20121021

20121017

Fukushima: bad news for you

Prison Planet.com » Ground under Fukushima Unit 4 sinking, structure on verge of complete collapse

Though the mainstream media has long since abandoned the issue, the precarious situation at the Fukushima Daiichi nuclear power facility in Japan is only continuing to worsen, according to a prominent Japanese official. During a recent interview, Mitsuhei Murata, the former Japanese Ambassador to both Switzerland and Senegal, explained that the ground beneath the plant’s Unit 4 is gradually sinking, and that the entire structure is very likely on the verge of complete collapse.

This is highly concerning, as Unit 4 currently holds more than 1,500 spent nuclear fuel rods, and a collective 37 million curies of deadly radiation that, if released, could make much of the world completely uninhabitable. As some Natural News readers will recall, Unit 4 contains the infamous elevated cooling pool that was severely damaged following the catastrophic earthquake and tsunami that struck on March 11, 2011.

According to the Secretary of former Japanese Prime Minister Naoto Kan, the ground beneath Unit 4 has already sunk by about 31.5 inches since the disaster, and this sinking has taken place unevenly. If the ground continues to sink, which it is expected to, or if another earthquake of even as low as a magnitude six occurs in the region, the entire structure could collapse, which would fully drain the cooling pool and cause a catastrophic meltdown.

“If Unit 4 collapses, the worse case scenario will be a meltdown, and a resultant fire in the atmosphere. That will be the most unprecedented crisis that man has ever experienced. Nobody will be able to approach the plants … as all will have melted down and caused a big fire,” said Murata during the interview. “Many scientists say if Unit 4 collapses, not only will Japan lie in ruin, but the entire world will also face serious damages.”

Because there are 31 nuclear units of a similar type to Unit 4 in the U.S., the American government has been downplaying the disaster to protect its own reputation, alleges Murata. This is, in fact, the primary reason why so little has been reported on the severity of Fukushima following the disaster. The American empire, in other words, does not want the world, nor the American people, to know that there is the possibility of literally dozens of Fukushima situations occurring on American soil, should the right disaster situations arise.

You can watch the full 3:51 minute translated interview with Murata at the following link:
福島4號æ*¸çˆå±åŠæ—¥æœ¬å’Œå…¨ä¸–界(ä¸*英å *—幕)4号機倒壊危機 Unit 4 Crisis ENG SB - YouTube

20121015

Is it OK to hold credit card numbers in cookies?

Is it OK to hold credit card numbers in cookies? Santander?

From: auto62098873 () hushmail com
Date: Sun, 14 Oct 2012 16:15:05 +0100

Santander are a joke when it comes to security. Fed up of two years of battling with them to fix issues any other bank 
would have fixed in seconds, things like XSS on login pages etc. Time to hit full disclosure with some of these issues 
in the hope they'll change their game and start to take their customers security seriously:



*Advisory Information*


 Title: Sensitive Data In Cookies 
 Date published: 2012-03-31 08:16:26 PM
 upSploit Ref: UPS-2012-0004
 
 *Advisory Summary*
 Santander's online banking stores a sensitive, including full credit card numbers, in its cookies putting this 
information at risk.
 
 
*Vendor*
 Santander (UK)
 
*Affected Software*
 Online Banking
 
 https://retail.santander.co.uk
(confirmed for personal online banking)



*Description of Issue*
 Santander online banking unnecessarily stores sensitive information within cookies. Depending on which areas of online 
banking the user visits this information may include the following:
* Full name
* PAN (Credit card number)
* Bank account number and sort code
* Alias
* UserID


Of particular concern is the full PAN, which PCI DSS states should be rendered unreadable anywhere it is stored.


Within Santander's "Security & Privacy" section they state that: "Santander's site-tracking cookies don’t contain name 
or address information". The use of cookies is therefore not in line with this policy.


It should be noted that the HTTPOnly flag is not used on any cookies exposing them to increased greater risk of 
exposure (for example through XSS) - such as the XSS which was present on the login page for ~1 year before being 
inadvertently fixed!!.


Additionally, whilst the cookies expire at the end of a session, they are not overwritten on logout. This mean any user 
who does not close their browser, even if they log out correctly, will still have these cookies present until they 
close their browser. Thus increasing the window for exposure.


 
 *PoC*
 The cookies holding the most sensitive information include:
* rinfo
* NewUniversalCookie


On browsing to the "Credit Cards" section and selecting a credit card a cookie such as the following is set (credit 
card number obscured):


rinfo=/EBAN_Cards_ENS/BtoChannelDriver.ssobto?dse_operationName=viewRecentTransactions&cardSelected=5***************


The sensitive information in the NewUniversalCookie is base64 encoded, when decoded it is of the format shown below 
(sensitive data has been stripped):


NewUserPasswordCookie***************
http://tinyurl.com/santander-dpa Santanders Cookie Policy stating "cookies do not contain personal information, and cannot be used to identify you" http://tinyurl.com/santanderCookies PCI DSS v2.0: https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf

20121012

How much do cats actually kill

All started as a comic, but researchers find is not a good comedy: they're doing it for fun: