Archive for April, 2014

Finally. Something GOOD as a result of Heartbleed. It’s been turned against cyber criminals.



Eric De Grasse, Chief Technology Officer

(with contributions from Gregory Bufithis)

30 April 2014 – In a case of live by the sword, die by the sword, researchers have used the now-infamous Heartbleed bug in OpenSSL to gain access to black-hat forums. A French researcher named Steven K [name withheld] has reported that “the potential of this vulnerability affecting black-hat services is just enormous”. He focused on the criminal-minded sites Darkode and Damagelab which have been compromised. Heartbleed had put many such forums in a “critical” position, he said, leaving them vulnerable to attack using tools that exploit the bug.

If you’ve been asleep the past few weeks, the Heartbleed vulnerability was found in software, called Open SSL, which is supposed to make it much harder to steal data. Instead, exploiting the bug makes a server hand over small chunks of the data it has just handled – in many cases login details or other sensitive information.

Mr K said he was using specially written tools to target some closed forums called Darkode and Damagelab. These are … Read more

Snowden used TAILS, designed for internet anonymity, to protect his communications. Journalists and (certain) corporates love it.


Tails anonimity

He likes TAILS!



By: Eric De Grasse / Chief Technology Officer

17 April 2014 – An interesting piece from Hugh Pickens over at on how Snowden protected his communications, using The Amnesic Incognito Live System (TAILS). I talked about TAILS in my client wrap-up post after attending the Black Hat and DEF CON hacker conferences last year in Las Vegas. TAILS is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer’s original operating system. It is free software and based on Debian GNU/Linux.

Here is Hugh’s piece with my comments following:

“When Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. Now Klint Finley reports that Snowden also used The Amnesic Incognito Live System Read more

Ever so gently, London City Airport will use the “Internet of Things” to improve transportation



15 April 2014 – As reported in the Guardian’s Technology Blog and the Financial Times TechHub blog, passengers flying from London City Airport will soon be able to test how the “internet of things” (IoT) can rewire their experience of catching a flight, as the airport becomes the first to use the technology. For airports, it holds out the possibility of sending messages to passengers telling them when to set off from a railway, alerting border staff before big queues form, and even having ticket holders coffee orders ready to collect when they approach the counter. London City sees it as an way of running operations more efficiently and improve the passenger experience. In addition … SURPRISE! … targeted advertising could translate into higher takings for the airport’s shops and restaurants – a key source of revenues. But as the airport increases its dependency on the internet of things, it also increases the risk of data security problems such as phishing and hacking, say analysts.

Quoted in the Financial Times piece, David Emm (a senior security researcher at Kaspersky … Read more

Microsoft’s cloud system is the first to satisfy EU privacy standards

Microsoft cloud services


11 April 2014 – Microsoft has become the first company to receive a declaration from Europe’s privacy regulators that its enterprise cloud services contracts are compliant with the bloc’s stringent privacy laws, paving the way for data to move freely through the global cloud. In a blog post yesterday Microsoft General Counsel Brad Smith revealed that the Article 29 Working Party — which is composed of data protection authorities from each member state and the European Commission — had in an April 2 letter informed the company that the regulators had completed their review of the newest version of its enterprise cloud services contracts and concluded that the pacts were in compliance with the high privacy standards outlined in the EU model clauses:

“By acknowledging that Microsoft’s contractual commitments meet the requirements of the EU’s ‘model clauses,’ Europe’s privacy regulators have said, in effect, that personal data stored in Microsoft’s enterprise cloud is subject to Europe’s rigorous privacy standards no matter where that data is located.  Microsoft is the first — and so far the only — company to Read more

L’internet des objets: gadget, serpent de mer ou révolution ?

Internet of things graphic no text


7 Avril 2014 – Les mauvaises langues prétendront, non sans quelques arguments, que l’IoT n’est qu’un autre serpent de mer de l’industrie informatique, au même titre par exemple que les systèmes de traduction automatique dont on nous promet l’avènement imminent depuis des lustres. Les premières évocations de l’IoT remontent en effet au début du siècle alors que la prophétie tarde visiblement à se réaliser. Pourtant depuis quelques mois les signes avant-coureurs d’une concrétisation se font plus insistants. Qu’on en juge par exemple à l’acquisition récente par Google de Nest Labs, un spécialiste de la domotique, ceci pour la modique somme de trois milliards de dollars. Ou encore par son activité R&D consacrée aux lentilles intelligentes capables de mesurer le taux de glucose dans les larmes, une étape peut-être pour remporter la bataille du diabète. Non content d’avoir organisé l’information au niveau global, le géant de Moutain View ambitionne désormais d’assoir son hégémonie en concevant les technologies de capteurs qui, demain, récupèreront l’information directement dans le monde physique plutôt que de passer par les humains, peu fiables et … Read more