tag:blogger.com,1999:blog-183411442024-03-13T14:08:45.694-04:00Thoughts of a TechnocratBehind the Internet Wheels of Steel - Recording Live From Somewhere - Mixing the Fresh Beats of Technology, Intelligence, Science & Security together with the occasional bass-heavy break of Humor. <br><br>
"There is no security on this earth, there is only opportunity" <br>
- General Douglas MacArthur (1880-1964)Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.comBlogger7067125tag:blogger.com,1999:blog-18341144.post-74068625201019559892013-02-04T12:27:00.003-05:002013-02-04T12:28:47.448-05:00Somalia's al-Shabab Opens New Twitter Account Via <a href="http://www.bbc.co.uk/news/world-africa-21321687">BBC</a> -<br />
<br />
<i>Somalia's al-Qaeda-linked al-Shabab group has opened a new Twitter account in English, less than two weeks after its previous account was suspended. <br />
<br />
A senior al-Shabab official told the BBC that the new account was genuine.<br />
<br />
Al-Shabab's previous English-language account was suspended after it used it to announce it would kill a French hostage and then said it had done so.<br />
<br />
Twitter's rules say that threats of violence are banned but it refused to comment on the suspension. <br />
<br />
[...]<br />
<br />
The new al-Shabab account has 280 followers, compared to the previous account which had more than 20,000 followers. <br />
<br />
It was closed on 25 January, about a week after it announced the killing of a French spy, Denis Allex, it was holding hostage.<br />
<br />
Mr Allex, who was kidnapped in Somalia in July 2009, was killed in retaliation for a failed French operation to free him.<br />
<br />
Analysts say the US has wanted al-Shabab banned from Twitter for some time, but lacked the legal means to enforce its will. </i><br />
<br />
-----------------------------------------------------------------------------<br />
<br />
<b>Research Brief - Violent Jihadism in Real Time: Al-Shabaab’s Use of Twitter</b><br />
<a href="http://www.start.umd.edu/start/publications/research_briefs/STARTResearchBrief_AlShabaabsTwitterUse.pdf">http://www.start.umd.edu/start/publications/research_briefs/STARTResearchBrief_AlShabaabsTwitterUse.pdf</a><br />
<br />
<i>OVERVIEW<br />
Since December 2011, the Somali jihadist group, Harakat al-Shabaab al-Mujahideen, had been actively using the popular micro-blogging platform Twitter to engage with English-speaking supporters. At the time of this brief’s publication, the organization (@HSMPress) had more than 20,000 followers and had tweeted approximately 1,250 times, before its English-language account was suspended by Twitter Jan. 25, 2013.<br />
<br />
PROJECT BACKGROUND<br />
This project is part of a broader paper published by the International Centre for the Study of Radicalisation and Political Violence (ICSR), “Lights, Camera, Jihad: Al-Shabaab’s Western Media Strategy,” and seeks to analyze the al-Shabaab’s use of Twitter to better understand its messaging priorities. The findings show that the organization is most concerned with promoting its narrative, which states that Somalia is a front under siege in the war on Islam. The group also highlights its ability to carry out attacks and reject the bias of the Western media.<br />
</i>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-91760851817558609212012-06-26T14:20:00.001-04:002012-06-26T14:20:43.680-04:00Pwning Posion Ivy Server: Own And You Shall Be OwnedVia <a href="http://badishi.com/own-and-you-shall-be-owned/">Gal Badishi's Security Bits Blog</a> -<br />
<br />
<i>While working on <a href="http://badishi.com/decrypting-poison-ivys-communication-using-code-injection-and-dll-proxies">Poison Ivy’s communication</a>, one of my students approached me and asked me if the fact that an infected computer can connect to the C&C server means that the compromised host can break into the server. Well folks, it appears that it’s possible. We will now present a fully working exploit for all Windows platforms (i.e., bypassing DEP and ASLR), allowing a computer infected by Poison Ivy (or any computer, for that matter) to assume control of PI’s C&C server.<br />
<br />
[...]<br />
<br />
It’s important to note that the exploit data following our header never gets decrypted, so we don’t have to worry about PI ruining our values if we don’t encrypt the data.<br />
<br />
In light of this analysis, a Metasploit module without encryption is being prepared.</i>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-55380867702341568462012-06-26T12:15:00.002-04:002012-06-26T12:15:35.526-04:00Boko Haram Linking Up with al Shabaab and Al QaedaVia <a href="http://www.channelstv.com/home/2012/06/26/african-terrorism-us-general-says-boko-haram-linking-up-with-al-shabaab-and-al-qaeda/">ChannelsTV.com</a> -<br />
<br />
<i>Three of Africa’s largest extremist groups are sharing funds and swapping explosives in what could signal a dangerous escalation of security threats on the continent, the commander of the U.S. military’s Africa Command said on Monday.<br />
<br />
General Carter Ham said there are indications that Boko Haram, al Shabaab and Al Qaeda in the Islamic Maghreb – groups that he labeled as the continent’s most violent – are sharing money and explosive materials while training fighters together.<br />
<br />
“Each of those three organizations is by itself a dangerous and worrisome threat,” Ham said at an African Center for Strategic Studies seminar for senior military and civilian officials from Africa, the United States and Europe.<br />
<br />
“What really concerns me is the indications that the three organizations are seeking to coordinate and synchronize their efforts,” Ham said. “That is a real problem for us and for African security in general.”<br />
<br />
The United States classified three of the alleged leaders of the Islamist sect Boko Haram, based in remote northeast Nigeria, as “foreign terrorist,” on June 20. But it declined to blacklist the entire organization to avoid elevating the group’s profile internationally. Police in Nigeria said members of the group seized a prison there Sunday and freed 40 inmates.<br />
<br />
Islamist militant group al Shabaab is active in war-ravaged Somalia and has been blamed for attacks in Kenya. Last year it claimed responsibility for the death of Somali Interior Minister Abdi Shakur Sheikh Hassan.<br />
