10/31/2011

where do I go now with leaked belgian accounts ?

yes, online accounts and passwords from Belgians leaked online

full account and password

didn't try it out

but they seem to be interecepted through infection of fake proxies

the cert is closed

and publishing them online is crazy

the fccu ?

but the cert was put into place so that the fccu wouldn't be bothered with this kind of stuff anymore

ridiculuous

 

sorry people, stop hacking for a few days we are on holiday

oh and if you lose your online account, just take care of it yourself, we are on holiday

maybe, you better stay off the internet all together ....

 

oh and that belgian looking at the services I could bill his account, change his social media image (pornify it and insult all his friends and so on....)  skype on his account and so on and so on.....

but hey kid, sorry, the cert is on holiday for the moment .....

Permalink | |  Print |  Facebook | | | | Pin it! |

not a joke : belgian cert is closed for holidays :)

http://cert.be/

The CERT.be offices are closed on Monday 31 October, Tuesday 1 November
and Wednesday 2 November.

Les bureaux du CERT.be sont fermés le lundi 31 octobre, mardi 1 novembre
et mercredi 2 novembre.

De CERT.be kantoren zijn gesloten op maandag 31 Oktober, dinsdag 1
November en woensdag 2 November.

 

this is what I got when I sent to them the information about the hacked sites 

yes, they may have holidays, but why have it at the same time

you are a security service or you aren't

and as a security service there are other rules and obligations next to your rights

chosing freely your holidays all together at the same time is maybe not so evident

 

sorry that your house is on fire, but I am on holiday

a break-in in your house you say, call back on thursday

you are bleeding and need an operation, oh sorry everybody is on holiday to egypt, it is so cheap there for the moment ....

 

sorry guys, but this is ridiculuous

and even if you are on holiday, you don't put it in your email for everybody to know

you could at least hold up at least the impression that somebody is garding the fenches and doing the mails and calls ..... (even if he would get 300% compensation in hours for doing so - which is why people normally fight to be able to be 'on guard' during holidays).

Permalink | |  Print |  Facebook | | | | Pin it! |

pepsi.be, mercedes-benz.be, bbdo.be, nucleus.be and many other hacked (and friday the websites of the belgian football league)

it is not done by one big operation or against one big fail of a program or an Os

it just seems that .be sites seem to be caught up in a series of attacks and hacks

and that they aren't as secure as they thought they would be (or told their clients and costumers)

even more worrying is that some of the hacked sites have login pages..... without any https protection

so you have hackable sites without any https protection....

than they were just very very lucky that they weren't after your client data and didn't publish all the accounts online

oh yes and friday the websites of the belgian football league

see for yourself (as long as it is online that is) http://slides.diigo.com/list/mailforlen/insecure-belgiumweb

the websites of the belgian football league and some others have been cleaned since

but you understand I am not sure that they have put more security in place and that they understand the dangers that they are running and how vulnerable they are running older IIs 6 and windows 2003 and insecure apache and linux operations ..... they were luckily, but for how long

a mail has been sent to the cert

although I start asking myself why I would still have to do this kind of stuff while there are people who are fulltime paid to this and it isn't very difficult at all to follow this kind of stuff (one site, two clicks and one search for .be sites) and even if they can't do it theirselfs, why don't they follow the rss feeds with all the hacked .be sites and the leaked .be accounts ?

maybe they need a wake-up call soon because yes I have been helping and supportive but this wasn't the purpose of the cert in Belgium and it can't be the purpose

when I take some holiday I shouldn't find all that stuff, it should have been handled by the itsecurity professionals who are paid to do that

maybe instead of blocking music and p2p sites we should start blocking hacked sites as dangerous untill they have cleaned up their act

hacked belgian sites the list

http://www.diigo.com/list/mailforlen/insecure-belgiumweb?order_by=0

Rss feed  http://www.diigo.com/list/Mailforlen/insecure-belgiumweb/...

Permalink | |  Print |  Facebook | | | | Pin it! |

10/26/2011

encourage hackers with a tweet to hack creditcardthieves

just retweet this

Original Forsaken ✔
 
to see attacks on un-secure Hacking/Carding forums more often.

