privacy - Page 63

  • the archives of an activist hacking group (a Belgian site)

    They came, they fought the online security, they won, they dumped and now they are gone

    their manifesto

    Message: * * * * * We are The Unknowns and this is our Final Message. We joined the Public Scene 2 months ago and yes, we did succeed to breach into many importants "targets" on the Net...We offered our support to each and everyone who asked for our help, we hacked for a serious cause and we gathered a, not bad at all, amount of supporters within couple of days. We wanted to show everyone that the Internet is a dangerous place to go to, that all of this "Security" stuff is just an illusion. We know that leaving in a sudden will disappoint some of our supporters who were counting on us to spread our idea all over the world but we just hope that what we have been working on for the past 60 days sticks in many people mind. Now we shall leave the public scene with respect and honor. Take care all, The Unknowns.

    Their targets

    US NAVY (NAVY.MIL) MILITARY SEALIFT COMMAND: http://navy.mil/ NASA.GOV - AMES RESEARCH CENTER: http://www.nasa.gov/ Deutsch Federal GOVERNMENT: http://bund.de/ 2 UNITED KINGDOM (UK) POLICE SERVERS: Essex Police & Port Of Tilbury Police: http://www.essex.police.uk/ and http://www.portoftilbury.police.uk/ SEMPRA ENERGY: http://sempra.com/ State of California: http://www.ca.gov/ State of Rhode Island: https://www.ri.gov/ U.S. DEPARTMENT OF COMMERCE: MBDA: http://www.mbda.gov/ NASA - Glenn Research Center: http://nasa.gov US military: http://jpc.capmed.mil/ US AIR FORCE: http://af.mil/ European Space Agency: http://geb.esa.int/ Thai Royal Navy: http://www.navy.mi.th/ Harvard: http://cistrome.dfci.harvard.edu/ Renault Company: http://vos-idees-kangoo.renault.fr/ Lawrence Livermore National Laboratory: http://www.llnl.gov/ Christian Social Network: MY.CBN.COM GHANA: Land Administration Project: http://www.ghanalap.gov.gh/ Asian College of Technology - Philippine: http://www.act.edu.ph/ Department of Finance - Bureau of Customs: http://www.customs.gov.ph/ New7Wonders: http://www.new7wonders.com/ ESET Nod32: http://www.eset.com.np/ French ministry of Defense: http://www.servicehistorique.sga.defense.gouv.fr/ Bahrain Ministry of Defense: http://www.mod.gov.bn/ Jordanian Yellow Pages: http://www.yellowpages.com.jo/ and more than 70 others

    the root logins were published here

    http://pastebin.com/TcW4XSEa

    and elsewhere also there were dumps of giga's of documents, files and databases

    the Belgian site is  (example of file)

    1. http://www.kfcherenthout.be/
    2. Username = JorenWillems
    3. Password = c41b0e6135d66c891d2c4e962d969f5e
    4. Username = Wagemans
    5. Password = d7c5ff2fd654a3b0c7e5b5706b3a3deb

     

     

  • how to keep your encrypted forums and chats out of Google and the others

    I am not sure it is not done by accident, but the result is just there

    if you want to keep your encrypted forums, chats and website out of Google

    have a look at this

    when I made a google index of the website of the people liberation front with this search site:http://www.peoplesliberationfront.net/anonpaste/ (anonpaste is the anonymous publishing portal, the privacy alternative for pastebin.com and others)

    It came up with a long list of results, telling all the same

    AnonPaste

    www.peoplesliberationfront.net/.../index.php?... - Vertaal deze pagina

    Clone. Expire: Never, 10 minutes, 1 hour, 1 day, 1 month, 1 year. Language, C/C++, php, Python. {"iv":"rFL8M2R0eDWEuoMG7mHfsA","salt":"lgG5nVTXAFo" ...

    and when you click on it than you get this errormessage

    Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector which strips part of the URL ?)

    so if you strip yourself or stops the decryption key in the URL

    than there is only one way people can see what is being published (on your site) and there is no anonymous search through Google (and no proof in the cache of Google) or most of the other searchengines

    so if your site blocks certain ranges of IP addresses, needs a logon and emailcertification and so on than some-one will really have to do much work to hide himself

  • when even billiondollar firms don't invest in security this shit happens

    For 2011, Sempra Energy reported $10 billion in revenue and nearly 17,500 employees, serving more than 31 million customers worldwide. It is the largest natural gas utility in the United States in terms of coverage area and population served, and is a major force in international natural gas markets. (wikipedia)

    and some Anonymous activist or cell penetrated their network and accessed their emailserver

    and published a preview of the information it says it has

    http://www.peoplesliberationfront.net/anonpaste/?5ea861c425c90994#+rPhPXXVap07tbuEHrsRgJA+OWVi/WlcZt/mukDWoqo=

    did I say it was a gas company

    I hope the gas bills and the gas infrastructure are better secured

  • Time to clean up pastebin.com from this personal information anyone ? cert.be ?

