11/15/2014

Mensura knew it was fucked, so it wanted to pay but.....

well the result is that the data of tens of thousands of belgian workers has been for some time online and has been downloaded

as far as we have found out it was data about the sickleave of people that was placed online, but if you look at the form of mensura about the controls of medical leave there are enough data in it that will fall under medical privacy

now there is a lot more data at Mensura and it is not clear yet which data has been leaked or breached and which not and so it is now up for Mensura to come clean on that not only with its clients but also with all the people for which it has data

even I am in that database - so don't think I will let you get off that easy :(

it may be necessary that people change their passwords and logins, that other people get compensated because some data has become semi-public (underground) and that other information or IDcards have to be changed

if you think that you are finished with some technical upgrades on sunday, than you don't know what happened

I passed a personal formal complaint with the privacycommission (easy just send them an email at commission@privacycommisson.be) and I won't accept an answer that says nothing

if there are parties that want to go to court because of negligence, let me know I am interested

btw this isn't the first one, the other social secretariat with open database we solved in backoffice was about 200.000 belgians

it is time to act

and that time is NOW

Permalink | |  Print |  Facebook | | | | Pin it! |

Rex Mundi announces another Belgian hack on Monday

Permalink | |  Print |  Facebook | | | | Pin it! |

Nobody is responsable in Belgium for online creditcompanies like the hacked finaleasecarcredit.be

the hack and leak of  Finaleasecarcredit.be is important because it is another example of something that I have been running around for the last year but to no avail

when rex mundi hacked some online creditcompanies  - including some big ones I asked the national bank who has some stringent itsecurityrules on paper and a very small department to go through them with the banks (but hey it is better than nothing) why these - even big - online creditcompanies didn't have to respect the same basic rules Banks have to respond to (encryption for example in this case)

well, it seemed that the national bank of belgium was not responsable because when they made a list of the financial institutions for which the national bank of belgium was responsable, the firms that were only online were explicitly excluded from the supervision of the national bank (not only itsecurity but also to have enough money and other normal financial rules for normal financial institutions) 

but they said, well, maybe the Minister of Economy can be hold responsable if he wants to act as the protector of consumer rights, so I went to the cabinet and the Administration of the Economy - consumer affairs and there we had some discussions but it seemed that their legal advisors didn't really find something they could use immediately and without discussion because there was no law or rule that gave them that power and they would have to try it using some interpretations of some global powers but that was a bit too risky

so there it went

nobody in Belgium is responsable for any online credit or loancompany or insurancecompany if it doesn't exist online or has set up a seperate online affliate

now one of the biggest is hacked - after another big one last year and NOBODY is RESPONSABLE

because everybody is explicitly excluded (National Bank of Belgium) or not explicitly appointed (Minister for Consumer Affairs)

the only thing that can happen is that the Privacycommission takes up this case

the site itself doesn't inform its users that it has been hacked and there is also no mention of any upgrading or technical maintenance over the weekend

they probably think that as long as the normal big media doesn't report it, that nothing has happened

except for this small litle stupid blogger over here ......

Permalink | |  Print |  Facebook | | | | Pin it! |

finaleasecarcredit.be hacked and leaked by Rex Mundi because everything is in CLEARTEXT

Rex Mundi says that it is one of their hacks

so which data is possible hacked, leaked and published on the internet ?

as it is by SQL injection we have to look at the forms

well, on their simulator, this is all the information they are asking (just part of it, it just goes on and on

and it goes on and on and on and on

but we couldn't tell you more about the security of the encryption because somehow it was not configured to be able to be analyzed by securitytools

and in fact the reason is simple

there is NO SSL encryption, there is probably no encryption at all, it is ALL in clear text

so if some of these forms and databases get hacked, than all this data is being given in CLEAR TEXT

Permalink | |  Print |  Facebook | | | | Pin it! |

citizenlab releases the specific info about targeted attacks against democratic opposition groups

it is the real data from this report https://targetedthreats.net/

but the real listings are to be found here https://github.com/citizenlab/malware-indicators

Permalink | |  Print |  Facebook | | | | Pin it! |

dropbox accounts still being leaked online

did you change already your password on dropbox lately ?

Belgacom has asked me to suppress this file because it has accounts. Well you should know that dropbox accounts were leaked in great numbers although Dropbox itself said it wasn't true. 

choose who to trust

you can find dropbox accounts in pastebin if you know how to search for them and there were Belgians between them

Permalink | |  Print |  Facebook | | | | Pin it! |

meanwhile in Kobane (syria) some are still fighting against ISIS

Permalink | |  Print |  Facebook | | | | Pin it! |

the #MH17 was not shot down by an Ukranian jet, copy-paste journalists in the west

this is another example of how propaganda is made today and distributed through social media to be picked up by some international press bureau who than is responsable that is copy-pasted all over the world by journalists refering to the international press bureau referring to the propaganda and not being able to retract it afterwards or not in the same fashion

what is the goal - just to make some smokescreens and to make it seem to people that this is still an undecided case and that it is not sure that it were the Russian forces in Ukraine - even if all the evidence is showing this without doubt

source http://www.buzzfeed.com/maxseddon/russian-tv-airs-clearly-fake-image-to-claim-ukraine-shot-dow

this article is longer than here and shows very clearly how propoganda is made today and how it is quite easy today to doublecheck and to discover forgeries if one makes an effort - but to that press agencies do need to have investigate journalists or factchecking researchers who have nothing else to do and can be freed to do this - even under stress because the press agency doesn't want to lose this exclusive to others

