we didn't publish this list from the Internet Storm Center since long but this has to be seen as a critical update because the attacks based on these vulnerabilities have been going on for 5 years now and the zeroday (or should be say zeroyear ?) leaks have had a good newscycle yesterday with the securityfirm trying to make a name for itself ahead of the release of the protections to announce to the (black Under) world that this is how you can compromise a computer easily. They couldn't wait another week of two so that all the critical posts were patched meanwhile.
If you are on a critical network or have critical information that you should do more security research in your logs based upon the articles that were published yesterday (but were very vague to say the least)
Overview of the October 2014 Microsoft patches and their status.
|#||Affected||Contra Indications - KB||Known Exploits||Microsoft rating(**)||ISC rating(*)|
|MS14-056||Cumulative Security Update for Internet Explorer (replaces MS14-052)|
|Microsoft Windows, Internet Explorer
CVE-2014-4123, CVE-2014-4124, CVE-2014-4126, CVE-2014-4127, CVE-2014-4128, CVE-2014-4129, CVE-2014-4130, CVE-2014-4132, CVE-2014-4133, CVE-2014-4134, CVE-2014-4137, CVE-2014-4138, CVE-2014-4141, CVE-2014-4123, CVE-2014-4124, CVE-2014-4126, CVE-2014-4127, CVE-2014-4128, CVE-2014-4129, CVE-2014-4130, CVE-2014-4132, CVE-2014-4133, CVE-2014-4134, CVE-2014-4137, CVE-2014-4138, CVE-2014-4140, CVE-2014-4141
CVE-2014-4123 has been exploited.
|MS14-057||Vulnerabilities in .NET Framework Could Allow Remote Code Execution (replaces MS12-016)|
|Microsoft Windows, Microsoft .NET Framework
|MS14-058||Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (replaces MS14-015)|
|KB 3000061||Yes. Used in Limited Attacks||Severity:Critical
|MS14-059||Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass|
|Microsoft Developer Tools
|MS14-060||Vulnerability in Windows OLE Could Allow Remote Code Execution (replaces MS12-005)|
|KB 3000869||yes. against powerpoint. See iSight disclosure.||Severity:Important
|MS14-061||Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (MS14-034, MS14-017)|
|Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps
|MS14-062||Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (MS09-040)|
|KB 2993254||publicly disclosed but not exploited.||Severity:Important
|MS14-063||Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege|
We appreciate updates
official reference http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201... here all the necessary official updates will be collected and published, this is the official reference for all technical information or the links to them for more information. For the moment there is NO information but normally that should change in the following hours (showing another effect of the going-alone attitude of Google in this)
this is an older version of ssl but when a browser can't connect to the newer versions he falls back on this one which is already 15 years old and if you remember how malware and exploitcode writing has developed over the last 15 years than you will understand that such old code will be prone to all kinds of vulnerabilities
so as long as browsers make it impossible to be (forced to) use this older and totally insecure protocol than we have now other solution than to patch and patch and patch
when will the IT industry learn that someday we will have to throw definitely some code away and oblige people to upgrade or just say that it doesn't work anymore point final.
well this is what Google has decided to do today - but I am not so sure that they have coordinated enough with the rest of the industry who doesn't seem so ready as in past discoveries which needed a vertical upgrade across the board of software and hardware.
For the technical people, this is the issue (in normal terms : the encryption is too weak so it can be broken and if the encryption can be broken everything can be read and that includes authentification like passwords)
"With block ciphers, we have a second problem: What if the block to be encrypted is too short? In this case, padding is used to make up for the missing data. Since the padding isn't really considered part of the message, it is not covered by the MAC (message authorization code) that verified message integrity. So what does this mean in real live? The impact is similar to the BEAST attack. An attacker may either play MitM, or may be able to decrypt parts of a message if the attacker is able to inject data into the connection just like in the BEAST attack. The attack allows one to decrypt one byte at a time, if the attacker is able to inject messages right after that byte that include only padding https://isc.sans.edu
"Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.
Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly
http://googleonlinesecurity.blogspot.be/2014/10/this-pood... (see more information later in this post)
"Security experts said that hackers could steal browser "cookies" in "Poodle" attacks, potentially taking control of email, banking and social networking accounts
In fact it is easier to do than the Beast attack and is in fact the practical realisation of some other theoretical attacks against the oldest versions of SSL which seem to take too many resources in the newer versions of SSL
"This attack, called POODLE, is similar to the BEAST attack and also allows a network attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie data. Unlike the BEAST attack, it doesn't require such extensive control of the format of the plaintext and thus is more practical.
Fundamentally, the design flaw in SSL/TLS that allows this is the same as with Lucky13 and Vaudenay's two attacks: SSL got encryption and authentication the wrong way around – it authenticates before encrypting.
BUT THERE IS ONE IMPORTANT CONDITION
" This code sends several requests to a target HTTPS website, where cookies are sent automatically if a previous authenticated session exists. This is a required condition in order to exploit this vulnerability. The attacker could then intercept this HTTPS traffic, and by exploiting a weakness in the CBC block cypher in SSL 3.0, could decrypt portions of the encrypted traffic (e.g. authentication cookies).
So this means that when one authentificaties in for example Facebook and keeps it 'ALIVE' and then surfs to a vulnerable server that attacks the PC and than gets back to Facebook than the attack can start. So by NOT implementing KEEP ALIVE cookies. For this to work the attacker needs to send hundreds of transactions of handshakes but that the user won't see, things will maybe slow down but he will think that there are some problems on the server (even with a fake error message on his screen)
they can do this with a middle in the man attack on the network or on the PC (while you connect to the internet or the PC)
"Jeff Moss, a cyber adviser to the U.S. Department of Homeland Security, said attackers would need to launch a "man-in-the-middle" attack, placing themselves between victims and websites using approaches such as creating rogue WiFi "hotspots" in Internet cafes.
Mozilla plans to disable SSL 3.0 by default in the next version of its Firefox browser, to be released on Nov. 25. (http://mzl.la/1DaxOwY).
"SSL version 3.0 is no longer secure," Mozilla said on its blog. "Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible."
Microsoft Corp issued an advisory suggesting that customers disable SSL 3.0 on Windows for servers and PCs.
Representatives with Apple Inc could not be reached. An Oracle Corp spokeswoman had no immediate comment.
and how widespread can these attacks become ?
"a non-trivial number of SSLv3 servers still exist and workarounds for the bugs mean that an attacker can convince a browser to use SSLv3 even when both the browser and server support a more recent version. Thus, this attack is widely applicable.
will this update also give a solution to all the different attacks against online (Financial) service that make use of the fallback mechanism in which the browser (without even informing the users) is forced back to an unsecure older version of a 'secure' protocol so that the attacker can use proven code and methods to get the authentification détails before they are encrypted ? It says it does (it has to pass the hackers and securityresearchers test although)
"fallback behaviour is bad news. In fact, Bodo and I have a draft out for a mechanism to add a second, less bug-rusted mechanism to prevent it called TLS_FALLBACK_SCSV. Chrome and Google have implemented it since February this year and so connections from Chrome to Google are already protected. We are urging server operators and other browsers to implement it too. It doesn't just protect against this specific attack, it solves the fallback problem in general. For example, it stops attackers from downgrading TLS 1.2 to 1.1 and 1.0 and thus removing modern, AEAD ciphers from a connection. (Remember, everything less than TLS 1.2 with an AEAD mode is cryptographically broken.) There should soon be an updated OpenSSL version that supports it.
this oversight for now
Microsoft : publishes information how to stop ssl fallback behaviour
In Internet Explorer you have to disable sslv3 support manually (or with a networkscript) even in version 11
Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Internet Explorer
You can disable the SSL 3.0 protocol that is affected by this vulnerability. You can do this by modifying the Advanced Security settings in Internet Explorer.
To change the default protocol version to be used for HTTPS requests, perform the following steps:
- On the Internet Explorer Tools menu, click Internet Options.
- In the Internet Options dialog box, click the Advanced tab.
- In the Security category, uncheck Use SSL 3.0 and check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2 (if available).
- Click OK.
- Exit and restart Internet Explorer.
but Internet Explorer 6 is broken but why the hell are you still using a version that is so buggy it can be hacked in over a minute
Microsoft users should also connect reguarly to those two resources to secure their computer or to download free securitytools and upgrade their Windows (even if they are pirated they will get security updates)
- Protect your PC
We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center.