    This information is still online since  october 2011

    • Target: http://shop.sapho.be/index.php?id=2

    • Database: sapho_be
    • Tables: e-mail klanten kleren muizen nieuws recepten register
    • Selected table: klanten
    • Rows: 404
    •  
    • gebruiker       wachtwoord      naam    voornaam        straat  m       gemeente
    • info@sapho.be   AQWZSXEDC       Verkinderen     Nele    Hofakkerlaan 11 on      Wingene
    • katrien.deremaux@pandora.be     boomer  Deremaux        Katrien ter kerke 17            Bavikhove
    • cmaes@ups-scs.com       carine  Maes    Carine  aardemolenstr 13                Oostrozebeke
    • marketing@vanheede.com  Marketing3!     Depreitere      Veronique       Kortrijksestraat 341    on      Izegem
    • delphine.deboeuf@vabi.be        tamboer Deboeuf Delphine        Kallestraat 2           Hulste
    • pedro.fraeye@telenet.be lisa01  Loosveld        Anne-mie        Het Veen 47             8790
    • kim_blomme@hotmail.com  aart    Blomme  Kim     Edmond Van der Scheldenstraat 36                Rumbeke
    • waldo.deroo@telenet.be  emelgem Dornez  Ann     Anne Frankstraat 9      on      Emelgem
    • stax65@hotmail.com      beertje Cloet   Sabine  bollewerpstraat 65              Ingelmunster
    • vandecavy.ludo@scarlet.be       sapho   Denoo   Bernadette      grote hulststraat 10bus2                Tielt

    http://pastebin.com/QsLpBHGW

    social engineers will know what to do with it

  • website of Atlantico Madrid dump of administrators

    • todays target: http://www.clubatleticodemadrid.com/   F.C atlitico madrid official page :D

    • #PWN type: admin information and bank information
    • http://twitter.com/nrtnz for more :D
    • #InformationNeedsToBeFree
    • bank information leak part 1: http://pastehtml.com/view/bz1qya0a4.html
    • admin username and password leak :
    • database: MYSQL
    • table: users
    • host:             user:                   password:
    • localhost       root             *2F37CEF032EE380C8C81B21666326811B8EB45BA
    • atmadridvm2     root             *2F37CEF032EE380C8C81B21666326811B8EB45BA
    •                 root            *2F37CEF032EE380C8C81B21666326811B8EB45BA
    • localhost              
    • atmadridvm2            
    • localhost       debian-sys-maint        *0820716816C341DCD691DFE710F4ECD148180244
    •                 atmadrid_dbr    *3CE0FF9696BF0260B130F5237494528B39CC3067
    •                 atmadrid_dbw    *020344538034A5986C7876DD9B8FFD9A3E4E2E34
    • 192.168.200.%   replication     *CAA2635AC987D6C9DE8E7C1C313DE920348030AE
    • localhost       backup          *86FE979A79C76D5C2D9DB7EFFF45E3738565D9FF
    •                 controleasy     *818343C4D2DB00F6506541B9872E1DDB4199192B
    •                 atm_altasocio   *D88AFE4C34403CD88711823BEF452FF9E9CE3F46

    http://pastebin.com/kxkV4Lhi

  • Join the internet Defense league (that brought down SOPA before)

    The Internet Defense League takes the tactic that killed SOPA & PIPA and turns it into a permanent force for defending the internet, and making it better. Think of it like the internet's Emergency Broadcast System, or its bat signal!

    Internet freedom and individual power are changing the course of history. But entrenched institutions and monopolies want this to stop. Elected leaders often don't understand the internet, so they're easily confused or corrupted.

    When the internet's in danger and we need millions of people to act, the League will ask its members to broadcast an action.  (Say, a prominent message asking everyone to call their elected leaders.)  With the combined reach of our websites and social networks, we can be massively more effective than any one organization.

