Skip to content

World’s leading Simcard maker confirms British and US spooks “probably” stole security codes

World’s leading Simcard maker confirms British and US spooks “probably” stole security codes 

The Franco-Dutch world number one simcard maker Gemalto has concluded its own investigation into a hacking of its security codes.

Last week an investigative website, acting on information supplied by whistleblower Edward Snowden, accused the British and American security services of the hack so they could monitor calls, texts and emails.

“This attack very likely has happened. We can correlate what is described in the document allegedly coming from the NSA or GCHQ with events we have observed. This attack was very innovative, it has never been seen before. So it was likely not done by a hacker or mafia as is usual,” said Gemalto’s boss Olivier Piou.

Gemalto added that legally it would be hard to prove, and that past attempts to sue a state had proven well-nigh impossible and ruinously expensive. How many codes had been stolen and how many had been used was even harder to say. Contacting the US or British intelligence agencies about the matter would be a “waste of time” the company said.

‘Breakthrough’ NSA spyware shows deep grasp of makers’ hard drives

‘All-powerful’ spyware on hard drives an unprecedented technique, experts say

What seems to be a U.S.-run computer espionage program has reportedly figured out how to employ a “breakthrough” snooping tactic — the implanting of spyware into hard drives — that could compromise most of the world’s computers.

As a matter of policy, Kaspersky Lab, which publicized the discovery in a report on Monday, withheld the name of the country it suspects of being behind the operation.

But the Moscow-based anti-virus company said the country behind the implanted spyware was closely linked to Stuxnet, the computer worm deployed by the U.S. National Security Agency to disable Iran’s nuclear-enrichment capabilities.

The Kaspersky Lab report code-named the perpetrator of the spyware “the Equation group,” and said researchers have observed compromised hard drives in more than 30 countries, including Iran, Russia, Syria, Afghanistan, the U.S. and the U.K.

By its estimation, Kaspersky Lab says the program causes about 2,000 infections per month, with targets belonging to the telecom, aerospace, energy, military and nuclear research sectors, as well as governments and financial institutions, among others.

For those in cybersecurity, the possibility of exploiting firmware on disk drives is a big deal because it would affect almost the entire computer market.

‘By the time you go to boot into Windows, it’s already compromised, and this has been hidden for at least eight to 14 years’- Chris Parsons, University of Toronto’s Citizen Lab

Kaspersky’s analysis suggests the spyware could work on popular hard drives manufactured by Western Digital, Seagate Technology, Toshiba, IBM, Micron Technology and Samsung.

“The value of getting in before everything else loads is you can influence what loads, how it loads, when it loads, and the value is much higher than if you waited until the operating system booted up,” Parsons said.

That’s because most anti-virus programs tend to be designed to take action following the loading of firmware. This particular program, however, would be “masked” in the firmware.



Windows 7 – Check your Product ID codes Online

Here’s the online product ID checker for Windows 7, 8, and Vista.  Select your operating system.   It accepts Vista, Windows 7, Server 2008 as well as Office versions.

Product ID Checker

pid checker select os

Then enter the product Key – normally found on a sticker on the back of the laptop.

This link will then tell you the activation codes of the OS.


Here’s a valid activation response

pid activation idWhy is this useful?

If the license if a retail version, you can deactivate the license, and install it onto another machine.  If you resell your machine, you can remove the license before you sell it.

The howtogeek contains full details of how to locate and deactivate your product and activation ID’s.

In addition, you can use License crawler to find out many different license keys and codes for all the software installed.

License Crawler

You can download the free License Crawler from this site.

Norton Internet Security antivirus update ‘borked Internet Explorer’ – The Register

Norton AntiVirus prevented Internet Explorer from working at all.

Aggrieved users who’d thought far enough ahead to install Google Chrome, Mozilla Firefox or any of the other alternatives took to Norton’s official forum to vent their spleens.

“Sometime this evening, IE11 started crashing. In fact, it crashed an already-open browsing session, and now trying to start it up just instantly causes a ‘Internet Explorer Has Stopped Working’ error,” wrote support forum contributor Sunfox, sparking an 11-page thread.

Forumites shortly figured out that an update to Norton Internet Security 360 had broken something critical relating to IE, with monkeynuts posting:

I have uninstalled NIS and IE started working. Then reinstalled NIS, and once the patch was deployed IE started crashing again.

Tales of woe, heartbreak and downloads of new browsers spread, until about 0400 GMT, at which point a member of Symantec staff posted: “Kindly run manual live update (right click on Norton icon on tray notification area > ‘Run live update ‘),” helpfully adding “Kindly stop using work-arounds.”

At which point all seemed to be well, judging by the forum posts from then on. Various Reg readers whose machines had auto-updated overnight then wrote to us to let us know what had happened.