- Keep Microsoft Software Updated
Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.
Apple : No news
Oracle : No news
Google : only Chrome to Google services are secured, don't use another server, the rest will take MONTHS. ".
In the coming months, we hope to remove support for SSL 3.0 completely from our client products" (see Googleblog)
Servers on Opensll : No fallback patch yet
Firefox : you have to wait untill the update of the 25th of NOVEMBER (yeah)
For the moment the Internet Storm center has tested the following
You can test if your browser is vulnerable on this site https://www.poodletest.com/
Unofficial patches to install
"I've just landed a patch on Chrome trunk that disables fallback to SSLv3 for all servers. This change will break things and so we don't feel that we can jump it straight to Chrome's stable channel. But we do hope to get it there within weeks and so buggy servers that currently function only because of SSLv3 fallback will need to be updated.
Chrome users that just want to get rid of SSLv3 can use the command line flag --ssl-version-min=tls1 to do so. (We used to have an entry in the preferences for that but people thought that “SSL 3.0” was a higher version than “TLS 1.0” and would mistakenly disable the latter.)
In Firefox you can go into about:config and set security.tls.version.min to 1. I expect that other browser vendors will publish similar instructions over the coming days.
For server owners (you won't have any IE 6.0 traffic anymore)
As a server operator, it is possible to stop this attack by disabling SSLv3, or by disabling CBC-mode ciphers in SSLv3. However, the compatibility impact of this is unclear
You can publish a message if you see that they are coming to your site with that very old browser in which you publish a link to upgrade their browser or to change their browser to Firefox or Chrome.
You can test if your server is vulnerable here http://www.ssllabs.com (test a server)
another test you can do with an openssl client
using the openssl client: (if it connects, it supports SSLv3)
penssl s_client -ssl3 -connect [your web server]:443
For Microsoft network managers
Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Group Policy
You can disable the SSL 3.0 protocol that is affected by this vulnerability. You can do this by modifying the Turn Off Encryption Support Group Policy Object.
- Open Group Policy Management.
- Select the group policy object to modify, right click and select Edit.
- In the Group Policy Management Editor, browse to the following setting:
Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Explorer Control Panel -> Advanced Page -> Turn Off Encryption Support
- Double-click the Turn off Encryption Support setting to edit the setting.
- Click Enabled.
- In the Options window, change the Secure Protocol combinations setting to "Use TLS 1.0, TLS 1.1, and TLS 1.2".
- Click OK.
AS LONG AS THE SERVERS DON'T GET PATCHED THE FALLBACK ATTACK CAN TAKE PLACE FROM THE SERVER TO THE USER DIRECTION.
servers who want to pass to RC4 will find themselves the victims of other attacks so this is NOT a solution, you should finally start implementing a real stable secure encryption environment and configure it as such with security in mind and not the least secure visitor you can have to your site who would jeopardize the security of your users in the same way EBOLA does with humans
Maybe it is time to give servers a certificate for the (in)security of their encryption and the way it is configured. Maybe it is time for proxy servers in networks to block access to totally insecure servers that we shouldn't let our users visit anymore for their own protection and that of our resources. That will make an impact on the server owners who will see much of their 'business traffic' fall and so become less interesting for advertisers (who could use the blocklists to see if that site is accessable to people with money (and that are people who work).
First the FCCU has opened an investigation. This is a crminal investigation against the hacker. The only thing he can do is hide and run or try to negotiate some deal (but only with lower sentence) when he returns the data. Blackhat hackers are seldom hired in the industry and only when they have so many different compétences that they are very valuable.
They will collect all the possible data even the most small détails because it are the détails that gets hackers busted.
Secondly the privacycommission has opened an investigation. This is normal because it has been in the press. In this investigation it will ask itself the following questions ?
* which kind of data is lost and how was it lost ? (this is not clear yet)
* were all the victims informed of this ? (some say no on this forum)
* was the data sufficiently protected ? (according to the hacker the seeding of the data was not very strong and it was not encrypted)
* was the application sufficiently secured and tested ? (well look at the versions and decide for yourself. If you are responsable for the data of 100.000 members than I am not sure you have been acting as a good housefather by not buying the paid licence that was updated)
* did anybody send information about possible securityproblems and how were they handled by the network administrators, by the hosters and by the securitypeople of the network
* was the server sufficiently secured ? (it is not sure that they came in by the application, they could also have used vulnerabilities on the server of the application
* was the network secured enough ? this means is everything done to stop these kinds of attacks against my applications before they attack them (application firewall for example)
*¨was there logging and monitoring and why didn't any alarms go off with the securitycenter that should be monitoring what is happening on the servers and the network ?
