• new java zero day : the facts and nothing but the facts

    the danger of it is not to be underestimated

    * it works against all the browsers that haven't whitelisted the java experience to a few sites they may trust

    * it works against all the machines, Mac or Apple included as it is solely java based

    * it is included in the newest versions of the worms, bots and metasploit attack environment

    * there is no patch planned untill October - unless some big firms will threaten Oracle directly to disable Java all together or just leave it as a programming or interface platform

    what does this mean for you

    you have 4 options

    * if you have really important information on your station you should have a really professional global securitypackage on it that will include generic analysis, whitelisting programmes and real-time analysis and updates

    * if you know or have the rights how to work with the security rights of your browser, you limit the number of websites that can use java to the strict minimum

    * if you haven't updated java since version Java 1.6 Update 33, don't update it

    * if you did update it, desintall the latest update

    and for all those great bloggers with linux and mac, this is java that is exploding with insecurities, not microsoft and compare now the actions taken by Oracle with those that Microsoft would have taken

  • Some test that could maybe find Gauss bot on your computer

    This test tries to check if Palida Narrow font is installed on your computer. Kaspersky Lab found that Palida Narrow, a previously unknown font is installed onto all computers infected by the Gauss Malware.

    You can read more about the test methodology in CrySyS Lab's blogsite: blog.crysys.hu (sorry, we have an outage till 11/08 18CEST 09AM PST on that site)

    You can read detailed tech report on Gauss from Kaspersky Lab at http://www.securelist.com/en/downloads/vlpdfs/kaspersky-lab-gauss.pdf

    GO TO


    it will still take some time before they know how the virus got on these targeted computers in the first place because for the moment one has no real information on that - aside from theories which are still only theories

    it is mostly used against computers in the Middle East including Israel

    some say it is statesponsored but it is not because it uses the same techniques as duntu, flame and others that only for this reason it is state sponsored because you can find online downloadable versions of these versions and the technical details and analysis are detailed enough to help any smart programmer to get his own supervirus going

  • #trapwire and the 5 essential questions your internal security should ask the stratfor contacts in your organisation

    this is one of the activities or businesses of stratfor

    "Every few seconds, data picked up at surveillance points in major cities and landmarks across the United States are recorded digitally on the spot, then encrypted and instantaneously delivered to a fortified central database center at an undisclosed location to be aggregated with other intelligence. It’s part of a program called TrapWire and it's the brainchild of the Abraxas, a Northern Virginia company staffed with elite from America’s intelligence community.

    The employee roster at Arbaxas reads like a who’s who of agents once with the Pentagon, CIA and other government entities according to their public LinkedIn profiles, and the corporation's ties are assumed to go deeper than even documented. The details on Abraxas and, to an even greater extent TrapWire, are scarce, however, and not without reason. For a program touted as a tool to thwart terrorism and monitor activity meant to be under wraps, its understandable that Abraxas would want the program’s public presence to be relatively limited. But thanks to last year’s hack of the Strategic Forecasting intelligence agency, or Stratfor, all of that is quickly changing."

    So: those spooky new "circular" dark globe cameras installed in your neighborhood park, town, or city—they aren't just passively monitoring. They're plugged into Trapwire and they are potentially monitoring every single person via facial recognition"

    the more documents and mails are being released from the 5 million (millions in the waiting) the more one is becoming alarmed about the way the company worked internally and how it really is the big private worldwide CIAlike operation (which they found amateurish and limited) that nobody knew about

    when you go to the site  you will think it is all about international analysis (what are spies otherwise doing) but behind the forefront we now see that all those people that are becoming contacts on conferences, publications and internet exchanges or freewheeling conversations with stratfor 'operatives' even if they had all other kinds of normal names (consultants, analysts, publisher, representative,.....) In some mails it even becomes clear that as internal information was their main business they used any method possible to get that information (in one mail the boss they have to use any method against their contacts to get it, financial, sexual, blackmail, threats, promises, whatever....)

