• the difference between open data and dataleakage in Ghent

    open data is data that is open for everybody and where all the people who are mentioned in that open data know and agree (or have to agree) to the specific data that is being made available

    dataleakage is when data has been made public for which you don't have that permission or when you release a file that maybe public one by one but that is dangerous if you use it for other reasons like spamming and ID theft or harassement

    an example is

    http://data.appsforghent.be/kotatgent/data.xml

    so yes, tell me do you have the permission of each of them to have in one file available to everyone or do you have the permission to show their individual data individually

    this also means that if you make such data available you shouldn't just drop it on the internet as if was some garbish but protect it and be sure that you know who will use for what purpose (especially if there are personal GSM and emailaddresses in it)

    think before you run and you will go far ....

  • more about cma.be the online medical defaced dataservice

    you can get your medical results here

    https://online.cma.be   (but that is also running IIS 6)

    and what is the use of installing ssl encryption if you do it the wrong way 

    https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fonline.cma.be%2Fonline%2FDefault.aspx

    so whatever one says here there is no security blablablabalbal

    Security of your Personal Information
    Centrum voor Medische Analyse secures your personal information from unauthorized access, use or disclosure. Centrum voor Medische Analyse secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other Web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
    http://www.cma.be/Home/tabid/36/ctl/Privacy/Default.aspx

    and it is not conform the latest technologies as stated here

    Na een volledige facelift en volledige hercodering van de software is de nieuwe webstek voor de online resultaten beschikbaar! De webstek is volledig conform de laatste ontwikkelingen op software gebied en werd gebouwd op het .net framework 3.5, microsoft visual studio 2008, XML- en CSS-technologie
    http://www.cma.be/Arts/iLabOnlineHelp/tabid/268/Default.aspx

    because just as this documentation shows their website dates from 2008

    see this documentation  http://www.cma.be/Portals/0/downloads/online.pdf

    and Microsoft visual studio is already in version 2012 and IIS in 7.5 (so not the LATEST)

    if this is e-health, than we can expect some things and we shouldn't be surprised to have found excell tables from a bloodbank online

  • another defacement in jobsindehandel.be (forem-vdab) and what forem does a litte better

    this is one

     

    but the french speaking forem does something right that the VDAB does totally wrong when you click on french and you click on information or to insert information, than you go to the site of Forem.be, you don't stay on this site with a shitty security

    but this doesn't say that the forem encrypts its information (or your information)

    http://www.leforem.be/particuliers/chercher/CV/creer-un-CV-simplifie.html

    but it is already under its own domain making an xss attack or injection more difficult

  • see belsec blog through Google without going to belsec blog or bypass filters

    https://www.google.be/search?q=site%3Abelsec.skynetblogs.be&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#q=site:belsec.skynetblogs.be&hl=nl&newwindow=1&safe=off&client=firefox-a&hs=qGI&tbo=d&rls=org.mozilla:en-US:official&source=lnt&tbs=qdr:w&sa=X&psj=1&ei=LZAKUcD3EOaR0QXl-IGgDA&ved=0CB0QpwUoAw&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.&bvm=bv.41642243,d.d2k&fp=b204c6e8007e1374&biw=1235&bih=791   (should give all the articles of the last week)

    https://www.google.be/search?q=site%3Abelsec.skynetblogs.be&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#q=site:belsec.skynetblogs.be&hl=nl&newwindow=1&safe=off&client=firefox-a&hs=Gwc&tbo=d&rls=org.mozilla:en-US:official&source=lnt&tbs=qdr:d&sa=X&psj=1&ei=NJAKUZO9JOOm0AWuzYGIAw&ved=0CBwQpwUoAg&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.&bvm=bv.41642243,d.d2k&fp=b204c6e8007e1374&biw=1235&bih=791 (should give all the articles of the last day)

    than you take the most recent one and you read it in the cache

    and you look at the date of the last posting

    than you go back to your google results and you get a posting for the day before that and so on

    this way you leave less traces - if that is your goal

    or It seems that I am blocked in some enterprises and administrations - but with Googlecache you can sometimes bypass them (translate is sometimes another way to do that)

    this is easier if you have a Google account

  • another belgian online creditcompany defaced and unsecure

    this is the hack- sending out the warning to everybody that they are vulnerable

    this is them

    and they have also an unsecure webform in which personal and financial data is in CLEARTEXT

    and they are running NO HTTPS and still on ...... yeah   not IIS 7.5 but

    Server:Microsoft-IIS/7.0Set-Cookie:.ASPXANONYMOUS=BVI6kFo2zgEkAAAAMjAwYjMxMmQtYjY1OS00MGUyLTgwNjctYzI5MGU5ODBjYjgy0; expires=Thu, 11-Apr-2013 02:16:23 GMT; path=/; HttpOnlyX-AspNet-Version:2.0.50727
    http://www.web-sniffer.net   (better but not perfect enough to secure a website with that kind of data)