El Reg has contacted Symantic, owners of the Norton brand, for comment and will update this story if we hear back from them.

Users still affected by the snafu are advised to re-run Norton LiveUpdate. ®

ROUTERS – How to increase speed by altering the BT Exchange “Signal to Noise Ratio”- SNR

Your local BT Exchange operates a default SNR of 6.  This is to give you speed, and stability – the double whammy of great ADSL broadband.

However, you may not need an SNR of 6 – if the lines are stable.  If you can decrease the SNR to 3 and maintain stability you will increase your download speeds.



A killer feature is the ability to easily tweak the target signal-to-noise (SNR) margin to maximise broadband speed by taking back control of lines from overzealous Digital Line Management (DLM) systems in exchanges. As shown on our Broadband SNR Margin Tweak page, adjustment of the target SNR margin can substantially increase downlink speeds.

Target SNR margin adjustment with the 8800NL can significantly improve download speeds for many broadband users, as described in our Broadband SNR Margin Tweak page. No longer are broadband users completely dependent upon exchange Digital Line Management (DLM) systems, which can sometimes increase the target SNR margin to very high levels (substantially reducing download speed).

While many broadband lines can function perfectly adequately with a 3 dB target SNR margin without issue, DLM systems often set the target SNR margin above this figure. For example, the default target SNR margins used by BT and TalkTalk equipment are 6 dB and 9 dB, respectively. Furthermore, DLM equipment at the exchange can potentially increase the target SNR margin to 18 dB. Changing the target SNR margin from 18 dB to 3 dB can more than double download speeds!

As with the new Billion 7800DXL, the target SNR margin adjustment feature is very simple to configure, and is accessed from the  ‘Configuration’ ‘WAN’ ‘SNR’ submenu (as shown below).

SNR Configuration menu on the Billion 7800DXL

The table, below, provides the numbers that need to be entered to obtain different reductions in the target SNR margin. We slowly decreased the target SNR margin until we were happy that we had achieved the highest download speed without making the line unstable.

Once you get used to being able to adjust the target SNR margin, it is very difficult to return to a modem without this facility as you really do feel out of control!



Note the Billion 8800 AXL offers all Gigabit ports and high speed 5 GHZ WIFI – using the rock solid Broadcom chip and AC WIFI.  2.4 GHZ offers normally only 300 MBPS, whereas the AC 5 GHZ spec is 3 times faster, and offers 1200 MBPS and over.


Powershell – How to create local Administrators – Windows 7 – Server 2012 R2

If you have local access to a machine you have total control over it.  Here we create a new user and assign it to the local “Administrator” group – to gain local Admin rights.  Use “computer management” to view local users and groups.

Step 1 – Create a user in powershell

net user IT Skyisblue2015 /ADD

  • net user
  • user name to create (IT)
  • password to set (Skyisblue2015)
  • /ADD

We can view the new account using the command

net user IT

local view the new IT account

This defaults to the local “users” groups – and we want to be admin.

Administrators is a default local group – which you can view under “Computer Management”.

Here we see the Administrators group now contains our new “IT” user.. excellent!!  But how did I do that?

local administrator successfully added

Step 2 – Escalate to Admin

net localgroup Administrators IT /add

  • net localgroup
  • name of group (we want Administrators)
  • name of object or user to add to group (IT)
  • /addlocal admin add a user to administratorslocal 2 groups

Step 3 – Delete the user to cover your tracks

net user IT /delete

  • net user
  • Name of user (IT)
  • /Delete

local user delete

4000 Series Checkpoint Firewall RAM Upgrade

Featured Image -- 9172


Another great Information Security blog from the Uni of South Wales.. you might want to like, comment and follow USW blogs, for a divergent view of InfoSec, Networking, Server 2012 R2 and privacy…. we got it covered, bro!

Originally posted on SupraFortix Blog:


This short post concentrates on upgrading RAM memory on 4000 Series Checkpoint Firewall. The post will describe the technical process by which to upgrade this device.

The upgrade needs to be planned and consulted as the warranty will be terminated once the device is opened.


The device can be upgraded racked or not racked as screws that are necessary to take out during the upgrade are accessible with rails fitted. The position of the device is shown in the figure below.

The back of the firewall. It’s the one fitted with rails.


Power the device off with a switch in the back of it illustrated in figure above. Take out ear screws.

Unplug all data cables and power cables and drag out the device. Don’t forget to label the cables or take notes where cables were initially plugged in. Labelling and note taking will prevent unnecessary…

View original 250 more words

Has your email account been hacked? PwnedList Online Database – with millions of compromised accounts

PwnedList is online database with more than 966 million compromised passwords on file.  You can query their database to see if your email has been hacked.

Enter your email in here:

If your account has appeared in a hacked database, then close that account – get rid of it.


How many entries do you have in your database?