    this is a spy agency

    and some of your employees may have been abused or pushed into giving or explaining internal information

    for Belgium, there are public servants, diplomats, politicians and others on their lists (but they could have been just subscribers to their mailing list)

    in any case, some-one in your organisation should sit down with the stratfor contacts and go through all the information (sometimes under sworn testimony)

    * did you only receive stratfor email briefings and was that your only contact

    * did you go to a conference organised by stratfor or with speakers from stratfor

    * did they meet you and did you have a conversation and what was it about

    * did they contact you by mail and can you give us all these emails

    * what information - in full detail - did you give or send Stratfor and were you paid for it (in whatever form)

    * when was the last time you had contact and what was it about

    if you look into this dazzlepod database (you can search for a specific emailaddress, the one from your network for example gov.cn or even for a domainextension as .be, .nl,.... or a name in an emailaddress)

    you will be surprised how many people were caught in the web, even if they not all were that all deep into the dark corners of their spyhole

    if it sounds like spies and it looks like spies and it acts like spies you should treat it as ..... spies

    and if their contacts were naïve you should tell them so

  • TMF mobile hacked

    TMF Mobile
    Username. Password. developed by FutureProof.
    TMF Mobile

    mobile.tmf.be/ - Vertaal deze pagina
    Own3d by Group x3. Go To Hell .. administrator idiot. Greetings : Lov3rDns. Shark Hidden | The Lion-Heart.


    both hacked - cert informed

    what did they do - get the data ?

    nobody cares about that ?  Maybe you do ..... because you are a member

    if you don't ask they won't tell you or take a certified consultant to set things straight

    complain here   www.privacycommission.be

  • will Samsung save the most private secure mobile phone blackberry

    Samsung the only firm so capable of freightening Apple to death that it uses lawyers all over the world to try to stop the product from being sold is in talks with RIM who needs to be sold to survive

    if Samsung saves blackberry it has in fact two choices

    it saves the firm and we all rush to the shops to get a blackberry if we want to have some really private conversations and it invests in keeping these conversations safe and private (it has its own network that is fully encrypted). They keep them cheap and easy to use and in every case, private and secure, which would be the reason to use them as a second phone.

    it saves the technology and incorporates the technology and the seperate network in a new phone that you could use for personal use (samsung normal phone and normal network) and financial and professional business (other simcard that goes to a private seperate blackberry network fully encrypted). You chose or your boss or correspondent choses.

    or it does both for eveyones pocket

    but never forget, the only selling point for a blackberry is that it is so private and secure and it has its own networks

    all the rest is blablabla and done-that seen-that also stuff

  • Tripwire (ex community open source tool) sold its soul to the devil trapwire

    Tripwire is one of the few success stories of open source business development - even if they have now developed themselves into a real business product (and in fact a normally really good one) its roots were with the internet community who helped to build it in the first place.

    Thanks to another community driven initiative - wikileaks - it has become clear from the emails that are being released that tripwire agreed to the use of the name or something like that for 8% commission

    but from who

    from surrogate private spy agency that did something - together with stratfor - that no official spy agency would be able to do on such a scale without any public oversight or judicial controls and balances

    it is the biggest spy scandal yet

    but the community will have to get answers from tripwire and some heads will have to fall there because if you have bought tripwire also because you know its history, it is fucked up now and you were screwed

    secondly the money that was earned has to be given to a good goal and I think wikileaks is the source to give it to because without wikileaks we wouldn't have know it (and without Anonymous who hacked the database of stratfor)

    maybe the community will have to take the code again


    and extend it back into the big product it was

  • if you have a business or computers in Belgium, you will need an electricity emergency plan

    well this is the most desastrous information yet

    22 nuclear installations of which 3 in Belgium will probably have to be shut down because at the time they used some parts of a big dutch consortium which now is already out of business and seems to be quite corrupt

    now it seems that those installations are showing such cracks that they could easily become bigger and they could have an impact on the protection of the nuclear reactor

    the authoritative agency who is responsable for the controls says that they only saw it now because they now have new technologies but that is just crap

        the french nuclear agency said that there was no problem in the french nuclear reactors because on the contrary to the Belgians all the different production processes were controlled and supervised before they were installed

    this was not the case for these 22 nuclear reactors

    it looks like the process to control code and vulnerabilities before you launch a new webservice

    you can do it before and during the production process and redo it before the launch or you can do it afterwards and find some day somewhere a vulnerability so you have to shut the service down because the risks are not possible to calculate

    meanwhile we will have to prepare for blackouts, controlled or not; and how to maintain business continuity

