Iran Cyber Security and Artificial Intelligence (civilian and military)

this for the people who still think cyber warfare is myth and use of windows is wise
 
Hack-Hook said:
sorry you can't use that for things that need always on connection like gas stations, power grids
by the way ,OpenWRT , Armbian , don't you think they smell open source ?
and openwrt can't be used by all hardware , that's why governments when do large amount of hardware first they want to audit the firmware
by the way your otp is a technique , the software to use it is probably open source and you are welcome to use it with thousands of connection this from yor article


also i suggest you read what come between the two part
Click to expand...

one time pad software is three lines of code to implement, dont you understand the concept?

obviously relies in a true random source for the key.
But today that is easy (just any video camera as random source of data) and today big storage devices like nand memories are cheap, that was impossible to do decades ago in a cheap way.

OpenWRT and ARMBian are just linux distributions to run in embedded devices and run the code, simple to do software, just like a pc, but cheaper and smaller.

Open source code just to run the operating system.

And your own code for the communication layer, and for encryption, then you're safe.
 
BHAN85 said:
one time pad software is three lines of code to implement, dont you understand the concept?

obviously relies in a true random source for the key.
But today that is easy (just any video camera as random source of data) and today big storage devices like nand memories are cheap, that was impossible to do decades ago in a cheap way.

OpenWRT and ARMBian are just linux distributions to run in embedded devices and run the code, simple to do software, just like a pc, but cheaper and smaller.

Open source code just to run the operating system.

And your own code for the communication layer, and for encryption, then you're safe.
Click to expand...
the hard part is sharing that otp in real time between tens of thousands of gas pomps
 
Hack-Hook said:
the hard part is sharing that otp in real time between tens of thousands of gas pomps
Click to expand...
anyway OTP is just a sample.

I guess zios have no broken RSA 4096 yet.
And a AES 256 lightly modificated is enough security.

But better own implementation, and dont rely in OpenSSL.

There are simple easy implementations than can be modified.

github.com

GitHub - Mbed-TLS/mbedtls: An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months ...
github.com github.com
 
1*prQdHxWMgcVJtfrLR7Z2kg.png
Did someone mention my old friend UDP?

Seriously this thread is great. Keep it up @BHAN85 and @Hack-Hook
 
About Wireshark, one tip: It's not useful just for Internet protocols.

It can be used to learn about USB protocols of any USB device, thanks to USBMON (usb monitor) linux kernel module, you can intercept data traffic in USB port just like a internet connection.


It can be useful to code own USB drivers from scratch and avoid backdoors (e.g. a 4G Modem USB driver).
 
Thousands of emails from 2003-2021 were hacked, including emails to and from Javad Zarif and other Iranian ministers. Mostafa Zahrani appears to have been the attack vector whose account was compromised.

Concerningly, Zarif appears to use a 'gmail' address while Zahrani and others used a 'yahoo' address.

"Three Iran experts who have worked closely with Robert Malley, the Biden administration’s special envoy on Iran, were members of an influence network formed and guided by Tehran, an investigation by Iran International shows.

The investigation was based on thousands of emails between Iranian diplomats and analysts obtained by Iran International, which shared them with Semafor. The two organizations jointly reported parts of this story together, and wrote and published their stories independently.

The emails, spanning from 2003 to 2021, were part of a trove of thousands belonging to Mostafa Zahrani, former director general of strategic affairs in the foreign ministry and advisor to former Iranian Foreign Minister Mohammad Javad Zarif.

The emails included passport copies, resumes, invitations to conferences, airplane tickets, visa applications, payment receipts, academic articles, and extensive correspondence with foreign ministry officials, university staff, and students, all of which helped in verifying their authenticity."
 
Persian Gulf said:
Thousands of emails from 2003-2021 were hacked, including emails to and from Javad Zarif and other Iranian ministers. Mostafa Zahrani appears to have been the attack vector whose account was compromised.

Concerningly, Zarif appears to use a 'gmail' address while Zahrani and others used a 'yahoo' address.

"Three Iran experts who have worked closely with Robert Malley, the Biden administration’s special envoy on Iran, were members of an influence network formed and guided by Tehran, an investigation by Iran International shows.

The investigation was based on thousands of emails between Iranian diplomats and analysts obtained by Iran International, which shared them with Semafor. The two organizations jointly reported parts of this story together, and wrote and published their stories independently.

The emails, spanning from 2003 to 2021, were part of a trove of thousands belonging to Mostafa Zahrani, former director general of strategic affairs in the foreign ministry and advisor to former Iranian Foreign Minister Mohammad Javad Zarif.

The emails included passport copies, resumes, invitations to conferences, airplane tickets, visa applications, payment receipts, academic articles, and extensive correspondence with foreign ministry officials, university staff, and students, all of which helped in verifying their authenticity."
Click to expand...
honestly , GMail and yahoo look bad however you look at them
but don't forget the Iranian mail alternative at the time used an old beta software of an open source software that they didn't bother upgrade for years and as a result was filed with vulnerability that any 3rd grade IT enthusiast could hack in below 1 minutes, funny part the software could not handle nation size population
wonder what they did about software, and if they changed the software
 