Permalink | |  Print |  Facebook | | | | Pin it! |

10/24/2011

ssl servers without load-balancing and ddos protection : get down

the last several months hackers are working on new ddos tool that all have the same goal : getting a server down as fast as possible - without putting lots of people in danger of prosecution as this lesson was learnt

they can only do that by using misconfiguration, security holes and bad code or bugs especially those that have become widespread (and normal) or that haven't got the necessary attention

It was first the linux servers, than Apache and now it are the ssl servers that are targeted

even to get the biggest serverfarms down you would need only 20 laptops and 120 kbps of traffic - which wouldn't be a problem for any campaign and that kind of traffic won't be stopped by your ddos protection

oh and if the administrator still hasn't patched the renegotation problem in ssl, than it is just kids play

so don't be very surprised if sites may go down quite easily, especially if the occupy movement is beaten by cops, attacked by banks or gathering forces and importance

try it against your own servers

http://www.thc.org/thc-ssl-dos

 

Permalink | |  Print |  Facebook | | | | Pin it! |

Nasdaq : so secure they are using hackable older servers

because what can you think about that

est date Mon Oct 24 15:19:23 UTC 2011

Test duration 27.110 seconds

Server signature Microsoft-IIS/6.0

Server hostname secure.directorsdesk.com
https://www.ssllabs.com/ssldb/analyze.html?d=https%3A%2F%...

so stop the bullshit about super-hackers and cyberwar and all that crap

this server is crap

if you use that kind of server - you are asking for problems

there is no way you can secure that version of Iis especially in a high secure environment with targeted attacks

you can maybe stop the automated attacks but you will be fair game for all the human experience

--------------------

and yes you may expect more attacks after this information because running that kind of servers is ......

just too good to be true for a real hacker

except if it is a lie to trap the hackers in a virtual honeypot so you can block them easier afterwards

but I am asking myself if you are that smart :)

Permalink | |  Print |  Facebook | | | | Pin it! |

Nasdaq : so secure that their ssl certificates are badly configured

https://www.ssllabs.com/ssldb/analyze.html?d=https%3A%2F%2Fsecure.directorsdesk.com

first the certificate comes from rsa (hacked) and managed by Go daddy which got hacked several times this year

secondly the server has the following essential mistake

This server is vulnerable to MITM attacks because it supports renegotiation

this means that it is possible to insert an interception attack between the browser and the destination and to intercept the logins and all the other information or even to login together with the login and to continue to be logged in when the real users logs out.....


Permalink | |  Print |  Facebook | | | | Pin it! |

Nasdaq hack : the ultimate blended attack - better than a film

First step : you need access to systems with a double authentification like Rsa secure-ID

Hack rsa through a zero-day exploit in a pdf file that you send to people in the HR department of which one opens the file on his own computer while retrieving it himself from the spambox (where it should have stayed)

Take your time and through the installation of some webbased backtunnel to the pc you install other software on the pc and you take control of the pc who was more rights than others as he is in a high security department (normally) and than you need to get secure-ID accounts or the master-keys (some doubts about what it was but Rsa has to change all keys because of their doubts and the hacking attacks against a number of defense agencies and firms that use their double authentification)

second step : you need access to some-one who uses and secure-id and uses the secret tool of the nasdaq stock exchange to exchange confidential pre-market information (worth billions)

You use the secure-ID of some of the Us based defense firms and you access his computer and get the logins or the connection to the webbased application http://www.directorsdesk.com/  (not fully https for starters)

third step : once are inside the system you try to install some snooping files or software that will collect all the information that it is possible to catch (during some time it seems) and send it back to your operation

than you do whatever you wanted to do with this confidential information untill somebody catches you

is this complicated ?

No - because security is too lax

why it is too lax - simply because malicious software could be installed and operated on such confidential secretive and high-security systems (when products like tripwire and snort exist to stop them or alert you)

so all of this is b.s.

