• 12.000 members of homosexual forum mantrackr.com compromised

    their logins and emailaddresses and their actions on the forum are published on a forum where it will be difficult to shut it down


    as far as can I see there are no .be addresses in it

    but that doesn't make it 'harder' for the others

  • even Belgacom makes beginnersmistakes in security

    the first lesson and thing to do is not to write any technical information on a wrong page or service and to redirect the person who arrives at a bug or a wrong page back to the homepage with an pop-up that excuses the hoster or service and sends an email about the incident to the webmaster and securityofficer so they can have a look at it

    even the best of them forget it sometimes - which shows that there are still no general groundrules for all the websites which are imposed, implemented and controlled

    The requested URL /happybirthday was not found on this server.
    Apache/2.2.14 (Ubuntu) Server at www.belgacomhappybirthday.be Port 80

    what do we k now, that the server is an Ubuntu server

    that if you attack you have to attack over port 80

    and that it is an Apache/2.2.14

    what you than do is go back to Google and ask the following Apache/2.2.14 exploit

    the rest I leave to your imagination or professionalism

    I didn't use a trick or hackingsoftware to do this, I just accidently typed a wrong pagename

    but as Belgacomwebsites got hacked some weeks ago and nmbs had another stupid problem, it is an interesting indication of how for the moment without laws and controls and penalties those firms and networks just don't care enough to make it secure enough for us

  • belgium ending with at least 2 million compromised accounts that haven't been changed yet

    the biggest one is the nmbs-sncb with 1.5 million accounts which won't be changed because they won't be informed about it - positive is that the file has only been downloaded by some Belgians who would I hope be reponsible enough not to divulge although there are rumors and links to postings of that file - well 1.4 million working emailaddresses is worth some money at least, surely if there are also important political, financial and diplomatic emailaddresses in it coupled with a lot of personal information

    afterwards comes the 500K accounts nobody talks about and the customers have even no idea- the positive thing is that nobody is in the present state sure what really happened and unless there is a real independent external investigation we can't trust the PR responses

    and with that there are the hacked database and leakages we have been publishing the last year in the following feed


    off course this is just a small part because pwnedlist.com has already during two years published the following database

    1,749 credentials leaks collected
    966,231,281 passwords collected  (nearly 1 billion)
    168,602,891 emails collected

    and this are the good guys, the bad guys are selling these files or services (in which you type an emailaddress or name and you get the passwords that are known to be associated with that person or emailaddress and maybe you are lucky and that person used the same password elsewhere)

  • nmbs-sncb 1.5 million dataleak : not the first time they were leaking online

    I have already called before to the cert - but didn't publish about it in 2011 about another nmbs-sncb problem

    someone published an excell file with all the internal participants at the 20KM of Brussels with all the contact and personal information - for anyone to download

    even after they had socalled retired the files - they hadn't done so with all the other copies of the file on the server - so I had to call the cert back a second time

    this means that it is not 'an accident' but something is very wrong with the infrastracture and the security policies and that since 2011 things haven't changed for the better cumulating in this massive dataleak

    it was an accident waiting to happen

    you can still find some traces of the incident (and the desorganized way in which they solved the problem) by Googling this site:http://sncb-nmbs.be  php

    and if you want to have a look at how they probably went through Google and desactived everything they thought it would be better to do so - even if they were probably active before site:http://sncb-nmbs.be  php

    but even here they make some mistakes as in this form  http://www.sncb-nmbs.be/newyear/n/machform/view.php?id=20 

    first there is no encryption (ssl) so all the information is in cleartext (ever heard of a proxy) and the technology is clearly indicated (machform) so you know where you will have to look for exploits

    the problem that nmbs-sncb has now is that they will be scanned and attacked all the time and by even more professionals than our googledorks which fall under the law but where we can't go any further without having the risk that some-one in the justice department thinks it can be interpreted as hacking under the very very general law against cybercrime in Belgium which has no protection at all against securityresearchers and activists

    they will now really need to get professionals in and spend the money to get everything under 24u professional monitoring and close down everything they don't really need now on the same platforms as those where there is client information (isolate, close down and open only authorised ports and destination and reinforce authentification and encrypt and log everything)

  • do you want more detailed personal information from Belgians online ?

    Blad4 - Gezinsbond Sint-Gillis-Waas

    Bestandsformaat: Microsoft Excel - HTML-versie
    10, Croon Micheline, Reepstraat 152, 03.770.61.71, guido.sertijn@skynet.be ... 19, De Smet Els, Blokstraat 84, 03.770.72.72, marc.de.brabander4@telenet.be ...