  • what you have to know about Trojan-Ransom.Win32.Dorifel

    first this virus only infects posts that are already infected by a variant of Zeus called citadel but than scans the network for other posts that maybe infectable by other means. A lot of different universities and governmental networks in Holland have already been infected which means that they already have lost a lot of confidential information and logins. It means that their logins and acces information and confidential networks are already somewhere on a command and control server they don't control. This means they will have to block and change all accesses.

    It also means that the defense of these networks was not really up to date because if your network can be infected in such a way by a botnet like zeus than there is a problem with your firewall - snort - online antivirus or other protection devices (ips-ids). Or you had those but you didn't really look at them and followed up on 'unlogical events'

    in any case block

    your network is as safe as every computer is safe (the security of your network is that of your least secured computer)

    and that computer downloaded a new attack in the form of a delphi program that will encrypt all no-root office document. the infection spreads fast across a networks because each time an infected document is opened it will try to infect all the other documents on that system and the shared folders (and in big organisations you have a lot of shared folders, mostly without passwords or the windows login) 

    for the moment it are in the first case dutch and danish networks that are hardest hit (there seem to be already 2 infections in Belgium there are unverified rumors that one of them is a hospital)

    but for the moment the international community has sinkholed the domeinname of the botnet so that it will be difficult to pursue its propagation when all the dns-servers around the world have updated this info for the domainname, which would take another 6 hours after the sinkhole

    but it seems that the botmasters are looking for ways around this and are posting new commands and malware to the infected systems that are still connected

    of the three thousand networks hit are powergrid manager Westland Infra and even the National Institute for Public Health and the Environment (RIVM)


    so the real story is not this virus but all the confidential and login data that has already left the networks

  • mil.be, commercial services doing irresponsable research for selfpromotion and law and responsabilities

    First let me make the following very clear. If you have information about vulnerabilities in public websites, than you should first inform the CERT.be (for professionals). They are  (if they agree with it or not is not the question) the logical place where this kind of information should arrive. If they can't convince the people responsable that they should secure their website, than why in the hell would you think that you would have the convincing powers to arrive at a better result.

     I can confirm that late 2011 we have given the CERT a list of numerous Belgian of public institutions that had made some basic security mistake. Instead of publishing it - we have given access to the list to the CERT and the most important public websites were secured afterwards (mostly the responsable IT managers didn't know the importance and consequences of the mistake or that the technical teams had implemented it like that).  You can publish your information - promotion afterwards.

    Secondly let me warn others before now everybody starts thinking that they can start penetration testing any site or infrastructure. The Belgian law on Cybercrime is VERY VAGUE and VERY LARGE. This means that the owner of the site can file a complaint against you for accessing the site or attacking the site (which is still illegal). If you want to do penetration testing you have to have the written permission from the owner of the site. It is also very important to know what would be the intention of the attacker. You have very good specialised services who already work now and than for official infrastructures (but it is most of the time nor permanent nor followed up after the adaptions).

    So if you start checking belgian sites on vulnerabilities and publishing them before contacting the cert and leaving them enough time to correct them, you put yourself (and your business) open to prosecution. Some of the youngsters should read what happend to 'Red Attack' in Belgium.

    I can also confirm that even some publications on this blog had to be retired in extremis because of legal threats and to protect 'the innocent'. This is not something for the US, this is here in Belgium. So don't take this possibility to lightly. THere are maybe consequences.

    The only grey zone - we are using most of the time here - is googledorking and other international listings and online tests of securityfailures. This is information that is accessable for anyone and you don it through a service (a proxy). You are not using special tools and you are not an owner of these tools and the knowledge is not special.