  • Advanced network and system security based on industry best practices
  • Use of strong data protection technology
  • 24x7 monitoring and support by NASDAQ OMX's global operations team
  • Redundant high performance servers in the US and EU
  • SAS70 and ISO27001 controls

the most strangest thing is how silent everybody is about the impact and the consequences

or they know it in detail and a number of market operations have to be corrected because they have been falsified (or it was too long ago which puts their security even more in jeopardy (monitoring, my a...))

or they don't know shit and they are too afraid to tell you because that would install a complete level of distrust

or maybe it was just an insider job and that's even more scary

Permalink | |  Print |  Facebook | | | | Pin it! |

hacker calls to Boston police after publishing the names of the cops

 

because of brutality against one other local Occupy movement

Anonymous said it would attack the sites of govs that are attacking the Occupy movement

never underestimate those warnings - never

even if they don't materialize immediately

And here's a partial transcript:

 

Caller: Your website has been defaced.

 

Police official: Yes, we're in the process of uh.. investigating it, but apparently someone hacked into our website, but we've..

 

Caller: Yeah that was me.

 

Police official: .. shut the website down at this time.

 

Caller: The person who did it was me.

 

Police official: You hacked into the website?

 

Caller: Yes sir.

 

Police official: Would you like to tell me why you did it?

 

Caller: AntiSec.

 

Police official: Is there a particular reason that you did it? Are you trying to prove a point? Or are you just picking on for us any particular reason? What's the problem?

 

Caller: Just got a bit bored, y'know.

 

Police official: I can't hear you sir.

 

Caller: I said, I said I got a bit bored.

 

Police official: You got a bit bored?

 

Caller: Yeah.

 

Police official: That's fine. Alright, well.. perhaps I can break your boredom if we can trace you back and come and put you in jail, we'll get a warrant for you - how's that?

 

Caller:Well, I'm not in America.

 

Police official: That's okay. That's alright. It doesn't make any difference where you're at.

 

Caller:So you're gonna [laughs] come and get me?

 

Police official: I'm gonna get on a plane in the next few minutes and head that way, start looking for you somewhere.

 

Caller:Bring it on.


http://nakedsecurity.sophos.com/2011/10/23/hackers-phone-...

although more and  more hackers are arrested overseas or wherever they are to be found

they are only the very few that are publicized as widely as published to send a message

- if your website doesn't need any traffic from Russia or proxies or other countries, just drop it dead before it arrives at your website

Permalink | |  Print |  Facebook | | | | Pin it! |

publishing thousands of hacked or stolen facebook accounts

this is a new trend or just one information being added to the creditcards and the access to emailaccounts or paypal and ebay accounts

facebook accounts

with email and login

they get it by phishing

they get it by infecting computers and stealing all the logins

they get it by setting up fake proxies and intercepting everything that is being done

and than they publish it

like here http://pastebin.com/J486sG6t

and thousands of others

what is the importance

well Oracle for example said that they were building social networks and applications for real secure enterprises in which you could log in with your facebook or google account

never thought I would hear such stupid idea

Permalink | |  Print |  Facebook | | | | Pin it! |

official website Belgian french community administration for schools hacked

since a few days and nobody saw it

this is the official site

http://www.agers.cfwb.be/

this is the added webpage

http://www.agers.cfwb.be/index.html

which gives you this image

image be Hacked by root_1319458192348.png

this says a lot about their security and their monitoring (if there is any)

Permalink | |  Print |  Facebook | | | | Pin it! |

database pedo(?)manga website users still online

it was hacked by anonymous

and since august the police services have been informed about the existence of the online database

so they had their headstart

here it is

http://www.densetsu.com/  

http://pastebin.com/0FxaTCpy

it may be that not every member is a pedo or knows that somewhere on the site there are forums that are being used by pedo's to exchange stuff (that look like manga but in fact aren't really real interesting manga but just disgusting stuff hidden in manga-art sic.:) )

there are belgians that are members .......

Permalink | |  Print |  Facebook | | | | Pin it! |

1000 open anonymous ftp servers listed

http://pastebin.com/L628BaLz

yeah hundreds of open ftp servers that untill 2 days ago gave access to anonymous and anonymous as login and passwords

this doesn't mean that you have always the rights to place or download files

but it is in fact an open ftp server and that gets attention that it doesn't need

and yes there are a few open Belgian .be servers in it

universities

and if you are lucky they have forgotten all about it

and you can place all your crap and porn on high-bandwith servers and distribute it among all crack-forums on this web

for the curious - just don't forget that some may be 'police traps' and that in some cases - especially in your own country - you may be doing things illegal that are easy to prosecute in your own country

so don't do what I wouldn't do (which is use them :)) and do what I would do - warn them that it is stupid to do that

