2014

Getting Into Cyberwar the  US National Guard says

The Maryland Air National Guard needs a new facility for its cyberwar operations:
The purpose of this facility is to house a Network Warfare Group and ISR Squadron. The Cyber mission includes a set of capabilities, expertise to enable the cyber operational need for an always-on, net-speed awareness and integrated operational response with global reach. It enables operators to drive upstream in pursuit of cyber adversaries, and is informed 24/7 by intelligence and all-source information.
Is this something we want the Maryland Air National Guard to get involved in?

Personal Information of US Security-Clearance Holders had been stolen by Hackers

The article says they were Chinese but offers no evidence:
The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their personal information through the website.
This is a big deal. If I were a government, trying to figure out who to target for blackmail, bribery, and other coercive tactics, this would be a nice database to have.

Friday, July 18, 2014

How elite hackers (almost) stole the NASDAQ

In 2010, elite hackers, most likely from Russia, used at least two zero-day vulnerabilities to penetrate the computer network operated by Nasdaq Stock Market, a hack that allowed them to roam unmolested for months and plant destructive malware designed to cause disruptions, according to a media report published Thursday.
The intrusion initially caught the attention of officials inside the National Security Agency, the Central Intelligence Agency, and departments of Defense, Treasury, and Homeland Security for two reasons, Bloomberg Businessweek journalist Michael Riley reported in an article headlined How Russian Hackers Stole the Nasdaq. One, it appeared to be the work of hackers sponsored by Russia or another powerful nation-state. Two, far from the typical espionage campaigns that merely siphon out secret data, the malware involved in the attack contained what early on appeared to be a digital bomb that could cause serious damage.
Riley’s 3,100-word cover article traces the resulting federal investigation, which also involved the FBI, Secret Service, the National Cybersecurity and Communications Integration Center, and on at least three occasions, briefings provided to President Barack Obama. Ultimately, analysis of the malware showed its capabilities were less destructive than earlier believed, but there was still cause for concern. As Ars reported last year, it came around the same time that five eastern European men allegedly breached networks belonging to Nasdaq and at least seven other financial institutions. According to federal prosecutors, one of the suspects, upon gaining persistent control over the world’s second biggest stock exchange, proclaimed “NASDAQ is owned.”

Thursday, July 17, 2014

Traffic Analysis of Cloud Data Access

Here's some interesting research on foiling traffic analysis of cloud storage systems.
Press release.

Wednesday, July 16, 2014

  Keyloggers on Public Computers and the Risks

Brian Krebs is reporting that:
The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.
It's actually a very hard problem to solve. The adversary can have unrestricted access to the computer, especially hotel business center computers that are often tucked away where no one else is looking. I assume that if someone has physical access to my computer, he can own it. This is doubly true if he has hardware access.

Study NIRT Using Anthropological Methods

This is an interesting paper: "An Anthropological Approach to Studying CSIRTs." A researcher spent 15 months at a university's SOC conducting "ethnographic fieldwork." Right now it's more about the methodology than any results, but I'll bet the results will be fascinating.
And here's some information about the project.

Announcing Project Zero

A team of superheroes in sci-fi movies protect the world from Alien attack or bad actors, likewise Project Zero is a dedicated team of top security researchers, who have been hired by Google to finding the most severe security flaws in software around the world and fixing them.
Project Zero gets its name from the term "zero-day," and team will make sure that zero-day vulnerabilities don't let fall into the wrong hands of Criminals, State-sponsored hackers and Intelligence Agencies.
"Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage." Chris Evans said, who was leading Google’s Chrome security team and now will lead Project Zero.
Zero-day vulnerabilities could give bad actors the power to completely control target users’ computers, and in such scenario - no encryption can protect them.

Google has already recruited some hackers at Project Zero:
  • Ben Hawkes - an independent researcher from New Zealand, and well known for discovering dozens of bugs in software like Adobe Flash and Microsoft Office.
  • George Hotz - best known for hacking Sony PlayStation 3, cracking iPhone and Google's Chrome browser.
  • Tavis Ormandy - working as an Information Security Engineer at Google and known for discovering lots of critical zero-day vulnerabilities in various softwares.
  • and many more..
Main objective of the Project Zero is to significantly reduce the number of people harmed by targeted attacks.
"We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet." Chris added.
However, they are not restricted to finding bugs in Google's products only, rather they can choose targets by themselves strategically, but possibly team would majorly focus on the softwares that relied upon by a significant number of people. Flaw hunting and reporting process will be as mentioned below:
  1. The Project Zero team will hunt for zero-day vulnerabilities in Popular Softwares.
  2. Google will report flaws to vendors.
  3. Google will release full vulnerability disclosure only when the vendor issues a patch for it.
  4. Every bug will be filed transparently in an external database.
"We'll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment." Chris said.
Google is looking forward to grow their team of security experts and is making every effort to dedicatedly contribute to the Infosec Community.

