Home   Blog   Twitter   Database  

This is what it looks like when your website is hit by nasty ransomware

How depressing: British Association for Counselling & Psychotherapy hijacked

Malware appears to have hijacked the British Association for Counselling and Psychotherapy (BACP)'s website – and held it to ransom.…

Posted: 12 Feb 2016 | 2:46 pm

Phishing via SMS – crooks target Australian mobile banking users

You know how to spot phishing in your desktop browser, right? But how cautious are you on your mobile device?

Posted: 12 Feb 2016 | 4:52 am

KillDisk and BlackEnergy Are Not Just Energy Sector Threats

Our new intelligence on BlackEnergy expands previous findings on the first wide-scale coordinated attack against industrial networks. Based on our research that we will further outline below, attackers behind the outages in two power facilities in Ukraine in December likely attempted similar attacks against a mining company and a large railway operator in Ukraine.

This proves that BlackEnergy has evolved from being just an energy sector problem; now it is a threat that organizations in all sectors—public and private—should be aware of and be prepared to defend themselves from. While the motivation for the said attacks has been the subject of heavy speculation, these appear to be aimed at crippling Ukrainian public and criticial infrastructure in what could only be a politically motivated strike.

We came upon these findings by pivoting off of the original indicators of compromise, which included BlackEnergy reconnaisance and lateral movement tools and KillDisk, a disk-wiping malware, among others. A fellow senior threat researcher at Trend Micro and I began hunting for additional infections or malware samples related to the incident. We quickly realized that Prykarpattya Oblenergo and Kyivoblenergo were not the only targets revolving around the newest BlackEnergy campaign.

Based on telemetry data from open-source intelligence (OSINT) and Trend Micro Smart Protection Network, we saw that there were samples of BlackEnergy and KillDisk that may have been used against a large Ukrainian mining company and a large Ukrainian rail company. In addition, the possible infections in the mining and railway organizations appear to use some of the same BlackEnergy and KillDisk infrastructure that were seen in the two power facilities attacks.

Related Malware in a Large Ukrainian Mining Company

During the course of our investigation, we saw an overlap between the BlackEnergy samples used in the Ukrainian power incident and those apparently used against the Ukrainian mining company. One sample, amdide.sys, (SHA1: 2D805BCA41AA0EB1FC7EC3BD944EFD7DBA686AE1) appears to have been used in November 2015 to infect its target. Additional samples leveraged in the Ukrainain power utilities attack and the Ukrainian mining company are:

We also came across another sample named aliide.sys (SHA1: C7E919622D6D8EA2491ED392A0F8457EA240) that appears to have hit the same company. The naming of the BlackEnergy samples appears to mirror one of the samples that was actively used in the campaign against the Ukrainian power utilities. This sample, which is flagged as BlackEnergy, has the same exact functionality as those samples witnessed in the Ukrainian power utility attack. In addition, this sample utilizes the same infrastructure. In this case, the URL communicated with is 88[.]198[.]25[.]92:443/fHKfvEhleQ/maincraft/derstatus.php.

Additional samples that are caught as BlackEnergy and appear related are:

Both of the aforementioned samples communicate to 146[.]0[.]74[.]7:443/l7vogLG/BVZ99/rt170v/solocVI/eegL7p.php which is also one of the same C2’s used in the Ukrainian power incident. All of these BlackEnergy samples mentioned appear to be used and utilized in the November –December 2015 timeframe.

Unfortunately, this same mining organization was also hit with multiple variants of KillDisk. While none of the exact samples in the prior utility attacks appear to have been used against the mining organization, the specific samples witnessed perform the same exact functionality as those witnessed at the Ukrainian power utilities, with very little difference.

We did see KillDisk bleed over from the Ukrainian power incident that occurred as well. Two samples drew our attention, svchost.exe (SHA1: 8AD6F88C5813C2B4CD7ABAB1D6C056D95D6AC569) and crab.exe (SHA1: 16f44fac7e8bc94eccd7ad9692e6665ef540eec4). Both samples seen in the Ukrainian power incident were possibly also used against this large Ukrainian mining organization.

