04/30/2010

Greece, Euro and a Belgian secret.....

The Greek drama is that because of the timid answers of the European Community and the nationalistic refusal of Greece to go directly to the IMF the crisis has been developing very fast. In a few days Greece has gone from a country that still found investors for its bonds on the private market to a country that is know said to be on the border of defaulting on its debts (which are junk bonds anyway - which will pose new questions about the solvability of some banks).

The drame of the Greek crisis is that Greece can't leave the Eurozone because the judicial and financial complications would be enormous and it isn't even sure that it would be a solution. So they have to stay in the Eurozone for better and for worse, but that ain't the way the other partners are seeing it (for the worse).

The drama for the Eurozone is that if Greece would default on its obligations and wouldn't be able or willing to pay some of these debts back, the domino-effect on other countries that are already in the limelight of speculators (and others that are on the borderline like Ireland and France) would increase enormously. The markets are like a rollercoaster, it goes up slowly but it goes down very fast.

So the Euro is losing some of its political power (as its position is more political than financial) but that is an double edged sword. A strong Euro is good when the price of oil is going up (as it is) but bad for exports. It is not clear how a lower Euro will play out with rising oil prices and an economic slow recovery. As inflation is going up in the Eurozone, the debate between the proponents of an anti-inflationary monetarian policy and those that want to accept some inflation (up to 4% according to the IMF) will flare up again - or won't it (because everything is decided in small circles without much democratic oversight and debate). You can't have it both ways.

If the Eurozone decides to follow the anti-inflation doctrine with a strong internatonal Euro in a very weak economic recovery (in the Eurozone) than the consequence will be that the so-called socialsecurity states will become under enormous pressure to lower the wages, cut social welfare and healthcare with the social unrest that will follow.

Even if one says that one needs the strong Euro to give the industry a defense against the rising oil price, than one has to take into account that at the same time these enterprises have trouble exporting outside of Europe because of the strong Euro. Instead of just using this argument one should proof that it is an effective one and study it in the whole economic context, not just in a dogmatic way.

The small Belgian secret is that even if the country is now going through a political crisis, there is a real financial crisis looming if the parties can't find an agreement about how to reform the financing of the federal state (responsable for the social security, army and stuff like that) and the regions (more or less responsable for the rest) after the election. Now the regions get so much money from the federal state that in a few years time the federal state won't have enough money to finance the social security (pensions and stuff like that). If that ain't a dirty little secret, I don't know.

It also shows the irresponsability of our leaders nowadays. Even when walls come stumbling down in the Eurozone.

Permalink | |  Print |  Facebook | | | | Pin it! |

Mr Schneier about ITsecurity laws

Itsecurity laws should be about responsabilities and general technigues and functionalities one should use, nog about specific tools or protocols to do these things.

This says one of the most respected ITsecurity thinkers for the moment (but please don't make a guru out of him, I think that if you read his blog you see that he is doubting all the time what he is writing which makes him a great thinker and not a guru)

``Once a law mandates specific technologies such as protocol, applications or software, innovation stops. Companies know they will be okay as long as they do everything that the law says, and they will not figure out ways to make things more secure.

``Once visiting Canada, my credit card number was stolen and criminals had attempted to withdraw money from it. It took Visa just half an hour to cancel my cards, as they have their own system to look for signs of fraud, authenticating transactions rather than just the user of the card, and I was impressed.

``Force the credit-card companies to be liable for fraud, tell them `you can use any technology you want because fundamentally this is your profit and this is your loss.' Korea seems to have it the other way around.''
http://www.koreatimes.co.kr/www/news/biz/2010/04/123_6510...

Permalink | |  Print |  Facebook | | | | Pin it! |

All chinese connections will be decrypted by China

What is the use of having a Firewall and an internal monitoring of dissent - just in case it could disrupt in something dangerous for the military regime (who cares if you are flirting, hacking international sites, playing games or downloading films) if an ever increasing part of these communications are encrypted ? No use at all.

What do you do than ?

In a democracy this is a big question but for an economic monopoly with oversight from the party and military it is more easy"

'China has announced the implementation of new encryption rules. The new rules will be effective from this Saturday. According to the new regulations, tech products producers will have to disclose their encryption codes in order to bid for government purchases. " source

At the same time India has asked formaly its Telecom infrastructure to stop buying Chinese hardware and is rumored to change the Chinese hardware it already has by other installations.

If you read the above, you can understand this because if someone got the decryption for a router, switch or server for one country it is not that difficult to find the one for another country.