<br />
Al Qaeda in the Islamic Maghreb (AQIM), an affiliate of al Qaeda based in North Africa, is mainly a criminal organization operating in the Sahel region. It kidnaps Westerners for ransom and aids Africa’s drug trade, according to intelligence officials.</i>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-56623630293063179092012-06-23T14:10:00.001-04:002012-06-23T14:10:36.837-04:00Foreign Beggars - Typhoon (feat.Chasing Shadows)<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/s_XL93qfk3g?rel=0" frameborder="0" allowfullscreen></iframe>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-65633249508709995712012-06-20T11:18:00.000-04:002012-06-21T20:51:26.935-04:00Syrian Activists Targeted with BlackShades RATVia <a href="https://threatpost.com/en_us/blogs/syrian-dissidents-hit-another-wave-targeted-attacks-062012">Threatpost.com </a><br />
<br />
<i>One of the attackers who has been targeting Syrian anti-government activists with malware and surveillance tools has returned and upped the ante with the use of the BlackShades RAT, a remote-access tool that gives him the ability to spy on victims machines through keylogging and screenshots.<br />
<br />
The original attacks against Syrian activists, who are working against the government's months-long violent crackdown, were using another RAT known as Xtreme RAT, with similar capabilities. That malware was being spread through a couple of different targeted attacks, including one in which activists were directed to YouTube videos and their account credentials were then stolen when they logged in to leave comments.<br />
<br />
That attack continued with the installation of the RAT, giving the attacker surreptitious access to the victims' machines, enabling him to monitor their activities online. Now, researchers say that at least one attacker who is known to be involved in these targeted attacks also is using the BlackShades RAT in a new set of attacks.<br />
<br />
The new attack is being run by spreading a malicious link to dissidents. When a victim clicks on the link, it takes him to a site that downloads a file called "new_new .pif." That file then goes through a long infection routine that includes the installation of several files. One of the files that's installed is a keylogger and the malware also creates a number of registry keys that ensure persistence on the machine, according to an analysis of the attack by researchers at the <a href="https://www.eff.org/deeplinks/2012/06/darkshades-rat-and-syrian-malware">EFF</a> and <a href="https://citizenlab.org/2012/06/syrian-activists-targeted-with-blackshades-spy-software/">Citizen Lab</a>. </i><br />
<br />
---------------------------------------------<br />
<br />
For those interested in samples, Mila posted copies of all three RATs used to target Syrian anti-government activists. <br />
<br />
<a href="http://contagiodump.blogspot.com/2012/06/rat-samples-from-syrian-targeted.html">http://contagiodump.blogspot.com/2012/06/rat-samples-from-syrian-targeted.html</a>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-27592262548569731042012-06-01T10:33:00.000-04:002012-06-01T10:34:21.710-04:00Obama Order Sped Up Wave of Cyberattacks Against IranVia <a href="http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html">NYTimes</a> -<br />
<br />
<i>From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.<br />
<br />
Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.<br />
<br />
At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.<br />
<br />
“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.<br />
<br />
Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.<br />
<br />
This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.<br />
<br />
These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.<br />
<br />
Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.<br />
<br />
[...]<br />
<br />
The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.<br />
<br />
[...]<br />
<br />
For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.<br />
</i><br />
--------------------------------------------------------------------<br />
<br />
Those looking for a deeper look, can grab <a href="http://contagiodump.blogspot.com/2012/06/flamer-skywiper-samples.html">Flamer/Skywiper samples from Mila Parkour</a> at the Contagio blog.Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-74529488612559304922012-06-01T10:29:00.000-04:002012-06-01T10:29:02.448-04:00China Arrests Security Official on Suspicion of Spying for U.S.Via <a href="http://www.reuters.com/article/2012/06/01/us-china-usa-espionage-idUSBRE8500IH20120601">Reuters</a> -<br />
<br />
<i>A Chinese state security official has been arrested on suspicion of spying for the United States, sources said, a case both countries have kept quiet for several months as they strive to prevent a fresh crisis in relations.<br />
<br />
The official, an aide to a vice minister in China's security ministry, was arrested and detained early this year on allegations that he had passed information to the United States for several years on China's overseas espionage activities, said three sources, who all have direct knowledge of the matter.<br />
<br />
The aide had been recruited by the U.S. Central Intelligence Agency and provided "political, economic and strategic intelligence", one source said, though it was unclear what level of information he had access to, or whether overseas Chinese spies were compromised by the intelligence he handed over.<br />
<br />
The case could represent China's worst known breach of state intelligence in two decades and its revelation follows two other major public embarrassments for Chinese security, both involving U.S. diplomatic missions at a tense time for bilateral ties.<br />
<br />
The aide, detained sometime between January and March, worked in the office of a vice-minister in China's Ministry of State Security, the source said. The ministry is in charge of the nation's domestic and overseas intelligence operations.</i>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-71840047578173704672012-05-30T10:08:00.003-04:002012-05-30T10:08:44.510-04:00Taking a Bite Out of IXESHEVia <a href="http://blog.trendmicro.com/taking-a-bite-out-of-ixeshe/">TrendMicro Malware Blog</a> -<br />
<br />