Similar Malware in a Large Ukrainian Train/Railway Operator

Like the attacks against the Ukrainian mining company, we also witnessed KillDisk possibly being used against a large Ukrainian railway company that is part of the national Ukrainian railway system. The file tsk.exe (SHA1: f3e41eb94c4d72a98cd743bbb02d248f510ad925) was flagged as KillDisk and used in the electric utility attack as well as against the rail company. This appears to be the only spillover from the Ukrainian power utility infection. However, we have no proof showing that BlackEnergy was present on the railway systems, it could be assumed that it was likely present somewhere in their network.

Our Theories

Based on our research, we can say we believe that the same actors are likely involved in some regard to these two victims and to those behind the Ukrainian power utility attack. There is remarkable overlap between the malware used, infrastructure, naming conventions, and to some degree, the timing of use for this malware, therefore leading us to believe the same actors are not only attacking power utilities, but also large mining and railway organizations throughout Ukraine.

There are many possibilities that exist about the big picture, but three in particular, stand out. One is that the attackers may have wanted to destabilize Ukraine through a massive or persistent disruption involving power, mining, and transportation facilities. Another possibility is that they have deployed the malware to different critical infrastructure systems to determine which one is the easiest to infiltrate and subsequently wrestle control over. A related theory is that the infections in the mining and train companies may have just been preliminary infections, where the attackers are just attempting to test the code base.

Whichever is the case, attacks against Industrial Control Systems (ICS) should be treated with extreme seriousness because of the dire real-world repercussions. In addition—and this bears repeating—this attack shows that any organization, regardless of the nature or size of their business, can be a target. Given the fact that the BlackEnery campaign has destructive payload (KillDisk), companies that have this false sense of security that they are not critical or public-facing or too important enough to be targeted, may just find their operations or their ability to conduct their business grind to a halt.

The comprehensive list of indicators we’ve been tracking for BlackEnergy 2015 campaigns can be found in this appendix.

Posted: 11 Feb 2016 | 10:47 am

Packing/Unpacking Javascript from DOS

Here’s one way to pack and unpack Javascript from the Windows’ command line. For this we use PhantomJS and Dean Edwards’ Javascript Compressor.

1. Download PhantomJS from here.

2. Download the JSPacker.js file from here.

3. Put everything in a folder or on your desktop then in DOS type the following:

C:\> phantomjs jspacker.js pack in.txt out.txt

-or-

C:\> phantomjs jspacker.js unpack in.txt out.txt

2016-02-06_01

Posted: 6 Feb 2016 | 4:57 pm

POS Malware Families: An insight into the Behavior of POS Malware

In a previous blog, we discussed why Point of Sale (POS) devices remain such an attractive target and described some different attack methods. As you can see from the infographic below, retail and POS have been (pardon the pun) “Targets” on an ongoing basis for the past few years, and the trend doesn’t appear to be reversing, even with technologies such as EMV and P2PE. In this blog, we describe some of the different families of POS malware.

POS Malware Common Features

Families of POS malware typically utilize similar techniques as their end goal is the same – to steal account details, and especially payment card information.

Card Data Mining

Credit card data (track 1 and track 2 information) is often stored in plain text in memory on the POS device. Several variants of POS malware leverage memory scraping capabilities to capture the credit card data using regular expressions (RegEx), when searching through memory to find it. In fact, different families of POS malware sometimes share parts of RegEx or the entire RegEx. Regular expressions are an easy way to search for patterns that identify specific kinds of data; however, they can be computationally inefficient. Because of this, other malware variants use custom search algorithms to make their searches more efficient. Usually, these custom search algorithms will look for specific pieces of information: track delimiters, account number prefixes that correspond to major card issuers, primary account number (PAN) length, and some validate PANs using the Luhn algorithm. When the malware uses targeted custom searches, rather than scanning all data for patterns, the activity associated with the malware becomes more difficult to detect.

Process injection and blacklisting

Some POS malware reduce their footprint to avoid detection by injecting processes. In addition to this they increase performance by limiting the number of processes used in memory scraping. Some kinds of POS malware scrape memory from every process to increase the likelihood of obtaining useful information; however, this also increases the odds that someone will notice the malware. To avoid this, most POS malware has a blacklist of processes that are omitted from memory scraping and it instead targets a few specific processes.