and this is the new situation
www.sanadata.com

مشکل امنیتی ایمیل ملی

مشکل امنیتی ایمیل ملی
www.sanadata.com www.sanadata.com

the certifications are expired
main browser warn you the site has security risk
use of self signed certificates
ای‌میل ملی ایران دات‌آی‌آر دولتی و ای میل ملی چاپار وابسته به بخش خصوصی و هر دو فعال هستند. اگر چه بررسی‌های کمپین نشان می‌دهد که ایمیل ملی ایران دات آی‌آر دقیقا از همان نرم‌افزار ایمیل چاپار استفاده می‌کند به‌گونه‌ای که در سمت سرور و کد‌های کلاینت (Server Side and Client Side) ایمیل ملی ایران دات‌ آی‌آر، همان کد‌های چاپار را می‌توان مشاهده کرد. حتی در مواردی نشانی‌های عمومی هر دو سایت هم دقیقا مانند یکدیگر هستند. به عنوان نمونه نشانی تغییر رمز هر دو ایمیل www.domain/Chmail/repassword است و همچنین ایمیل ایران دات آی‌ار از کلید عمومی (Public Key) چاپار استفاده می‌کند. این بدان معناست که شرکت چاپار، عملا به محتوای ردوبدل شده در ای میل ملی ایران‌آی‌آر دسترسی دارد.


نتیجه آزمایش‌های کمپین بر روی گواهینامه‌های امنیتی اس‌اس‌ال هر دو سرویس ایمیل چاپار و ایران دات آی‌آر نشان می‌دهد که در زمان دریافت اطلاعات(Incoming) هر دو سرویس فاقد سرویس PFS که یک مرحله امنیت رمزنگاری را افزایش می‌دهد. در صورتی که کلید‌های رمزنگاری به سرقت رود PFS این امکان را فراهم می‌کند که امکان رمزگشایی اطلاعات قبلی وجود نداشته باشد. در مورد ارسال ایمیل(Outgoing) اما از گواهینامه غیرمعتبر استفاده شده است که به معنی عدم انجام رمزنگاری اتصال خروجی ایمیل‌ها است که در نتیجه ترافیک ایمیل‌های ارسالی از این سرورها رمز نخواهند شد و در میانه راه قابل شنود هستند.


هر دو سرویس ایمیل چاپار و ایرانی دات ‌آی‌آر، تا فروردین ۱۳۹۶، از نسخه GA 6.0.9 برنامه‌ای غیر ایرانی استفاده می‌کنند که برای ایجاد و مدیریت یک میل‌سرور است. تحقیقات کمپین نشان می‌دهد که این برنامه نسبت به آخرین به روز رسانی‌های نسخه اصلی بسیار عقب است. آخرین نسخه منتشر شده توسط این شرکت ۸٫۷٫۶ GA است. استفاده نکردن از نسخه‌های به روز شده برنامه‌های کامپیوتری باعث می‌شود تا دست هکر‌ها برای حمله‌های سایبری به آنها باز بماند. به عنوان نمونه در خرداد ۱۳۹۵ به دلیل آنکه سازمان‌ها و نهاد‌های دولتی از نسخه قدیمی برنامه DNN، که برنامه‌ای شبیه وردپرس برای طراحی و مدیریت وب‌سایت است، استفاده می‌کردند که داری یک حفره امینتی بود، هکرها موفق شدند بسیاری از سایت‌های دولتی از جمله سایت مرکز آمار ایران را هک کنند.
Click to expand...

ایمیل‌های ملی

در دولت محمود احمدی‌نژاد سه سرویس ایمیل به نام‌های چاپار،‌ شرکت پست و ایران دات آی‌آر به عنوان ایمیل‌های ملی اعلام شد. این سرویس ها قبل از آغاز به کار دولت حسن روحانی در سال ۱۳۹۲ راه اندازی شد. در دولت حسن روحانی، موضوع ای‌میل به بخشی از یک پروژه کلی‌تر به نام «کارپوشه ملی ایرانیان» تغییر کرد که...
persian.iranhumanrights.org persian.iranhumanrights.org

Ùشک٠اÙÙÛØªÛ Ø§ÛÙÛÙ ÙÙÛ

www.softgozar.com www.softgozar.com
 
Persian Gulf said:
Thousands of emails from 2003-2021 were hacked, including emails to and from Javad Zarif and other Iranian ministers. Mostafa Zahrani appears to have been the attack vector whose account was compromised.

Concerningly, Zarif appears to use a 'gmail' address while Zahrani and others used a 'yahoo' address.

"Three Iran experts who have worked closely with Robert Malley, the Biden administration’s special envoy on Iran, were members of an influence network formed and guided by Tehran, an investigation by Iran International shows.

The investigation was based on thousands of emails between Iranian diplomats and analysts obtained by Iran International, which shared them with Semafor. The two organizations jointly reported parts of this story together, and wrote and published their stories independently.

The emails, spanning from 2003 to 2021, were part of a trove of thousands belonging to Mostafa Zahrani, former director general of strategic affairs in the foreign ministry and advisor to former Iranian Foreign Minister Mohammad Javad Zarif.

The emails included passport copies, resumes, invitations to conferences, airplane tickets, visa applications, payment receipts, academic articles, and extensive correspondence with foreign ministry officials, university staff, and students, all of which helped in verifying their authenticity."
Click to expand...

All gmail and yahoo emails can be read by USA security agencies without hack anything.

It's not hacking, it's just USA companies, it's like send a carbon copy straight to NSA.

facebook-privacy-settings.jpg

:ROFLMAO:
 
Didn't want to say anything until more obvious events, but clearly the knobs of 'population tampering' into the 'west' have turned up, especially in the US. The events will continue to exacerbate until the elections and while after.

There's also an ongoing campaign into Zionia driven partially by the US to get rid of Yahoo.
 
You must log in or register to reply here.

Users who are viewing this thread

  • Total: 3 (members: 1, guests: 2)

    Pakistan Defence Latest

    Country Watch Latest

    Latest Posts

    Share this page

    Back
    Top