<i>We released a new research paper describing the activities of another APT campaign, IXESHE (pronounced “i-sushi”).<br />
<br />
One of the most notable characteristics of the IXESHE campaign is the attackers’ use of compromised servers in target organizations as command-and-control (C&C) servers. This tactic allowed them to hide their presence by confusing their activities with data belonging to legitimate individuals. In one particular case, we saw C&C servers hosted on the compromised machines of an East Asian country, making targeted attacks against that government easier. In another case, we received an error message from a C&C server, which indicated that the front-end servers were merely acting as proxies for the actual back-end servers.<br />
<br />
Our research also showed that attackers utilized dynamic Domain Naming System (DNS) servers and broadly distributed external C&C servers around the world to make detection and takedowns more difficult to do.<br />
<br />
The IXESHE campaign has been underway since at least July 2009 when we first saw samples of this particular malware family. Its primary method of entry into user systems is via malicious .PDF files that exploit Adobe Acrobat, Reader, or Flash Player vulnerabilities. These malicious files are sent as attachments to targeted emails sent to potential victims within target organizations.<br />
<br />
In the process of our investigation, we were able to determine that its victims could be broadly classified into three categories:<br />
<br />
•East Asian governments <br />
•Electronics manufacturers <br />
•A German telecommunications company <br />
<br />
For further details, please consult the full paper...<br />
<a href="http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf">http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf</a></i>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-36953842701064963652012-05-26T18:04:00.001-04:002012-05-26T18:04:16.408-04:00Music: Ruckspin & Quark - Sunshine<iframe width="420" height="315" src="https://www.youtube-nocookie.com/embed/XTeR5UTa3_E?rel=0" frameborder="0" allowfullscreen></iframe><br />
<br />
--------------------------------<br />
<br />
<a href="http://soundcloud.com/ranking-records">http://soundcloud.com/ranking-records</a>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-18106833520885224142012-05-14T15:58:00.002-04:002012-05-14T17:03:01.931-04:00Fundamentals of Chinese Information Warfare<i>The Potomac Institute Cyber Center hosted a special program on Fundamentals of Chinese Information Warfare and Impacts on the Western World on Friday, May 11, 2012. The guest speakers included William T. Hagestad II, author of the new book 21st Century Chinese Cyberwarfare (IT Governance, 2012)</i><br />
<br />
<a href="http://www.potomacinstitute.org/index.php?option=com_content&view=article&id=1193:new-date-may-11-fundamentals-of-chinese-information-warfare&catid=65:past-events&Itemid=94">http://www.potomacinstitute.org/index.php?option=com_content&view=article&id=1193:new-date-may-11-fundamentals-of-chinese-information-warfare&catid=65:past-events&Itemid=94</a><br />
<br />
The commentary is pretty insightful and near the end of touches on some possible geopolitical solutions that can be used to change China's behavior. <br />
<br />
Hat-tip to Bill and his <a href="http://red-dragonrising.com/blog/73-video-fundamentals-of-chinese-information-warfare">Red Dragon Rising</a> blog.<br />
<br />
-----------------------------------------------<br />
<br />
Here is the Potomac Institute for Policy Studies lecture and panel discussion on "<a href="http://www.potomacinstitute.org/index.php?option=com_content&view=article&id=1096:live-webcast-at-noon-tuesday-november-8-&catid=65:past-events&Itemid=94">Russian Cyber Capabilities</a>".<br />Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-70331130286651712012-05-14T14:41:00.002-04:002012-05-14T14:41:33.412-04:00Project Grey Goose - Operation Poachers<a href="http://jeffreycarr.blogspot.com/2012/05/announcing-project-grey-goose-operation.html">http://jeffreycarr.blogspot.com/2012/05/announcing-project-grey-goose-operation.html</a><br />
<br />
<i>I'm pleased to announce that the fourth Project Grey Goose investigation, commencing today, will target the very serious problem of domestic and international poaching of endangered species. I founded Project Grey Goose in August, 2008 as an experiment in crowd-sourcing an Open Source Intelligence (OSINT) effort whose goal was to investigate possible Russian government connections in the cyber attacks against Georgian government websites during the Russia Georgia war. Rather than focusing on hackers, this project will focus on criminals who are viciously taking the lives of rare and beautiful animals for body parts and profit; i.e. poachers. The problem is vast and growing, and it's my sincere hope that Project Grey Goose's unique international collaborative approach to OSINT will make an impact.<br />
<br />
I'm particularly happy to announce that my co-manager for this project is Nada Bakos, a former CIA intelligence analyst and targeting officer. I can't imagine a more qualified person to help lead this effort than Nada and I'm excited to have her aboard to help this mission succeed.</i><br />
<br />
-----------------------------------<br />
<br />
Check out the link above to Jeffrey's blog, if you want to know how you can help.Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-21190291368972141582012-05-14T12:23:00.002-04:002012-05-14T12:26:01.811-04:00Uighur Leader Accuses China of ‘Systematic Assimilation’Via <a href="http://www.voanews.com/content/uighur_leader_kadeer_accuses_china_systematic_assimiliation/666327.html">VOA News</a> -<br />
<br />
<i>Exiled representatives of the Uighur, an ethnic group that lives mainly in Western China’s province of Xinjiang, are meeting in Japan for their fourth annual conference. The World Uighur Congress, based in Germany, opposes what it calls the Chinese occupation of their land, and the group's gatherings routinely draw criticism from Beijing. <br />
<br />
Rebiya Kadeer, leader of the World Uighur Congress, and also known as "the Mother of the Uighur Nation," has been living in exile in the United States since her release from a Chinese prison in 2005.<br />
<br />