GCHQ Catalog of Exploit Tools

The latest Snowden story is a catalog of exploit tools from JTRIG (Joint Threat Research Intelligence Group), a unit of the British GCHQ, for both surveillance and propaganda. It's a list of code names and short descriptions, such as these:
GLASSBACK: Technique of getting a targets IP address by pretending to be a spammer and ringing them. Target does not need to answer.
MINIATURE HERO: Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.
MOUTH: Tool for collection for downloading a user's files from
PHOTON TORPEDO: A technique to actively grab the IP address of MSN messenger user.
SILVER SPECTOR: Allows batch Nmap scanning over Tor.
SPRING BISHOP: Find private photographs of targets on Facebook.
ANGRY PIRATE: is a tool that will permanently disable a target's account on their computer.
BUMPERCAR+: is an automated system developed by JTRIG CITD to support JTRIG BUMPERCAR operations. BUMPERCAR operations are used to disrupt and deny Internet-based terror videos or other materials. The techniques employs the services provided by upload providers to report offensive materials.
BOMB BAY: is the capacity to increase website hits/rankings.
BURLESQUE: is the capacity to send spoofed SMS messages.
CLEAN SWEEP: Masquerade Facebook Wall Posts for individuals or entire countries.
CONCRETE DONKEY: is the capacity to scatter an audio message to a large number of telephones, or repeatedely bomb a target number with the same message.
GATEWAY: Ability to artificially increase traffic to a website.
GESTATOR: amplification of a given message, normally video, on popular multimedia websites (Youtube).
SCRAPHEAP CHALLENGE: Perfect spoofing of emails from Blackberry targets.
SUNBLOCK: Ability to deny functionality to send/receive email or view material online.
SWAMP DONKEY: is a tool that will silently locate all predefined types of file and encrypt them on a targets machine
UNDERPASS: Change outcome of online polls (previously known as NUBILO).
WARPATH: Mass delivery of SMS messages to support an Information Operations campaign.
HAVLOCK: Real-time website cloning techniques allowing on-the-fly alterations.
HUSK: Secure one-on-one web based dead-drop messaging platform.

Attacks Against Tor 

Last week, we learned that the NSA targets people who look for information about Tor. A few days later, the operator of a Tor exit node in Austria has been found guilty as an accomplice, because someone used his computer to transmit child porn. Even more recently, Tor has been named as a defendant in a revenge-porn suit in Texas because it provides web-porn operators with privacy.
Here's the EFF: "Seven Things You Should Know About Tor."

Sunday, July 13, 2014

New Technology Uses Cellular Towers For Super-Accurate Weather Measurements

"Israeli scientists from the Tel Aviv University perfected a method for using cell phone service towers' microwave emitters to measure rain and snow and even (for the first time ) detect fog with great accuracy over vast areas in real time. The research team members have analyzed endless amounts of raw cellular data and developed more accurate ways to measure meteorological information and added more parameters that they can now measure using their growing database. When combined with existing meteorological monitoring technologies such as radars and local ground based weather stations, the results show unprecedented level of accuracy that can give better and further weather forecast as well as special warnings about upcoming floods, fog and hail which can affect both people and crop production."

New Microsoft CEO Vows To Shake Up Corporate Culture

New Microsoft CEO Satya Nadella said that he and his leadership team are taking "important steps to visibly change our culture" and that "nothing is off the table" on that score. While much of his declaration consists of vague and positive-sounding phrases ("crease the fluidity of information and ideas by taking actions to flatten the organization and develop leaner business processes"), he outlined his main goals for the shift: reduce time it takes to get things done by having fewer people involved in each decision; quantify outcomes for products and use that data to predict future trends; and increasing investment for employee training and development.

Saturday, July 12, 2014

First Release of LibreSSL Portable Is Available

It has finally happened. Bob Beck of The OpenBSD Foundation has just announced that the first release of LibreSSL portable is now available, and can be found in the LibreSSL directory of your favourite OpenBSD mirror. libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OS X and FreeBSD. This is intended to be an initial portable release of OpenBSD's libressl to allow the community to start using it and providing feedback, and has been done to address the issue of incorrect portable versions being attempted by third-parties. Support for additional platforms will be added as time and resources permit.

NSA Records and Stores 80% of All US Audio Calls

At least 80% of all audio calls, not just metadata, are recorded and stored in the US, says whistleblower William Binney – that's a 'totalitarian mentality'