* was the incident response sufficient when it became known or when the alarms started going off ?
so if you see this will be a very interesting case and not only because of 9lives but because this touches a very fundamental question - especially in Belgium where everybody acts as if nobody is responsable for anything when shit happens - which part of the security should be taken care off by the hoster and which part by the applicationadmin and how should they work and interact together.
Yoiu can file a complaint with the privacycommission by sending an email to email@example.com and you mention that are or were a member of the 9lives community and that you want them to investigate what happened and who is responsable and what to do to make sure that this doesn't happen again
You will get no money as long as your creditinformation or your EID information is not involved because the sums that would receive are there to compensate for all the administrative changes that you have to ask or to do
But just as with the NMBS case it will force the major hosters in Belgium to take notice and to invest more in security for us and everybody else and that makes it a good thing even if it is only a small mail.
This will probably not be an investigation or complaint against somebody and surely not against a volunteer (because in this case the commercial owner of the forum would be responsable to be irresponsable to use only unpaid volunteers to keep a forum with 30.000 daily visitors)
the reason is that there are several very critical zerodays that are or can be exploited by known or not yet known viruses. One is by the energybear or sandstorm worm that has received much press today because the firm had to keep quiet untill today
"After the exploit was shared with Microsoft in early September, it was determined that the vulnerability is located in the Object Linking and Embedding (OLE) package manager and that it affects all versions of the Windows operating system from Vista Service Pack 2 to Windows 8.1, as well as Windows Server 2008 and 2012.
"The vulnerability exists because Windows allows the OLE packager (packager.dll) to download and execute INF files," the iSight researchers said. "In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packager allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources."
Attackers can leverage this vulnerability to execute arbitrary code, but will need to trick users to open a specifically crafted file first by using social engineering techniques, something that was observed in this campaign.
"Although iSight only has a small view of the number of victims targeted in the campaign, the victims include among others, the North Atlantic Treaty Organization, Ukrainian and European Union governments, energy and telecommunications firms, defense companies, as well as at least one academic in the US who was singled out for his focus on Ukrainian issues. The attackers also targeted attendees of this year’s GlobSec conference, a high-level national security gathering that attracts foreign ministers and other top leaders from Europe and elsewhere each year.
It appears Sandworm is focused on nabbing documents and emails containing intelligence and diplomatic information about Ukraine, Russia and other topics of importance in the region. But it also attempts to steal SSL keys and code-signing certificates, which iSight says the attackers probably use to further their campaign and breach other systems.
and we are not talking about some spammers or scriptkiddies these are targeted attacks against high value targets so you can not suppose that they are not going to do this, why wouldn't they if this was their main purpose of the attack, having access to the confidential and secret information that they were after in the first place
with or without a certificate
it makes it also much easier to infect other systems because your malware code is authentificated with a stolen certificate (and code seldom is signed by external institutions and it is seldom that you can see somewhere where it is installed and used)
some other interesting information
* the virus-attacker is known since 2008
* it uses some process in powerpoint, so this is the entree point for the virus (some powerpoint files extremely popular with decisionmakers)
* it wouldn't surprise me if the targeted western european government that is mentioned vaguely is Belgium because the European Union and NATO are also targeted so why shouldn't you attack also the government that is on the same networks ?
* it is also interesting to note that they are talking about several European telecommunication firms ....
the list is from the portions that are published on pastebin
This is the accumulated list so far (6 postings) http://belsec.skynetblogs.be/hacked-dropbox-accounts-the-... they have already been downloaded more than 50.000 times so you can expect a lot of attacks against those addresses
the hackers are publishing portions of the database from time to time depending if someone gives them a bitcoin or not (this is the first time that the crimecommunity can finance a dataleakage)
"MORE BITCOIN = MORE ACCOUNTS PUBLISHED ON PASTEBIN
I figure being locked out of your account is better than script kiddies snooping through your files.