Keylogging

A common feature of malware that usually accompanies memory scraping is key logging. Key logging allows attackers to capture PINs in addition to account numbers. PIN pads are usually recognized by an operating system as a keyboard device, so attackers don’t need to write fancy new key logging codes to steal data from PIN pads.

Data exfiltration

Once POS malware has captured account details using the above techniques, attackers need to have some way of accessing this data. Some types of POS malware only store the data locally and don’t have built-in exfiltration features. In such cases, attackers have to manually retrieve the data – typically via some kind of remote session, though manual recovery through physical access is also a possibility.

However, many variants of POS malware do have built-in exfiltration features that send stolen data to drop sites or command and control servers. Data exfiltration can take many forms. It can range from exfiltration via e-mail, FTP, HTTP, HTTPS, DNS, TOR or other protocols. Some transmit data in plaintext while others obfuscate or encrypt data before transmission.

Additional features

Stealing credit card account details is not always the only objective of POS malware. Some variants can also incorporate other standard Trojan features such as:

Description of specific POS malware families

Now that we have a good understanding of the various capabilities of POS malware, we can look more closely at behaviors associated with some of the best-known malware families.

Rdasrv

Rdasrv was one of the earliest identified POS RAM scrapers, discovered in early 2011. Rdasrv functions in a manner that is distinct from all other POS RAM scrapers. Instead of looking at all of the processes, it only inspects processes that are hard coded into the malware itself. Patterns that match are written to a text file for manual exfiltration at a later date.

Dexter

Back in 2012 reports emerged on Dexter. Dexter has infected hundreds of point-of-sale computers at big name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. [1]

Dexter steals payment card data from the POS system and sends it to a remote C&C server. The source code for Dexter was leaked sometime ago, leading to many variants being created even to this day as people improve upon the code base.

Alina

Alina is a fairly well known POS RAM scraper family, which was discovered in October 2012. As of the writing of this document, Alina variants are still being actively developed by the malware writing community. As a result, its methods of persistence, RAM scraping, and data exfiltration can vary from version to version. For example early versions sent data in plain text, while later ones utilized exclusive or XOR- based encryption, or established contact with multiple C&C servers, etc. Alina variants cast a wider net than other families because targeted processes are not hard-coded, making the malware more versatile and able to target a larger set of victims. [2][3]

BlackPOS

BlackPOS rose to fame, or perhaps infamy, when it was discovered on the POS systems in retail giant Target, in December 2013. However, back in 2012, the source code of BlackPOS was leaked, which enabled many parties both malicious and non-malicious to examine and improve its codebase. It maintains persistence by masquerading as an AntiVirus program. The exfiltration methods used by the BlackPOS are fairly simple: track 1&2 payment card data is written to a file and offloaded to a FTP for later extraction. [4][5]

FrameworkPOS

Like BlackPOS, FrameworkPOS rose to infamy after it was found on the POS systems of another major retailer, The Home Depot. FrameworkPOS achieves persistence by installing a Windows Service, which starts at system boot and restarts. The service name is "McAfee Framework Management Instrumentation”, a name likely chosen to allow it to further blend in. Like many malware families, FrameworkPOS has many variants, one of which stands out due to its method of data exfiltration. Another variant utilizes DNS requests to exfiltrate date, instead of the standard write file to a FTP (as seen during the Home Depot breach). [6][7]

Chewbacca

Chewbacca was discovered on the POS systems of several dozen different retailers around the world in late 2013. To maintain persistence, it installs itself as “spoolsv.exe” in the startup folder. After installation, the keylogger creates a file called “system.log” inside the system %temp% folder, logging keyboard events and window focus changes. Chewbacca also scrapes memory and utilizes regex to extract track 1 & 2 data of payment cards from the infected system. The extracted information is then transported via tor to a C&C server concealing the real IP address of the Command and Control (C&C) server(s), encrypting traffic, and avoiding network-level detection.