She joined more than 100 representatives of the ethnic group from more than 20 countries, including the United States, Germany and Australia, to elect new leadership and discuss strategies to engage China over the issue of self-determination.<br />
<br />
Kadeer said the Uighurs are facing a threat to their existence because of the Chinese government’s policy of systematic assimilation. She also accuses Chinese authorities of committing extra-judicial killings, economic exploitation, and destroying Uighur values.</i><br />
<br />
--------------------------------------<br />
<br />
With that in mind, could you guess who might want to <a href="http://contagiodump.blogspot.com/2012/05/may-3-cve-2012-0779-world-uyghur.html">target companies or organization interested in the Uyghur Congress with targeted zero-day malware</a>? I wonder. ;)<br />
<br />
APT: A Geopolitical Problem<br />
<a href="http://www.ericjhuber.com/2011/08/apt-geopolitical-problem.html">http://www.ericjhuber.com/2011/08/apt-geopolitical-problem.html</a><br />Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-3921033826207665942012-05-13T13:28:00.000-04:002012-05-15T16:31:04.974-04:00South China Sea Spat Goes CyberVia <a href="http://the-diplomat.com/asean-beat/2012/05/11/south-china-sea-spat-goes-cyber/">The Diplomat</a> -<br />
<br />
<i>China continues to raise the heat in its dispute with the Philippines over the sovereignty of Scarborough Shoal/Huangyan Island. On Monday, He Jia, an anchor on China’s state-run CCTV, mistakenly declared that “China has unquestionable sovereignty over the Philippines” rather than just over the disputed island. On Tuesday, Chinese Vice Foreign Minister Fu Ying warned a Philippine diplomat that China was fully prepared to do anything to respond to escalation. Deep-water drilling has begun near islands in the South China Sea and Chinese travel agencies have reportedly suspended tours to the Philippines. Chinese netizens are fully in support of the claims, and have in many instances criticized the Ministry of Foreign Affairs for not taking more assertive action.<br />
<br />
As with previous territorial disputes in East Asia these days (see China-Vietnam, China-Japan, and Korea-Japan), the political, diplomatic, and military maneuvering has a cyber component. On April 20, Chinese hackers attacked the website of the University of the Philippines. The next day, Filipino hackers struck back with the defacement of Chinese websites. On the 23rd and 24th, the two sides again traded tit-for-tat attacks (a very useful timeline up until April 30 can be found <a href="http://hackmageddon.com/2012/05/01/philippines-and-china-on-the-edge-of-a-new-cyber-conflict/">here</a>). Attacks have continued over the last week; attackers have also pasted the Chinese flag on the website of the Philippines News Agency.<br />
<br />
From almost the beginning of the attacks, the Philippines government has called for both sides to stop. On April 22, a Philippines government spokesperson said, “We call on citizens, including ours, to exercise civil temperance.” On April 25, the Philippines’ Department of Science and Technology and Information and Communications Technology Office declared that the attacks were neither sanctioned nor condoned, and on May 10 a spokesman went further in warning that such attacks “will not benefit anyone and could possibly lead to bigger problems in the future for the Philippines and China and escalate the already tense situation at Panatag Shoal (Scarborough Shoal).” This is not a misplaced worry as freelance attacks could make it much more difficult for the two sides to communicate and signal intentions.<br />
<br />
Unfortunately, there has been silence from Beijing on the issue. China’s leaders seem to be embracing the conflict, or at least the prospect of conflict, as a welcome distraction from the problems of Chen Guangcheng and Bo Xilai. As Michael Yip and Craig Weber argue, the Chinese government – after years of enrolling students in patriotic education that stresses a history of national humiliation – needs to align itself with and divert away from nationalistic responses to real and perceived slights. Political hacking acts as a diversion – venting resentment away from the regime, focusing web users’ ire on outside actors, and maintaining the government’s nationalistic credentials.<br />
<br />
When China’s Minister of Defense General Liang Guanglie was at the Pentagon this week, he talked about how China wanted to work to improve cybersecurity. Beijing could gain a great deal of credibility by doing what the Philippines has done: call on both sides to stop the attacks.</i>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com3tag:blogger.com,1999:blog-18341144.post-90313924160224258972012-05-11T14:37:00.000-04:002012-05-11T14:38:42.051-04:00TTPs: Lessons from Today's Amnesty HackVia <a href="http://blog.imperva.com/2012/05/lessons-from-todays-amnesty-hack.html">Imperva</a> - <br />
<br />
<i>Amnesty International UK's website was hacked courtesy a backdoor dropped on visitors systems. Most likely done by a foreign government, many speculate that it's the Chinese. Websense's blog <a href="http://community.websense.com/blogs/securitylabs/archive/2012/05/11/amnesty-international-uk-compromised.aspx?cmpid=sltw">gives a good technical overview of the attack</a>. <br />
<br />
But what does it mean for security teams?<br />
<br />
In some cases, hackers don’t want to steal the data from the website but rather want to infect the users who are visiting. This can lead to more access to business critical data which, for example, is often stored as files on a fileserver. In the Amnesty case, the real prize isn't Amnesty's data per se, but the corporate and individual data and files of those who visit the site.</i><br />
<br />
-------------------------------------------------<br />
<br />
This exact technique has been used by advanced adversaries in previous targeted attacks. Intelligence sources have obvsered this technique being used in attacks against the US defense industry as well.<br />
<br />