The ultimate goal of the NSA is total population control

At least 80% of all audio calls, not just metadata, are recorded and stored in the US, says whistleblower William Binney – that's a 'totalitarian mentality'
William Binney testifies before a German inquiry into surveillance.
William Binney testifies before a German inquiry into surveillance. 
William Binney is one of the highest-level whistleblowers to ever emerge from the NSA. He was a leading code-breaker against the Soviet Union during the Cold War but resigned soon after September 11, disgusted by Washington’s move towards mass surveillance.
On 5 July he spoke at a conference in London organised by the Centre for Investigative Journalism and revealed the extent of the surveillance programs unleashed by the Bush and Obama administrations.
“At least 80% of fibre-optic cables globally go via the US”, Binney said. “This is no accident and allows the US to view all communication coming in. At least 80% of all audio calls, not just metadata, are recorded and stored in the US. The NSA lies about what it stores.”
The NSA will soon be able to collect 966 exabytes a year, the total of internet traffic annually. Former Google head Eric Schmidt once argued that the entire amount of knowledge from the beginning of humankind until 2003 amount to only five exabytes.
Binney, who featured in a 2012 short film by Oscar-nominated US film-maker Laura Poitras, described a future where surveillance is ubiquitous and government intrusion unlimited.
“The ultimate goal of the NSA is total population control”, Binney said, “but I’m a little optimistic with some recent Supreme Court decisions, such as law enforcement mostly now needing a warrant before searching a smartphone.”
He praised the revelations and bravery of former NSA contractor Edward Snowden and told me that he had indirect contact with a number of other NSA employees who felt disgusted with the agency’s work. They’re keen to speak out but fear retribution and exile, not unlike Snowden himself, who is likely to remain there for some time.
Unlike Snowden, Binney didn’t take any documents with him when he left the NSA. He now says that hard evidence of illegal spying would have been invaluable. The latest Snowden leaks, featured in the Washington Post, detail private conversations of average Americans with no connection to extremism.
It shows that the NSA is not just pursuing terrorism, as it claims, but ordinary citizens going about their daily communications. “The NSA is mass-collecting on everyone”, Binney said, “and it’s said to be about terrorism but inside the US it has stopped zero attacks.”
The lack of official oversight is one of Binney’s key concerns, particularly of the secret Foreign Intelligence Surveillance Court (Fisa), which is held out by NSA defenders as a sign of the surveillance scheme's constitutionality.
“The Fisa court has only the government’s point of view”, he argued. “There are no other views for the judges to consider. There have been at least 15-20 trillion constitutional violations for US domestic audiences and you can double that globally.”
A Fisa court in 2010 allowed the NSA to spy on 193 countries around the world, plus the World Bank, though there’s evidence that even the nations the US isn’t supposed to monitor – Five Eyes allies Britain, Canada, Australia and New Zealand – aren’t immune from being spied on. It’s why encryption is today so essential to transmit information safely.
Binney recently told the German NSA inquiry committee that his former employer had a “totalitarian mentality” that was the "greatest threat" to US society since that country’s US Civil War in the 19th century. Despite this remarkable power, Binney still mocked the NSA’s failures, including missing this year’s Russian intervention in Ukraine and the Islamic State’s take-over of Iraq.
The era of mass surveillance has gone from the fringes of public debate to the mainstream, where it belongs. The Pew Research Centre released a report this month, Digital Life in 2025, that predicted worsening state control and censorship, reduced public trust, and increased commercialisation of every aspect of web culture.
It’s not just internet experts warning about the internet’s colonisation by state and corporate power. One of Europe’s leading web creators, Lena Thiele, presented her stunning series Netwars in London on the threat of cyber warfare. She showed how easy it is for governments and corporations to capture our personal information without us even realising.
Thiele said that the US budget for cyber security was US$67 billion in 2013 and will double by 2016. Much of this money is wasted and doesn't protect online infrastructure. This fact doesn’t worry the multinationals making a killing from the gross exaggeration of fear that permeates the public domain.
Wikileaks understands this reality better than most. Founder Julian Assange and investigative editor Sarah Harrison both remain in legal limbo. I spent time with Assange in his current home at the Ecuadorian embassy in London last week, where he continues to work, release leaks, and fight various legal battles. He hopes to resolve his predicament soon.
At the Centre for Investigative Journalism conference, Harrison stressed the importance of journalists who work with technologists to best report the NSA stories. “It’s no accident”, she said, “that some of the best stories on the NSA are in Germany, where there’s technical assistance from people like Jacob Appelbaum.”
A core Wikileaks belief, she stressed, is releasing all documents in their entirety, something the group criticised the news site The Intercept for not doing on a recent story. “The full archive should always be published”, Harrison said.
With 8m documents on its website after years of leaking, the importance of publishing and maintaining source documents for the media, general public and court cases can’t be under-estimated. “I see Wikileaks as a library”, Assange said. “We’re the librarians who can’t say no.”
With evidence that there could be a second NSA leaker, the time for more aggressive reporting is now. As Binney said: “I call people who are covering up NSA crimes traitors”.

" Drafting A Strong Password "

Funny, and the inspiration for this week's headlines. (Note that the image shows Password Safe on the screen.)
And marginally related, here's an odd essay about using a password as a mantra for personal change.

Friday, July 11, 2014

 Restore Your Faith in Humanity Leaked NSA Memo

 It's a parody:
The Russian Federation is more complex. At a political level there's a lot of grandstanding. Operationally though, we share intelligence with Russia on anyone who is a mutual target (and that, ironically, includes most of the Russian Federation). China is our main mutual target because it refuses to share the economic intelligence data it gathers about either Russia or America. All of us, however, have agreed to share intelligence data on the French.

FBI controlled Linux Servers & Dangerous IP ranges

Many security enthusiasts and novice security analysts have mushroomed more than 300% in just last couple of years which shows the IT security has seriously caught up the attention of aspiring IT professionals but again it is a matter of concern and raises a question - How many of them really justify the title Security Analyst or Security Experts?