In Belgium I have that Belgacom has bought Chinese hardware.....

Permalink | |  Print |  Facebook | | | | Pin it! |

04/28/2010

the Belgian koobface infection servers (some still up)

de-nachtegaele.be/brutalvideo/
83.96.152.136
decaserver4.be
 
AS21155 (PROSERVE)
 
Koobface URLs
 
Netherlands
 
scouting.volleyliga.be/.sys/
62.182.63.36
blade.be.priorweb.net
 
AS8201 (EVONET)
 
Koobface URLs
 
Belgium
 
vgto.be/comic.show/
62.182.63.40
maggie.be.priorweb.net
 
AS8201 (EVONET)
 
Koobface URLs
 
Belgium
 
viale.be/.sys/
193.200.60.236
bytever.netline.be
 
AS42628 ()
 
Koobface URLs
 
Belgium
 
vlmbrabant.be/.sys/
77.95.248.58
e3-srv67.server.eu
 
AS43190 (GL-IX)
 
Koobface URLs
 
Netherlands
 
happykicker.be/virtualvids/
62.182.63.60
burrows.be.priorweb.net
 
AS8201 (EVONET)
 
Koobface URLs
 
Belgium
 
liguevolley.be/.sys/
62.182.63.36
blade.be.priorweb.net
 
AS8201 (EVONET)
 
Koobface URLs
 
Belgium
 
lottoladiescycling.be/.sys/
62.182.63.36
blade.be.priorweb.net
 
AS8201 (EVONET)
 
Koobface URLs
 
Belgium
 
rs-communication.be/publicshow/
85.119.185.33
www12.uniweb.be
 
AS35593 (UNIWEB)
 
Koobface URLs
 
Belgium
 
volleyliga.be/.sys/
62.182.63.36
blade.be.priorweb.net
 
AS8201 (EVONET)
 
Koobface URLs
 
Belgium
 
Belgium
 

Permalink | |  Print |  Facebook | | | | Pin it! |

hosts-file.net interesting blocklist but difficult to use

http://hosts-file.net/?s=Download

is an interesting list of domains that is updated but the problem is that

* the categories are not so clearly divided and not standard

* you can not search on domain or ASN or country

and the most important, there is a lapse of a week between the list you download and the domains they have received meanwhile, another false sense of security

bo116

Permalink | |  Print |  Facebook | | | | Pin it! |

how one user can ruin your reputation

Imagine you have nearly a million users or clients as an ISP.

Some of them will be infected or hacked for whatever reason some of the time.

But these maybe enough to kill your reputation for people who don't need that you are such an important ISP and may considering blocking you alltogether

This is what siteadvisor from McAfee advises its million of users to do with everything telenet.be on the basis of one infected phishing hosting client.....

Not very serious

why not block hotmail.com or yahoo.com because there has been spam coming from some addresses....

bo115

Permalink | |  Print |  Facebook | | | | Pin it! |

trusting your badsiteblockers and reputationtools

So if you think that you can trust Google to block all bad websites, Mcafee and others to have all bad websites in their (even communitybased) badwebsitesblockers or you think that any listing is complete or even trustworthy without any doubt, think again

If we take the Belgian Koobface infector

* Google didn't see it because they had only indexed two pages of the site so if you are looking for sites to hack, look for sites with many pages online and few in Google or with a robot.txt that stops Google after a few pages.  You just make sure that your code is somewhere deeper in the site and Google can't find you and so can't block you. As Google only works with its own malwaresearchers and some partners it will even not look in the other online database and use that data to give a realtime defense.

*  If you would think that siteadvisor from McAfee would give you a good filter/defense, than you should also think again because even if someone had indicated that the site was dangerous because it was mentioned in malwareurl.com siteadvisor still said the site was green or trustworthy.

* and if you thought the automatic spamblocking indexes would block the spamservers it connected to, you can see in the links of those servers that the list of spamblocking lists was longer for some but that the number of blocklists that thought nothing about these sites was still impressive.

So yes, you need blacklisting and reputation indicators and so, but you will still need all the security blockers on your pc or network and you will still need the security awareness about the insecurity of the internet an sich. THe problem with those lists is that - as shown here - they create a false securityfeeling in which people will probably go to sites they shouldn't go (or to which their browser shouldn't have gone).

It is also time for all those initiatives to better work together and for the governments to put some funding in them and for the registries of the world to block malwaredomains faster.

Permalink | |  Print |  Facebook | | | | Pin it! |

How a Belgian infected koobfaceserver sends me around the world

A series of Belgian .be websites were hacked some weeks ago to launch a new Koobface campaign (the virus on Facebook that is).

