• vote this securityblog on the skynetblog homepage

    if you think it should be about public service and information and going further than the normal media would go

    vote for this blog (if you don't have one, you should make a skynetblogs profile that would take you 5 minutes) you can even start blogging afterwards if you would like that  (even here if you would like to blog about infosecurity or risks)

     

    Blogs Awards 2008

  • hacking attacks may increase

    after each conflict in the Middle east, hackers are attacking everything in their sight no matter what nonsense this may seem

    so close your systems down, cut links between internal and external sites, limit incoming traffic and desactivate all accounts not used or necessary

    be sure everything is upgraded and all test, demo and backup sites are offline and unreachable from external sources

    scan your own network from outside (use metasploit)

    do it before they do it and you are called back to the office no matter how important your family time is for you

    prepare for the worst be live through something much lesser without any problem

    zone-h.com gives already an enormous list of hacked sites and subsites....

  • castle cops volunteers go away

    "You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created. "

    this is another proof that government should pay for permanent personnel at those first lines defenses (even if it would be financed with contributions from ISP's or other ebusiness)

    you can't expect from volunteers to stay on working like that against such a menace without any support (or even thanks or respect for that matter)

    there is for the moment not much to replace them

    wanted for 2009 : YOUR HELP HERE (lots still to do) contact me

  • on holiday - have great holidays yourselves

    I am off to family and quality time

    this is a free nonpaid voluntary effort to get some information about security and insecurity out but I am taking time off this time

    it has been a nice time and we have done a lot this year that others could only dream about

    but we dream about a CERT, we dream about certifications and audits and coordination

    and all we see is promises

    let's hope that we will get somewhere in 2009 because after 2008 2009 will not be like any other year

    for those looking for free stuff, you have 16.000 cached articles and links, links to 900 freeware, 1500 books and lots of more links here around (on netvibes there are links to digg and so on that change permanently)

    make love, have fun, friends, family and be happy and healthy

    we will be back in a day of four - and no netties (vlaamse vertaling) nogal drukke familietijd (sorry)

  • christmas 1500 books to download from scribd

    we are not sure that all the books are there but

    mailforlen.googlepages.com/start   try for yourself

    many many different interests and subjects

  • christmas : 900 real freewares for download

    mailforlen.googlepages.com/allfreeware

    these are the freewares that we hope we can continue to supervise and alert for updates. They are sypware free and diverse.

  • tracking spy devices in your car ? when extra-legal affairs and political turmoil in Vlaams Belang turn ugly.

    This is the case in extra-legal affairs, divorces and political ambushing in the flemish rightwing party vlaams belang. The same affair in which personal (partly falsified ?) emails were published by Knack.

    "Zo vraagt Dag Allemaal hem of het klopt dat hij ooit een tracking device, een volgapparaatje, liet plaatsen in Morels wagen om te zien waar ze heen ging. Christian Schellemans: “Dat is niet mijn stijl. Ik ken dat verhaal, ik ben er ooit zelfs voor bij de politie geweest. Maar dat toestelletje kwam niet van mij.” Van wie dan wel?" source

    It seems that one of the protagonists had found a tracking device in her car. Her ex-husband says that he knows nothing about that. Who else ?

    You will also have seen that it isn't expensive to build such a device (see video published this week).

    So if you are responsable for security in hightech or other important services, being sure that the cars and technology are free of such tracking devices can be important. I am sure there are enough people that would like to know where your CEO goes.....

    Time to think about signal blockers (which are illegal in Belgium for the moment)

  • cloud computing is not in the cloud, it is in the electricity grid

    "A spate of service outages on the Amazon and Google platforms has increased enterprise caution about the reliability of consumer-market-oriented cloud providers."

    The cloud creates new management challenges for CIOs, because it runs like an electricity grid. Unlike under an outsourcing deal, where any slip in quality is protected by service level agreements, an outage of a cloud service may not be remedied quickly."

    source

    just a marketing chic and nothing more because it all comes down to the same old fundamentals (hardware resilience, Disaster recovery, proxy services, electricity, integrated vulnerabilitiesn, .....)

    there is one thing for which cloud computing should be interesting and that is for the integration of several security scanning services into one. That idea should be integrated in independent appliances on which you can choose - eventually hire for a limited time or limited number of users - whatever security service you would like. Take for example that a limited number of users should be checked by 3 antivirus products, should I buy three appliances or be able to have a security center box on my network on which I can activate those three services out of many.

  • Free For today Image Mender 1.1

    Image Mender - the program allows you to remove any lines or blemishes on your images and it also helps you to remove larger marks, logos or any other undesirable elements. Image Mender is easy to use.

    The clear and user-friendly interface of the program enables you to work. You just need to highlight the part of the image you would like to correct, and then Image Mender will do the rest. After editing, you can save it in the desired format.