Backoff

Unlike many of the earlier malware families, Backoff was not built with a specific target in mind, which has allowed it to be used to cause a large number of data breaches. One of the larger ones targeted UPS stores between January and August, 2014. Backoff is also unique in that it uses a runtime packer to protect it from being detected. To maintain persistence Backoff will create an encrypted copy of itself. If the malware stops running for any reason, nsskrnl will be decrypted and executed to re-infect the system by utilizing a code that was injected into an explorer.exe process. Exfiltration and remote control is accomplished by communicating with a remote C&C via HTTP. [8]

Cherrypicker POS

The malware dubbed Cherrypicker POS has been around undetected since roughly 2011. It avoids detection by the use of encryption, obfuscation and cleaning up after itself. It injects various based upon it’s configuration and memory scrapes for track 1 and track 2 data, which is then logged. The logged file is then encrypted for communication back to the remote FTP.

AbaddonPOS

AbaddonPOS is a simplistic piece of POS malware, coming in at around 5 KB in size. The malware implements several anti-analysis and obfuscation techniques to make manual and automated analysis difficult. To acquire track 1& 2 data the malware scraps all processes memory except it’s own. The majority of the AbaddonPOS’s code is not obfuscated with the exception of the code to encode and transmit payment card details. Which could be explained because unlike many POS malware families which utilize existing prototols, such as HTTP/IRC/Tor to communicate with a c&c, Abaddon developers created their own binary encoded protocol to exfiltrate data.

POS Detection

The following correlation rules from AlienVault USM are used to detect activity from the aforementioned threats:

Conclusion

For the security researcher, POS malware is an area of research that is of growing interest. Learning about the different families of POS malware is useful in this research, as it makes variants easier to identify and detect. Understanding the families with similar code base saves valuable time during research, especially when responding to the incident breaches – it is not necessary to view every new malware as something brand new. Lazy attackers are simply modifying existing malware to evade detection in many cases.

The following infographic lists most of the recent breaches at retailers caused by POS malware, depicting an overview of impact of POS malware.

References

[1] http://arstechnica.com/security/2012/12/dexter-malware-steals-credit-card-data-from-point-of-sale-terminals/
[2] http://www.xylibox.com/2013/02/alina-34-pos-malware.html
[3] http://blog.spiderlabs.com/2013/05/alina-shedding-some-light-on-this-malware-family.html
[4] http://blog.trendmicro.com/trendlabs-security-intelligence/new-blackpos-malware-emerges-in-the-wild-targets-retail-accounts/
[5] http://money.cnn.com/2014/02/11/news/companies/retail-breach-timeline/
[6] https://blog.gdatasoftware.com/blog/article/new-frameworkpos-variant-exfiltrates-data-via-dns-requests.html
[7] http://www.cyphort.com/wp-content/uploads/2014/11/POS-Malware-Report-WEB.pdf
[8] https://securelist.com/blog/incidents/58192/chewbacca-a-new-episode-of-tor-based-malware/
[9] http://sjc1-te-ftp.trendmicro.com/images/tex/pdf/RawPOS%20Technical%20Brief.pdf
[10] https://usa.visa.com/dam/VCOM/download/merchants/alert-rawpos.pdf
[11] http://www.cyphort.com/wp-content/uploads/2014/11/POS-Malware-Report-WEB.pdf

       

Posted: 17 Dec 2015 | 6:00 am

Potao Express samples

http://www.welivesecurity.com/2015/07/30/operation-potao-express/

http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdf


TL; DR


2011- July 2015
  • 1st Full Plugin and its export function is called Plug. Full plugins run continuously until the infected system is restarted
  • 2nd Light Plugin with an export function Scan. Light plugins terminate immediately after returning a buffer with the information they harvested off the victim’s machine.
  • Strong encryption. The data sent is encapsulated using the XML-RPC protocol.
  • MethodName value 10a7d030-1a61-11e3-beea-001c42e2a08b is always present in Potao traffic.
  • After receiving the request the C&C server generates an RSA-2048 public key and signs this generated key with another, static RSA-2048 private key .
  • In 2nd stage the malware generates a symmetric AES-256 key. This AES session key is encrypted with the newly received RSA-2048 public key and sent to the C&C server.
  • The actual data exchange after the key exchange is then encrypted using symmetric cryptography, which is faster, with the AES-256 key
  • The Potao malware sends an encrypted request to the server with computer ID, campaign ID, OS version, version of malware, computer name, current privileges, OS architecture (64 or 32bits) and also the name of the current process.