While there are more self-proclaimed Ethical Hackers and even the ones trained under different branded training institutes, over the time while they learn different skills to secure their resources, they end up tapping into the dark places without knowing the rules that could lead them into dangers that they are not aware of! This goes both for Network Security professionals and Security Application programmers!

Network Scanning is one such phase, which is fun but can be illegal and dangerous too! While using the automated tools to scan and audit different networks, these auditors / analysts forget the mere basic rule to exclude certain IP Addresses from their scanning range, which are NEVER supposed to be even ping-ed in the first place. The programmers who build such automated tools need to include these IP ranges into their application, and at least prompt or alert while it is being used for scanning.

Here are list of IP Address Ranges, that one must always exclude from their scanning list, of which consists of many FBI controlled Linux servers and other secure Military Networks The information provided below are only for educational purpose and have been collected manually from various public sources over the internet, and may change over time.

Source : #ARIN and #Darknet - [Army Information Systems Center] - [Defense Information Systems Agency, VA] - [DoD Intel Information Systems, Defense Intelligence Agency, Washington DC ] - [US Defense Information Systems Agency] - [Defense Information Systems Agency] - [Unkonwn] - [Royal Signals and Radar Establishment, UK - [Defense Information Systems Agency] - [Defense Information Systems Agency] - [Defense Information Systems Agency] - [Joint Tactical Command] - [Joint Tactical Command] - [Army National Guard Bureau] - [Do not scan] - [Do not scan] - [Do not Scan] - [Do not scan] - [Do not scan] - [Army Yuma Proving Ground] - [Naval Surface Warfare Center] - [Defence Research Establishment-Ottawa] - [Army Communications Electronics Command] - [Naval Ocean Systems Center] - [Department of Defense] - [Department of Defense] - [U.S. Naval Academy] - [Naval Research Laboratory] - [Army Ballistics Research Laboratory] - [Army Communications Electronics Command] - [Defence Evaluation and Research Agency] - [NASA Ames Research Center] - [NASA Headquarters] - [NASA Wallops Flight Facility] - [NASA Langley Research Center] - [NASA Lewis Network Control Center] - [NASA Johnson Space Center] - [NASA Ames Research Center] - [NASA Ames Research Center] - [Naval Research Laboratory] - [NASA Ames Research Center] - [NASA Goddard Space Flight Center] - [Army Belvoir Reasearch and Development Center] - [50th Space Wing] - [MacDill Air Force Base] - [NASA Kennedy Space Center] - [U.S. Air Force Academy] - [Strategic Defense Initiative Organization] - [United States Military Academy] - [NASA Marshall Space Flight Center] - [Patrick Air Force Base] - [Wright-Patterson Air Force Base] - [66SPTG-SCB] - [Vandenberg Air Force Base, CA] - [Air Force Institute of Technology] - [NASA Ames Research Center] - [Naval Weapons Center] - [Army Armament Research Development and Engineering Center] - [85 MISSION SUPPORT SQUADRON/SCSN] - [NASA/Johnson Space Center] - [NASA IVV] - [NASA Goddard Space Flight Center] - [NASA - John F. Kennedy Space Center] - [NASA Marshall Space Flight Center] - [NASA Lewis Research Center] - [Naval Underwater Systems Center] - [Air Force Flight Test Center] - [Army Ballistics Research Laboratory] - [U.S. Army Corps of Engineers] - [United States Air Force Academy] - [NASA Johnson Space Center] - [Mather Air Force Base] - [Naval Coastal Systems Center] - [Army Aberdeen Proving Ground Installation Support Activity] - [Honeywell Defense Systems Group] - [U.S.Army Corps of Engineers] - [NASA Headquarters] - [Mather Air Force Base] - [Langley Air Force Base] - [Barksdale Air Force Base] - [Sheppard Air Force Base] - [Hahn Air Base] - [Keesler Air Force Base] - [6 Communications Squadron] - [Patrick Air Force Base] - [75 ABW] - [62 CS/SCSNT] - [37 Communications Squadron] - [Fairchild Air Force Base] - [Yokota Air Base] - [Elmendorf Air Force Base] - [Hickam Air Force Base] - [354CS/SCSN] - [Bergstrom Air Force Base] - [Randolph Air Force Base] - [20 Communications Squadron] - [Andersen Air Force Base] - [Davis-Monthan Air Force Base] - [56 Communications Squadron /SCBB] - [Air Force