    Major functions:

    • Intellectual reconstruction – the program reconstructs the image under the cleared spot so fine that the traces are hardly noticeable even after the removal of large fragments;
    • Ease of use - operating Image Mender is a lot simpler than operating Photoshop Clone Tool. You only need to select the fragment to be removed from the image;
    • Supporting various formats – the program supports the following formats: JPEG, TIFF, BMP, PNG, TGA, MNG, RAS, RAW, JP2, JPC, PCX;
    • High performance – the program is written completely in the C++ language, which ensures its high performance

     

  • .be hacked websites

    2008/12/21serseridelikan corpsacorps.be/site/index2.php  
    2008/12/21NoName boutique-nature.be  
    2008/12/21x bisco.be/txt/x.txt  
    2008/12/21x caccioppoli.be/images-news/x.txt  
    2008/12/21x gravypascal.be/content/x.txt  
    2008/12/201923Turk mudcrushers.be  
    2008/12/201923Turk harmonieoostrozebeke.be  
    2008/12/201923Turk excuusfeesten.be  

  • Arbor Networks Belgian Internet threat theater

    First the good news, yesterday there were no significant DDOS attacks. ANd the DNS servers of Belgacom were not in the the listing of the attacking servers. ISP's should have a very close view on their DNS infrastructure, it is really their biggest single point of possible failure.

    Brutele has a problem somewhere on its network, one that is even bigger than skynet

    now003

    and it is coming from these machines

    now005

    and owners of symantec should take notice, there was a whole lot of scanning against machines that weren't updated recently

    now004

     and scanning has also some new profiles

    now006

    It is not because it is Christmas and holidays are coming that the cyberattackers aren't working very hard to get as much infrastructure and money as possible.

  • msntracer.eu is a phishing server according to phishtank

    so would you use it

    len146

    but the phishtank says it is a phish and you shouldn't use it

    http://www.phishtank.com/phish_detail.php?phish_id=585737&frame=site

  • How to find out for 20 dollars if your girlfriend is riding to her secret lover (US only for now)

    GPS and mobile tracking without any privacy guarantees....

    this is for fun but what about economic spying, wouldn't you want to know where the salespeople of your competitors are going ?

    problem is the batteries and as you will have to change them often, you can get caught each time

    another problem is that this guy leaves so many forensic fingerprints behind....

     

  • Samsung SPF-85H 8-Inch Digital Photo Frames infected with virus

    Greetings from Amazon.com.

    We have recently learned that Samsung has issued an alert affecting its SPF-85H 8-Inch Digital Photo Frame. Our records indicate that you have purchased one of the digital photo frames through the Amazon.com website and are therefore affected by this alert.

    The alert involves the SPF-85H 8-Inch Digital Photo Frames w/1GB Internal Memory, designed to work with Windows-based PCs via a USB connector. They were sold between October and December 2008 for about $150.

    The alert concerns discovery of the W32.Sality.AE worm on the installation disc SAMSUNG FRAME MANAGER XP VERSION 1.08, which is needed for using the SPF-85H as a USB monitor. If you are using Vista or a different version of Frame Manager, this issue does not affect you.

    If your anti-virus software displays a Virus Alert after you have installed Samsung Frame Manger 1.08 using the installation CD, please perform the following procedure:

    1. Quarantine or delete the W32.Sality.AE worm.

    2. Uninstall the current version of Frame Manager 1.08 you installed from the install CD. (Click Start > Settings > Control Panel > Add or Remove Programs. Find and then click Frame Manager in the Add or Remove Programs dialog, and then click Remove.)

    3. Download and install the updated version of Frame Manager XP 1.082 from the Samsung Download Center: www.samsung.com/us/support/download/supportDown.do?group=&type=&subtype=&model_nm=SPF-85H&language=&cate_type=all&dType=D&mType=SW&vType=L&prd_ia_cd=05200100&disp_nm=SPF-85H

    4. After you install Samsung Frame Manager 1.082, reboot your computer to complete the process.

    If these steps do not correct the problem, please call Samsung Service Hotline at 1.800.SAMSUNG (800-726-7864).

    If you purchased this item as a gift for someone, please notify the recipient immediately and provide them with the information in the Samsung Alert concerning this issue.

    We regret the inconvenience this alert has caused you but trust you will understand that the safety of our customers is our highest priority.

    Thanks for shopping at Amazon.com.

    Sincerely,

    Customer Service
    Amazon.com
    http://www.amazon.com/

    comment : problem with process here, have they any ISO at Samsung because it clearly isn't applied in this production process

  • .be sites hacked

    2008/12/20Info4KurD eurolinesconstruct.be/images/index.php  
    2008/12/20redMin judoclubevergem.be  
    2008/12/20redMin salsadave.be/JML  
    2008/12/20redMin filipmichiels.be  
    2008/12/20redMin cpas-fleron.be/portail  
    2008/12/20KEREMHAN johannbreuer.be  
    2008/12/20redMin vlaamsewijngilde.be  
    2008/12/20redMin dyra.be  
    2008/12/19By_Tuncayov microman.be/nety.htm  
    2008/12/19By_Tuncayov thysinterieur.be/nety.htm  
    2008/12/19By_Tuncayov theheartaches.be/nety.htm  
    2008/12/19t0t0m1C oka-schellebelle.be  
    2008/12/19t0t0m1C pretparkleute.be  
    2008/12/19t0t0m1C rapenvrank.be  

  • cpas Fleron website hacked

    cpas-fleron.be

    len144

  • Arbor Networks Belgian Internet threat monitor

    High volume of botnet and DDOS traffic on the Belgian Internet according to Arbor Networks, we had 6 botnet and DDOS attacks yesterday of which 2 inbound and 4 outbound. This means that the Belgian internet is being used to attack other servers in other countries and that this can pose legal and practical problems. I suppose that many of the supportpeople are taking a holiday but as far as we see it, it will are very dangerous times for the moment on the Belgian Internet and some problems need to be solved earlier. More than 50% of all attack traffic was botnet attacks.

