09/06/2014

you can use your critical EID at the unsafe online E-lotto site

go ahead trust the advertising

but http://belsec.skynetblogs.be/archive/2014/09/03/e-lotto-b...

and this http://belsec.skynetblogs.be/archive/2014/09/03/e-lotto-b...

so go ahead make a hackers day use your ID and your credictcard in the same unsafe environment - total information loss

Permalink | |  Print |  Facebook | | | | Pin it! |

09/05/2014

icloudhack targeted 100 female celebrities

"Lawyers for US Olympic gymnast McKayla Maroney have served a legal demand on porn.com, which has hosted the photos originally released on the online forum 4chan, according to The Guardian.

The demand came even after Maroney denied the pictures were actually of her.

Anyone who owns or shares - this includes all views or downloads - photos of anyone under the age of 18 is subject to prosecution pursuant to US law. The FBI announced Monday that it was “addressing” the leak of around 400 images of about 100 female celebrities."
http://rt.com/usa/184851-celebrity-photos-hack-porn/

this is why this is having a big effect on Apple because if you can steal a hundred ID's you can steal a thousand or ten thousand etc

this was not targeted to one or two or just some luck with some bad passwords or security on some accounts, no this was a systematic breakdown of lax security that was set on the whole system and where the 100 celebrities were victimized because they were targeted but it could have been anyone who had an account on Icloud

and this is how they have done it

"On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com. And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB’s forum.
http://www.wired.com/2014/09/eppb-icloud/

but the best we keep for the last

Apple knew is was in the wrong and without saying so it have done something to show that it knew it was in the wrong (that it didn't protect their users and the private pictures of their users as a good father with all the available tools that are available and used in the rest of the industry)

it said that now it will send a mail if somebody tries to enter to your account with a machine that you didn't register

something that Yahoo and Facebook have been doing for some time and that is another barrier

now Apple, was that so much trouble to do something like the rest of the industry is doing to secure their clients ?

ps the russian software doesn't work with a phone that didn't install anything from the internet and that didn't receive any updates from the internet or that wasn't connected to a PC - those phones are safe

Permalink | |  Print |  Facebook | | | | Pin it! |

anonghost releases their private shell (tool)

Anonghost is one of the most effective hackers on the web - as far as private hackers are concerned because we don't know what the hired guns do

they have decided to release a set of tools that can bypass a lot of securitytools and controls

source image http://www.meethackers.com/2014/08/anonghost-shell-priv8-2014-by-anonghost.html#.VAoTOmPc3pc

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine this is how big a rocket is that is fired by the hundreds

Permalink | |  Print |  Facebook | | | | Pin it! |

09/04/2014

network of infected linux servers attacks entertainment portals worldwide

source http://www.prolexic.com/knowledge-center-ddos-threat-advisory-iptables-iptablex-linux-bots-botnet-cybersecurity.html

you have to subscribe to get the list with infected IP addresses

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine speaking about dead soldiers in Russia puts you in all kinds of danger

sourcehttp://www.frontlinedefenders.org/node/27015

the relativity of democracy and freedom in Russia

Permalink | |  Print |  Facebook | | | | Pin it! |

teampOison hacker went to fight with Islamic State

so another hero of Anonymous folk

a so called hacktivist, hacking the mailbox of Blair

let his mask fall and goes away to kill us, the infidels

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine warfare during satellite monitoring : wait untill the satellite has passed

 

Permalink | |  Print |  Facebook | | | | Pin it! |

a rogue spynetwork has placed those rogue telephone towers to steal your messages

we have been publishing lately about several firms that were offering a private costly spy infrastructure to follow mobiles and to intercept all their messages and information

in the US a network of such stealth interceptors has been discovered

the privacy commission in Belgium is investigating the presence of one such interceptor tower in Belgium and one that is said to be installed in Holland

http://venturebeat.com/2014/09/02/who-is-putting-up-interceptor-cell-towers-the-mystery-deepens/

"The towers were revealed by Les Goldsmith to Popular Science last week. He’s CEO of ESD America, which builds the super-secure Cryptophone 500 for clients that need the military-grade security and can handle the phone’s estimated $3,500 price tag."

Permalink | |  Print |  Facebook | | | | Pin it! |

after the nude pics from celebs 4chan becomes a normal forum with rules and laws

this is a big revolution because if there was one place where you could find any kind of garbage content it was there

http://arstechnica.com/tech-policy/2014/09/4chan-adopts-dmca-policy-after-nude-celebrity-photo-postings/

Permalink | |  Print |  Facebook | | | | Pin it! |

unsecurity is costly and Apple is now feeling it (how can we trust all the rest is ok)

 

well it was a small bug that they had chosen not to activate to that it would stop this kind of attacks

oh come on, it is a beginners mistake even a starting security manager checking his first application asks

that makes it all so incredible

but it is another proof that Apple doesn't think that security is important enough

source picture http://www.ibtimes.co.uk/apple-share-price-plummets-following-icloud-linked-leak-jennifer-lawrence-nude-pictures-1463879

Permalink | |  Print |  Facebook | | | | Pin it! |

the hackingtool against the Apple Icloud is still online but Apple patched it

"On August 30, just a day before the massive leak, proof-of-concept code for an AppleID password bruteforce was uploaded to the GitHub by a mobile security team HackApp. What a coincident! Isn’t it?
 