July 2011 - <a href="http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/231002231/attack-on-pacific-northwest-national-lab-started-at-public-web-servers.html">Attack On Pacific Northwest National Lab Started At Public Web Servers</a>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-73778758658895708372012-05-10T11:09:00.000-04:002012-05-10T11:09:02.495-04:00Iran's Web Censorship Filters Supreme Leader's Own StatementVia <a href="http://arstechnica.com/tech-policy/2012/05/irans-web-censorship-filters-supreme-leaders-own-statement/">Ars Technica</a> -<br />
<br />
<i>Iranian Supreme Leader Ayatollah Ali Khamenei’s own words have now become a victim of Iran’s massive online censorship infrastructure.<br />
<br />
According to <a href="http://www.rferl.org/content/iran_filters_khamenei_fatwa_on_antifiltering_internet/24575143.html">Radio Free Europe</a> (RFE), last week Khamenei issued a “fatwa,” or religious edict, confirming that anti-filtering tools and software are illegal in Iran. The decree came in response to a question by Mehr News (Google Translate), a semi-official news agency, which had asked for clarification on the ruling due to the fact that, as journalists, employees sometimes need to access blocked websites and other non-authorized information.<br />
<br />
Khamenei, according to a translation by RFE, replied: "In general, the use of antifiltering software is subject to the laws and regulations of the Islamic republic, and it is not permissible to violate the law."<br />
<br />
However, his own use of the word “antifiltering” apparently triggered Iran’s own filtering system, making Khamenei’s words inaccessible to most Iranians.<br />
<br />
RFE also reported that this filtering episode prompted Tabnak, a conservative news website, to respond: "The filtering of a [religious] order is so ugly for the executive [branch] that it can bring into question the whole philosophy of filtering."<br />
<br />
Iran, of course, has a notorious surveillance and filtration system in place—just last month, the <a href="http://arstechnica.com/tech-policy/news/2012/04/iran-publishes-request-for-information-for-halal-internet-project.ars">Islamic Republic published a "Request for Information"</a> for furthering its so-called "halal Internet."</i>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-28586399918356841152012-05-09T22:15:00.000-04:002012-05-09T22:15:30.439-04:00Matisyahu - One Day (Coma Remix)<iframe width="420" height="315" src="https://www.youtube-nocookie.com/embed/0upDphQdFwY?rel=0" frameborder="0" allowfullscreen></iframe>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-60190005028115015582012-05-08T11:04:00.003-04:002012-05-08T11:04:30.049-04:00GPS Jamming Affects Ship Navigation off Korean CoastVia <a href="http://www.marinelink.com/news/navigation-jamming344438.aspx">Marine Link</a> -<br />
<br />
<i>122 ships, including Coast Guard vessels and a passenger vessel, have reported malfunctions in their navigation systems since the apparent jamming of satellite signals by North Korea last week, reported 'Safety4Sea'.<br />
<br />
According to the Coast Guard in Incheon, west of Seoul, a total of 122 ships were affected by the disruption to Global Positioning System (GPS) signals. Among the vessels were eight patrol boats belonging to the Coast Guard, a passenger liner carrying 387 people and a petrol products carrier.<br />
<br />
Fishing boats operating near the tense western maritime border with North Korea also reported errors in their navigation systems, although none of them led to accidents, Coast Guard officials said.<br />
<br />
The transport ministry said about 250 commercial flights in and out of international airports at Incheon and Gimpo, also west of Seoul, were also affected by the jamming, although they were not put in danger.<br />
<br />
South Korea came under similar electronic attacks in March of last year, and in August and December of 2010, all of which were blamed on the North. South Korean Defense Minister Kim Kwan-jin has said anti-jamming programs are being developed to counter the attacks.<br />
<br />
The defense ministry has also said the North operates a regiment-sized electronic warfare unit near its capital Pyongyang, and some battalion-sized units closer to the inter-Korean border.</i><br />
<br />Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-68385328311515807742012-05-06T23:32:00.000-04:002012-05-06T23:33:19.101-04:00On The Rebound: Shining Path Factions Vie for Control of Upper Huallaga ValleyVia <a href="http://www.jamestown.org/single/?no_cache=1&tx_ttnews[tt_news]=39249&tx_ttnews[backPid]=7&cHash=1619237a4707dc8fdd291d5d5d570574">The Jamestown Foundation</a> -<br />
<br />
<i>After the Peruvian army captured Comrade Artemio on February 12 and two potential successors on March 4 and April 3, President Ollanta Humala declared that the Shining Path was “totally defeated”—a prediction that is already proving to be premature. The Shining Path faction in the Upper Huallaga Valley retains a core group of loyal fighters capable of conducting military operations to pressure the government for Artemio’s release, but they are more dangerous for their apparent alliance with Movadef, a rising political movement that the government sees as a “front” for the Shining Path. Meanwhile, the 500-fighter faction of the Shining Path led by Comrade Jose in the VRAE has made clear its desire to expand its international narco-trafficking enterprise into the Upper Huallaga Valley and exploit the power vacuum with Artemio out of the picture. A takeover of the Upper Huallaga Valley would elevate Comrade Jose to the level of one of South America’s premier narco-trafficking bosses. Neither Shining Path faction is near surrender, and questions linger about whether President Humala’s new four-year anti-drug strategy underwritten by millions of dollars of U.S. aid will tame or enflame the country’s narco-trafficking insurgencies.<br />
<br />
<b>Background</b><br />
<br />
The Shining Path consists of a 500-fighter faction in the River Apurimac and River Ene Valley (VRAE) led by Comrade Jose and a smaller 150-fighter faction in the Upper Huallaga Valley led until February 12 by Comrade Artemio. The VRAE and Upper Huallaga Valley factions split in 1999 after the capture of then leader Comrade Feliciano (Oscar Ramirez Durand). Comrade Artemio succeeded Feliciano in 1999 and remained loyal to Shining Path founder, Abimael Guzman (Chairman Gonzalo), who was captured in 1992. After Feliciano’s capture, Comrade Jose’s faction disavowed the Shining Path of Guzman, Feliciano and Artemio, who they criticized for alienating the campesinos during the war against the State in 1980s and for offering truces to the government once Guzman was captured.<br />