If you think that this is just NOT serious; it is because from your site your visitors are redirected to other sites and one tries to infect the client from there.

The site was found with the filter for .be in the database of malwareurl.com. I know it makes many different websites to watch, but as long as the governments don't put some real money instead of FUD and words and promises it is only with those volunteer projects that we will have access to some more or less real-time data (even if they don't use the same resources)

One of the domains that is being used is still up

http://nieuwasseneedstoneel.be/confident-action/   DO NOT CLICK Without protection  (Google didn't see it but they only tested 2 pages)

On the page it is just plain nonsense but in the balk of your browser you will see that you are being redirected. httpfox shows those connections. I even get an Unique ID from the server in question. I won't show it, just in case.

bo114

So the servers I am connecting to are

172.129.136.246 (which is an US spamserver)

94.196.5.128 (which is an UK spamserver)

213.55.88.202 (which is an Ethopian spamserver)

60.254.28.196 (which is an Indian spamserver)


Permalink | |  Print |  Facebook | | | | Pin it! |

Belgian ZEUS botnet activity

This is from the Zeus tracker

irc.superbits.net2010-04-10 17:59:151online085.12.60.5Not listed34305 fest.snadder.org2010-04-10 17:57:341online085.12.60.5Not listed34305
https://zeustracker.abuse.ch/monitor.php?filter=online

The hosting that is provided is Bulletproof which makes it difficult to find the real owners. If you look for one site here, you could even think that by looking at the different places where the subdomain was hosted that we are talking about fastflux hosting (presuming that zeustracker checks more or less daily where the hosts are located)

If we analyse the ASN Euroaccess it is clear that they have been attacked several times the last year.

You can find a good blocklist here

You can also track the number of Zeus hosts on your ASN (ISP network) by changing the ASN number in this search (and get updates by RSS). The good news is that there are very few of them. The conclusion one may make is that the big ISP's are slowly but steadily getting their house in order while the smallar ISP's will have to be obliged to do that because they may be the 'low hanging fruit'.

Permalink | |  Print |  Facebook | | | | Pin it! |

new storm spambotnet with new trics

After having been pushed aside by intelligent securityresearchers, the writers of the stormbot have adapted their code and distribution system

* first and most important is that the connection between the infected zombies and the command and controlserver is done over a simple http connection and not a TCP P2P (which is mostly blocked by networks - I suppose/hope you do that as a network)

* there is very little code that is being sent over so the securityresearcher have very little to go on - which makes it even more difficult to get a hold on this thing (it is a war you know and as long as the enemy isn't crushed you may have won a battle but not yet the war itself).

* there are a few domains that are for the moment being found that can be blocked and that are linked to the botnet or the spamming operation

They also abuse a whole list of URL shortener services - including those that say that they do a security analysis of the link

simpleas123rxhere.com

viagrowpower.com

chat3our.com

free2loud.com

It is not sure if these domains are still up or if you have to click on a certain link (routing/dns) to arrive at the (fastflux) hosting. (source)

Permalink | |  Print |  Facebook | | | | Pin it! |

04/26/2010

change your Google password or delete it

If you don't use your Google account, than you probably don't need and you just delete it.

If you use your Google account, you should be aware that you should monitor it more closely and probably change the passwords

It seems that the Chinese hackers in the beginning of the year were capable of downloading (extracting) the code for the supersecret login and authentification system of Google. (and this simply because an internal employee clicked in a mail on a zeroday PDF malicious file).

Not because you are in imminent danger, just because it is good politics.

Permalink | |  Print |  Facebook | | | | Pin it! |

Already 700.000 facebook logins sold, time to change

There are about 400 million facebook users (or with a login that is)

Of those the biggest list untill now was being put up for sale on the net by a Russian hacker at giveaway prices. The list claimed to have about 1.5 million logins.

According to sources already 700.000 of those have effectively been sold.

Time to change your password of Facebook

Even if the chance is one in 400

It is just good security.

Permalink | |  Print |  Facebook | | | | Pin it! |

the Belgian political crisis for newbies

The frenchspeaking community of Belgium adheres to a communitybased federalism in which it is your language that makes you part of their community wherever you live (even in Flanders). The frenchspeaking community has its own budget, administration and government. It is responsable for schools and culture. The flemish have integrated their community-administration into their regional administration.

The flemishspeaking community of Belgium of which its nationalistic politicians are still traumatized by the fact that Flanders was mostly frenchspeaking untill a few decennia ago is much more focused on a regional federalism in which each geographical region has its frontiers and doesn't have any authority in the other regions. It is old politics based on old history and old fears.