Permalink | |  Print |  Facebook | | | | Pin it! |

belgian webshop hacked and all members leaked

so you thought that it were only webshops and sites around the world that were hacked

so you thought you could offer webservices with login without https

so you thought that they would never come to you and inject your database with commands to extract every information that is available

wel this is NOT the case

http://pastebin.com/********

webshop.sh****.be which is in fact a bit hidden but that is no defense gives you without encryption access to a webshop with this kind of PUBLIC information

delphine.$$$$@va$$.be        $$$$$$  D$$$f Delphine        address       Hulste
pedro.$$$$@telenet.be $$$$$$ Loosveld        A$$$$        address            8790
kim$$$$$@hotmail.com  $$$$$$ B$$$$  Kim     Address                 Rumbeke

the $ are passwords or things saved to protect a bit the innocent (address in fact changes the real street and number)

and their login is ..... their emailaddress

and on the website itself you can read a fully published sql injection alert showing you where to find all the users and necessary tables

but they won't hack a Belgian webshop, wouldn't they

why not ? 

If the service doesn't use https don't use it

Permalink | |  Print |  Facebook | | | | Pin it! |

10/14/2011

a new mass infection in thousands of .asp sites

the dropped malware is only found in 6 of the 43 antivirustools tested by virustotal

about 130.000 links are in Google but the number of websites is much less as several pages are on the same website

  1. Contact ... - Den Artist, de online contactgids voor artistiek talent

    www.denartist.be/addcontact.aspx
    Deze site kan schade toebrengen aan uw computer.
  2. Zoekertje Toevoegen - Den Artist, de online contactgids voor ...

    www.denartist.be/addad.aspx
    Deze site kan schade toebrengen aan uw computer.
     
     
  3. Antec - Contact Forestier Belgique - Vente de matériel et outillage ...

    www.contactforestier.be/.../ListArticles.aspx?..
  4. (A) Vanuit huis een leuk inkom... - Gratis adverteren | Gratis ...

    adverterenisgratis.customer.ipower.be/index.cfm?...

Permalink | |  Print |  Facebook | | | | Pin it! |

10/10/2011

#antisec comes to Belgium ? and new hacking campaign announced

#antisec seems to have inspired someone to hack the University of Mons servers of the IT department or is it the IT lessons department, in some universities this is more or less the same (practical and economical)

I hope it is no Belgian because untill now FCCU has found and arrested all Belgian hackers responsable for Belgian hacks (how stupid can you be to hack servers in your own country :)

and the other end there are calls on twitter for an Octobercampaign or is it an Octoberfest of hacking and defacing

not sure how real it is because calls for campaigns appear all the time on twitter and only a very few of them really materialise into something for some time

after all, it is not bad that the hacktivists have turned again into activists and are sleeping and demonstrating far away from computers and (our) servers :)

the most favourite techniques are

* sql injection

* xss

* folder surfing (google dorks)

and they will publish the data or the passwords or both, defacing alone is not good enough for #antisec

there will be consequences

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgian University of Mons, access to database Computer department hacked

so this has been online for a full day or so

 

Hacked again by Team Intra.

T. INTRA.

PhD Thesis accepted in October 2011

Keywords: hacked,by,team,intra,security,passwords,sql,computer,pc,etc

Abstract:

#Antisec

I did not find the vulnerability on this site, gratz to .sfx who did though!

Just thought I'd put our name here again to increase the chances of you noticing this.

Exploited by Team Intra, via SQL Injection. Fix this, before someone more malicious comes along and decides to delete all your publications.