Download


Download. Email me if you need the password
TypeSHA256MD5
1stVersion1fe6af3d704d2fc0c7acd58b069a31eec866668ec6e25f52354e6e61266db8db85b0e3264820008a30f17ca19332fa19
1stVersion2ff0941fe3514abc12484ad2853d22fd7cb36469a313b5ecb6ef0c6391cf78abac854a3c91d52bfc09605506e76975ae
1stVersion54a76f5cd5a32ed7d5fa78e5d8311bafc0de57a475bc2fddc23ee4b3510b9d443b7d88a069631111d5585b1b10cccc86
1stVersion76c7c67274cf5384615a120e69be3af64cc31d9c4f05ff2031120612443c8360d1658b792dd1569abc27966083f59d44
1stVersion244c181eb442fefcf1e1daf900896bee6569481c0e885e3c63efeef86cd64c550c7183d761f15772b7e9c788be601d29
1stVersion887a721254486263f1f3f25f3c677da62ef5c062c3afa7ef70c895bc8b17b424a35e48909a49334a7ebb5448a78dcff9
1stVersion945c594aee1b5bd0f3a72abe8f5a3df74fc6ca686887db5e40fe859e3fc90bb1502f35002b1a95f1ae135baff6cff836
1stVersionab8d308fd59a8db8a130fcfdb6db56c4f7717877c465be98f71284bdfccdfa25a446ced5db1de877cf78f77741e2a804
1stVersionb22a614a291111398657cf8d1fa64fa50ed9c66c66a0b09d08c53972c6536766d939a05e1e3c9d7b6127d503c025dbc4
1stVersionfcfdcbdd60f105af1362cfeb3decbbbbe09d5fc82bde6ee8dfd846b2b844f97214634d446471b9e2f55158d9ac09d0b2
DebugVersion910f55e1c4e75696405e158e40b55238d767730c60119539b644ef3e6bc32a5d7263a328f0d47c76b4e103546b648484
DebugVersionc821cb34c86ec259af37c389a8f6cd635d98753576c675882c9896025a1abc53bdc9255df5385f534fea83b497c371c8
DebugVersionf845778c3f2e3272145621776a90f662ee9344e3ae550c76f65fd954e7277d195199fcd031987834ed3121fb316f4970
Droppersfrompostalsites4dcf14c41b31f8accf9683917bfc9159b9178d6fe36227195fabc232909452af65f494580c95e10541d1f377c0a7bd49
Droppersfrompostalsites8bc189dee0a71b3a8a1767e95cc726e13808ed7d2e9546a9d6b6843cea5eb3bda4b0615cb639607e6905437dd900c059
Droppersfrompostalsites048621ecf8f25133b2b09d512bb0fe15fc274ec7cb2ccc966aeb44d7a88beb5b07e99b2f572b84af5c4504c23f1653bb
Droppersfrompostalsitesaa23a93d2fed81daacb93ea7ad633426e04fcd063ff2ea6c0af5649c6cfa03851927a80cd45f0d27b1ae034c11ddedb0
Droppersfrompostalsitesc66955f667e9045ea5591ebf9b59246ad86227f174ea817d1398815a292b8c88579ad4a596602a10b7cf4659b6b6909d
Droppersfrompostalsitesd6f126ab387f1d856672c730991573385c5746c7c84738ab97b13c897063ff4ae64eb8b571f655b744c9154d8032caef
Dropperswdecoy61dd8b60ac35e91771d9ed4f337cd63e0aa6d0a0c5a17bb28cac59b3c21c24a9d755e52ba5658a639c778c22d1a906a3
Dropperswdecoy4328b06093a4ad01f828dc837053cb058fe00f3a7fd5cfb9d1ff7feb7ebb8e32b4d909077aa25f31386722e716a5305c
Dropperswdecoy15760f0979f2ba1b4d991f19e8b59fc1e61632fcc88755a4d147c0f5d47965c5fc4b285088413127b6d827656b9d0481
Dropperswdecoyb9c285f485421177e616a148410ddc5b02e43f0af375d3141b7e829f7d487bfd73e7ee83133a175b815059f1af79ab1b
Dropperswdecoycf3b0d8e9a7d0ad32351ade0c52de583b5ca2f72e5af4adbf638c81f4ad8fbcbeebbcb1ed5f5606aec296168dee39166
Dropperswdecoydbc1b98b1df1d9c2dc8a5635682ed44a91df6359264ed63370724afa9f19c7ee5a24a7370f35dbdbb81adf52e769a442
FakeTrueCryptextractedexe4c01ffcc90e6271374b34b252fefb5d6fffda29f6ad645a879a159f78e095979b64dbe5817b24d17a0404e9b2606ad96
FakeTrueCryptextractedexe5de8c04a77e37dc1860da490453085506f8aa378fbc7d811128694d8581b89ba7ca6101c2ae4838fbbd7ceb0b2354e43
FakeTrueCryptextractedexe73aae05fab96290cabbe4b0ec561d2f6d79da71834509c4b1f4b9ae714159b42f64704ed25f4c728af996eee3ee85411
FakeTrueCryptextractedexec7212d249b5eb7e2cea948a173ce96e1d2b8c44dcc2bb1d101dce64bb3f5beccc1f715ff0afc78af81d215d485cc235c
FakeTrueCryptSetup42028874fae37ad9dc89eb37149ecb1e6439869918309a07f056924c1b981deff34b77f7b2233ee6f727d59fb28f438a