<br />
Both factions officially espouse turning Peru into a Marxist state, but they depend on their capitalist narco-trafficking enterprises for financial survival. It is no coincidence that the two surviving factions of the once 15,000-fighter Shining Path operate in the country’s two main coca producing regions—the VRAE and the Upper Huallaga Valley, which produce 75% of Peru’s coca. With Peru expected to surpass Colombia as the world’s largest coca producer (61,200 hectares) in 2012, both factions stand to benefit.<br />
<br />
[...]<br />
<br />
<b>Conclusion</b><br />
<br />
The capture of Comrade Artemio has weakened his faction, but a core group of his fighters continue to engage in shows of military force to support Movadef’s political goals. There appears to be a low likelihood of a Shining Path merger considering that the two groups operate in distinct areas and harbor contrasting motivations. If Artemio’s faction continues to splinter, however, Jose’s faction may gain control of the major drug trafficking routes in the Upper Huallaga Valley and revive the Shining Path under a model like the FARC—a drug cartel with a nominal Marxist ideology. Both Shining Path factions benefit from the country’s increasing coca production, while they are also capable attracting recruits from the cocaleros if the drug eradication plan moves forward. The drug war can only be won if the cocaleros are provided with a substitute to growing coca, but historically the state has struggled to meet this need.<br />
<br />
After the capture of Abimael Guzman in 1992, then President Fujimori said, “Sendero has been defeated. I defeated it.” Twenty years later, President Humala shows similar optimism, but the events on the ground suggest that both Shining Path factions will adapt to the realities on the ground after Artemio’s picture and implement new strategies in order to survive.<br />
</i><br />
------------------------------------------------------------<br />
<br />
<a href="http://en.wikipedia.org/wiki/Shining_Path">http://en.wikipedia.org/wiki/Shining_Path</a><br />
<blockquote><i>Shining Path (Sendero Luminoso in Spanish) is a Maoist guerrilla insurgent organization in Peru. It prefers to be called the "Communist Party of Peru" or "PCP" for short. The Shining Path's ideology and tactics have been influential on other Maoist insurgent groups, notably the Communist Party of Nepal (Maoist) and other Revolutionary Internationalist Movement-affiliated organizations. Widely condemned for its brutality, including violence deployed against peasants, trade union organizers, popularly elected officials and the general civilian population, the Shining Path is described by the Peruvian government as a terrorist organization. The group is on the U.S. Department of State's list of Foreign Terrorist Organizations, and the European Union and Canada likewise describe it as a terrorist organization and prohibit providing funding or other financial support.</i></blockquote>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-39540949248977903592012-05-04T11:50:00.000-04:002012-05-04T11:51:29.781-04:00Xtreme RAT Used in Targeted Attack Against Syria ActivistVia <a href="http://www.f-secure.com/weblog/archives/00002356.html">F-Secure Labs</a> -<br />
<br />
<i>Syria has been the center of much international attention lately. There's unrest in the country and the authoritarian government is using brutal tactics against dissidents. These tactics include using technology surveillance, trojans and backdoors.<br />
<br />
Some time ago we received a hard drive via a contact. The drive had an image of the system of a Syrian activist who had been targeted by the local authorities.<br />
<br />
The activist's system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat.<br />
<br />
Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called "Xtreme RAT". <br />
<br />
Xtreme Rat is a full-blown malicious Remote Access Tool.<br />
<br />
Sold for 100 euro (Paypal) via a page hosted at Google Sites: hxxps://sites.google.com/site/nxtremerat<br />
<br />
We have reasons to believe this infection wasn't just bad luck. We believe the activist's computer was specifically targeted. In any case, the backdoor calls home to the IP address 216.6.0.28. This IP block belongs to Syrian Arab Republic — STE (Syrian Telecommunications Establishment).<br />
<br />
This would not have been the first case of using trojans for such purposes in Syria, either.</i><br />
<br />Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-89593348825958537312012-05-04T02:23:00.002-04:002012-05-04T02:23:31.602-04:00"Right On" by The Roots (feat. Joanna Newsom & STS)<iframe src="http://player.vimeo.com/video/12744936" width="500" height="283" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-47734890266447204192012-05-03T16:20:00.002-04:002012-05-04T11:00:46.705-04:00Microsoft Fingers Chinese Firewall/IPS Vendor In Windows Exploit LeakVia <a href="http://www.darkreading.com/insider-threat/167801100/security/vulnerabilities/232901426/microsoft-fingers-chinese-firm-in-windows-exploit-leak.html">Dark Reading</a> -<br />
<br />
<i>Microsoft today announced that it had rooted out the source of a leak from within its third-party security software firm partnership program that resulted in the weaponization of a bug in Windows -- raising questions about whether the Microsoft Active Protections Program (MAPP) could be vulnerable to other such breaches. <br />
<br />
Chinese firewall and IPS vendor Hangzhou DPTech Technologies Co., Ltd., according to Microsoft, was the culprit behind a rapid-fire turnaround of a working exploit for the Windows Remote Desktop (RDP) flaw in mid-March, <a href="http://www.darkreading.com/vulnerability-management/167901026/security/news/232602627/microsoft-flaw-demonstrates-dangers-of-remote-desktop-access.html">just after the bug was patched by Microsoft</a>. <br />
<br />
[...]<br />
<br />
Microsoft today was mum on how it ultimately rooted out DPTech as the source of the leak, or on just what Hangzhou DPTech Technologies did. "During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member of the MAPP program, Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA). Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program," said Yunsun Wee, director or Microsoft Trustworthy Computing, in a statement. <br />