Don't donate to the script kiddy's bitcoin address, as the passwords leaked will not be valid for long.
Password changed: Benitesleo@hotmail.com
Password changed: firstname.lastname@example.org
Password changed: Benitez_ja@hotmail.com
Dropbox says that third applications are responsable which is the same issue we had with snapchat. You are as secure as the connected services are ......
They also said that they are asking those users to change their password ? So 7 million users have to change their password all of a sudden ?
This is their official answer and it closes any issue one may have with them
this leaves two to tango (hostbasket and the domain owners)
the domain owner got the same questions
so we are looking forward to his answers
It is confirmed that the Belgian privacycommission has opened an investigation into the databreach of 9lives.be
hardly impossible not to do this
and the second thing is
it is confirmed that if you want to file a complaint (and we would say that this may have some impact as it will convince the Privacycommission that more action is needed and that this kind of thing may not happen again in this way if we are talking about such important social gateways on the web)
you simply have to send an email to the privacycommission email@example.com
with the subject
Klacht hacking 9lives.be
met je contactgegevens en dat je lid was van en dat je wilt dat de privacycommissie onderzoekt waarom je persoons- gegevens en het forum niet beter waren beveiligd
each drop is important because together we can make waves....
well who is hosting it (because the hoster has to install the necessary security - like a good housefather so it becomes more difficult to attack and hack the sites that are hosted on its servers that itself it secures permanently)
and who owns the domainname 9lives.be ?
well it is a firm so they have insurance if they get sued ..... should have ......
but who is itaf.eu, let's look at the propaganda
okay so there are two more firms who could be held responsable - the owner of the domainname and the firm that was held responsable
we have posed them some questions and we are looking forward to their responses .... if any
because some-one will be held responsable
from the new forum http://naajn.be/forum/viewtopic.php?f=1&t=2&start...
well there were 100.000 members according to some resources but some say that they never got any notification
if this would have been a serious hacker, the dataset would have been already sold and the data would already been in use, or added to some other datasets to make profiles of people (future victims)
but according to this post the notification was only sent to the people who were subscribed to their mailing list, not everybody who was impacted and for which they had an emailaddress
if this is so, than there may be problem with the breach notification because the breach notification according to the Belgian Privacycommission has to be done to everybody that is impacted within 48 hours (that is 100.000 people if the rumours are right)
if it was only sent to the people subscribed to the mailinglist (and in the absence of much other information from the serviceprovider) one can doubt that they have done exactly what had to be done
This is the declaration from the dutch cert
"Gezamenlijk met de responsepartners van het NCSC worden betrokken partijen geïnformeerd over de mogelijk kwetsbare websites. Zo informeert partner SIDN, Stichting Internet Domeinregistratie Nederland, via de .nl-registrars de houders van de kwetsbare .nl-websites. Gelijktijdig informeert de Informatiebeveiligingsdienst voor gemeenten (IBD) betrokken gemeenten, SURFnet de aangesloten onderwijs- en onderzoeksinstellingen en het ministerie van Defensie de aan hen gelieerde organisaties.
So the Dutch cert will inform together with the organisation responable for the .nl domain if they are on the list of the vulnerable and hacked (or just lost datasets) of Holdonsecurity (out of 42.000). Probably this was a number of sql injections
It also informs the securityofficers of the schools, the cities and the organisations of Defense about its websites that were vulnerable (because this is in fact what they are saying, that websites of the Dutch defense were vulnerable and if they were vulnerable lost some datasets)
Now the question is what the Belgian CERT will do for the .be domains ?
1 million .nl passwords and emails were sold on the darkweb ? Check yours (and what is the Belgian CERT doing for the .be emails)
Dit is de verklaring van de Nederlandse CERT
Het Nationaal Cyber Security Centrum (NCSC) heeft van Hold Security de beschikking gekregen over de domeinnamen en e-mailadressen met een .nl-extensie. Hold Security gaf eerder via mediaberichten aan een dataset met 1,2 miljard inloggegevens wereldwijd verkregen te hebben, afkomstig van 420.000 kwetsbare websites. Vanuit haar coördinerende rol en CERT-taak heeft het NCSC direct na ontvangst van de gegevens actie ondernomen en licht samen met partners getroffen partijen in
So out of a database of 1.2 billion data from hold on Security a million had an .nl emailaddress which made it clear that you have some connection to Holland
you can check if yours is here https://emailcheck.xs4all.nl/
this is why it is important that emailproviders like Yahoo and Google nationalise their domains so that instead of hundreds of millions generic .com emailaddresses it would be easier to identify those that belong to a certain country (and so a certain CERT).
