- Page 4

  • you can use your critical EID at the unsafe online E-lotto site

    go ahead trust the advertising

    but http://belsec.skynetblogs.be/archive/2014/09/03/e-lotto-be-can-be-attacked-with-an-xss-because-of-8272832.html

    and this http://belsec.skynetblogs.be/archive/2014/09/03/e-lotto-be-can-be-attacked-with-an-xss-because-of-8272832.html

    so go ahead make a hackers day use your ID and your credictcard in the same unsafe environment - total information loss

  • icloudhack targeted 100 female celebrities

    "Lawyers for US Olympic gymnast McKayla Maroney have served a legal demand on porn.com, which has hosted the photos originally released on the online forum 4chan, according to The Guardian.

    The demand came even after Maroney denied the pictures were actually of her.

    Anyone who owns or shares - this includes all views or downloads - photos of anyone under the age of 18 is subject to prosecution pursuant to US law. The FBI announced Monday that it was “addressing” the leak of around 400 images of about 100 female celebrities."

    this is why this is having a big effect on Apple because if you can steal a hundred ID's you can steal a thousand or ten thousand etc

    this was not targeted to one or two or just some luck with some bad passwords or security on some accounts, no this was a systematic breakdown of lax security that was set on the whole system and where the 100 celebrities were victimized because they were targeted but it could have been anyone who had an account on Icloud

    and this is how they have done it

    "On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com. And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB’s forum.

    but the best we keep for the last

    Apple knew is was in the wrong and without saying so it have done something to show that it knew it was in the wrong (that it didn't protect their users and the private pictures of their users as a good father with all the available tools that are available and used in the rest of the industry)

    it said that now it will send a mail if somebody tries to enter to your account with a machine that you didn't register

    something that Yahoo and Facebook have been doing for some time and that is another barrier

    now Apple, was that so much trouble to do something like the rest of the industry is doing to secure their clients ?

    ps the russian software doesn't work with a phone that didn't install anything from the internet and that didn't receive any updates from the internet or that wasn't connected to a PC - those phones are safe

  • anonghost releases their private shell (tool)

    Anonghost is one of the most effective hackers on the web - as far as private hackers are concerned because we don't know what the hired guns do

    they have decided to release a set of tools that can bypass a lot of securitytools and controls

    source image http://www.meethackers.com/2014/08/anonghost-shell-priv8-2014-by-anonghost.html#.VAoTOmPc3pc

  • network of infected linux servers attacks entertainment portals worldwide

    source http://www.prolexic.com/knowledge-center-ddos-threat-advisory-iptables-iptablex-linux-bots-botnet-cybersecurity.html

    you have to subscribe to get the list with infected IP addresses

  • #ukraine speaking about dead soldiers in Russia puts you in all kinds of danger


    the relativity of democracy and freedom in Russia

  • teampOison hacker went to fight with Islamic State

    so another hero of Anonymous folk

    a so called hacktivist, hacking the mailbox of Blair

    let his mask fall and goes away to kill us, the infidels

  • a rogue spynetwork has placed those rogue telephone towers to steal your messages

    we have been publishing lately about several firms that were offering a private costly spy infrastructure to follow mobiles and to intercept all their messages and information

    in the US a network of such stealth interceptors has been discovered

    the privacy commission in Belgium is investigating the presence of one such interceptor tower in Belgium and one that is said to be installed in Holland


    "The towers were revealed by Les Goldsmith to Popular Science last week. He’s CEO of ESD America, which builds the super-secure Cryptophone 500 for clients that need the military-grade security and can handle the phone’s estimated $3,500 price tag."

  • after the nude pics from celebs 4chan becomes a normal forum with rules and laws

    this is a big revolution because if there was one place where you could find any kind of garbage content it was there


  • unsecurity is costly and Apple is now feeling it (how can we trust all the rest is ok)


    well it was a small bug that they had chosen not to activate to that it would stop this kind of attacks

    oh come on, it is a beginners mistake even a starting security manager checking his first application asks

    that makes it all so incredible

    but it is another proof that Apple doesn't think that security is important enough

    source picture http://www.ibtimes.co.uk/apple-share-price-plummets-following-icloud-linked-leak-jennifer-lawrence-nude-pictures-1463879