    First, sign up.  If you have a website, we'll send you sample alert code to get working in advance.  The next time there's an emergency, we'll tell you and send new code.  Then it's your decision to pull the trigger.

    http://internetdefenseleague.org/

  • myarcade.nl HACKED and passwords dumped

    by a known hacker-attacker-dumper

    http://pastebin.com/FMyhpSpk

    sample

    1. pass email ip bank name
    2. 00150a8e30f1646c5fd4cce43e4477b4 toortelboomdomien@hotmail.com 84.193.114.254 0 marcdomien
    3. 0038a1f43e3438b5c69af006d698515a jurjen77@gmail.com 212.187.83.202 3721608 jurjen77
    4. 00567ddfab3df6185c6554b6c32a6de0 silheuvelink@gmail.com 195.241.192.41 0 bullit4ever
    5. 00e2816a818fce986fc51879d877863c rick_1998@live.nl 80.56.93.196 0 desgeiter
    6. 01ecc40e45fde5b98cad3e7224aab5c2 nhattruong0000@yahoo.com 112.197.165.198 0 nhattruong
    7. 028236e96632ca0762e4e41c6ec011eb cj--91@hotmail.com 77.169.104.8 0 kingcj
    8. 02ef2f54b1c5f7809e711fd534318c1d ry.ryback@gmail.com 93.182.64.73 0 Bellapais
    9. 031b373323a6be2564b5564872a665d0 kees-en-greta-endekids@live.nl 94.212.150.178 2147483647 lady-greta
    10. 03e77f4109e94cc1f3b5cde750bdd656 golfnert@hotmail.com 84.83.196.114 0 robinh
    11. 044247a3ce3f3648c22602e3913a9089 tim_vanleeuwen@hotmail.com 84.82.190.95 2147483647 exoniste
    12. 04a4075c0bab65466ae2f2d6b2e2294d troninator2@hotmail.com 212.123.17.112 0 fail
    13. 053e4ad398f36488272e942859b26780 j.krul@kscehv.com 92.65.110.190 0 bolleman
    14. 05546b0e38ab9175cd905eebcc6ebb76 florisjanvdbroek@xs4all.nl 212.45.53.109 0 kingqwerty
    15. 0581938f0767a65b373cea80e905c25f dartthehunter@gmail.com 79.2.155.141 0 Dart
    16. 05fa542feeffa608d6ae0a6e6182a1fd mike-swat@live.nl 87.209.80.170 0 swatmike

    there are also belgian emailaddresses

  • #anonbelgium if you want to read what someone has said - here are the logs

    http://pastebin.com/search?cx=partner-pub-4339714761096906%3A1qhz41g8k4m&cof=FORID%3A10&ie=UTF-8&q=%23OpBelgium&sa.x=0&sa.y=0&siteurl=http%3A%2F%2Fpastebin.com%2FAFY4GYG9

    yep somebody is posting them to pastebin

    you thought you were anonymous and that everything on the internet in such a chatroom is just as you think it is - just talk without much importance

    maybe some cop, intelligence officer or crumpy counter-activist doesn't think the same

    he may think it are threats, crimes, possibilities to prevent

    and that you should be listed, followed, intercepted, interrogated (and all your family and friends)

    even if you have done nothing wrong

    but your 'just talk' has activated all the automatic alerts these people are drilled to have (anytime, anywhere) and has set things in motion

    still a joke, all your talk ?

    oh, and as they are published, the cops don't need to ask it or do it theirselves - except that when necessary they will need the real stuff to proof the things they are saying - but meanwhile off the record and the judicial restrictions - you may end up on the watchlist

    look at all the arrested anons, amateurs and kids with wrecked lives ahead

    I didn't post those online, I even rarely follow these chatboxes and there is rarely something really interesting being said (sorry guys)

    ps there are enough legal #ops with anonymous if you don't want to take those risks - hunting pedo's on twitter and the other services - is but one of them