Decrypted passwords:

hmelot : cffc8b6c3fb20865d45fdb859930b729 : cavalera
delgrange : 2b51f15abb85db80f223e6ed99b4e299 : Adrien96
ramil : e89a0842f1d5b704d796ee2b91cfa43b : ramil
elena : 212b627d47ef6f451acfdab10334825f : prep14
wijsen : 026000cae52bfe6f0503c4e7fbbd8632 : saoedi
poiret : 4405c45698f97064a80cf8ca41b80a3c : poiret
buys : 38dd380927d8765d98098b1d0c5a4152 : buys
adecan : ff5b9ae37810e31f852727677d13373b : lexpage

You are meant to be researchers of computer science, yet some of you can't even make a unique password? Ramil, poiret and buys is disgraceful, your passwords are the same as your username!


http://informatique.umons.ac.be/publications/index.php?pa...

wow, sorry they can't ask for help from the institute for forensics because they have some work of their own, but this can turn into a real great shutdown if there was no clear isolation because tens of hackers with different specialities may have been using these passwords the last day, changing all kinds of things

backdoors, time-bombs, re-opening vulnerabilities,..... you name it, deep penetration can bring this whole shit down if there was no isolation

isolation isolation isolation is what localisation localisation and localisation is to shops

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgian institute for forensic auditors defaced (hacked)

this is the propaganda

Welcome to the website of the Institute of Forensic Auditors (IFA), the professional organization of forensic auditors in Belgium. IFA is has been founded in 2001 as a not for profit association which is based on a public-private partnership. IFA holds a list of professionals in the public and private sector who are certified as "Registered Forensic Auditors". IFA develops best practices for forensic practitioners. IFA regularly organises conferences and trainings on forensic topics. IFA is an ideal forum for networking within the forensic community.
http://www.ifa-iaf.be

this is the page today

http://www.ifa-iaf.be/data/

and this is the archive (if they find it out on day)

http://www.zone-h.org/mirror/id/15575296

oh yes and they have a login page for members without https

http://www.forensicaudit.be/nl/library/members_only-11.html

maybe their site is a fake case for newbies

proof that you know something about forensics and solve this case before you can become member

Permalink | |  Print |  Facebook | | | | Pin it! |

10/04/2011

dexia and the european stress tests

so dexia passed the european stress tests

* no real professional believed it would proof anything

* didn't test the case of a real crisis

* was purely theoretical

 

in fact they are useless because when the financial storms starts there is no stress test that will prepare you for it

in fact nearly any bank that was englobed in such a storm has sunk or had to restructure totally to survive

 

so if any bank says or thinks  "this won't happen to us because we have passed the stress test"

so did Dexia

Permalink | |  Print |  Facebook | | | | Pin it! |

dexia crisis : it is the fault of twitter (instead of the US, London, speculators and so on)

it is always the fault of something or somebody else

it is never their strategic mistakes or their mismanagement or indecision or foolish mis-communication

now some say that the crash of dexia is the fault of twitter on which where launched a series of so-called rumors

and what does Dexia do on twitter

nothing really, just crap

Dexia
 
:persbericht na raad van bestuur 3/10/11
19 hours ago Favorite Retweet Reply
Dexia
 
:Communiqué post conseil du 3/10/2011
19 hours ago
Dexia
 
: press release post board of directors of October 03, 2011
19 hours ago
Dexia
 
Crédits Logement devient Crefius
28 Sep
Dexia
 
Woonkredieten wordt Crefius
28 Sep
Dexia
 
Statement Jean-Luc Dehaene following the Board of Directors' meeting of Dexia SA on 27/09/2011
28 Sep
Dexia
 
ouverture de la première agence bancaire basse énergie
16 Sep
Dexia
 
opent eerste laagenergie bankkantoor
16 Sep
yeah this is really an example of pro-active following and answering rumors that are appearing on twitter
when another big firm was in problem I said to them over and over again, you have to follow twitter round the clock and look at the trending of misinformation and rumors and answer them or develop a strategy to answer them
but dexia can't answer them because they don't know what they will do or have to do
they are just a ship without fuel in the middle of a huge storm on sea
there is no media like twitter media and there is no media that fast that I know
everything i have to know appears on twitter first and than elsewhere
so it is twiiter here and twitter all the time
because there is no media as fast as twitter media all the time
what do you need
* you need a twitter following tool that will give you in realtime what is being said about your products and firm on twitter and the trending of it
* you need some people that have nothing else to do than to follow the social media and report permanently or instantly the things people have to pay attention at
* have fast action-reaction procedures so you don't have to wait for hours to contradict or correct something that afterwards seem to be correct
 
 

Permalink | |  Print |  Facebook | | | | Pin it! |

1 2 Next