    KLIK - Buizingen-Lot: Parochies in beweging
    Bestandsformaat: Microsoft Excel - HTML-versie
    ... 684, 1653, Dworp, 02.380.08.29, sekretaris bureau, re.pauwels@skynet.be ... Buizingen, 02.356.14.36, zaalverantwoordelijke, marcel.hemels@telenet.be ...

    bins in de politiezone grens

    Bestandsformaat: Microsoft Excel - HTML-versie
    ... Etienne, Bleken 80, Co, 0478/69.18.79, de.lombaert.etienne@skynet.be ... René, Vijverdreef 2, co-co, 03/542.68.51, 0496/49.50.03, Rene.noens@telenet.be ...

    export_customers.xls - Telenet Service

    Bestandsformaat: Microsoft Excel - HTML-versie
    1. destrooper.destickere@skynet.be. 1. conny.lefevre@foronex.com. 1. damsepolder@telenet.be. 1. kikkerconcert@pandora.be. 1. admin@stuytsaccounting.be ...

    Samenstelling Rassencommissie Kerry Hill

    Bestandsformaat: Microsoft Excel - HTML-versie
    ... Functie, Straat + Nr, Post Nr, Woonplaats, Telefoon, E-Mail adres, Rekeningnummer. 2 ... 9860, Balegem-Oosterzele, 09/3630260, pieter.marchand@telenet.be ... Hekkouter 24, 9570, Deftinge (Lierde), 054/419054, anddebacker@skynet.be ...

    and hundreds of other files like that .......

  • argentine ministry of defense hacked and thousands of documents leaked

    TARGET: DEPARTMENT OF ARGENTINA DEFENSE - www.mindef.gov.ar CLASSIFICATION : SECRET - TOP SECRET LEAKED DOCUMENTS : 500+ FILETYPES : DOC , PDF , JPG , XLS DESCRIPTION : According to statements by the DEPARTMENT OF ARGENTINA DEFENSE the computer systems area say they had a system impossible to hack, thing turned otherwise. The event should not be taken as terrorism, was for the simple fact to prove that the system was totally vulnerable. The documents contain highly sensitive material rated SECRET (aircraft, submarines, guns). +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ WinRar File password:@reqaxecHAfreWU+hega*42_ejE45!e4RekEspU*hAprumabr@w@UFvecr5Nu=es5as3ey?P5a5=92uzUdRadevecru5ubarEvAr3 FILE 1: https://anonfiles.com/file/2af17e13dad77255cf511dab6e37e4fc archivos.rar (18MB) - War Submarines, Radars. FILE 2: https://anonfiles.com/file/4d8bba80068a4660c98631efad566b12 archivos2.rar (55MB) - Classifieds Documents DEPARTMENT OF ARGENTINA DEFENSE DATABASE: https://anonfiles.com/file/aa64bdd1b0a2014f4e92f439fc70193d fulldatabase.rar (55MB) - Database Dump > USERS, PASSWORDS, NAMES, SECRETS

  • the occupy movement was so important everything was done by FBI and the banks to disband it

    For those following this blog, they will have known by now that Occupy was since the 60's and the altermondalist movement there hasn't been such a popular protest movement in the US that had such an influence on public opinion. It was the single biggest threat to the monopoly of the vested financial interest on the bigmedia discourse - if we believe the quotes by their PR advisors.

    Than came the coordinated and persisted crackdown.

    Released documents now show that this was a coordinated effort by the official FBI and police services (which is their normal intelligence business) and Terrorism fusion center (which is an unnecessary criminalisation) and .... private banks using private intelligence services and their own information about the activists ?????

    "The documents show stunning range: in Denver, Colorado, that branch of the FBI and a "Bank Fraud Working Group" met in November 2011 – during the Occupy protests – to surveil the group. The Federal Reserve of Richmond, Virginia had its own private security surveilling Occupy Tampa and Tampa Veterans for Peace and passing privately-collected information on activists back to the Richmond FBI, which, in turn, categorized OWS activities under its "domestic terrorism" unit. The Anchorage, Alaska "terrorism task force" was watching Occupy Anchorage. The Jackson, Michigan "joint terrorism task force" was issuing a "counterterrorism preparedness alert" about the ill-organized grandmas and college sophomores in Occupy there. Also in Jackson, Michigan, the FBI and the "Bank Security Group" – multiple private banks – met to discuss the reaction to "National Bad Bank Sit-in Day" (the response was violent, as you may recall). The Virginia FBI sent that state's Occupy members' details to the Virginia terrorism fusion center. The Memphis FBI tracked OWS under its "joint terrorism task force" aegis, too. And so on, for over 100 pages. "