As of Feb 03, 2015, we have 378,671,085 entries.



Leaks imported by Month

Month Total Leaks Imported
Feb 15 85,209
Jan 15 85,184
Dec 14 84,826
Nov 14 83,792
Oct 14 83,050
Sep 14 81,441
Aug 14 80,280
Jul 14 79,688
Jun 14 17,046
May 14 5,560
Apr 14 5,290
Mar 14 5,098
Feb 14 4,928

Server 2012 R2 Certification – How to set up Deduplication – powershell commands

Server 2012 introduced “Data deduplication”, which scans for and removes duplicated files.  It saves on disk space.

1. Chunk Store

Date dedups relies on a “chunk store”, which is between 32 and 128kb… the average being 64kb.  Each chunk is stored in a container of around 1GB, before a new container is created.

2. Zero impact on users – each hour

Deduping has been designed to have zero impact on users.  It will check every hour for files that can be deduped.

It looks for files that are older than 3 days.

It works only on NTFS voumes.

You cannot dedup a Boot or system disk or SQL databases.

3. Turned off by default.

Oddly the dedup is turned off by default.  The powershell commands to turn it on are:

Add-WindowsFeature FS-Data-Deduplication

or if you want the GUI to set it up….

4. GUI Access via Server Manager

Server Manager > files and storage services > volumes

Right click the volume > configure data deduplication

Data Dedup Drop Down Box > General purpose file server

You may need to exclude certain files, folders or drives – such as the Active Directory Database called ntds.dit or a SQL database.

**Exclude file extensions – dit


Set Deduplication Schedule

Default = background dedup

Throughput is around 2 TB per 24 hours

Go to server manager and the dedup rate with show as a percentage %.



The Certification will test you on Powershell commands.

Powershell Commands for Dedup


Want to enable dedup on a particular drive?

Enable-DedupVolume E:\

Want to see how much disk space it’s saved us?



Want to kick off a manual dedup to speed things up?

Start-DedupJob -Type Optimization -Volume E:

Start-DedupJob -Type GarbageCollection -Volume E:


Want to see how far the dedup has got?




Want to see the statistics of the dedup?

PS E:\>Get-DedupMetaData






Huge Security Flaw Leaks VPN Users’ Real IP-Addresses

VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC. The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only. Luckily the security hole is relatively easy to fix.

boxedThe Snowden revelations have made it clear that online privacy is certainly not a given.

Just a few days ago we learned that the Canadian Government tracked visitors of dozens of popular file-sharing sites.

As these stories make headlines around the world interest in anonymity services such as VPNs has increased, as even regular Internet users don’t like the idea of being spied on.

Unfortunately, even the best VPN services can’t guarantee to be 100% secure. This week a very concerning security flaw revealed that it’s easy to see the real IP-addresses of many VPN users through a WebRTC feature.

With a few lines of code websites can make requests to STUN servers and log users’ VPN IP-address and the “hidden” home IP-address, as well as local network addresses.

The vulnerability affects WebRTC-supporting browsers including Firefox and Chrome and appears to be limited to Windows machines.

A demo published on GitHub by developer Daniel Roesler allows people to check if they are affected by the security flaw.

IP-address leak

nkoreaipThe demo claims that browser plugins can’t block the vulnerability, but luckily this isn’t entirely true. There are several easy fixes available to patch the security hole.

Chrome users can install the WebRTC block extension or ScriptSafe, which both reportedly block the vulnerability.

Firefox users should be able to block the request with the NoScript addon. Alternatively, they can type “about:config” in the address bar and set the “media.peerconnection.enabled” setting to false.


My Tested Results of media.peerconnection.enabled – workaround worked!!

firefox block

TF asked various VPN providers to share their thoughts and tips on the vulnerability. Private Internet Access told us that the are currently investigating the issue to see what they can do on their end to address it. (Update: PIA published an article on the issue today)

TorGuard informed us that they issued a warning in a blog post along with instructions on how to stop the browser leak. Ben Van Der Pelt, TorGuard’s CEO, further informed us that tunneling the VPN through a router is another fix.

“Perhaps the best way to be protected from WebRTC and similar vulnerabilities is to run the VPN tunnel directly on the router. This allows the user to be connected to a VPN directly via Wi-Fi, leaving no possibility of a rogue script bypassing a software VPN tunnel and finding one’s real IP,” Van der Pelt says.


Take home message:

WebRTC is developed and maintained by Google… ’nuff said.

The same Google that has to comply with the Patriot Act and FISA (Foreign Intelligence Surveillance Act).    Of course, they’d want your real IP’s and the IP’s of all the devices operating on your home network.


This is VERY dangerous for privacy.  The IP’s of devices that operate in your home are being published on the Internet.  For goodness sakes!!


Get every new post delivered to your Inbox.

Join 187 other followers