    But in the end I agree, the fact that the website is not protected is stupid (to stay the least) and it really astonishes me that the military (who are one of the most attacked infrastructures) has a vulnerable public website. But when it was last attacked they said it was totally isolated from any other military or public service website, webservice or network and I still hope this will be the case. Meanwhile it will mean that they now will have to prepare for a new series of attacks - and look out for the low level specialised attacks because the standard scanning will be stopped by your firewall and other infrastructure. Defense is in the first case the people watching what will happen.

    The cheapiest solution is putting the website on a cd-rom. Ok there are no interactive functions. But it can't be defaced :) and as long as all the other information is there - who will complain about a totally secure website for which you don't have the budget.

    Maybe they should send the bill for the extra hours and investments they have to do now to the firm in question :) But no, I really do think every public infrastructure should do penetration tests every so many months and yes I really think that patching and monitoring go hand in hand every day of the week.

  • #pedohunt with google finding the links to the biggest russian public childporn pic hoster

    yeah, and I haven't been there but it is used by CP (child porn) because on Child porn sites researchers find pics hosted there all the time

    linkto:imgsrc.ru site:be boys or lolita   is the Google dork (you can change site:be by your site or whatever domeinextension for example site:fr or site:us to find linkpolluted domains)

    and the links you find are the following - and the words say it all

    Indiana Jones Poster Photoshop - Page 4 - pension2010.be

    www.pension2010.be/indiana-jones-poster... - Vertaal deze pagina

    ... buff Indiana, indiana telkomsel by wellcheck imgsrc ru boy photoshop You the ... Make your own indiana by the movie indiana Oct imgsrc ru boy and links apr ...

    1. naturism ru foto whydress. iMGSRC.RU family naturism on ...

      young boy with big cocks. cathy freeman young years. young boys ru . male young naturist photos. the young ... Status for naturist foto The links isn't checked yet.
    2. Wat hebben anderen over me geschreven?

      boys fuck mature woman amature summited mature men ... mature nl links www dinomoms mature fat girls ...... imgsrc.ru boys blue bunny ice cream distributor ...
    3. Nakita Boy hebben wij gevonden op wiezoekje - Foto's, Weblinks ...

      Nakita Boy Model rapidshare links available for download. Daily checked ... iMGSRC.RU B04 - Boy Nakita on pasc_pascalle2.iMGSRC.RU, Nakita 20. Pictures ...
    1. Spacawa | Guestbook

      ... lolita nonnude lolita nature ru lolita boys boy teen nude photo naked smooth ... nymphet pics imgsrc ru lolita nude lolita model of russian young lolita models ...
    2. Spacawa | Guestbook

      seakBrabfeade imgsrc.ru. http://amat1975.jugem.jp/ loan amortization When it comes to kids' safety online, there are laws that are meant to protect kids' rights ...
    3. Gemotiveerd • Bekijk onderwerp - Xhamster Free Mobile Phones Porn

      2 april 2012 – Blueteen Links Young Porn Nikki & Helen Passion & Perfection Wwwbangros Imgsrc Ru Tube Boys Pornorhub Com Little Lupe Galleries ...
    4. English - Tuning-car Online Shop

      www.tuning-car.be/.../product_reviews_in... - Vertaal deze pagina
      It's serious lolita youngest world 8PPP lolita art model links 1577 imgsrc.ru ... harcore women russian hard gay boy porno russian hard gay =[ preteen pics free ...

    and so and so on.......

    clean it up  (also spa-aalst.be, safeshopping.be and many others)

  • #leaks are you a member of a porno site ? your accounts are targeted for leakage

    they do it by stealing cookies while you surf

    they do it by intercepting the logins of malicious proxies

    they do it by infecting your pc with loginstealing functionalities

    they find them in cracked online emailaccounts

    they hack pornosites for logins

    and than they collect them and dump it online (as they do for filehosting, facebook and lots of other accounts)

    and if you use an emailadres or login that can be connected with others or your real life, than you are f..... you s....

    an example of a posting


    or just search for passwords porn on pastebin.com

    allways lucky or should I say f....y :)