  • why windows8 will kill the BYOD vague

    With the vast majority of professionals sensing something awry with the unfettered proliferation of BYOD, we're inevitably on a collision course with reality. In 2013, I predict corporate-owned laptops and tablets will experience a resurgence of popularity, buoyed by the availability of enterprise-friendly devices, like Windows 8 tablets. With BYOD in decline, corporate-owned and secured devices will become more prominent in the enterprise space, and as a result, a choose-your-own-device (CYOD) movement will take greater precedence.

    just as a total-cloud strategy is just insane, the BYOD movement is as insane if you look at it from a security and risk perspective

    you are still responsible for the data and all the leakage, so having it on personal devices and having no possibility to control those devices from end-to-end (if you want full encryption for example) is just something waiting for an accident to happen

  • US banks officially put on alert of their legal duties because of ongoing DDOS attacks

    Banks need to have a heightened sense of awareness regarding these attacks and employ appropriate resources to identify and mitigate the associated risks. Preparations may include ensuring sufficient staffing for the duration of DDoS attacks in conjunction with pre-contracted third-party servicers that can assist in managing the Internet-based traffic flow. Additionally, banks should ensure that their incident response effectively involves the appropriate personnel across multiple lines of business and external partners. Banks should also consider conducting due diligence reviews of service providers, such as ISPs and Web-hosting servicers, to ensure they have taken the necessary steps to identify and mitigate the risks stemming from potential DDoS attacks.

    Because the groups conducting DDoS may shift tactics and targets during an attack, banks should incorporate information sharing with other banks and service providers into their risk mitigation strategies. Participating in information-sharing organizations, such as the Financial Services Information Sharing and Analysis Center2 (FS-ISAC), can assist banks by facilitating efficient sharing of information. The FS-ISAC and the United States Computer Emergency Readiness Team3 (US-CERT) are good sources of information on the methods used to conduct attacks and on risk mitigation tactics to minimize their impact. The FS-ISAC, for example, has issued documents related to DDoS attacks4 and account takeover.

    As part of their contingency planning process, banks should be prepared to provide timely and accurate communication to their customers regarding Web site problems, risks to customers, precautions customers can take, and alternate delivery channels that will meet their banking needs. Banks should consider the recent DDoS attacks and concurrent fraud against customer accounts as part of their ongoing risk management program. Consideration should extend throughout the banks’ risk management process and encompass risk assessment, risk mitigation techniques, response plans, related policies and procedures, testing, training, and customer education.

    Regulatory Guidance

    Existing regulatory guidance addresses actions banks should take to help mitigate the risks associated with information security. The "Information Security" booklet of the FFIEC Information Technology Examination Handbook (IT Handbook) discusses the overall management of information security-related risk. Guidance addressing attacks against customer accounts is contained in the FFIEC’s "Authentication in an Internet Banking Environment,"5 issued in 2005, and its "Supplement"6 published in 2011. Additionally, banks’ use of third-party DDoS mitigation services should be in conformance with the "Outsourcing Technology Services" booklet of the IT Handbook.

    The OCC expects banks that are victims of or adversely affected by a DDoS attack to report this information to law enforcement authorities and to notify their supervisory office. Additionally, banks should voluntarily file a Suspicious Activity Report (SAR) if the DDoS attack affects critical information of the institution including customer account information, or damages, disables or otherwise affects critical systems of the bank.7 Events that involve account takeover activity may require filing a SAR, as discussed in the guidance the Financial Crimes Enforcement Network issued last year.8


    and your banks in your country

    anybody busy with that or is there no need for it and should you have just some confidence or a blind eye or two

  • SNCB-NMBS 1.5 million (inter)national customers dataleak (problems and issues)

    First of all, the person who published it did the wrong thing but the fact that he did not go to the CERT BEFORE publishing the information (which can be interpreted as a crime by the Belgian Cybercrime law - which is also the case for anybody who has downloaded the file). This shows in fact that the CERT has not been able in the last year to make itself respected as the center for Belgian ITsecurity where people should go first when they see a problem like this. Off course the last year I was also deeply disappointed by the CERT and the way it is NOT working (talking much but for the rest just reacting to the ongoing flow of incidents without doing much that will change the dynamics of the evolution.

    the fact that the person mailed a warning to the CERT afterwards doesn't change anything (and the file is still being distributed online)

    I just want to make it clear that I would not do that, publishing a link before the file was taken down and I would like others to stop doing this in future. And if you want to use me as middle-person ok, as long as you didn't hack it because one threat of prosecution without foundation is enough.