During the last discussions about the insitutional reforms the flemish leaders said to the french negotiators, "well if you give us more power and budget we will respect more  the frenchspeaking minority in Flanders" (they constitute even a majority in many cities just outside of Brussels) . But the contrary happened the last years. Never before have so many flemish politicians and decisionmakers done so much to make to make life so difficult for its french speaking minority (even accepting that there is such a minority is a taboo in Flanders as it would mean that 'democratically' you are obliged to take them into account and respect them).

The effect is that the french negotiators don't trust the promises from the flemish negotiators and want some real guarantees that the cultural rights of the french speaking minority in Flanders (schools, libraries, cultural life) will be respected in the future whatever happens.

Even if Belgium would break up and Flanders would become independent, Flanders will have to accept the fact that it has a large frenchspeaking community living on its soil and that they have some basic cultural and democratic rights - like any other community. You could even say that if Flanders wants to become independent it will only be accepted and respected if it does that. If it continues with its stupid policies of 'Vervlaamsing' - the way some Baltic states are doing against their Russian minority - it will only lose the last international respect it has. No governmental image and PR policy can change that.

It is even more stupid as the internet and ADSL tv have opened the frontiers even more for any community. The main effect being that you have a bilangual french speaking community in Flanders that will play with languages as if it are only ways of communication and learning while the pure flemish youth will always be more limited in their ability to learn languages because they haven't been confronted to bilangualism from an early age.

You are as many times man as you languages speak can (some old greek saying)

Just a reminder. The flemish nationalists say that there are courses in flemish for the newcomers and others but these are far too limited to accomodate everyone who is supposed to know flemish to be able to fill in the administration, help the kids at school and so on....

Will Belgium split up ? risk : nihil

For the rest it is all changing by the hour.

Permalink | |  Print |  Facebook | | | | Pin it! |

04/25/2010

Greece has fallen, who is next

As we previewed Greece has fallen under the pressure of the markets and has now come under control of IMF/EC even if it will still take some weeks of bickering before the deal will be closed. It is even not sure that every European country will be able to budget the money they have promised for the plan. There are elections in the Netherlands, UK and Belgium is in a deep political crisis.

The question now is which country will be next ? Portugal seems evident and is being targeted as we speak, but Spain seems more evident as it is going through an enormous crisis. Spain's inefficent economy was saved untill now by the tourism from the rest of Europe. But as the crisis raged throughout Europe, the holidays and the sale of real estate fell dramatically.

The problem for the Euro is that the economy of Spain is so important that in fact the Eurozone is more or less splitting into two. One group of countries (Germany) with a more or less efficient economy that exports to the other European countries without imorting much from them. The other group of countries (Greece, Spain, Portugal, Italy) don't have the same efficiency and won't have enough economic growth for years to come and will have to take drastic measures- that can lead to social unrest - if they ever want to keep up with the other Eurozone. The other countries are not sure for the moment in which of both zones they will be in the coming year.

Italy is another candidate because of its economic problems and a looming political crisis because of a split in the governing party.

It looks like the Eurozone will need some new economic strategy if it is going to survive. The nationalistic Eurostrategy has become an economic idiocracy because it lacks the necessary flexibiity.

Permalink | |  Print |  Facebook | | | | Pin it! |

netlog used in a trial as proof

A family wanted to stop the organizers of a sportevent because it would disturb their daugher who would have to study.

The judge surfed to her netlogprofile and saw that she had enough friends she could go to and that in her profile she said that she didn't like to study at all and that school wasn't that important.

So he refused their demand based on that evidence.

What you publish online if public and can be used against you.

Permalink | |  Print |  Facebook | | | | Pin it! |

04/23/2010

hacked loyalitycardssite countdown.be with login for client

This was the hack

bo53

 

and this is the description of what they do (they have a login in HTTP - not HTTPS)

bo54

Permalink | |  Print |  Facebook | | | | Pin it! |

some corrections on articles about .be hacking

I have spoken to the journalist and tried to explain some things. Maybe some things didn't get through

* First The number of .be sites is not the number of servers but what is troublesome is that so many .be sites are on old shared hosting platforms.

* Secondly there is no security or  quality guarantee for hosters in Belgium. If you have a server and you want to start a hosting business, just do it. If you open a business in real life you are confronted with a whole set of obligations and controls.