Concentrator Network] - [Upper Heyford Air Force Base] - [Alconbury Royal Air Force Base] - [7 Communications Squadron] - [McConnell Air Force Base] - [Norton Air Force Base] - [NAVAL AVIATION DEPOT CHERRY PO] - [Defense MegaCenter Columbus] - [Defense Technical Information Center] - [Army Information Systems Command - Aberdeen (EA)] - [McClellan Air Force Base] - [NASA/Michoud Assembly Facility] - [Naval Postgraduate School] - [United States Naval Academy] - [European Space Operations Center] - [NASA Headquarters] - [Office of the Chief of Naval Research] - [Williams Air Force Base] - [49th Fighter Wing] - [Ankara Air Station] - [SSG/SINO] - [28th Bomb Wing] - [319 Comm Sq] - [Hellenikon Air Base] - [Myrtle Beach Air Force Base] - [Ben*****ers Royal Air Force Base] - [Air Force Concentrator Network] - [Kadena Air Base] - [Kunsan Air Base] - [Lindsey Air Station] - [McGuire Air Force Base] - [100CS (NET-MILDENHALL)] - [35th Communications Squadron] - [Plattsburgh Air Force Base] - [23Communications Sq] - [Dover Air Force Base] - [786 CS/SCBM] - [39CS/SCBBN] - [14TH COMMUNICATION SQUADRON] - [Lajes Air Force Base] - [Loring Air Force Base] - [60CS/SCSNM] - [Cannon Air Force Base] - [Altus Air Force Base] - [75 ABW] - [Goodfellow AFB] - [K.I. Sawyer Air Force Base] - [347 COMMUNICATION SQUADRON] - [Spangdahlem Air Force Base] - [Zweibruchen Air Force Base] - [Chanute Air Force Base] - [Columbus Air Force Base] - [Laughlin Air Force Base] - [366CS/SCSN] - [Reese Air Force Base] - [Vance Air Force Base] - [Langley AFB] - [Torrejon Air Force Base] - [9 CS/SC] - [Castle Air Force Base] - [Nellis Air Force Base] - [24Comm SquadronSCSNA] - [42ND COMMUNICATION SQUADRON] - [SSG/SIN] - [377 COMMUNICATION SQUADRON] - [Army National Guard Bureau] - [NGB-AIS-OS] - [National Guard Bureau] - [Army National Guard Bureau] - [National Guard Bureau] - [Army National Guard Bureau] - [National Guard Bureau] - [DOD Network Information Center] - [Army National Guard Bureau] - [National Guard Bureau] - [Army National Guard Bureau] - [Army National Guard] - [Army National Guard Bureau] - [South Carolina Army National Guard, USPFO] - [National Guard Bureau] - [National Guard Bureau] - [Army Information Systems Command] - [Army Research Office] - [Naval Research Laboratory] - [Lockheed Aeronautical Systems Company] - [The Pentagon] - [NASA Ames Research Center] - [Boeing Military Aircraft Facility] - [Boeing Corporation] - [Army Information Systems Command-ATCOM] - [Army Information Systems Command] - [NASA/Johnson Space Center] - [Wright-Patterson Air Force Base] - [Wright-Patterson Air Force Base] - [Army Engineer Waterways Experiment Station] - [Headquarters Air Force Space Command] - [U.S. Army Aberdeen Test Center] - [7th Communications Group] - [Naval Research Laboratory] - [Navy Regional Data Automation Center] - [U.S. Army, Europe] - [HQ 5th Signal Command] - [Southern European Task Force] - [HQ 5th Signal Command] - [U.S. Military Academy] - [Air Force Military Personnel Center] - [NASA Research Network] - [Defense Intelligence Agency] - [69th Signal Battalion] - [HQ, 5th Signal Command] - [Whiteman Air Force Base] - [George Air Force Base] - [Little Rock Air Force Base] - [437 CS/SC] - [Air Force Concentrator Network] - [HQ AFSPC/SCNNC] - [Air Force Concentrator Network] - [National Aerospace Laboratory] - [Naval Surface Warfare Center] - [First Special Operations Command] - [Naval Warfare Assessment Center] - [Royal Military College] - [Headquarters, U.S. European Command] - [USAF MARS] - [Army Concepts Analysis Agency] - [U.S. ARMY Tank-Automotive Command] - [Defense Information Systems Agency] - [Defense Information Systems Agency] - [HQ 5th Signal Command] - [Defense Information Systems Agency] - [Air Force Materiel Command] - [75 ABW] - [Air Force Logistics Command] - [77 CS/SCCN] - [78 CS/SCSC] - [Wright Patterson Air Force Base] - [United States Atlantic Command Joint Training] - [Air Force Systems Command] - [Army Information Systems Command] - [HQ 5th Signal Command] - [HQ, 5th Signal Command] - [NASA Headquarters] - [Naval Surface Warfare Center] - [NASA Information and Electronic Systems Laboratory] - [DEFENSE PROCESSING CENTERPERAL HARBOR] - [Navy Computers and Telecommunications Station] - [Navy Regional Data Automation Center (NARDAC)] - [Marine Corps Air Station] - [Navy Regional Data Automation Center] - [NAVCOMTELCOM] - [NCTS