FakeTrueCryptSetupa3a43bbc69e24c0bc3ab06fbf3ccc35cf8687e2862f86fb0d269258b68c710c9babd17701cbe876149dc07e68ec7ca4f
FakeTrueCryptSetupb8844e5b72971fe67d2905e77ddaa3366ae1c3bead92be6effd58691bc1ff8eccfc8901fe6a9a8299087bfc73ae8909e
FakeTrueCryptSetupfe3547f0e052c71f872bf09cdc1654137ee68f878fc6d5a78df16a13e6de176883f3ec97a95595ebe40a75e94c98a7bd
OtherDroppers2de76a3c07344ce322151dbb42febdff97ade8176466a3af07e5280bd859a18638e708fea8016520cb25d3cb933f2244
OtherDroppers4e88b8b121d768c611fe16ae1f008502b2191edc6f2ee84fef7b12b4d86fe000360df4c2f2b99052c07e08edbe15ab2c
OtherDroppers29dfc81b400a1400782623c618cb1d507f5d17bb13de44f123a333093648048f89a3ea3967745e04199ebf222494452e
OtherDroppers97afe4b12a9fed40ad20ab191ba0a577f5a46cbfb307e118a7ae69d04adc2e2d6ba88e8e74b12c914483c026ae92eb42
OtherDroppers793a8ce811f423dfde47a5f44ae50e19e7e41ad055e56c7345927eac951e966b043f99a875424ca0023a21739dba51ef
OtherDroppers904bb2efe661f654425e691b7748556e558a636d4f25c43af9d2d4dfbe83262e02d438df779affddaf02ca995c60cecb
OtherDroppersb62589ee5ba94d15edcf8613e3d57255dd7a12fce6d2dbd660fd7281ce6234f411b4e7ea6bae19a29343ae3ff3fb00ca
OtherDroppersd2c11706736fda2b178ac388206472fd8d050e0f13568c84b37683423acd155d27d74523b182ae630c4e5236897e11f3
OtherDroppersf1f61a0f9488be3925665f8063006f90fab1bf0bd0b6ff5f7799f8995ff8960e1ab8d45656e245aca4e59aa0519f6ba0
USBSpreaders1acae7c11fb559b81df5fc6d0df0fe502e87f674ca9f4aefc2d7d8f828ba7f5c76dda7ca15323fd658054e0550149b7b
USBSpreaders3d78f52fa0c08d8bf3d42074bf76ee56aa233fb9a6bc76119998d085d94368caca1a3618088f91b8fb2a30c9a9aa4aca
USBSpreaders7d15bd854c1dfef847cdd3caabdf4ab81f2410ee5c7f91d377cc72eb81135ff4a2bb01b764491dd61fa3a7ba5afc709c
USBSpreaders09c04206b57bb8582faffb37e4ebb6867a02492ffc08268bcbc717708d1a8919a59053cc3f66e72540634eb7895824ac
USBSpreaders12bb18fa9a12cb89dea3733b342940b80cd453886390079cb4c2ffcd664baeda2bd0d2b5ee4e93717ea71445b102e38e
USBSpreaders34e6fb074284e58ca80961feda4fe651d6d658077914a528a4a6efa91ecc749d057028e46ea797834da401e4db7c860a
USBSpreaders90b20b1687909c2f76f750ba3fd4b14731ce736c08c3a8608d28eae3f4cd68f3514423670de210f13092d6cb8916748e
USBSpreaders93accb71bf4e776955756c76990298decfebe4b1dd9fbf9d368e81dc1cb9532dabb9f4fab64dd7a03574abdd1076b5ea
USBSpreaders99a09ad92cc1a2564f3051057383cb6268893bc4a62903eabf3538c6bfb3aa9c542b00f903f945ad3a9291cb0af73446
USBSpreaders339a5199e6d0b5f781b08b2ca0ad0495e75e52b8e2fd69e1d970388fbca7a0d6a427ff7abb17af6cf5fb70c49e9bf4e1
USBSpreaders340b09d661a6ac45af53c348a5c1846ad6323d34311e66454e46c1d38d53af8b2646f7159e1723f089d63e08c8bfaffb
USBSpreaders461dd5a58ffcad9fffba9181e234f2e0149c8b8ba28c7ea53753c74fdfa0b0d5609abb2a86c324bbb9ba1e253595e573
USBSpreaders4688afcc161603bfa1c997b6d71b9618be96f9ff980e5486c451b1cc2c5076cbae552fc43f1ba8684655d8bf8c6af869
USBSpreaders7492e84a30e890ebe3ca5140ad547965cc8c43f0a02f66be153b038a73ee53141234bf4f0f5debc800d85c1bd2255671
USBSpreaders61862a55dcf8212ce9dd4a8f0c92447a6c7093681c592eb937a247e38c8109d4e685ea8b37f707f3706d7281b8f6816a
USBSpreaders95631685006ac92b7eb0755274e2a36a3c9058cf462dd46f9f4f66e8d67b9db29179f4683ece450c1ac7a819b32bdb6d
USBSpreadersb8b02cc57e45bcf500b433806e6a4f8af7f0ac0c5fc9adfd11820eebf4eb5d79cdc60eb93b594fb5e7e5895e2b441240
USBSpreaderse57eb9f7fdf3f0e90b1755d947f1fe7bb65e67308f1f4a8c25bc2946512934b739b67cc6dae5214328022c44f28ced8b
USBSpreaderse3892d2d9f87ea848477529458d025898b24a6802eb4df13e96b0314334635d03813b848162261cc5982dd64c741b450
USBSpreadersf1d7e36af4c30bf3d680c87bbc4430de282d00323bf8ae9e17b04862af28673635724e234f6258e601257fb219db9079


