Evidence and proof of concept that keweon Online Security is not as secure as claimed by its developer.
After a group of independent IT and cyber security specialists proved that keweon is not as secure as claimed by the developer, they confronted the developer with the results and reminded him of a bet. All keweon support groups on TG then were deleted by the developer personally and without further explanation on the morning of February 4, 2019.
We all know by now that the way keweon DNS works is based on users using keweon's DNS and the keweon root certificate.
What has now been proven is exactly what keweon could do with its users, but Torsten vehemently denies and claims "that's impossible" and "that doesn't work":
1. get users to use your DNS server.
2. get users to use your root certificate.
3. redirecting a page, e.g. mybank.com, to one of the keweon servers (by changing the DNS record)
4. issue your own SSL certificate for the website, users have installed your Root-CA and so this is not a "witch work"
5. read username/password from the connection (if 2FA is used, just wait until the user logs in and use the token again quickly as it is valid for 30 seconds).
We now have proof that this is possible without a doubt. In fact, this is a classic MITM attack, and anyone who denies that it is possible either has no idea (you shouldn't assume this from Torsten) or is trying to hide something from his users.
The developer of keweon has repeatedly asserted and insisted that a root certificate cannot intercept connections or collect data.
Quote from the keweon developer with his PayPal bet:
"Prove that to me. Give me any DNS and a root certificate and try to get my PayPal data.
I'll then even contact you when I sign up for PayPal. If you manage to get my PayPal data this way, you can log in and transfer 500 Euro to your account. I have made this offer very often and this is a serious offer from my side."
Unfortunately the developer of keweon didn't contribute his part to the test as he promised so often and of course he didn't log into Paypal via our provided DNS and root certificate.
The only reaction on his part was, apart from some insults, the deletion of all keweon groups on TG.
The security test of the keweon servers also revealed that under certain conditions connections are even redirected to keweon's own termination server and answered with 1x1 pixel gifs.
The fact is that the requests contain tracking IDs that can be easily managed from these servers.
So even Torsten's statement that the keweon SSL server only terminates requests with empty (0 byte) responses is wrong.
This again contradicts Torsten's own statement.
The point now is that the developer of keweon Online Security is actively trying to deny that it is possible for him to abuse the root certificate, although it has now been proven that it is actually possible for him to do exactly that with the keweon root certificate and its users.
Until the developer decides to disprove the accusations made against keweon Online Security or can prove that the accusations against him are unfounded, it is advisable for obvious reasons of security not to use keweon Online Security for the time being.
Anyone who is interested in repeating this test can do so at:
http://keweonwette.info.tm, where you will find a DNS and a root certificate, same as with keweon Online Security.
Furthermore there is a real-time log about recorded connections.
Everything else can be found there.
Please be careful not to use your correct email address or password for this test!
#keweon #test #bet #evidence #ProofOfConcept
After a group of independent IT and cyber security specialists proved that keweon is not as secure as claimed by the developer, they confronted the developer with the results and reminded him of a bet. All keweon support groups on TG then were deleted by the developer personally and without further explanation on the morning of February 4, 2019.
We all know by now that the way keweon DNS works is based on users using keweon's DNS and the keweon root certificate.
What has now been proven is exactly what keweon could do with its users, but Torsten vehemently denies and claims "that's impossible" and "that doesn't work":
1. get users to use your DNS server.
2. get users to use your root certificate.
3. redirecting a page, e.g. mybank.com, to one of the keweon servers (by changing the DNS record)
4. issue your own SSL certificate for the website, users have installed your Root-CA and so this is not a "witch work"
5. read username/password from the connection (if 2FA is used, just wait until the user logs in and use the token again quickly as it is valid for 30 seconds).
We now have proof that this is possible without a doubt. In fact, this is a classic MITM attack, and anyone who denies that it is possible either has no idea (you shouldn't assume this from Torsten) or is trying to hide something from his users.
The developer of keweon has repeatedly asserted and insisted that a root certificate cannot intercept connections or collect data.
Quote from the keweon developer with his PayPal bet:
"Prove that to me. Give me any DNS and a root certificate and try to get my PayPal data.
I'll then even contact you when I sign up for PayPal. If you manage to get my PayPal data this way, you can log in and transfer 500 Euro to your account. I have made this offer very often and this is a serious offer from my side."
Unfortunately the developer of keweon didn't contribute his part to the test as he promised so often and of course he didn't log into Paypal via our provided DNS and root certificate.
The only reaction on his part was, apart from some insults, the deletion of all keweon groups on TG.
The security test of the keweon servers also revealed that under certain conditions connections are even redirected to keweon's own termination server and answered with 1x1 pixel gifs.
The fact is that the requests contain tracking IDs that can be easily managed from these servers.
So even Torsten's statement that the keweon SSL server only terminates requests with empty (0 byte) responses is wrong.
This again contradicts Torsten's own statement.
The point now is that the developer of keweon Online Security is actively trying to deny that it is possible for him to abuse the root certificate, although it has now been proven that it is actually possible for him to do exactly that with the keweon root certificate and its users.
Until the developer decides to disprove the accusations made against keweon Online Security or can prove that the accusations against him are unfounded, it is advisable for obvious reasons of security not to use keweon Online Security for the time being.
Anyone who is interested in repeating this test can do so at:
http://keweonwette.info.tm, where you will find a DNS and a root certificate, same as with keweon Online Security.
Furthermore there is a real-time log about recorded connections.
Everything else can be found there.
Please be careful not to use your correct email address or password for this test!