    Second the information was not encrypted and for that fact alone one could say that the NMBS-SNCB was not doing its best as a good housefather (which is a legal obligation) and it is not that encryption is too expensive (the extra costs are now extremely low) or too complicated, so no there is no excuse

    Third as there are international clients involved the nmbs-sncb could be prosecuted by international victims under their national privacy laws which could indulge a lot of money as their personal details have been published without their knowledge and that the sole reasons were amateurish datasecurity and negligence.

    This file has been online for weeks (since the 21th of november according to online reports who had access to the file) before it was published online which means that nobody was keeping an eye on the server and the data and that all the monitortools that should have been active weren't installed, followed-up or properly understood. It also means that the file has probably become online when they were upgrading the server (again) and that nobody controlled afterwards what were the changes. It also means that the data was not seperated from the application and the presentation server which would have been the necessary barriers to prevent accidents like that.

    Fourth it is ridiculuous to say that there is no problem with passwords because only the passwords were missing from the files (and this is probably because someone decided that only the passwords needed to be seperated from the rest of the information and are probably encrypted and stored elsewhere and monitored). This is a stupid thought today because if we have emailaddresses and there are millions of logins AND passwords available on the internet (free and for sale) we can find the passwords if people have used the same ones (as they probably have) and with a little luck we can find more financial information (creditcard, financial information).

    So the moment I am writing this - it may be already too late for some - but this what maybe is going on now and maybe as a precationary action it should be better to ask everyone to change their passwords to some password they didn't use already elsewhere online. It also means that they will have to monitor very closely the access to that information every second (and go through all the actions since the files have been online)

    They will have to block any transaction or any login that can have the slightest level of risk.

  • Google is NOT the internet anymore (only part of it)

    and this is not only the case in China but everywhere

    read this and think

    Google doesn’t report yearly figures, but we added up all the weekly reports and found that in 2012 Google was asked to remove 51,395,353 links to infringing webpages. Nearly all of these webpages are no longer showing up in Google’s search results.

    this means that because someone somewhere based on some copyright law somewhere (which may not be the same all over the world or maybe interpreted differently in some cases) has got Google to remove links in search results

    it only proves that you start with Google and than you will have to search some sites themselves

    because it is not because it is not in Google that it is not on the internet

    because Google is not the internet anymore

    at the other side, looking for pedoporn is not blocked by Google

  • 12.000 emailpaswords (of which Belgians) published on the internet


    if you are in the list, you can assume that it will be used today or very soon and it also be tested against a whole series of other services of which you could be a member - and where you could use the same password

    i didn't check the data - this is illegal in Belgium

    but the data seems right because the different kinds of passwords that are being used by the different groups of languages fit

    if the data is not right because it are just logins to another service which uses your emailaddress as ID than it is a reminder to NEVER use the same passwords as for your email anywhere else


  • US military cybersoldiers leaked on the net by Anonymous

    Hackers have busted into a database and stolen personal data from 30,000 personnel and visitors at the former Fort Monmouth, New Jersey, military base. 


    The hack mostly targeted CECOM (Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance), the tech support backbone for the Army's field communications and command systems. 


    The digital thieves pilfered "a mix full names, dates and places of birth, Social Security numbers, home addresses, and salaries," a CECOM representative told the Asbury Park Press. She emphasized, however, that at a minimum, names and social security numbers were stolen.

  • you will be found out, you stupid internetmarketeer with more money than brains

    YouTube found out that the companies were using view building services hired from sites such as Fiverr to create video views that never existed.


    Sony/BMG's was hit the hardest with views dropping from a total of more than 850 million to just 2.3 million. RCA declined by 159 million views to a total of 120 million. Universal lost more than 1 billion views and now stands below 6 billion.

