yes, online accounts and passwords from Belgians leaked online
full account and password
didn't try it out
but they seem to be interecepted through infection of fake proxies
the cert is closed
and publishing them online is crazy
the fccu ?
but the cert was put into place so that the fccu wouldn't be bothered with this kind of stuff anymore
sorry people, stop hacking for a few days we are on holiday
oh and if you lose your online account, just take care of it yourself, we are on holiday
maybe, you better stay off the internet all together ....
oh and that belgian looking at the services I could bill his account, change his social media image (pornify it and insult all his friends and so on....) skype on his account and so on and so on.....
but hey kid, sorry, the cert is on holiday for the moment .....
The CERT.be offices are closed on Monday 31 October, Tuesday 1 November
and Wednesday 2 November.
Les bureaux du CERT.be sont fermés le lundi 31 octobre, mardi 1 novembre
et mercredi 2 novembre.
De CERT.be kantoren zijn gesloten op maandag 31 Oktober, dinsdag 1
November en woensdag 2 November.
this is what I got when I sent to them the information about the hacked sites
yes, they may have holidays, but why have it at the same time
you are a security service or you aren't
and as a security service there are other rules and obligations next to your rights
chosing freely your holidays all together at the same time is maybe not so evident
sorry that your house is on fire, but I am on holiday
a break-in in your house you say, call back on thursday
you are bleeding and need an operation, oh sorry everybody is on holiday to egypt, it is so cheap there for the moment ....
sorry guys, but this is ridiculuous
and even if you are on holiday, you don't put it in your email for everybody to know
you could at least hold up at least the impression that somebody is garding the fenches and doing the mails and calls ..... (even if he would get 300% compensation in hours for doing so - which is why people normally fight to be able to be 'on guard' during holidays).
pepsi.be, mercedes-benz.be, bbdo.be, nucleus.be and many other hacked (and friday the websites of the belgian football league)
it is not done by one big operation or against one big fail of a program or an Os
it just seems that .be sites seem to be caught up in a series of attacks and hacks
and that they aren't as secure as they thought they would be (or told their clients and costumers)
even more worrying is that some of the hacked sites have login pages..... without any https protection
so you have hackable sites without any https protection....
than they were just very very lucky that they weren't after your client data and didn't publish all the accounts online
oh yes and friday the websites of the belgian football league
see for yourself (as long as it is online that is) http://slides.diigo.com/list/mailforlen/insecure-belgiumweb
the websites of the belgian football league and some others have been cleaned since
but you understand I am not sure that they have put more security in place and that they understand the dangers that they are running and how vulnerable they are running older IIs 6 and windows 2003 and insecure apache and linux operations ..... they were luckily, but for how long
a mail has been sent to the cert
although I start asking myself why I would still have to do this kind of stuff while there are people who are fulltime paid to this and it isn't very difficult at all to follow this kind of stuff (one site, two clicks and one search for .be sites) and even if they can't do it theirselfs, why don't they follow the rss feeds with all the hacked .be sites and the leaked .be accounts ?
maybe they need a wake-up call soon because yes I have been helping and supportive but this wasn't the purpose of the cert in Belgium and it can't be the purpose
when I take some holiday I shouldn't find all that stuff, it should have been handled by the itsecurity professionals who are paid to do that
maybe instead of blocking music and p2p sites we should start blocking hacked sites as dangerous untill they have cleaned up their act
hacked belgian sites the list
the last several months hackers are working on new ddos tool that all have the same goal : getting a server down as fast as possible - without putting lots of people in danger of prosecution as this lesson was learnt
they can only do that by using misconfiguration, security holes and bad code or bugs especially those that have become widespread (and normal) or that haven't got the necessary attention
It was first the linux servers, than Apache and now it are the ssl servers that are targeted
even to get the biggest serverfarms down you would need only 20 laptops and 120 kbps of traffic - which wouldn't be a problem for any campaign and that kind of traffic won't be stopped by your ddos protection
oh and if the administrator still hasn't patched the renegotation problem in ssl, than it is just kids play
so don't be very surprised if sites may go down quite easily, especially if the occupy movement is beaten by cops, attacked by banks or gathering forces and importance
try it against your own servers
because what can you think about that
est date Mon Oct 24 15:19:23 UTC 2011
Test duration 27.110 seconds
Server signature Microsoft-IIS/6.0
Server hostname secure.directorsdesk.com
so stop the bullshit about super-hackers and cyberwar and all that crap
this server is crap
if you use that kind of server - you are asking for problems
there is no way you can secure that version of Iis especially in a high secure environment with targeted attacks
you can maybe stop the automated attacks but you will be fair game for all the human experience
and yes you may expect more attacks after this information because running that kind of servers is ......