<br />
HD Moore, chief security officer at Rapid7 and creator of Metasploit, says it couldn't have been simple to trace the leak to a specific company. "[It's] interesting and somewhat surprising that they found it at all," Moore says. <br />
<br />
Meanwhile, the announcement by Microsoft appears to raise more questions than it answers. Concerns about a Chinese security vendor leaking Windows vulnerability details before the patch window had closed, and whether this was truly the first breach of the MAPP program, sent a chill through the industry. <br />
<br />
"Yes, it is a little concerning that it was a Chinese firm that leaked the Microsoft information. That being said, what did Microsoft really expect was going to happen? The Chinese do not have a very good track record of adhering to NDA and other agreements," says Paul Henry, security and forensic analyst at Lumension. "It is important to recognize that the MAPP program is relatively new, so there will be bumps in the road as Microsoft works out the delicate balance between strategic sharing and safeguarding the distribution of sensitive information regarding its products." <br />
</i><br />
<br />
-----------------------------------------<br />
<br />
MAPP Update: Taking Action to Decrease Risk of Information Disclosure<br />
<a href="http://blogs.technet.com/b/msrc/archive/2012/05/03/mapp-update-taking-action-to-decrease-risk-of-information-disclosure.aspx">http://blogs.technet.com/b/msrc/archive/2012/05/03/mapp-update-taking-action-to-decrease-risk-of-information-disclosure.aspx</a><br />
<br />
-----------------------------------------<br />
<br />
Shocker. Kudos to MS for tracking this down to the company. Impressive.Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-69210168249774197802012-04-30T16:10:00.001-04:002012-04-30T16:15:17.668-04:00Determined Adversaries and Targeted AttacksVia <a href="http://www.microsoft.com/security/sir/story/default.aspx#!determined_adversaries">Microsoft Security Intelligence Report</a> -<br />
<br />
<i>Over the past two decades the internet has become fundamental to the pursuit of day-to-day commercial, personal, and governmental business. However, the ubiquitous nature of the internet as a communications platform has also increased the risk to individuals and organizations from cyberthreats. These threats include website defacement, virus and worm (or malware) outbreaks, and network intrusion attempts. In addition, the global presence of the internet has allowed it to be used as a significant staging ground for espionage activity directed at industrial, political, military, and civil targets.<br />
<br />
During the past 5 years, one specific category of threat has become much more widely discussed. Originally referred to as Advanced Persistent Threats (APT) by the U.S. military — referring to alleged nation-state sponsored attempts to infiltrate military networks and exfiltrate sensitive data — the term APT is today widely used in media and IT security circles to describe any attack that seems to specifically target individual organization, or is thought to be notably technical in nature, regardless of whether the attack was actually either advanced or persistent.<br />
<br />
In fact, this type of attack typically involves two separate components — the action(s) and the actor(s) — that may be targeted against governments, military organizations or, increasingly, commercial entities and civil society.<br />
<br />
The actions are the attacks themselves, which may be IT-related or not, and are referred to as Targeted Attacks in this paper. These attacks are initiated and conducted by human actors, who are collectively referred to in this paper as Determined Adversaries. These definitions are important because they emphasize the point that the attacks are carried out by human actors who may use any tools or techniques necessary to achieve their goals; these attacks are not merely malicious software or exploits. Using an encompassing term such as APT can mask this reality and create the impression that all such attacks are technically sophisticated and malware-driven, making it harder to plan an effective defensive posture.<br />
<br />
For these reasons, this paper uses Targeted Attacks and Determined Adversaries as more specific and meaningful terms to describe this category of attack.</i><br />
<br />
-------------------------------------------------------------<br />
<br />
Be sure to check out Microsoft's Security Intelligence Report (SIR) Volume 12.<br />
<a href="http://www.microsoft.com/security/sir/default.aspx">http://www.microsoft.com/security/sir/default.aspx</a><br />
<blockquote><i>The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people.</i></blockquote>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-47086564726398659262012-04-29T10:01:00.002-04:002012-04-29T10:01:51.547-04:00Snow Leopard Users Most Prone to Flashback InfectionVia <a href="http://www.computerworld.com/s/article/9226696/Snow_Leopard_users_most_prone_to_Flashback_infection">Computerworld.com</a> -<br />
<br />
<i>Of the Macs that have been infected by the Flashback malware, nearly two-thirds are running OS X 10.6, better known as Snow Leopard, a Russian antivirus company said Friday.<br />
<br />
Doctor Web, which earlier this month was the first to report the largest-ever malware attack against Apple Macs, mined data it's intercepted from compromised computers to come up with its findings.<br />
<br />
[...]<br />
<br />
In a <a href="http://news.drweb.com/?i=2410&c=5&lng=en&p=0">Friday blog post</a>, Doctor Web published an analysis of the communications between 95,000 Flashback-infected Macs and the sinkholed domains. Those communication attempts took place on April 13, more than a week after Doctor Web broke the news of the botnet's massive size.<br />
<br />
[...]<br />
<br />
Not surprisingly, 63.4% of the Flashback-infected machines identified themselves as running OS X 10.6, or Snow Leopard, the newest version of Apple's operating system that comes with Java.<br />
<br />