The proof-of-concept code for the exploit is known as iBrute. The code exploited a vulnerability in Apple’s Find My iPhone application sign in page. The flaw let hackers to flood the site with multiple number of password attempts without being locked out and by using brute-force techniques, hackers could guess the password used to protect those celebrities accounts. Apple patched the vulnerability early on September 1.http://thehackernews.com/2014/09/apple-patches-find-my-ip...
 
and no Apple doesn't communicate about that and talks a lot about double authentification as a solution but that IS NOT a solution because that double authentification is not used with every Apple service and especially when you use or update backups
 
so if you want to use double authentification with apple you have to do a backup offline at your home with your own hardware because activating any backup solution or function will just disable your security
 
the BUG was that the simple authentification logon of Apple had no bruteforce protection (some other Apple services have that) which means that you could try as many passwords as you would like without having a lockout or having to wait hour before trying some other passwords.
 
so what did they do ? well they just took the usernames they found somewhere online and than tried a set of popular passwords and some of them worked. By the way if your tool has no bruteforce protection than there are 1 billion passwords online that can be tried although that would be too much
 
and Apple, they have the wrong companyculture, the wrong securityculture and the wrong securitycommunication

Permalink | |  Print |  Facebook | | | | Pin it! |

Firefox update protects against rogue and stolen certificates (they know about)

    “allows site operators to specify which CAs issue valid certificates for them, rather than accepting any one of the hundreds of built-in root certificates that ship with Firefox.”

    “If any certificate in the verified certificate chain corresponds to one of the known good (pinned) certificates, Firefox displays the lock icon as normal. When the root cert for a pinned site does not match one of the known good CAs, Firefox will reject the connection with a pinning error,”

Permalink | |  Print |  Facebook | | | | Pin it! |

a publication of 500 emails between the CIA and journalists in 2012

the US has a strange freedom of Information act in which the effects are still evolving and things seem possible that we wouldn't dream off in our socalled 'better' democracies in Europe

in other words you can ask all emails between a public officer or public institution and any other person

some things will be blackened out

but still

in fact you should now remember this and keep as much as possible away from email

because it is equal to paper correspondence

you can download it here https://firstlook.org/theintercept/document/2014/09/04/email-correspondence-reporters-cia-flacks/

 

Permalink | |  Print |  Facebook | | | | Pin it! |

misschien wou de hacker ook voor doktertje spelen (hacked yes)

op de homepage en zonder encryptie

en dan heb je de volgende pagina

http://dokterspraktijk-delorge.be/k3rnel31.php

it is maybe time for some standards

Permalink | |  Print |  Facebook | | | | Pin it! |

hacked ticketbase.be snel en veilig tickets kopen ?

dit is de reklame

dit is de realiteit

Permalink | |  Print |  Facebook | | | | Pin it! |

website belgian Itfirm doesn't mind it webbusiness

source http://www.zone-h.org/mirror/id/22838690

Permalink | |  Print |  Facebook | | | | Pin it! |

e-lotto.be can be attacked with an xss because of bad cookie policy

asafaweb.com

 

Permalink | |  Print |  Facebook | | | | Pin it! |

09/03/2014

e-lotto.be runs on hackable serverware and has a bad installation of its encryption

and now they want you also to use your EID to play elotto

but like nobody cares about the installation of the servers and there are no external audits, no security indicators this just stinks

first they are still running on a very old version of IIS, namely the version 6 that is hacked over and over again when we go through which kind of Microsoft servers gets hacked the most often

anybody a bit conscious about the security of its transactions would have upgraded to the most recent version who not only have resolved some functional bugs but also is a major improvement on the side of security

because in fact they are asking a lot of information, even your Rijksregisternumber something about which the Privacycommission in Belgium is very anxious and normally has very strict rules (and normally they should have filled in a form with a series of assurances about the securitypolicies they should have). If they had a real securitypolicy that was implemented this kind of situation wouldn't be able to happen.

and there is something else that is strange in the report by ssllabs.com

we are on the site e-lotto and here we are send to the site escoore.be huh ?

this kind of mismanagment of Identification of servers and webservices and names makes it not only confusing for certificates and other identification controls but also for the user who may be easier to confuse so that he will click on the wrong link and be phished

so what does ssllabs say about the strength of the server certificate of e-lotto ? well that doesn't look very good, but maybe you want to take a gamble on that

oh yeah and they declare themselves in the FAQ that they have the highest level of security and that a team of specialists is standing by to secure the server

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine important Russian general wants preventive nuclear strik in military ideology

In the last Russian military strategy the west was not called an enemy (2010) now the west and the US are clearly the enemies of Russia says the Coordinator Office of Inspector General of the Russian Ministry of Defence, Army General Yuri Yakubov

This important person will take part in rewriting the plan before the end of the year taking into account what happens in Ukraine and around Russia especially in the west he says the following

""In particular, in my opinion, you need to carefully consider the forms and methods of operation of EBA, in close cooperation with strategic nuclear deterrence forces, the Strategic Missile Forces, strategic aviation and the Navy. Thus it is necessary to study the conditions under which Russia could preempt the Russian strategic nuclear forces" - said the general'"  http://www.interfax.ru/russia/394742 (google translate)

are they all going bonkers

in my youth I have protested and demonstrated against US missiles because I couldn't believe that Russia would fire nuclear weapons first, you should be stupid and Reagan was a warmonger

now, the game has changed totally, it are the Russians who are now clearly and openly threatening us with nuclear weapons and are being imperialistic warmongers

now I want nuclear weapons in the hope that there are enough to make it clear that the philosophy of Mutual Assured destruction still exists and is something that will keep even the madmen in the Kremlin in check

Permalink | |  Print |  Facebook | | | | Pin it! |