  • the hackingtool against the Apple Icloud is still online but Apple patched it

    "On August 30, just a day before the massive leak, proof-of-concept code for an AppleID password bruteforce was uploaded to the GitHub by a mobile security team HackApp. What a coincident! Isn’t it?
    The proof-of-concept code for the exploit is known as iBrute. The code exploited a vulnerability in Apple’s Find My iPhone application sign in page. The flaw let hackers to flood the site with multiple number of password attempts without being locked out and by using brute-force techniques, hackers could guess the password used to protect those celebrities accounts. Apple patched the vulnerability early on September 1.http://thehackernews.com/2014/09/apple-patches-find-my-iphone.html
    and no Apple doesn't communicate about that and talks a lot about double authentification as a solution but that IS NOT a solution because that double authentification is not used with every Apple service and especially when you use or update backups
    so if you want to use double authentification with apple you have to do a backup offline at your home with your own hardware because activating any backup solution or function will just disable your security
    the BUG was that the simple authentification logon of Apple had no bruteforce protection (some other Apple services have that) which means that you could try as many passwords as you would like without having a lockout or having to wait hour before trying some other passwords.
    so what did they do ? well they just took the usernames they found somewhere online and than tried a set of popular passwords and some of them worked. By the way if your tool has no bruteforce protection than there are 1 billion passwords online that can be tried although that would be too much
    and Apple, they have the wrong companyculture, the wrong securityculture and the wrong securitycommunication

  • Firefox update protects against rogue and stolen certificates (they know about)

        “allows site operators to specify which CAs issue valid certificates for them, rather than accepting any one of the hundreds of built-in root certificates that ship with Firefox.”

        “If any certificate in the verified certificate chain corresponds to one of the known good (pinned) certificates, Firefox displays the lock icon as normal. When the root cert for a pinned site does not match one of the known good CAs, Firefox will reject the connection with a pinning error,”

  • a publication of 500 emails between the CIA and journalists in 2012

    the US has a strange freedom of Information act in which the effects are still evolving and things seem possible that we wouldn't dream off in our socalled 'better' democracies in Europe

    in other words you can ask all emails between a public officer or public institution and any other person

    some things will be blackened out

    but still

    in fact you should now remember this and keep as much as possible away from email

    because it is equal to paper correspondence

    you can download it here https://firstlook.org/theintercept/document/2014/09/04/email-correspondence-reporters-cia-flacks/


  • misschien wou de hacker ook voor doktertje spelen (hacked yes)

    op de homepage en zonder encryptie

    en dan heb je de volgende pagina


    it is maybe time for some standards

  • hacked ticketbase.be snel en veilig tickets kopen ?

    dit is de reklame

    dit is de realiteit

  • website belgian Itfirm doesn't mind it webbusiness

    source http://www.zone-h.org/mirror/id/22838690

  • e-lotto.be runs on hackable serverware and has a bad installation of its encryption

    and now they want you also to use your EID to play elotto

    but like nobody cares about the installation of the servers and there are no external audits, no security indicators this just stinks

    first they are still running on a very old version of IIS, namely the version 6 that is hacked over and over again when we go through which kind of Microsoft servers gets hacked the most often

    anybody a bit conscious about the security of its transactions would have upgraded to the most recent version who not only have resolved some functional bugs but also is a major improvement on the side of security

    because in fact they are asking a lot of information, even your Rijksregisternumber something about which the Privacycommission in Belgium is very anxious and normally has very strict rules (and normally they should have filled in a form with a series of assurances about the securitypolicies they should have). If they had a real securitypolicy that was implemented this kind of situation wouldn't be able to happen.

    and there is something else that is strange in the report by ssllabs.com

    we are on the site e-lotto and here we are send to the site escoore.be huh ?

    this kind of mismanagment of Identification of servers and webservices and names makes it not only confusing for certificates and other identification controls but also for the user who may be easier to confuse so that he will click on the wrong link and be phished

    so what does ssllabs say about the strength of the server certificate of e-lotto ? well that doesn't look very good, but maybe you want to take a gamble on that

    oh yeah and they declare themselves in the FAQ that they have the highest level of security and that a team of specialists is standing by to secure the server

  • #ukraine important Russian general wants preventive nuclear strik in military ideology

    In the last Russian military strategy the west was not called an enemy (2010) now the west and the US are clearly the enemies of Russia says the Coordinator Office of Inspector General of the Russian Ministry of Defence, Army General Yuri Yakubov

    This important person will take part in rewriting the plan before the end of the year taking into account what happens in Ukraine and around Russia especially in the west he says the following

    ""In particular, in my opinion, you need to carefully consider the forms and methods of operation of EBA, in close cooperation with strategic nuclear deterrence forces, the Strategic Missile Forces, strategic aviation and the Navy. Thus it is necessary to study the conditions under which Russia could preempt the Russian strategic nuclear forces" - said the general'"  http://www.interfax.ru/russia/394742 (google translate)

    are they all going bonkers

    in my youth I have protested and demonstrated against US missiles because I couldn't believe that Russia would fire nuclear weapons first, you should be stupid and Reagan was a warmonger

    now, the game has changed totally, it are the Russians who are now clearly and openly threatening us with nuclear weapons and are being imperialistic warmongers

    now I want nuclear weapons in the hope that there are enough to make it clear that the philosophy of Mutual Assured destruction still exists and is something that will keep even the madmen in the Kremlin in check