- Page 7

  • Mensura knew it was fucked, so it wanted to pay but.....

    well the result is that the data of tens of thousands of belgian workers has been for some time online and has been downloaded

    as far as we have found out it was data about the sickleave of people that was placed online, but if you look at the form of mensura about the controls of medical leave there are enough data in it that will fall under medical privacy

    now there is a lot more data at Mensura and it is not clear yet which data has been leaked or breached and which not and so it is now up for Mensura to come clean on that not only with its clients but also with all the people for which it has data

    even I am in that database - so don't think I will let you get off that easy :(

    it may be necessary that people change their passwords and logins, that other people get compensated because some data has become semi-public (underground) and that other information or IDcards have to be changed

    if you think that you are finished with some technical upgrades on sunday, than you don't know what happened

    I passed a personal formal complaint with the privacycommission (easy just send them an email at commission@privacycommisson.be) and I won't accept an answer that says nothing

    if there are parties that want to go to court because of negligence, let me know I am interested

    btw this isn't the first one, the other social secretariat with open database we solved in backoffice was about 200.000 belgians

    it is time to act

    and that time is NOW

  • Nobody is responsable in Belgium for online creditcompanies like the hacked finaleasecarcredit.be

    the hack and leak of  Finaleasecarcredit.be is important because it is another example of something that I have been running around for the last year but to no avail

    when rex mundi hacked some online creditcompanies  - including some big ones I asked the national bank who has some stringent itsecurityrules on paper and a very small department to go through them with the banks (but hey it is better than nothing) why these - even big - online creditcompanies didn't have to respect the same basic rules Banks have to respond to (encryption for example in this case)

    well, it seemed that the national bank of belgium was not responsable because when they made a list of the financial institutions for which the national bank of belgium was responsable, the firms that were only online were explicitly excluded from the supervision of the national bank (not only itsecurity but also to have enough money and other normal financial rules for normal financial institutions) 

    but they said, well, maybe the Minister of Economy can be hold responsable if he wants to act as the protector of consumer rights, so I went to the cabinet and the Administration of the Economy - consumer affairs and there we had some discussions but it seemed that their legal advisors didn't really find something they could use immediately and without discussion because there was no law or rule that gave them that power and they would have to try it using some interpretations of some global powers but that was a bit too risky

    so there it went

    nobody in Belgium is responsable for any online credit or loancompany or insurancecompany if it doesn't exist online or has set up a seperate online affliate

    now one of the biggest is hacked - after another big one last year and NOBODY is RESPONSABLE

    because everybody is explicitly excluded (National Bank of Belgium) or not explicitly appointed (Minister for Consumer Affairs)

    the only thing that can happen is that the Privacycommission takes up this case

    the site itself doesn't inform its users that it has been hacked and there is also no mention of any upgrading or technical maintenance over the weekend

    they probably think that as long as the normal big media doesn't report it, that nothing has happened

    except for this small litle stupid blogger over here ......

  • finaleasecarcredit.be hacked and leaked by Rex Mundi because everything is in CLEARTEXT

    Rex Mundi says that it is one of their hacks

    so which data is possible hacked, leaked and published on the internet ?

    as it is by SQL injection we have to look at the forms

    well, on their simulator, this is all the information they are asking (just part of it, it just goes on and on

    and it goes on and on and on and on

    but we couldn't tell you more about the security of the encryption because somehow it was not configured to be able to be analyzed by securitytools

    and in fact the reason is simple

    there is NO SSL encryption, there is probably no encryption at all, it is ALL in clear text

    so if some of these forms and databases get hacked, than all this data is being given in CLEAR TEXT

  • citizenlab releases the specific info about targeted attacks against democratic opposition groups

    it is the real data from this report https://targetedthreats.net/

    but the real listings are to be found here https://github.com/citizenlab/malware-indicators

  • dropbox accounts still being leaked online

    did you change already your password on dropbox lately ?