Permalink | |  Print |  Facebook | | | | Pin it! |

#dexia and while we will be paying to protect this rubbish bank, his CEO does this

buys some very expensive old timer and has no ethical questions whatsover to show off with it in the Belgian Press (business journal mouthpiece of the Belgian capital)

meanwhile his bank hasn't become more safe and stable after all this years and we are still and will for the coming years be paying millions in the best case and billions in the worst case to keep it afloat from going under

because under his guidance Dexia was hiding money from our Belgian tax administration, just trying to use the taxmoney of hardworking people to pay for this rubbish bank in Luxembourg

rubbish bank as I said and as they confirmed today

because this is what has happened in France and is still being cleaned up in so far that this is possible

http://s0.libe.com/fremen/maps/carte-emprunts-toxiques/index.html#

Permalink | |  Print |  Facebook | | | | Pin it! |

how to find the confidential documents on mensura.be with google

first you have to find the robot.txt

in robot.txt are all the areas of the site that Google shouldn't index

so here this is that

and if you want to check what is effectively done than you do the following tric in Google

so this robot.txt file is just nonsense because it doesn't work and we didn't do any hacking or trying to

Permalink | |  Print |  Facebook | | | | Pin it! |

this nmbs logon leads to war (look at url)

Permalink | |  Print |  Facebook | | | | Pin it! |

mensura.be did have the bucks and the people to secure your information

it was only not interested in doing so

this was the situation in 2008 but it should be otherwise today

Permalink | |  Print |  Facebook | | | | Pin it! |

mensura.be did have the bucks and the people to secure your information

it was only not interested in doing so

this was the situation in 2008 but it should be otherwise today

Permalink | |  Print |  Facebook | | | | Pin it! |

is Belgacom still responsable for mensura.be infrastructure ?

this was in 2008 and the contract was for 6 years

we are not saying that Belgacom is responsable because it could be another stupid thing - coming coming

but interesting to know because these things happen more often when firms change providers or technology

Permalink | |  Print |  Facebook | | | | Pin it! |

rex mundi hacks and leaks databases from Mensura.be and they have a lot of data

is your firm or organisation linked to mensura.be

well, than you can suppose that all that data is compromised except if an independent external consultant can show you without question that this is NOT the case (this is the only rule that you as a victim - client) can expect. If you don't do this, than you are not doing enough during your contact with the serviceprovider you have chosen to protect the data and the integrity of your workers and you could also be held responsable for not doing enough after the incident and leak to protect the data of your workers

I said that first you have to see a full incident report - not by the firm itself and not by the firms working for that firm but by your representatives and their estimation of the damage and the risks and the steps that have to be taken

they are trying to fix the problems without tellling you that they have been hacked and leaked

looking at the data we have to look at the different forms to have an idea which database could have been downloaded

 

this is the form for new clients

nice for a targeted attack campaign with some ATP 

and for the payment of your allocations for children you have to give up your RRN number as an identifier, something that is in fact FORBIDDEN by the privacycommission in Belgium

and than there is a lot of medical information online

Permalink | |  Print |  Facebook | | | | Pin it! |

rex mundi (update) republishes hacked Pizza Domino France data

he is back with a vengenance and so he publishes the data from the old leak again

 

and than we have the database

https://anonfiles.com/file/d498554c9308a65d3951bdfebf72d013

you can see that the passwords are now encrypted but I have no idea if that encryption is strong or not

but there is still enough other information like mobile numbers connected to emailaddresses and real addresses and names which is already a nice start for a targeted phishing campaign

it also says something about the security of pizza domino france

because if you were hacked, you know that you will be attacked agains and you should have upgraded your security enormously because you know this will happen - especially if you pissed them off by throwing them off twitter (what is the use, they will come back under another name anyway)

Permalink | |  Print |  Facebook | | | | Pin it! |

superhacker Rex Mundi hacked it again : major belgian data online for a moment

wow  

Permalink | |  Print |  Facebook | | | | Pin it! |

more information about the hacked and leaked belgian social secretariat working for TELENET

this is another proof from pastebin.com  search

so the social secretariat has to work for also telenet

so it means that all the social, medical and financial information that is on that server from

 

Permalink | |  Print |  Facebook | | | | Pin it! |

kineticcontrol.com hacked and leaked (also belgians)

Permalink | |  Print |  Facebook | | | | Pin it! |

major car loan website hacked and data leaked online (for a while)

there were three hacks and we have already one of the three

a social secretariat

this is the second one

Permalink | |  Print |  Facebook | | | | Pin it! |