  • #pedohunt Networksolutions.com will take action at the executive level

    What is the sense of bringing down websites all the times if they can buy domainnames with names as boylover, pedowhatever, nakedteens, lolitaporn and whatever

    so while #pedohunt is now trying at one side to pressure hosters and dns services to stop hosting and helping pedoservices (or those that are used as such) it has made one big victory now that networksolutions.com (the mother of all .com registrations) has decided to bring together an executive managerial committee to see how they could use their user reglementations to block domainnames that are clearly used for these illegal purposes that are even less without question or discussion than normal porn

    for these reason it is even advisable that other organisations and lawyers should work together with the community to help them use the right terms and use the possibility of bad publicity brought by bigger known reputable organisations to bring down those sites with clear pedoservices and content

    if this doesn't work some in the community will do what they may find necessary to do to send a message - even if they may be prosecuted for that (but which judge will punish such an activist who brought down a pedo site because the law or the hoster themselve refused to act (quickly enough))

    off course it is so that the first and last thing to do before doing something like that is to inform the qualified police services of the existence of these sites before attacking them (it may help them in their investigations when they not only can bring the site down but also keep all the proof of access and abuse that could be used later in court as evidence). Bringing down a host should be a last resort, if we have really really tried anything else

    At the other side, the community of activists will need a really anonymous secure dropbox for such information without having to publish it on pastebin

    and also remember, you don't have to see pictures to know it is a pedosite (googledorking gives you already enoug information to start with) and really not only is it illegal but it will fuck up your mind (and if you don't have enough selfcontrol make you react irresponsable) which I didn't by the way (for whom it may concern)

    if twitter has closed down hundreds of pedo-accounts and networksolutions will study how to shut down pedodomains and hosters and online services are starting to investigate how to stop helping those f.... b.... and if the policeservices start having more secure and anonymous lines of communication (under certain rules) than maybe the only ones breaking the law will be the pedo's themselves

    #pedohunt should produce pedohunters in each big internetservice 2.0 and in each internetinfrastructure provider who each will make clear that they are being cleaned out and that such services and content aren't distributed or promoted through them

    something to think about

  • more than 300+ full movies films complet on Youtube

    Youtube is cleaning up at an amazing race and films that were there before just are gone the next day

    even films that you will never see on tv or even on a paychannel

    one should really research if there is no market for a worldwide filmlibrary with free stuff and subscriptions

    in the meantime, here you have a list of 300 long films on Youtube

    some flemish, many french and english, some with subtitles, some dubbed or some with other subtitels

    charlie chaplin, films from 2011 and 2012, comedy, political and artistic films, commercial films, whatever

    it is a holiday so enjoy


  • sponsored (ad) Start opleidingen Belgisch Data Protection Institute


    Valt een foto van een werknemer onder de privacywetgeving?

    Weet u, wat u kan, mag en vooral moet doen met de persoonsgegevens in uw bedrijf?

    Lijkt die privacywetgeving duidelijk in theorie, maar hebt u bedenkingen bij de praktische invulling?

     Hoe is het geregeld in België en wat is de verhouding tot de andere Europese lidstaten?

    Hoe dienen we om te gaan met informatie via sociale netwerken?

    Bavo Van den Heuvel en Nicolas Delcroix starten voor al deze vragen een nieuwe opleiding.  


     Het is nu zover. Deze vragen worden uitgeklaard tijdens de opleidingen van het Data Protection Institute. Deze zijn uniek voor de Belgische markt en beantwoorden aan de vraag rond de do's and don'ts bij de verwerking van persoonsgegevens.


     In onze 2-daagse introductie bekijken we de definities van privacy en de toepassing ervan in België. In het certificatieprogramma tot Data Protection Officer wordt in detail besproken hoe u deze wetgeving implementeert in uw ICT systemen en wordt u tevens voorbereid voor de eventuele uitvoering van de rol van Data Protection Officer. Dit programma behandelt risicoanalyses, de toepassing van cryptografie, de impact op het human resources domein en natuurlijk een aanpak tot gebruikersbeheer. Tot slot worden ook de controle- of audittechnieken bijgebracht. Voor het volledige programma, surf naar www.dp-institute.eu .