    Belgacom has asked me to suppress this file because it has accounts. Well you should know that dropbox accounts were leaked in great numbers although Dropbox itself said it wasn't true. 

    choose who to trust

    you can find dropbox accounts in pastebin if you know how to search for them and there were Belgians between them

  • the #MH17 was not shot down by an Ukranian jet, copy-paste journalists in the west

    this is another example of how propaganda is made today and distributed through social media to be picked up by some international press bureau who than is responsable that is copy-pasted all over the world by journalists refering to the international press bureau referring to the propaganda and not being able to retract it afterwards or not in the same fashion

    what is the goal - just to make some smokescreens and to make it seem to people that this is still an undecided case and that it is not sure that it were the Russian forces in Ukraine - even if all the evidence is showing this without doubt

    source http://www.buzzfeed.com/maxseddon/russian-tv-airs-clearly-fake-image-to-claim-ukraine-shot-dow

    this article is longer than here and shows very clearly how propoganda is made today and how it is quite easy today to doublecheck and to discover forgeries if one makes an effort - but to that press agencies do need to have investigate journalists or factchecking researchers who have nothing else to do and can be freed to do this - even under stress because the press agency doesn't want to lose this exclusive to others

  • #dexia and while we will be paying to protect this rubbish bank, his CEO does this

    buys some very expensive old timer and has no ethical questions whatsover to show off with it in the Belgian Press (business journal mouthpiece of the Belgian capital)

    meanwhile his bank hasn't become more safe and stable after all this years and we are still and will for the coming years be paying millions in the best case and billions in the worst case to keep it afloat from going under

    because under his guidance Dexia was hiding money from our Belgian tax administration, just trying to use the taxmoney of hardworking people to pay for this rubbish bank in Luxembourg

    rubbish bank as I said and as they confirmed today

    because this is what has happened in France and is still being cleaned up in so far that this is possible


  • how to find the confidential documents on mensura.be with google

    first you have to find the robot.txt

    in robot.txt are all the areas of the site that Google shouldn't index

    so here this is that

    and if you want to check what is effectively done than you do the following tric in Google

    so this robot.txt file is just nonsense because it doesn't work and we didn't do any hacking or trying to

  • this nmbs logon leads to war (look at url)

  • mensura.be did have the bucks and the people to secure your information

    it was only not interested in doing so

    this was the situation in 2008 but it should be otherwise today

  • mensura.be did have the bucks and the people to secure your information

    it was only not interested in doing so

    this was the situation in 2008 but it should be otherwise today

  • is Belgacom still responsable for mensura.be infrastructure ?

    this was in 2008 and the contract was for 6 years

    we are not saying that Belgacom is responsable because it could be another stupid thing - coming coming

    but interesting to know because these things happen more often when firms change providers or technology

  • rex mundi hacks and leaks databases from Mensura.be and they have a lot of data

    is your firm or organisation linked to mensura.be

    well, than you can suppose that all that data is compromised except if an independent external consultant can show you without question that this is NOT the case (this is the only rule that you as a victim - client) can expect. If you don't do this, than you are not doing enough during your contact with the serviceprovider you have chosen to protect the data and the integrity of your workers and you could also be held responsable for not doing enough after the incident and leak to protect the data of your workers

    I said that first you have to see a full incident report - not by the firm itself and not by the firms working for that firm but by your representatives and their estimation of the damage and the risks and the steps that have to be taken

    they are trying to fix the problems without tellling you that they have been hacked and leaked

    looking at the data we have to look at the different forms to have an idea which database could have been downloaded


    this is the form for new clients

    nice for a targeted attack campaign with some ATP 

    and for the payment of your allocations for children you have to give up your RRN number as an identifier, something that is in fact FORBIDDEN by the privacycommission in Belgium

    and than there is a lot of medical information online

  • rex mundi (update) republishes hacked Pizza Domino France data

    he is back with a vengenance and so he publishes the data from the old leak again


    and than we have the database


    you can see that the passwords are now encrypted but I have no idea if that encryption is strong or not

    but there is still enough other information like mobile numbers connected to emailaddresses and real addresses and names which is already a nice start for a targeted phishing campaign

    it also says something about the security of pizza domino france

    because if you were hacked, you know that you will be attacked agains and you should have upgraded your security enormously because you know this will happen - especially if you pissed them off by throwing them off twitter (what is the use, they will come back under another name anyway)

  • more information about the hacked and leaked belgian social secretariat working for TELENET

    this is another proof from pastebin.com  search

    so the social secretariat has to work for also telenet

    so it means that all the social, medical and financial information that is on that server from


  • major car loan website hacked and data leaked online (for a while)

    there were three hacks and we have already one of the three

    a social secretariat

    this is the second one