WASHINGTON] - [NCTC] - [Yokosuka Naval Base] - [NCTC] - [Marine Corps Central Design & Prog. Activity] - [NCTC] - [Naval Air Station] - [NCTC] - [NOC, MCTSSA, East] - [Marine Corps Central Design & Prog. Activity] - [NAVAL COMPUTER AND TELECOMM] - [NCTC] - [NCTS Pensacola] - [NCTC] - [CNO N60] - [NCTS] - [NASA/Yellow Creek] - [20th Tactical Fighter Wing] - [48th Tactical Fighter Wing] - [36th Tactical Fighter Wing] - [52nd Tactical Fighter Wing] - [50th Tactical Fighter Wing] - [66th Electronic Combat Wing] - [26th Tactical Reconnaissance Wing] - [32nd Tactical Fighter Squadron] - [st Tactical Fighter Wing] - [10th Tactical Fighter Wing] - [39th Tactical Air Control Group] - [40th Tactical Air Control Group] - [401st Tactical Fighter Wing] - [Reseau Infomratique] - [Unknown]  - [Defense Information Systems Agency] - [Defense Information Systems Agency] - [DISA Columbus Level II NOC] - [Defense Information Systems Agency] - [ASIC ALLIANCE-MARLBORO] - [Defense Information Systems Agency] - [DOD Network Information Center] - [Defense Information Systems Agency] - [Naval Sea Systems Command] - [HQ US Army Medical Research and Development Command] - [HQ 5th Signal Command] - [HQ, 5th Signal Command] - [HQ, 5th Signal Command] - [Scott Air Force Base] - [Naval Undersea Warfare Center Division, Keyport] - [Fort Bragg] - [US Army Corps of Engineers] - [Naval Sea Systems Command] - [Naval Ocean Systems Center] - [HQ, 5th Signal Command] - [106TH SIGNAL BRIGADE] - [58th Signal Battalion] - [U.S. Army, 1141st Signal Battalion] - [Headquarters, USAAISC] - [NASA Ames Research Center] - [United States Army Information Systems Command] - [Army Information Systems Command] - [Headquarters, Third United States Army] - [Commander, Army Information Systems Center] - [HQ, 5th Signal Command] - [United States Army Information Services Command-Campbell] - [Defense Intelligence Agency] - [U.S. Army LABCOM] - [HQ, 5th Signal Command] - [Defence Research Agency] - [HQ United States European Command] - [NASA/Johnson Space Center] - [NASA Langley Research Center] - [HQ, 5th Signal Command] - [Army CALS Project] - [Army Information Systems Software Center] - [Naval Air Warfare Center, Aircraft Division] - [Naval Surface Warfare Center] - [HQ, 5th Signal Command] - [Army Information Systems Command] - [1112th Signal Battalion] - [US Army Tank-Automotive Command] - [19th Support Command] - [Fort Monroe DOIM] - [7th Communications Group] - [NASA, Stennis Space Center] - [1114th Signal Battalion] - [Space and Naval Warfare Command] - [10th Area Support Group] - [NASA Goodard Space Flight Center] - [Army Information Systems Command] - [USAISC-Fort Lee] - [Fort Monroe DOIM] - [USAISC-Letterkenny] - [USAISC-LABCOM] - [7th Communications Group of the Air Force] - [U.S. Naval Space & Naval Warfare Systems Command] - [NATO Headquarters] - [Defense Information Systems Agency] - [Defense MegaCenter (DMC) Denver] - [USCENTAF/SCM] - [Federal Bureau of Investigation] - [1141st Signal Bn] - [1141st Signal Bn] - [American Forces Information] - [U.S. ArmyFort Gordon] - [United States Army Information Systems Command] - [PEO STAMIS] - [US Army Corps of Engineers] - [PEO STAMIS] - [US Army Corps of Engineers] - [PEO STAMIS] - [US Army Corps of Enginers] - [PEO STAMIS] - [US Army Corps of Engineers] - [PEO STAMIS] - [Drug Enforcement Administration] - [1112th Signal Battalion] - [HQ, 5th Signal Command] - [Federal Aviation Administration] - [USAISC Fort Benning] - [Director of Information Management] - [USAISC-FT DRUM] - [TCACCIS Project Management Office] - [Directorate of Information Management] - [USAISC] - [DOIM/USAISC Fort Sill] - [USAISC-DOIM] - [USAISC-Ft Ord] - [U. S. Marshals Service] - [United Nations] - [COMMANDER NAVAL SURFACE U.S. PACIFIC FLEET] - [US Special Operations Command] - [U. S. Strategic Command] - [Commander, Tooele Army Depot] - [USAMC Logistics Support Activity] - [U.S. Army TACOM] - [UASISC Ft. Carson] - [1112th Signal Battalion] - [USAISC-Ft. McCoy] - [USAISC-FLW] - [US Army Soldier Support Center] - [USAISC-CECOM] - [GOC] - [UASISC-Vint Hill] - [US Army Harry Diamond Laboratories] - [USAISC DOIM] - [1112th Signal Battalion] - [Defense Megacenter Huntsville] - [Rocky Mountain Arsenal (PMRMA)] - [Crane Army Ammunition Activity] - [Defense Finance & Accounting Service Center] - [DOIM] - [Marine Corps Central Design and Programming Activity] - [Marine