    Nobody else will do it for you, so if you don't take the lead and bring them down or just stop the attacks (ingoing or outgoing) nobody else is going to do it for you. Take your responsability. Stop the attacks and tha attackers.

    There is still one big Control and Command center on Coltnet (according to shadowsource.org there are still 160 other Control and command centers and Belgium is one of the slowest countries to bring them down) If Coltnet would do the same thing as Versatel and bring that Control and Command center of a botnet down, that would already be a good start.

    There are still some other specific attacks

    len139

     The attacks are very heavy on the Skynet networks, but the other networks are still feeling the impact. This is less than 2 days ago, but more than last week

    len140

    and the servers that are being used aren't good news either because we see now many more fixed IP adresses instead of dynamic ADSL stations and the Skynet DNS servers are back again. Is there any logical reason for that ?

    len141

    this is different from the scanning sources that have more such individual sources

    len142

    and you still should patch your internet explorer because the scanning for vulnerable computers is still going on heavyhanded

    len143

  • .be hacked websites liste No1

    http://www.rhch.be/_component/static/content.asp?p=1&lg=1

    www.gauffe.be/livre%20dor/dark_livre/

    http://www.dgitall.be/monalbum/

    http://www.oecumenisme-et-paix.be/pages/accueilpag.html

    www.gpig.be/

    http://www.autoretrosport.be/catalog/admin/index.php

    http://gpfrecouvrement.be/default.html

    http://www.dsee.be/

    http://www.masterseek.be/id/16684131/Covalux%20Sabas%20Soignies.htm

    http://www.hyundai-fun.be/admin/old/ListeNews.php error page now

    http://www.veganshop.be/index.php/install/ error page

    http://leibeekhoeve.be/movies/replicant.html

    http://www.tconvent.be/newsletter/

    http://www.rcsttvise.be

    joomla hack http://www.lallalaaroussa.be/joomla/administrator/?6e8c495a78c2de2aff4d21fd5ad76097=f9f3e0a44d9732f8197ee9ab6291ad0d

    http://www.pcca.be/

    http://bellscafe.be/fotos/

    http://www.beauxvillages.be/en/

    http://jeugd.studiant.be/chirotomsam/writeable/forum/default.asp

    http://www.informaticalessen.be/moodledata/mid.html

    http://www.libos.be/fotoalbum/include/sharp.htm

    http://priscille.be/index.html

    http://www.assoctex.be/UserFiles/File/

    http://www.acrefimo.be/files/

    http://entreprunners.be/cr.html

    http://www.immovisie.be/files/index.html

    http://www.ramenprijzen.be/

    http://kvcardooie.be/fotos/

    http://www.speleovvs.be/temp/

    http://www.coconutsparty.be/zeverhoek_data.htm

    http://www.djgrammy.be/fotoalbum/include/hacked.html

    http://www.ultimate-gear.be/shop/

    http://www.sargeras.be/

    http://www.technilevage.be/images_database/

    http://wijnenadvies.be/images/

    http://www.garageforrest.be/index.html

    http://www.passagecycling.be/forum/forums.asp?forumid=9&page_no=15&sortby=

    http://vrijgezellendag.be/templates/

    http://wildec.be/index1.htm

    http://www.d-club.be/foto/48_dvine/

    http://spot.be/FasHisT.htm

    http://www.southafricanpride.be/index/

    http://www.petidur.be/Site2/

    http://www.meteowvl.be/images/real.txt

    http://luytens.be/foto/

    http://www.motorbeurs.be/

    http://medissa.be/.index.htm

  • IE exploit now hidden in WORD documents

    Attackers are exploiting the just-patched vulnerability in Internet Explorer (IE) by hiding malicious ActiveX controls in Microsoft Word documents, a security company said today.

    "Inside the document is an ActiveX control, and in that control is a line that makes it call out to the site that's hosting the malware," said David Marcus, director of security research and communications for McAfee Inc.'s Avert Labs. "This is a pretty insidious way to attack people, because it's invisible to the eye, the communication with the site."

    Embedding malicious ActiveX controls in Word documents isn't new -- Marcus said he had seen it "a time or two" -- but using an ActiveX control to ping a hacker's server for attack code is "definitely an innovation," he added. "They're stepping it up."

    source

    are you sure you haven't whitelisted word documents in any way (accept integrated scripts) in your emailsecurity solutions