#keweon #test #bet #evidence #ProofOfConcept
🇬🇧 Keweon Root Certificate Checker
Here you can check if your system is compromised by the currently most prevalent perpetrator. This check may be eventually blocked by them, don't rely on it. There is more than one person or group trying to undermine basic security, this is by no means a novel idea.
🇩🇪 Keweon Root Zertifikat Test
Hier können Sie testen ob Sie von dem aktuell prävalenten Angreifer kompromittiert wurden. Dieser Test kann früher oder später von demselben geblockt werden, also verlassen Sie sich nicht darauf. Es versuchen mehr als eine Person oder Gruppe grundlegende Internetsicherheit zu unterwandern, dies ist bei Weitem keine neuartige Idee.
✅ Test/Check at:
http://https-interception.info.tm/test.html
✅ DNS + Root Certificate Hijack Proof And Demonstration:
http://https-interception.info.tm/
#keweon #test #evidence #ProofOfConcept #dns
Here you can check if your system is compromised by the currently most prevalent perpetrator. This check may be eventually blocked by them, don't rely on it. There is more than one person or group trying to undermine basic security, this is by no means a novel idea.
🇩🇪 Keweon Root Zertifikat Test
Hier können Sie testen ob Sie von dem aktuell prävalenten Angreifer kompromittiert wurden. Dieser Test kann früher oder später von demselben geblockt werden, also verlassen Sie sich nicht darauf. Es versuchen mehr als eine Person oder Gruppe grundlegende Internetsicherheit zu unterwandern, dies ist bei Weitem keine neuartige Idee.
✅ Test/Check at:
http://https-interception.info.tm/test.html
✅ DNS + Root Certificate Hijack Proof And Demonstration:
http://https-interception.info.tm/
#keweon #test #evidence #ProofOfConcept #dns
Google bricks some Homes and Home Minis with firmware update and often there's no reset possible
https://www.androidpolice.com/2019/10/22/google-home-brick-ota-software-update/
Even though you probably don't notice that any of your Google Home devices are constantly receiving firmware updates, they get new software all the time. Most likely, you'll only realize it when something goes really wrong, which is exactly what more and more people are reporting on Google's help forum and Reddit. They say their Google Homes and Google Home Minis have been bricked following an OTA, and they receive little to no help from Google when they're outside of warranty.
The issue has been around for a while already, but reports are starting to pile in Google's support forums. People say that they've found their Homes with all four LEDs turned on and unresponsive. Simply unplugging and replugging their speakers could resolve the problem for some while others managed to go through a factory reset to make their Homes work again, but even more people say that no matter what they do, their devices remain bricked.
A Google community specialist joined the discussion and wrote that "the team is working on this issue and checking the root cause since not all Google Home devices are affected." The statement was issued on September 28, but since then, there hasn't been any further information.
Parallelly, discussions on Reddit revolve around the same issues. Redditors complain that Google won't replace their bricked devices when they're outside of warranty, even if it seems pretty certain it was the company's update that ended the speakers. Hopefully, Google will be able to resolve the issue, even if it can't fix it via software and has to replace hardware outside of warranty.
#google #nest #deletegoogle #rejectnest #test_your_software #holy_integration_tests #dont_forget_unit_tests_either #evil #why
https://www.androidpolice.com/2019/10/22/google-home-brick-ota-software-update/
Even though you probably don't notice that any of your Google Home devices are constantly receiving firmware updates, they get new software all the time. Most likely, you'll only realize it when something goes really wrong, which is exactly what more and more people are reporting on Google's help forum and Reddit. They say their Google Homes and Google Home Minis have been bricked following an OTA, and they receive little to no help from Google when they're outside of warranty.
The issue has been around for a while already, but reports are starting to pile in Google's support forums. People say that they've found their Homes with all four LEDs turned on and unresponsive. Simply unplugging and replugging their speakers could resolve the problem for some while others managed to go through a factory reset to make their Homes work again, but even more people say that no matter what they do, their devices remain bricked.
A Google community specialist joined the discussion and wrote that "the team is working on this issue and checking the root cause since not all Google Home devices are affected." The statement was issued on September 28, but since then, there hasn't been any further information.
Parallelly, discussions on Reddit revolve around the same issues. Redditors complain that Google won't replace their bricked devices when they're outside of warranty, even if it seems pretty certain it was the company's update that ended the speakers. Hopefully, Google will be able to resolve the issue, even if it can't fix it via software and has to replace hardware outside of warranty.
#google #nest #deletegoogle #rejectnest #test_your_software #holy_integration_tests #dont_forget_unit_tests_either #evil #why
Android Police
Google bricks some Homes and Home Minis with firmware update and often there's no reset possible
Even though you probably don't notice that any of your Google Home devices are constantly receiving firmware updates, they get new software all the time.
This media is not supported in your browser
VIEW IN TELEGRAM
#pcr #Rothschild #covid #test
https://pubchem.ncbi.nlm.nih.gov/#query=covid-19&tab=patent
Pfizer board member and CEO of Reuters shills:
( https://t.me/NoGoolag/5847 )
( https://t.me/NoGoolag/6417 )
https://www.reuters.com/article/uk-factcheck-patent-idUSKBN27C34O
https://pubchem.ncbi.nlm.nih.gov/#query=covid-19&tab=patent
Pfizer board member and CEO of Reuters shills:
( https://t.me/NoGoolag/5847 )
( https://t.me/NoGoolag/6417 )
https://www.reuters.com/article/uk-factcheck-patent-idUSKBN27C34O
Media is too big
VIEW IN TELEGRAM