Corps Central Design and Programming Activity] - [Naval Air Systems Command (Air 4114)] - [US Army Recruiting Command] - [36th Signal BN] - [USAISC] - [HQ, United States Army] - [USAISC] - [1101st Signal Brigade] - [USAISC SATCOMSTA-CAMP ROBERTS] - [Commander, Moncrief Army Hospital] - [NAVAL WEAPONS STATION] - [Naval Aviation Depot Pensacola] - [Central Intelligence Agency] - [NASA Kennedy Space Center] - [Naval Ordnance Center, Pacific Division] - [United States Army Space and Strategic Defense] - [Naval Surface Warfare Center] - [Institute for Defense Analyses] - [Bureau of Naval Personnel] - [HQ USAFE WARRIOR PREPARATION CENTER] - [NIMIP/TIP/NEWNET] - [Information Technology] - [Naval Undersea Warfare Center] - [Secretary of the Navy] - [U.S. Army Intelligence and Security Command] - [Naval Exchange Service Command] - [Naval Surface Warfare Center, Crane Division] - [USCINCPAC J21T] - [NCTS-NOLA] - [Naval Aviation Depot] - [Military Sealift Command] - [United States Southern Command] - [Government Telecommunications Agency] - [USDA Office of Operations] - [Fort Sanders Alliance] - [Indiana Purdue Fort Wayne] - [U.S. Department of State] - [Various - Do not scan] - [Naval Air Systems Command, VA] - [Perth Australia iiNET] - [IPC JAPAN] - [DOD Network Information Center] - [Bureau of Medicine and Surgery] - [USACOM] - [DEFENSE FINANCE AND ACCOUNTING SERVICE] - [DISA-Eucom / BBN-STD, Inc.] - [Defense Technical Information Center] - [GSI] - [NSA NAPLES ITALY] - [NAVSTA ROTA SPAIN] - [NAS SIGONELLA ITALY] - [Naval Air Warfare Center Aircraft Division] - [GSI] - [Naval Undersea Warfare Center USRD - Orlando] - [Joint Spectrum Center] - [GSI] - [HQ, JFMO Korea, Headquarters] - [DISA D75] - [U. S. Naval Air Facility, Atsugi Japan] - [Naval Enlisted Personnel Management Center] - [Afloat Training Group Pacific] - [HQ Special Operations Command - Europe] - [Commander Naval Base Pearl Harbor] - [NAVSEA Information Management Improvement Program] - [Q112] - [Ctr. for Info. Sys.Security,CounterMeasures] - [Resource Consultants, Inc.] - [Personnel Support Activity, San Diego] - [NAVAL AIR FACILITY, ADAK] - [NAVSEA Logistics Command Detachment] - [PEARL HARBOR NAVAL SHIPYARD] - [Defense Photography School] - [Defense Information School] - [Naval Air Systems Command] - [Puget Sound Naval Shipyard] - [Joint Precision Strike Demonstration] - [Naval Pacific Meteorology and Ocean] - [Joint Precision Strike Demonstration] - [USAF] - [Commander] - [Naval Air Systems Command] - [NAVSTA SUPPLY DEPARTMENT] - [SUBMEPP Activity] - [COMMANDER TASK FORCE 74 YOKOSUKA JAPAN] - [DISA-PAC,IPC-GUAM] - [Satellite Production Test Center] - [9.0 Air Refueling Wing] - [Defense Megacenter Warner Robins] - [GCCS Support Facility] - [Nav Air Tech Serv Facility-Detachment] - [NAVAL SUPPORT FACILITY, DIEGO GARCIA] - [Defense Logistics Agency - Europe] - [NAVMASSO] - [Commander-In-Chief, US Pacific Fleet] - [Defense MegaCenter - St Louis] - [NAVMASSO] - [HQ SOCEUR] - [Second Marine Expeditionary Force] - [NAVCOMTELSTAWASHDC] - [INFORMATION SYSTEMS TECHNOLOGY CENTER] - [Naval Observatory Detachment, Colorado] - [NAVILCODETMECH] - [Navy Environmental Preventive Medicine] - [Port Hueneme Division, Naval Surf] - [Naval Facilities Engineering Housing] - [NAVSEA Logistics Command Detachment] - [Naval Air Warfare Center] - [Portsmouth Naval Shipyard] - [INFORMATION SYSTEMS TECHNOLOGY CENTER] - [Military Sealift Command Pacific] - [USAF Academy] - [3rd Combat Service Support] - [1st Radio Battalion] - [OASD (Health Affairs)] - [Second Marine Expeditionary Force] - [1st Marine Air Wing] - [SA-ALC/LTE] - [3rd Marine] - [Communications and Electronics] - [G-6 Operations] - [Joint Interoperability Test Command] - [NAVMASSO] - [Field Command Defense Nuclear Agency] - [Naval Space Command] - [Naval Pacific Meteorology and Oceanography] - [Military Family Housing] - [Navy Material Transportation Office] - [NAVMASSO] - [Defense Finance and Accounting Service] - [European Stars and Stripes] - [Pacific Stars and Stripes] - [PUGET SOUND NAVAL SHIPYARD] - [Nval Station, Guantanamo Bay] - [COMNAVSURFPAC] - [NAVMASSO] - [Amphibious Force, Seventh Fleet, U. S. Navy] - [USAF SpaceCommand] - [USAF] - [U.S. Army Special Operations Command] - [FLEET COMBAT TRAINING CENTER ATLA] - [Naval Aviation Depot North Island] - [NAVMASSO] - [NAVSEA Log Command Detachment Pacific] - [Command Special Boat Squadron One] - [AFPCA/GNNN] - [Navy Environmental Preventive Medicine] - [Department of the Navy, Space and Naval Warfare System Command, Washington DC - SPAWAR] - [Unknown] - [Sprint/United Telephone of Florida] - [Unknown] - [Interland, Inc., GA] - [Unknown] - [israelis isp's!! dont try those ranges!!] - [israelis isp's!! dont try those ranges!!] - [israelis isp's!! dont try those ranges!!] - [israelis isp's!! dont try those ranges!!] - [israelis isp's!! dont try those ranges!!] - [Unknown ] - [Unknown] - [Unknown] - [Unknown] - [Do not scan]