Posted: 12 Aug 2015 | 5:25 am

Freedome VPN For Mac OS X

Take a look at this:

F-Secure Freedome Mac OS X

F-Secure Freedome for OS X (freshly installed on a Labs Mac Team MacBook).

Mac_Team_Test_Machines

The beta is now open for everyone to try for 60 days at no cost.

Download or share.

On 24/04/15 At 12:37 PM

Posted: 24 Apr 2015 | 1:37 am

Shikotan – the Kuril New Zealand.

If you’ve ever been to New Zealand, and then one day you were to wake up on Shikotan island (er, without knowing how you got there, or why were you asleep for so long, etc., etc.), you’d probably think you’ve been teleported to NZ. They’re just so similar!

Non-volcanic gently rolling grassy landscapes, nano-bamboo, picturesque and seemingly carefully positioned trees. All neatly trimmed, colored, and – you’d think – Photoshopped, and sparkling under the inevitable Kuril rain. If sheep and sun were added – it’d be the carbon copy of NZ – somewhere around the center of the North Island.

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Only the hobbits’ cubbyholes are missing

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Kuril Islands - Shikotan

[twitter_pullquote]Shikotan – Kuril Newzealan![/twitter_pullquote]

The name of the island comes from Ainu and translates as ‘best island’. Yep, they got that right, those ancient Kuril aborigines :).

If Wiki is to be believed the island has around 2000 inhabitants divided into two villages – Malokurilskoye and Krabozavodskoye. I’m afraid I’ve no photos of these places as we didn’t get round to visiting them.