Snow Leopard accounted for the largest share of OS X last month, according to metrics company Net Applications, making it the prime target of Flashback.<br />
<br />
Leopard, or OS X 10.5, is the second-most-common Flashback-infected operating system, said Doctor Web: 25.5% of the 95,000 Macs harboring the malware ran that 2007 edition.<br />
<br />
Apple bundled Java with Leopard as well, but unlike Snow Leopard and Lion, it no longer ships security updates for the OS, and so has not updated Java on those Macs.<br />
<br />
Last month, Leopard powered 13.6% of all Macs.<br />
<br />
But while Snow Leopard's and Leopard's infection rates are higher than their usage shares, the opposite's true of OS X 10.7, or Lion. The 2011 OS accounted for 39.6% of all copies of OS X used last month, yet represented only 11.2% of the Flashback-compromised Macs.<br />
<br />
Doctor Web did not connect those dots in its analysis, but the numbers make clear that versions of Mac OS X that included Java -- Snow Leopard and Leopard -- are much more likely to be infected by Flashback. Conversely, Lion -- by default, sans Java -- is significantly more resistant to the malware.<br />
<br />
The Russian company's data also showed that many Mac users don't keep their machines up-to-date, something ZDNet blogger Ed Bott noted on Friday.<br />
<br />
Twenty-four percent of the Snow Leopard-infected Macs were at least one update behind, 10.4% were three or more behind, and 8.5% were four or more behind.<br />
<br />
Lion users were no better patch practitioners: 28% were one or more updates behind.<br />
<br />
[...]<br />
<br />
To protect Snow Leopard and Lion systems from the Java-exploiting Flashback, users should launch Software Update from the Apple menu and download this month's Java updates. Software Update will also serve the newest version of those operating systems to Macs running outdated editions.<br />
<br />
People running Leopard can disable Java in their browser(s) to stymie attacks.<br />
<br />
Later this year, Oracle will release Java 7 for OS X. Mac users who upgrade to Java 7 will then receive security updates directly from Oracle, not from Apple.</i>Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-85581018048542264792012-04-28T13:03:00.001-04:002012-04-28T13:04:49.082-04:00Music: Swindle (ft. Footsie & Nadia Suliman) – Ignition<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/fokZmNqoXKs?rel=0" frameborder="0" allowfullscreen></iframe><br />
<br />
---------------------------------------<br />
<br />
<a href="http://www.beatport.com/artist/swindle/136004">Swindle</a> and <a href="http://www.beatport.com/release/ignition/844783">Ignition</a> on Beatport.com.Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0tag:blogger.com,1999:blog-18341144.post-8436700474824432442012-04-27T20:07:00.000-04:002012-04-28T20:18:56.131-04:00Photos: Space Shuttle DiscoveryGrabbed these shots today, at about 4:45pm EST. Free entrance and parking at Steven F. Udvar-Hazy Center.<br />
<br />
------------------------------------------------<br />
<br />
<a href="http://en.wikipedia.org/wiki/Space_Shuttle_Discovery">Space Shuttle Discovery</a> (Orbiter Vehicle Designation: OV-103) @ <a href="http://en.wikipedia.org/wiki/Steven_F._Udvar-Hazy_Center">Steven F. Udvar-Hazy Center</a>, an annex of the Smithsonian Institution's National Air and Space Museum.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1rcVrZZU5sYDeAft2pxqgmce7zCil9eqU1HuQthFr2ZDi__cvU1gqTpIZR1j-ICdtPwnvh5QHgjrus_AkhGLD9NpqQJiRS3zvmrv2jxkFtZ4BIATL6RDWpDmMdDVFk7jPQaGP/s1600/Discovery-5.jpg" imageanchor="1" style=""><img border="0" height="400" width="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1rcVrZZU5sYDeAft2pxqgmce7zCil9eqU1HuQthFr2ZDi__cvU1gqTpIZR1j-ICdtPwnvh5QHgjrus_AkhGLD9NpqQJiRS3zvmrv2jxkFtZ4BIATL6RDWpDmMdDVFk7jPQaGP/s400/Discovery-5.jpg" /></a></div><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjII8VxE-pgCJwm7jjvMYtOwHRBMkkUOgJbbxsLxLv230-gtVKLRwhAEiHscoK1d2s_RWFvSTe8XfVHKEFhepziYaJ3RsUGadAFr0hNffG6LV66k_Pi049q1FpEet9s5XmbFQwX/s1600/Discovery-4.jpg" imageanchor="1" style=""><img border="0" height="300" width="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjII8VxE-pgCJwm7jjvMYtOwHRBMkkUOgJbbxsLxLv230-gtVKLRwhAEiHscoK1d2s_RWFvSTe8XfVHKEFhepziYaJ3RsUGadAFr0hNffG6LV66k_Pi049q1FpEet9s5XmbFQwX/s400/Discovery-4.jpg" /></a></div><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPf0stkM2k_B3HOYNTyUleIBtq6dL6FLtTCG2HxiNXRCzfEBec4cH9abqu1Gz4-vP8NQShC_hzjbedcetSLbQJCJyvkc7XMZDuI9J3P265i_inqhlxTAn0mpu46KCSUMgVfRbx/s1600/IMG_2906.jpg" imageanchor="1" style=""><img border="0" height="400" width="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPf0stkM2k_B3HOYNTyUleIBtq6dL6FLtTCG2HxiNXRCzfEBec4cH9abqu1Gz4-vP8NQShC_hzjbedcetSLbQJCJyvkc7XMZDuI9J3P265i_inqhlxTAn0mpu46KCSUMgVfRbx/s400/IMG_2906.jpg" /></a></div><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq_sacLYybiY4M_x_i0kOtV_1w6jzMl80ERCFgl4y7VILVyavqnOfPHBZwpwQrAjnFTkwx7c4czA8txe7Brp3JCMd41xETtvArQhMOfea9qdU2s7V04LMRs5mYitWHfOMO-vQq/s1600/IMG_2989.jpg" imageanchor="1" style=""><img border="0" height="274" width="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq_sacLYybiY4M_x_i0kOtV_1w6jzMl80ERCFgl4y7VILVyavqnOfPHBZwpwQrAjnFTkwx7c4czA8txe7Brp3JCMd41xETtvArQhMOfea9qdU2s7V04LMRs5mYitWHfOMO-vQq/s400/IMG_2989.jpg" /></a></div><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguovr-Sa93yO7ZRR2EyHKAU2gEGCsBll0kCWc8kJLjEHO1kYYadtdHVxivbuBAZkyleMaFiJbrwfsxYr1cDPCvoJ6P55v8mtWmARNdx7N5W6GKx0H54nXlu6zXkFCeO5D04I0J/s1600/Discovery-2.jpg" imageanchor="1" style=""><img border="0" height="364" width="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguovr-Sa93yO7ZRR2EyHKAU2gEGCsBll0kCWc8kJLjEHO1kYYadtdHVxivbuBAZkyleMaFiJbrwfsxYr1cDPCvoJ6P55v8mtWmARNdx7N5W6GKx0H54nXlu6zXkFCeO5D04I0J/s400/Discovery-2.jpg" /></a></div><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGDkayuF4oqxPlvI2OA2AvQUYoLdFCg8zilbn2YZ2wv_StvW9a20C3sB8vd9funS1nz78qxWiigqGmUE8KSOSi2UrS_O6Of-P9k8MNjvMvLfblzNGBjdDPhL4IpPWWYcZCMbs-/s1600/Discovery-3.jpg" imageanchor="1" style=""><img border="0" height="142" width="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGDkayuF4oqxPlvI2OA2AvQUYoLdFCg8zilbn2YZ2wv_StvW9a20C3sB8vd9funS1nz78qxWiigqGmUE8KSOSi2UrS_O6Of-P9k8MNjvMvLfblzNGBjdDPhL4IpPWWYcZCMbs-/s400/Discovery-3.jpg" /></a></div><br />
<br />
<br />Technocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.com0