  • P2P megahosting can spread like a virus

    when the mega filehoster was brought down, the FBI had only to close down some servers in the US (which was their jurisdiction) and elsewhere to disable the whole service of nearly a billion shared files

    now kit dotcom has had the time to think about it all and where it went wrong

    there must be something that could be done to make it more difficult to bring it down but keep it worldwide available - even if it would be brought down in one country or some

    the missing links in all the online P2P projects are encryption and decentralisation, there were some first steps but never combined in such a way

    imagine that you can't read any file without being member of it and authorized to do so and that if you are taking a server you wouldn't be able to read the files or logs and that servers all over the world would be linked to each other and replace each other if one would come unavailable

    and why should investors and hosters participate in such a project (or set up socalled independent firms) ?

    because there are hundreds of millions to be made by p2P online filehosting especially if there are not many chances of being shut down or prosecuted if you are outside the USA and some other countries

    in a month we will know

    and as he says, it will all be legal (for some)


  • China installs anti-vpn technology that kills some protocols

    Both companies and individuals are being hit by the new technology deployed by the Chinese government to control what people read inside the country.

    A number of companies providing "virtual private network" (VPN) services to users in China say the new system is able to "learn, discover and block" the encrypted communications methods used by a number of different VPN systems.

    but this is how one of the vpn providers are bypassing the limits


    this is extremely important for business because there is so much data you can't send over the internet without the protection of a vpn - except if you want to intercept it :)

  • skype is NOT a secret or private conversation (in China and elsewhere)

    With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence.

    and if this is the case in China it will be the case in many other countries (dictatorships and democracies with very wide powers for intelligence agencies)

    use a blackberry instead (but not in India)

  • 5 simple but effective E-security decisions for Belgium to implement in 2013

    1. Official Cybervolunteers recognised by FCCU-CERT that can be mobilised to support with information, manpower and research when needed and according to the law and the rules

    2. Offical recognition of the CERt as the official center where all the responsible disclosures about Belgian code and infrastructure or websites should be disposed anonymously or without any danger of prosecution - as long as the information is given in good faith

    3. The obligation for all Official Belgian websites and services to be hosted on sites where SSL is used, the hosts are under Belgian legislation and there are permanent security updates and checks and updates

    4. The obligation for the Belgian Privacycommission to demand an official independent investigation at the cost of the compromised host of every Belgian network or Belgian host that has been known or has been notified to have been compromised and to oblige it to take the necessary actions to limit the risks for the future.

    5. The obligation for all the Belgian institutions and organisations that are responsible for a part of the ITsecurity to give to the parliament a yearly report and for the CERT to receive from all the Belgian hosters and internet providers anonymized ITsecurity information that can be globalized so that it wouldn't be used against one of the participants

  • the biggest ITsecurity joke in Belgium in 2012 is about EID

    i thought it was a joke, but it was realy true

    Belfius, the bank that ignored like Fortis all the alerts from their financial riskadvisors decided to use the EID as an authentification and replacement of the bankcard

    and just as Dexia-Belfius went with the speculator flow without thinking and just went forward without a critical analysis and independent review, they now just went ahead with the propaganda machine about the EID and just went ahead

    but did they know that there is no independent certification of EID installations

    but did they know that there is no official book with best practices for EID installations ( there is only a private book that is already a few years old)

    but did they know that there is no official technical helpforum online nor any permanent discussion about the EID

    and are they sure that the information on the EID is always protected by encryption (are they really really sure :) )

    and did they forget there is no independent review of the code, procedures, norms and standards of EID and all of its infrastructure and code and implementations (except the ones nobody wants to talk about but whispers a lot)

    the result is that you have to find out yourself what is true and what is false

    and than you have think about the risk and the alternatives when you have discovered some things

    but Dexia, sorry Belfius, don't come complaining in a few years time if you have problems with the EID

    for privacy and ITsecurityactivists the fact that the EID will now also have financial information and be used for financial transactions is not the same as going to the library or asking for some document at your city

    oh and by the way, they want you also to use it when you go to the pharmacy

    and all this information is encrypted from end to end with not one interception point, because this is all you need, one interception point in which the information is not encrypted ???????????????????????????

    and what if not half a million logins but half a million unencrypted data from EID's were stolen

    how would one respond to that - except for silencing the people who could know it

    we would never be able to suspend half a million EID cards and re-issue them and protect all the data that have been compromised and change all the data that will need to be changed to protect the people

    we are even not capable of changing half a million logins that may have been compromised

    yeah, 2012 leaves a very bitter note (and for the policepeople following this blog, I will not start hacking or attacking because of it nor publishing information that would endanger the lives and infrastructure of many) - but it is time to act