just too good to be true for a real hacker
except if it is a lie to trap the hackers in a virtual honeypot so you can block them easier afterwards
but I am asking myself if you are that smart :)
first the certificate comes from rsa (hacked) and managed by Go daddy which got hacked several times this year
secondly the server has the following essential mistake
This server is vulnerable to MITM attacks because it supports renegotiation
this means that it is possible to insert an interception attack between the browser and the destination and to intercept the logins and all the other information or even to login together with the login and to continue to be logged in when the real users logs out.....
First step : you need access to systems with a double authentification like Rsa secure-ID
Hack rsa through a zero-day exploit in a pdf file that you send to people in the HR department of which one opens the file on his own computer while retrieving it himself from the spambox (where it should have stayed)
Take your time and through the installation of some webbased backtunnel to the pc you install other software on the pc and you take control of the pc who was more rights than others as he is in a high security department (normally) and than you need to get secure-ID accounts or the master-keys (some doubts about what it was but Rsa has to change all keys because of their doubts and the hacking attacks against a number of defense agencies and firms that use their double authentification)
second step : you need access to some-one who uses and secure-id and uses the secret tool of the nasdaq stock exchange to exchange confidential pre-market information (worth billions)
You use the secure-ID of some of the Us based defense firms and you access his computer and get the logins or the connection to the webbased application http://www.directorsdesk.com/ (not fully https for starters)
third step : once are inside the system you try to install some snooping files or software that will collect all the information that it is possible to catch (during some time it seems) and send it back to your operation
than you do whatever you wanted to do with this confidential information untill somebody catches you
is this complicated ?
No - because security is too lax
why it is too lax - simply because malicious software could be installed and operated on such confidential secretive and high-security systems (when products like tripwire and snort exist to stop them or alert you)
so all of this is b.s.
Advanced network and system security based on industry best practices
Use of strong data protection technology
24x7 monitoring and support by NASDAQ OMX's global operations team
Redundant high performance servers in the US and EU
SAS70 and ISO27001 controls
the most strangest thing is how silent everybody is about the impact and the consequences
or they know it in detail and a number of market operations have to be corrected because they have been falsified (or it was too long ago which puts their security even more in jeopardy (monitoring, my a...))
or they don't know shit and they are too afraid to tell you because that would install a complete level of distrust
or maybe it was just an insider job and that's even more scary
because of brutality against one other local Occupy movement
Anonymous said it would attack the sites of govs that are attacking the Occupy movement
never underestimate those warnings - never
even if they don't materialize immediately
And here's a partial transcript:
Caller: Your website has been defaced.
Police official: Yes, we're in the process of uh.. investigating it, but apparently someone hacked into our website, but we've..
Caller: Yeah that was me.
Police official: .. shut the website down at this time.
Caller: The person who did it was me.
Police official: You hacked into the website?
Caller: Yes sir.
Police official: Would you like to tell me why you did it?
Police official: Is there a particular reason that you did it? Are you trying to prove a point? Or are you just picking on for us any particular reason? What's the problem?
Caller: Just got a bit bored, y'know.