  • yahoo spamfilter too stupid to stop phishing for yahoo logins

    first never use those messages

    hoover with your cursor over the link and you will see that it is not the yahoo.com domain so it is false

    but what is most astonishing

    is that Yahoo spamfilter are normally very good

    and the fact that they are so good people begin to think that yahoo estimates that arrive in their inbox are real messages from Yahoo because they see so few spam (and so much in their spambox) that they think that as it has passed the very good antispamfilters it is real

    yes, really that is the biggest danger of nearly efficient spamfilters - that people think that the 1% that gets through is genuine

    what should yahoo do

    first you should educate the people with a banner or warning above the mailbox stating that yahoo or any other service will never ask for your logins by email or to change them by email

    secondly you could make a servicewarning - together with other big operators - in a banner or servicepage in which you could place warnings (not about an email but that people have to relog to for example this website to change their credentials)

    third you could make a special button in the mail in which you could send all emails asking for your yahoo logins that comes in the mailbox of a 24H team that will immediately put them into the filters for the future ones (and set up the procedure to kill the phishing page online)

    fourth you should augment your spamfilters with everything that is yahoo service or login message or in which the link that message has doesn't belong to the yahoo domain (even if the link is in text)

    fifth you should make spamfilters refilter the last 100 messages or so to empty the box from spam that has only be identified as such afterwards

    fifth never trust emails instantly, take your time, nobody is going to kill you if you have waited a day, to see it disappear into the spambox

  • hacked medical labo website asks belgians a lot of medical information (close it down)

    so when a website is defaced it doesn't mean that it is penetrated and hacked but it means that automated vulnerability scanners have found a way to inject information but this doesn't necessarily mean they have rooted the server and have access to the database

    but it does mean that there are a few problems with the server and that if the defacement is old enough that nobody is watching over the security of the server and so it indicates that those servers are like house without strong frontdoors or who have windows open on the groundlevel when everybody leaves for holiday (which doesn't mean that they will find the juwels)

    but that on the same server there is an UNENCRYPTED LOGIN and an UNENCRYPTED FORM that asks all that information in CLEARTEXT is just enormous

    imagine all that information being in a database and that database being leaked on the internet

    but that information can be hackable because it is running a very old server version against which we are campaigning (like Microsoft itself) as being totally undefendable (meteokust.be uses it)

    oh and this is the hack

    and Google cache says this dates from "Dit is een momentopname van hoe de pagina eruitzag op 31 dec 2012 19:01:20 GMT"  exactly one month old

    and even more there is a second page - they also didn't see

    http://www.cma.be/Portals/0/ulow.txt

    this is the reason why

    Connection:closeDate:Thu, 31 Jan 2013 14:52:32 GMTServer:Microsoft-IIS/6.0MicrosoftOfficeWebServer:5.0_PubX-Powered-By:ASP.NETX-AspNet-Version:2.0.50727
    http://www.web-sniffer.net

    CLOSE THIS DOWN AND UPGRADE

  • the real danger of the site jobsindehandel.be (VDAB and FOREM) National ID asked

    we have seen that the site has been defaced, this means that it is possible to inject new information or trojans or redirects or downloads (presented as a needed plugin or update to be able to view all information)

    but there is something more

    you will see that the site uses forms and has NO SSL encryption

    ok, let's search for a job

    let's suppose that you have find a job and you want to give the employer your CV 

    for that you have to log-in to the systems of the VDAB or FOREM if you already have your personal login there (so you are normally at vdab.be) normally you should have been send there by a pop-up page sending you to that domain and staying on that domain 

    this is not the case, you are without any encryption or protection (the marketing boys have made it easy but have forgotten to speak to the security and riskguys or have just overshouted them with terms like usability and everybody does it)

    and look  NO HTTPS  and they ask for your National ID

    but if you thought that this was the end of it ?  no there is much better to come

    you can send your personal details online immediately without any protection - non encrypted

    and so they will be somewhere on the server in cleartext for people like Rex Mundi to hack

    and how many people are stupid enough to fill in in this unsafe environment their real telephone or emailaddress

    remember these people are looking desperately for a job, so they are willing to give any information if that gives them more possibilities to have a job

    so how many emailaddresses are there on that site ? 10.000 ?  100.000 ? and for how long are they kept ? and how are they protected ? 

    no blablablabalblablablablablablablablablablablablabla  do something and shut up

  • database jobsindehandel.be from Forem and VDAB defaced

    De openbare arbeidsbemiddelaars ontvangen elk jaar zo'n 30 000 vacatures voor de handel. Daarom werken Comeos, Forem en VDAB samen om u dit dagelijks ruime aanbod aan vacatures te laten ontdekken.

    and they can be happy that it is only a defacement and that no hacker decides to try a sql injection into their database so he gets around 30.000 emailaddresses or other info from employers he could send spam or phishing links or banking trojans to because if there is one section of our population where they use online payment tools it is with those people who have too much work and too litlle time

    oh yes and the server is not monitored because according to Google Cache they didn't see a thing since 21 jan 2013 11:58:07 GMT and it is called index.htm (not seeing that they have added an index.htm page or defaced it is just mindblasting)

    todo  tests with sql injection and security

    ok they run IIS 7.5 (but has it been closed down ?)  web-sniffer.net

  • if you were defaced, don't clean up with this technical message

    just redirect to the homepage - period

    never give technical information to the visitor, the administrator should receive the technical information about the incident in his email

  • how to f.... up your reputation with a stupid defacement

    for example

    but imagine you are a hoster, a pc company, a software company, a webshop, a webdesigner,......