* If you treat personal or business information or you have an e-shop, than you should use professional services and not try to do everything yourself. Setting up and managing those services yourself is extremely complicated if you want to do it safely. And as you are treating information from others you have certain legal and other obligations.

Personally I think some of the sites that were on that shared hosting platforms should never have been there as they were using personal information or passwords.

I think that Belgian hosters should offer closed down static website platforms for all those personal and small business sites in which their clients only have to concentrate on the content and who are totally seperated from the amateurs who like to play with code and applications. (Professional developers are normally on dedicated hostingplatforms as I suppose they wouldn't want to depend on the insecurity of another hosted website on the same server).

* That you are defaced is not a disaster, but it shows that you are extremely vulnerable to automated stupid attacks, which could indicate to more professional hackers that they could even do more with your website or infrastructure.

Two practical tips

* If you are still on IIS 6 you will be attacked and probably hacked sooner or later. Migrating is absolutely necessary and should be planned with a high priority.

* You will need to be sure that all the different aspects of your linux/apache hosting are patched as well.

Permalink | |  Print |  Facebook | | | | Pin it! |

04/21/2010

easy way to circumvent Yahoo spam control (and others)

filtering is done by many ways but one is by words that appear in the subjects and or the emailaddress

Today for the first time since long spam was getting through in my yahoo box

what they had in common ? the "to emailaddress" and the way they wrote the subjectline (underscore)

I presume their servers and emailadresses will also get blocked soon but it is shows that security is an adaptive ever changing battle

subject

Get_your_mom_or_dad_the_senior_care_they_need
From:
A_Place_For_Mom <offers@brds231running.com>  
...
Add to Contacts
To:Recipient@yahoo.com

Permalink | |  Print |  Facebook | | | | Pin it! |

never before have so many .be sites been defaced in so few weeks

We are now for april at 874 hacked .be domains and we are only the 20th

Even when the Turks were battling the Kurds and the Belgian police in the streets of Brussels and even when Joomla was falling like rotten fruit there were not so many .be domains being defaced in so short notice.

You can say that it is mainly shared hosting that is responsable for the high number of .be sites but this doesn't mean that shared hosting should be unsecure.

You should not treat this lightly

* running an IIS 6 server is not really responsable now, migrating is the only possibility

* running Joomla and OScommerce without the necessary patching and hardening is taking big risks because they will find you

* the number of linuxservers is also really high

It is also remarkable that even sites that have eshops, logins and important functions are being hosted on such insecure platforms.

Permalink | |  Print |  Facebook | | | | Pin it! |

04/20/2010

another 200 .be websites hacked since 13th of april

the reason is that linuxhosting with shared hosting or IIS 6 servers are being attacked and compromised

some of the websites that are present on those servers should think again if they really should be hosting the personal and other information from their visitors on such infrastructure, even if that is so cheap. It is so cheap because it is probably not secure enough

here some examples

http://www.zone-h.org/mirror/id/10481955  institute tropical medicine, still hacked

http://www.zone-h.org/mirror/id/10477193    itbelgium.be  a IT service provider

http://www.zone-h.org/mirror/id/10470920  aankoopgoud.be  sure ?

http://www.zone-h.org/mirror/id/10468426 lereseau.be for jobseekers in Wallonia, officially subsidized

http://www.zone-h.org/mirror/id/10459446 misswellnessbelgium.be  out for now

http://www.zone-h.org/mirror/id/10470159 European criminality congress in Ghent

http://www.zone-h.org/mirror/id/10468553 sodexhoeducation.be from the big firm

http://www.zone-h.org/mirror/id/10479111 achat-telescope.be  a failed eshop

http://www.zone-h.org/mirror/id/10555466 opiniecentrum.be online polls with login

http://asp.dev.be/ still hacked at http://www.zone-h.org/mirror/id/10548521

http://www.zone-h.org/mirror/id/10548473  tracomm.be HR solutions with login still hacked

http://www.zone-h.org/mirror/id/10548495 jeugdraadlochristi.be still hacked

http://www.zone-h.org/mirror/id/10548474 BWUbelgium.be with login still hacked

http://www.zone-h.org/mirror/id/10459409 euro-vote.be important ITservice

http://www.zone-h.org/mirror/id/10547982 clubdelifrance.be important site

http://www.zone-h.org/mirror/id/10539676 planetebd.be important strip site with login

http://www.zone-h.org/mirror/id/10539995 vintagewallpapers.be with eshop

http://www.zone-h.org/mirror/id/10540045 wipe-it.be multinational firm

 

Permalink | |  Print |  Facebook | | | | Pin it! |

1 2 3 4 Next