FBI controlled Linux servers & IPs/IP-Ranges - [The Internet Access Company] - [Abacus Technology] - [Mass Electric Construction Co.] - [Peabody Proberties Inc] - [Northern Electronics] - [Posternak, Blankstein & Lund] - [Woodard & Curran] - [On Line Services] - [The 400 Group] - [RD Hunter and Company] - [Louis Berger and Associates] - [Ross-Simons] - [Eastern Cambridge Savings Bank] - [Greater Lawrence Community Action Committee] - Electronic Devices, Inc] - [Sippican] - [Alps Sportswear Mfg Co] - [Escher Group Ltd] - [West Suburban Elder] - [Central Bank] - [Danick Systems] - [Alps Sportswear Mfg CO] - [BSCC] - [Patrons Insurance Group] - [Athera Technologies] - [Service Edge Partners Inc] - [Massachusetts Credit Union League] - [SierraCom] - [AI/ FOCS] - [Extreme soft] - [Eaton Seo Corp] - [C. White] - [Athera] - [Entropic Systems, INC] - [Wood Product Manufactureds Associates] - [Jamestown Distribution] - [C&M Computers] - [ABC Used Auto Parts] - [Tomas Weldon] - [Tage Inns] - [Control Module Inc] - [Hyper Crawler Information Systems] - [Eastern Bearings] - [North Shore Data Services] - [Mas New Hampshire] - [J. A. Webster] - [Trilogic] - [Area 54] - [Vested Development Inc] - [Conventures] - [Don Law Company] - [Advanced Microsensors] - [Applied Business Center] - [Color and Design Exchange] - [Shaun McCusker] - [Town of Framingham] - [AB Software] - [Seabass Dreams Too Much, Inc] - [Next Ticketing] - [Dulsi] - [The Internet Access Company] - [Maguire Group] - [Cogenex] - [AKNDC] - [McGovern election commitee] - [Digital Equipment Corp] - [PTR Precision Technologies] - [Extech] - [Manfreddi Architects] - [Parent Naffah] - [Darling Dolls Inc] - [Wright Communications] - [Principle Software] - [Chris Pet Store] - [Fifteen Lilies] - [All-Com Technologies] - [Cardio Thoracic Surgical Associates, P. A.] - [Preferred Fixtures Inc] - [Apple and Eve Distributors] - [Nelson Copy Supply] - [Boston Optical Fiber] - [Fantasia&Company] - [Infoactive] - [Curry College] - [Alternate Power Source] - [Keystone Howley-White] - [Bridgehead Associates LTD] - [County Supply] - [NH Board of Nursing] - [Diversified Wireless Technologies] - [Phytera] - [The Network Connection] - [Young Refrigeration] - [Vision Appraisal Technology] - [EffNet Inc] - [Entropic Systems Inc] - [Finley Properties] - [Nancy Plowman Associates] - [Northeast Financial Strategies] - [Textnology Corp] - [Groton Neochem LLC] - [Tab Computers] - [Patrons Insurance] - [Chair City Web] - [Radex, Inc.] - [Robert Austein] - [Hologic Inc.] - [K-Tech International Inc.] - [Pan Communications] - [New England College of Finance] - [Absolve Technology] - [Extech] - [The Insight Group] - [JLM Technologies] - [Strategic Solutions] - [McWorks] - [Rooney RealEstate] - [Joseph Limo Service] - [The Portico Group] - [Event Travel Management Inc] - [Intellitech International] - [Orion Partners] - [Rainbow Software Solution] - [Grason Stadler Inc] - [Donnegan System] - [The Iprax Corp] - [Coporate IT] - [Putnam Technologies] - [Sycamore Networks] - [Bostek]
2?7.6?.10?.128 - [Louis Berger and Associates] - [Hanson Data Systems] - [Giganet Inc.] - [Roll Systems] - [InternetQA] - [Reading Cooperative Bank] - [Edco collaborative] - [DTC Communications Inc] - [Mike Line] - [The Steppingstone Foundation] - [Caton Connector] - [Refron] - [Dolabany Comm Group] - [The CCS Companies] - [Continental PET Technologies] - [Corey & Company Designers Inc] - [SAIC] - [Netserve Entertainment Group] - [Avici Systems Inc] - [Webrdwne] - [Reality and Wonder] - [Nishan Desilva] - [NemaSoft Inc] - [Patrick Murphy] - [Corey and Company] - [Ames Textile Corp] - [Publicom] - [Northstar Technologies] - [Northstar Technologies] - [Sanga Corp] - [Fired Up Network] - [Integrated Data Solutions] - [Metanext] - [WorldLinx Telecommunications, Inc., Canada] - [BBN Planet, MA]