  • catho.be hacked (it is possible to add pages - maybe one about gays and marriage ?)

    this is the portal

     

    and this is the added page - oh it is not because it is in the error and forbidden section that you can't seen it

    Google sees it and in a browser do you see it, so you can link to your new page from wherever

    this is the case since months and hasn't changed since (they say they are running apache and ubuntu so you

    don't have to scan this, they tell this all by themselves on their server, which is quite nice, no ?)

    maybe some people will want to propose some malware from the devil ?

  • why turkish hackers will continue to hack belgian servers untill pkk and the turkish gov sign a peace treaty

    we found this on infometeo.be  (where else ?)

    it also the meteo of the security of the belgian internet where you see the campaigns that will arrive (first victim)

    and those that are underway (don't forget this one, they never upgrade their server)

  • if you want us to trust you, you should invest in security

    or make yourself a big joke, even beginning with your domain name

  • luckily are defacers stupid lame kidz because if they were smart

    now have a look at this

    yes you read it right, it is personalloan.be and it is the homepage

    instead of just placing hacked by

    what if they made a phishing page

    yes, not a phishing page added somewhere to a site where every malware scanner would see that it is a phishing page and has nothing to do with the product they are talking about

    no a real phishing page on a real domain in which it would look like you could ask for a creditcard or a personal loan and that would collect real information that would be send to another server

    okay it would only be online a few hours or days but your victims would be no way know what hit them

    the security of online loan, gamble and creditcompanies is a mess for most of them (even the basics are wrong)

  • meteokust.be still hacked - yeah we are doing something about it yeah yeah

    blablablabbla

    please go on and forget about us

    this is why it is still on the most hacked server of belgium - ever (IIS 6 - non defendable server)

    |LEGEND| Hacked BY POEM

    www.meteokust.be/Poem.htm -

    SITE HAS BEEN HACKED BY POEM. Special Thank To : DRAGON FORCE MALAYSIA | RILEKS CREW | NEWBIL3VILCO6ES | HEXOR CREW | SECRET

    my poem :)

    on the internet it is stormy weather

    hackers coming buy and throwing exploits

    but I am on the beach seeing nothing

    sleeping in the sun, drinking a cold beer

    forgetting about the stormy weather

  • KVS.be hacked with injection

    imagine now that you would change the data for artists, change artists or why not numbers of bankaccounts

    inject once inject more inject everywhere something

    just for lulz

    or inject a link to a bank trojan in case you would afterwards go to the online banking or creditcardcompany to pay online for some tickets

  • http://mega-search.me the copyrighted files search machine on mega for pirates and cops and mega

    In fact if you look at the site and you go through the files you will see that most of the files are gone before the day is over

    which means that

    or mega is indexing the files that appear on this searchmachine and is checking automatically if there is a high probability that they are copyrighted or not (for example a file with the name of a film uploaded on a folder that is not owned by the producer of the film is for 99% copyrighted)

    or mega has already its own search machine in place (like scribd.com has for books for example) and eliminates automatically these files

    or the copyright cops are watching this search machine or others indexes and are sending complaints through a more or less automated process that is being followed up more or less automatically and executed very fast

    which means that the complaint in the US against mega for some copyrighted files on her systems is a non-issue (and in the worst case is legal harrassment and nothing else) because all hosters work on this system (even youtube eliminates hundreds of videos each week this way) because the proof is here for all to see that these complaints are being followed up actively

    the copyrightholders should also thank mega because each file that is more or less the same (not based upon name but based upon the bits and dots of a file) has the same ID which means that if you get a complaint against one copy, all other copies will also disappear. I imagine that their lawyers won't be too happy but the cost of applying their copyrights is much easier. In fact you have to look for all copies of your file (for example the hobbit) that have the same number of bits and file one complaint for each of them

    this means that for copyrightbreakers or pirates changing the name of the file is not sufficient to make your file survive, you should also change the number of bits of a file (for example by encrypting, hashing or zipping it or by adding other files or cutting parts of it). You can expect software to be developed quite soon (take one file of xbytes and get 5 files with a totally different number of bytes)

    the best thing to do is not to use mega for public P2P but to do what people have always done throughout history, exchange personal copies for personal use knowing that in nearly all the countries of the world they will break some law with that (you should better go to the library or the secondhand shop if you can't buy the shopversion)