So what else is there to see on Shikotan?

There’s Cape ‘Krai Sveta’ (‘edge of the world’) and its lighthouse.

Sadly I didn’t see either up close as I was recovering from the previous day’s ‘try everything’ mode and decided I’d best not hold up the other troops with my slowed tempo. However, those who did make it to the island said it was definitely worth it.

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Kuril Islands - Shikotan

The Baltic states have amber. Shikotan has agate. Much better!

There’s simply tons of it lying about on the shores and in the surrounding waters here, just, well, lying there – with no one putting any claim to it. The posse therefore proceeded to search for and pocket some of the prettier specimens. Seemed a shame just to leave it there, abandoned. Turned out we gathered so much that when we embarked back onto the boat the waterline had sunk a bit :). Bizarrely, after all that careful selecting and stockpiling, most of the rocks were thrown overboard, much like the keen carp angler puts his catch back into the lake after taking so much trouble to hook it. Nowt queer as folk… :).

Still just off Shikotan, at last we were able to get some swimming in!

The water was a bearable 17°C – much warmer than on Simushir, where just looking at the ocean made you shiver. Here though, the conditions were just right for a diving contest – off the boat. Nice.

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Yours truly’s best attempt

Kuril Islands - Shikotan

Kuril Islands - Shikotan

Btw, allegedly Shikotan is the only Kuril island on which snakes are found. Also here – plus on neighboring Kunashir and Iturup – can be found a most unusual plant, which the locals call Ipritka. The pollen (or oil) of this flora species is a really potent allergen, and if you come into contact with it things can get very painful – including serious burns. So if you’re ever here, dress appropriately and don’t touch anything!

Kuril Islands - Shikotan

Source

Now, since we’ve already touched upon NZ in this post, let me return to that most important of questions – which place in the world is the most wildly beautiful?

Well, before our NZ adventure last year, in first place for beauty and natural unusualness – and unusual naturalness – was without a doubt Kamchatka. But then, despite some geographical nuances, Kamchatka was knocked off the top spot down to second place by the North and South Islands of New Zealand.

Then, after my crazy trip to see an eruption of Tolbachik in March-April 2013, Kamchatka once again was back on top!

Now about those nuances…

The main beauties of Kamchatka are all fairly close to one another – from around Klyuchevskaya Sopka in the north, down to Kurile Lake (and the Kambalny volcano) in the south. Whereas NZ’s best natural beauties are scattered across a much greater area. Thus, if to compare like with like, then the two islands of NZ need to be compared with Kamchatka individually. Now, Kamchatka is way cooler than either of the NZ islands on its own, but the two islands together – they destroy Kamchatka!

But! Update!!…

If we now compare NZ with Kamchatka plus the Kurils then NZ has no chance. Kamchatka + Kurils = the bomb! Oh yes. These Ks fall into my mind.

[twitter_pullquote]Which is the best? New Zealand or Russia’s Far East? The answer’s obvious![/twitter_pullquote]

The one downside to K+K: To get at their best gems you need to travel a lot further. Your suitcase of cash needs to be fatter too, but I won’t dwell on that…

But I’m not done yet! There’s still one more island I need to tell you about – Kunashir. Coming right up!…

Kuril Islands - Shikotan

All the photos are here.

Posted: 4 Sep 2014 | 5:46 am

New Website for Cyber Engineering Services

If you’ve visited our website before your may notice some changes this time around. Our old site served us well but as we are moving forward as a company we felt it was time for a fresh new look for the website to reflect the fresh new ideas being developed in our company. Besides the attractive new color palette and flashy new slider we’ve streamlined our content and cleaned things up. There are also a few new features to check out. You may have noticed Cyber Engineering Services in the news lately, we added a NEWS section where you can check out all the buzz and catch up on anything you missed. We have also added a section called LEADERSHIP were you can read a bit about the fearless leaders we have taking up the helm and keeping us on our toes here at Cyber Engineering Services.

If this is your first time visiting our site, look around and sample a few pages, we’ve tried our best to lay things out so its easy to find what you need quickly. If you still have questions feel free to contact us, we’d love to talk with you. If you have suggestions for our website, feel free to comment below, we’d love to hear your feedback.

Posted: 3 Sep 2014 | 7:39 am