    Daar wij geloven in de toekomst, wensen we ook de ecologische impact van opleidingen te beperken. Elke cursist ontvangt het cursusmateriaal dan ook op een tablet waar u ook notities kan op opslaan en die u mag houden.

     Voor onze piloot-opleidingen in september zijn er nu lanceringsvoorwaarden! Aarzel niet om meer info te vragen op bavo@dp-institute.eu


    interested in also sponsoring belsec ? Interesting deals available, support the securityresearcher contact me


  • Cipina.be the arbitrage institution for all .be domainnames hacked and insecure



    • mirror saved on: 2012-07-31 19:47:17
      • System: Win 2003
      • Web server: IIS/6.0

  • alerted already about more than 3000 #leaks the last year - RSS feed at your service


    http://www.diigo.com/list/Mailforlen/leaks/rss.xml  (but I am not sure it works all the time because some of the RSS feeds of diigo seem fixed on position instead of add last ones (time)

    the leaks are mostly belgian or important, not all the leaks and dumps I have found are linked

    most of the links are dead or gone already (or somewhere else)

    the one Belgian leak that impressed me most ?

    that a blooddonor action somewhere in Bruges where all the personal and medical information of only 20 persons was leaked

    another one (not published but contacted the cert for that)

    the internal file of a big company with all the personal details of their personnel that was going to take part in a marathon

    the cert.be receives most of the times an alert but I cannot say that they do something with it - sometimes they do sometimes they don't saying that it is up for the sites concerned to do the contacting (which they don't they prefer to keep it covered and silent)

    as with the list of 21.000 belgian gamers of gamingo that the cert.be received from pwnedlist.com (because those passwords were broken and were being used and sold in the underworld)  they have only pwnedlist.com to go to because nobody seems to be doing anything useful with that list (even if it should be a good reminder of good passwordpolicies and so on). Everybody talks about security awareness and education but when the shit happens and you have something real that people will remember and will act upon, you do nothing......

    I am sure that you have a lot of other things to do and that you are also doing important stuff but if you can't handle 21.000 accounts you won't be able to handle hundres of thousands of millions of accounts once the big breach comes along

    and besides people are willing to forward information and do the extra mile to help out but when this happens it will be hard to motivate them again

  • technifutur.be hacked and marked dangerous by Google

    Centre de formation en Belgique pour les entreprises : Technifutur ...

    www.technifutur.be/ - Vertaal deze pagina

    Technifutur®, centre de formation en Belgique, vous présente ses compténces dans la formation professionnelle, e-learning et formation à distance en Belgique.

    but now it is this

    ./Hacked By catalyst71

    campus.technifutur.be/main/.../404.html - Vertaal deze paginaDelen

    Deze site kan schade toebrengen aan uw computer.
    This Site Owned By catalyst71. I`m Sorry Admin ..... Please Patch You`re System ! Owned By catalyst71. Thanks to: Encex_Fitra | Harumichi_Angello ...

    maybe lessons in security would be welcome

  • syriafiles : ptb-pvda sends articles about their 'analysis' to Syrian propaganda


    La Syrie est un pays complexe, une mosaïque de peuples et de religions. Le spectre d’une guerre civile et d’un scénario à l’irakienne est la plus grande crainte des Syriens. L’appel des réformes est aussi soutenu par des personnes qui ne mettent pas directement en doute le pouvoir du président Assad, qui pour beaucoup de Syriens reste le symbole de l’unité du pays. Les images émises par les médias occidentaux sont souvent transmis par des GSM et donnent peu de clarté sur ce qui se passe réellement dans ce pays. Dans quelle mesure les manifestations sont-elles orientées vers des réformes et dans quelle mesure sont-elles dominées par la volonté d’en finir avec le président Assad ? Et, surtout, d’où vient exactement la violence ? Nos médias occidentaux parlent systématiquement de manifestants pacifiques qui sont tués par l’armée ou la police. Or, depuis le début des événements, il y a déjà 79 policiers qui ont été tués. Cela montre que ce qui se passe en Syrie est plus complexe qu’on nous le dit.

    they said they were reformed that they didn't support dictators anymore....