Police official: I can't hear you sir.
Caller: I said, I said I got a bit bored.
Police official: You got a bit bored?
Police official: That's fine. Alright, well.. perhaps I can break your boredom if we can trace you back and come and put you in jail, we'll get a warrant for you - how's that?
Caller:Well, I'm not in America.
Police official: That's okay. That's alright. It doesn't make any difference where you're at.
Caller:So you're gonna [laughs] come and get me?
Police official: I'm gonna get on a plane in the next few minutes and head that way, start looking for you somewhere.
Caller:Bring it on.
although more and more hackers are arrested overseas or wherever they are to be found
they are only the very few that are publicized as widely as published to send a message
- if your website doesn't need any traffic from Russia or proxies or other countries, just drop it dead before it arrives at your website
this is a new trend or just one information being added to the creditcards and the access to emailaccounts or paypal and ebay accounts
with email and login
they get it by phishing
they get it by infecting computers and stealing all the logins
they get it by setting up fake proxies and intercepting everything that is being done
and than they publish it
like here http://pastebin.com/J486sG6t
and thousands of others
what is the importance
well Oracle for example said that they were building social networks and applications for real secure enterprises in which you could log in with your facebook or google account
never thought I would hear such stupid idea
it was hacked by anonymous
and since august the police services have been informed about the existence of the online database
so they had their headstart
here it is
it may be that not every member is a pedo or knows that somewhere on the site there are forums that are being used by pedo's to exchange stuff (that look like manga but in fact aren't really real interesting manga but just disgusting stuff hidden in manga-art sic.:) )
there are belgians that are members .......
yeah hundreds of open ftp servers that untill 2 days ago gave access to anonymous and anonymous as login and passwords
this doesn't mean that you have always the rights to place or download files
but it is in fact an open ftp server and that gets attention that it doesn't need
and yes there are a few open Belgian .be servers in it
and if you are lucky they have forgotten all about it
and you can place all your crap and porn on high-bandwith servers and distribute it among all crack-forums on this web
for the curious - just don't forget that some may be 'police traps' and that in some cases - especially in your own country - you may be doing things illegal that are easy to prosecute in your own country
so don't do what I wouldn't do (which is use them :)) and do what I would do - warn them that it is stupid to do that
so you thought that it were only webshops and sites around the world that were hacked
so you thought you could offer webservices with login without https
so you thought that they would never come to you and inject your database with commands to extract every information that is available
wel this is NOT the case
webshop.sh****.be which is in fact a bit hidden but that is no defense gives you without encryption access to a webshop with this kind of PUBLIC information
delphine.$$$$@va$$.be $$$$$$ D$$$f Delphine address Hulste
email@example.com $$$$$$ Loosveld A$$$$ address 8790
firstname.lastname@example.org $$$$$$ B$$$$ Kim Address Rumbeke
the $ are passwords or things saved to protect a bit the innocent (address in fact changes the real street and number)
and their login is ..... their emailaddress
and on the website itself you can read a fully published sql injection alert showing you where to find all the users and necessary tables
but they won't hack a Belgian webshop, wouldn't they
why not ?
If the service doesn't use https don't use it
the dropped malware is only found in 6 of the 43 antivirustools tested by virustotal
about 130.000 links are in Google but the number of websites is much less as several pages are on the same website
Contact ... - Den Artist, de online contactgids voor artistiek talentwww.denartist.be/addcontact.aspxDeze site kan schade toebrengen aan uw computer.
Zoekertje Toevoegen - Den Artist, de online contactgids voor ...www.denartist.be/addad.aspxDeze site kan schade toebrengen aan uw computer.
Antec - Contact Forestier Belgique - Vente de matériel et outillage ...www.contactforestier.be/.../ListArticles.aspx?..
(A) Vanuit huis een leuk inkom... - Gratis adverteren | Gratis ...adverterenisgratis.customer.ipower.be/index.cfm?...