It is not clear what the other CERTS are doing and it is not clear if the 42.000 hacked domains have been notified and if the generic domains are participating also (Google.com and Yahoo.com for example among many others)
as we have said before when he made this press declaration, the firm doesn't have the right to keep that data, that data should have been transferred to the dataprotectors (the CERT and the other institution to set up a coordinated action to notify the victims and to block their accounts if necessary to limit the damages)
they even set up an online form in which you could check if your personal logindetails were sold online or not (even if this may be very late as the information was made public in august and the 42.000 emptied
but there are other questions
* Holdon security said it was finding every week new datasets they were adding to their database, does this mean that the Dutch cert will receive new .nl logins if they find them ?
* what happens with the data about the .nl people that Holdon security has - and that now has been officially recognized that they have ? Because they are holding on to illegal information they have from citizens who didn't give them the right to keep that data for themselves. If I interpret the privacy régulations that I didn't give them any right to collect and surely not to keep this information.
And what is even more incredible is that they are asking money for it to check for me if my emailaddress is in the old and new datasets they are colleding
Reminder : if we take all the datasets together that have been stolen the last 2 to 3 years than yes we arrive at nearly a billion (what is more I even know there are several older Datadumps online on TOR). But we should also mention some quality information with the information. If it is an old leak from 2011 than there is little you can do, if the leak is from last week, than there is a big problem and you can still do some things.
at the other side, Holdon security has been the biggest lowhanging fruit on the internet, collecting all that data. I hope that their security is so strict and monitored that they can keep that information.
this is something that firms don't want to do ever
destroy the data from people who didn't log in the last year
or destroy the data from people that just ask for it because they prefer you do that
or to publish what to do if you are family of the person and the person is dead and you want to keep a copy, mention that he or she is dead or destroy the data because it has no sense anymore
destroying data over time will make many databreaches much smaller and less important
at the other side it will make the job of the identifythieves easier because the dead wood is no longer in the database but these professional datathieves have enough other tools to clean their datasets - if it was only because those datasets are only worth some real money if they are cleaned wihich makes the datacleaning worthwhile
DESTROY that data
No logins for a year and just block the account or just destroy it
and imagine how much less data you would have to backup, keep running on your servers, protect and transfer
after the right to forget the duty to forget
First nor Telenet nor the FCCU has your data, it is still in the hands of the hacker and I am not sure that Telenet and the hacker will find an agreement and that he will be able to show the necessary forensic proof that he didn't copy or forward the data (and if he is a hacker how can he give sufficient proof that would be trustworthy)
Secondly there is enough information of neglect on basis of which you could go to the Privacycommission and file an complaint so that there will be an investigation and at Telenet they will have the visit of some-one of the privacycommission who will go through every other private information they have and the security of the other databases they keep. This will probably oblige them to do the necessary investments and personnel changes.
A complaint with Telenet for negligence with the privacycommission will also give the privacycommission the means to go to court for damages.
Third you should change all your passwords that are the same or that sound like the one you have lost. Your emailaddress may be attacked also with spam and viruses.
hacker of 9lives.be is the most stupid hacker ever (in my view) and Telenet has the wrong priorities
from De Morgen today
he doesn't know that the Belgian computercrime law is very though and that the FCCU has very wide powers and that he can be convicted to many years because he can't show that his original intent was to show that he only wanted to show that there were securityproblems and he never intended to get any money from this hack
Telenet and the FCCU should also put their priorities right because the first priority should be to get the data and if you have to negotiate with the hacker for that - than you should negotiate some deal to get the data back before he thinks that it all stinks and just dumps it or gets a deal he can't refuse.
I remember the rex mundi negotations I did for half a million belgians who lost their data from VOO and the first interest was getting the data safe and not online, all the rest was at that time secondary. After that it is up for the FCCU to decide what to do but you can't compare this hacker to Rex Mundi who has really launched campaign against our country and was a real bounty-hacker.
this tells it all
the question is not if it is encrypted but how it is encrypted
the Telenet website was running version Vbulletin 4.2 because they didn't want to pay for version 5
and the site was updated the 1st of October but was in fact not ready for production because according to the users there were still an enormous number of bugs and even securityproblems
op tweakers verchijnt de volgende commentaar op het bericht van de hack
en in De Morgen staat volgend commentaar van Telenet
and so what is this
Now with a new film coming you shouldn't be surprised that superhero Snowden the symbol for his followers will be releasing new documents through his proxies (which we will examine as always) and will be making appearances from his safehome in superdemocracy Russia where the intelligence services are fully democratic and transparant and the democracy and libertyloving people are not fleeing to the West (or getting a second passport if they have the money for it so they can get out in time).
so today he declared that the English intelligence services have no transparent overview or whatever of democratic control (by the way they never had also because of their primordial role in the second world war which gave them an auro that the CIA or NSA never had and because of their close cooperation (or even integration) with the US intelligence services since the second world war (when they asked for US help because of the deep (and later proven) infiltration of their services even at the highest level by the KGB at the time of the coming of age of the Cold war and the dissolution of the antiNazi alliance shortly after the second world war). It was this postwar intelligence crisis in the UK, Canada and Australia which became the basis of the Echelon cooperation which in fact is the basis of the worldwide intelligence operations by the NSA and their Echelon partners which became public in 2000 (because of an investigation in 2000 by the European Parliament which ended without any results after the attacks of 9-11-2001) but are now put on public stage by Snowden.
I would just like to say that less is more and that talking all the time about everything will let you say things that make no sense.
If you would like to lose all public influence like Wikileaks have done over the last 2 years, you just continue like that from your Putin Safehaven.
Even if your intelligence services have very few oversight (and they should have more to say the least) than they are not acting like the Russian and Chinese intelligence services which are an active part of the nearly total surveillance and suppression aparatus of the whole Spectrum of democratic opposition (supported by laws that could never be accepted here and were even at the height of 9-11 not even proposed in the US).
as much as I do not agree with some of the operations by our national intelligence operations and as much as I would like them to be more transparant and self-critical (to be able to escape from a tunnelvision in which operations and technical possibilities become more important than the democratic values and the oversight one should place first) - I do not accept this criticism coming from some-one hiding in the autocratic surveillance state of Putin
and as much as you may be right - by saying so from Putin country - you are making it harder for the democratic opposition in our countries (of which too many are still blindly following you waiting for every word you speak) to say exactly the same things
and what you also don't understand from your cocoon is that just as 9/11 killed the enchelon invasion, the enormous Financial and military-terroristic capabilities from ISIS and the Russian military exponentialism and slavic ideology is changing the Framework of this discussion totally
because if the western democracies (yep, up to some point) don't have access to enough intelligence about the terrorist threats and the military capabilities and intentions of the Russians, how are we going to defend ourselves or being sure that we have enough and the right kind of forces to do so ? And where will we get this kind of information and how can we be sure that his information is correct if it isn't checked with information from a number of other sources ?
in case, you didn't notice, nobody sensible in Europe is asking anymore for breaking the cooperation with the intelligence services in the US and Echelon (by extension), the points of debate here are more the following (and this is not bad)
* better protecting our own infrastructure, data and leaders against foreign surveillance whoever it may be
* a better oversight of our own intelligence agencies and how they cooperate with other services without putting these in danger if the cooperation is essential for our national security
* having a new and more transparant Framework in which intelligence agencies set up operations in each other countries or against targets of each other countries
The advantage of these three action points is that they are crisis-resistant so that if a new major terrorist attack happens or more military incidents at Europe's eastern border with Russia occur we can still have a democratic and somewhat transparant Framework in which the intelligence agencies can continue to function (even in extra-ordinary times) and work together
by the way, Snowden between all your words the last week you didn't explain one minute where are all the missing very important operational documents that also went missing
these are the two kinds of attacks that are beginning to gather interest as they seem to give good results
so in the first case they create their own third service for example snapchat telling that they are giving a service the service itself doesn't provide for or making managing it more easily or integrating it with other online webservices
but nobody really checks who are those hundres or thousands of external parties willing to connect to the service and use the API to acc