  • #anonbelgium hacked and dumped muziekcentrum.be

    MuziekCentrum.be Leaked Users Information

    http://pastebin.com/AFY4GYG9

    a sample of the data

    1. ID      UserName        Password        Function        Name    FirstName       EMail   Approved        CreationDate    ModificationDate
    2. 5       carlo   mcvmcv  7       Vuijlsteke      Carlo   carlo@muziekcentrum.be  1       2009-01-15 16:00:50     2009-01-15 16:00:50
    3. 6       mw      mw      7       Mariepaule      Wouters mariepaule@muziekcentrum.be     1       2009-03-19 15:24:34     2009-03-19 15:24:34
    4. 12      quinten hoera   7       Van Wichelen    Quinten quinten@muziekcentrum.be        1       2009-06-04 13:15:33     2009-06-04 13:15:33
    5. 13      stef    mcv     7       Coninx  Stef    stef@muziekcentrum.be   1       2009-06-04 17:03:55     2009-06-04 17:03:55
    6. 14      katrien van remortel    kvr     7       van Remortel    Katrien katrien@muziekcentrum.be        1       2009-06-08 16:06:09     2009-06-08 16:06:09
    7. 18      caroline rombaut        cr              Rombaut Caroline        caroline@muziekcentrum.be       1       2009-08-27 10:56:52     2009-08-27 10:56:52
    8. 19      ra      ra      7       Aerts   Robin   robin.aerts@muziekcentrum;be    1       2009-09-04 12:54:23     2009-09-04 12:54:23
    9. 20      sm      sm      2       Marx    Steven  steven@muziekcentrum.be 1       2009-11-19 10:43:07     2009-11-19 10:43:07

    The site is still online and there is no information that there has anything happened

    okay, don't worry, listen to some music

    there are further in the list hotmail and other external addresses and I hope that they didn't use the same password for their emailaddress

    this list has already been 60 times downloaded so take your passwords as 'public'

  • IPv6 is killing slowly logging by ISP's (and for example massive copyright infringement lawsuits)

    These are the recommendation by the RFC 6302 that ISP's and any other internetfacing infrastructure should follow.
    THe problem is off course that with IPV4 that we each had more or less our own address but that with IPv6 the same address
    can be used by several persons and secondly that - as noted in this official document this logging is not worth a thing if
    it doesn't include the source and destination port and protocol and the totally correct timestamp up to the second for the
    servers and the logging infrastructure.

    Those who work in network services know how difficult is may be to retain a coherent NTP timeclock across a whole network
    of services and infrastructure. You can try to do it by yourself but now you must be totally sure and so you will have to spend
    money. Money which is the reason why the European ISP's are all so against the European Data Retenteion obligations.

    For smart laywers there is now enough evidence to create enough 'reasonable doubt' to throw those massive lists of copyright
    infringements based solely on IP adresses immediately out of court

    -----------------------------------------

    It is RECOMMENDED as best current practice that Internet-facing servers logging incoming IP addresses from inbound IP traffic also log: o The source port number. o A timestamp, RECOMMENDED in UTC, accurate to the second, from a traceable time source (e.g., NTP [RFC5905]). o The transport protocol (usually TCP or UDP) and destination port number, when the server application is defined to use multiple transports or multiple ports. Discussion: Carrier-grade NATs may have different policies to recycle ports; some implementations may decide to reuse ports almost immediately, some may wait several minutes before marking the por ready for reuse. As a result, servers have no idea how fast the ports will be reused and, thus, should log timestamps using reasonably accurate clock. At this point, the RECOMMENDED accuracy for timestamps is to the second or better. Representation on timestamps in UTC is preferred to local time with UTC-offset or time zone, as this extra information can be lost in the reporting chain.

    3. ISP Considerations

     ISP deploying IP address sharing techniques should also deploy a corresponding logging architecture to maintain records of the
       relation between a customer's identity and IP/port resources utilized.  However, recommendations on this topic are out of scope
       for this document.
    
    

    4. Security Considerations

     In the absence of the source port number and accurate timestamp information, operators deploying any address sharing techniques will
       not be able to identify unambiguously customers when dealing with abuse or public safety queries.

  • what the password hackers have learned from cracking the linkedin collection

    This from a crack md5 sha1 online service

    it shows also why the NSA is - as reported here before - building this enormous database with all known desencrypted passwords and hashes

    ----------------

    My own rationale for having so many hashes in my pot is because of what i call "hex pumping". I have a little script which applies known hashes to a new pot, which gives typically a few 1000 hits for a fresh 32/40_hex. Then i add these to 32/40 because I run more attacks against MD5/SHA1 than against the formulas. This way i hope to crack a few nested ones with a normal MD5/SHA1 run. This works because before export, I feed all passwords found in a period to all formulas. Can't say the effect / improvement on crack rate is massive, but it is real.

    What if you implemented an algorithm along this lines. When a hash has cracked to another hash, you remove it from 32_hex and add it to a new file, say 32_formulas_hex. The overall idea is to reduce the size of 40/32 because this in the end allows faster cracking. I sort of do this all locally for myself, btw. Again the effect is not massive, but real.

    Alternatively, you could replace the original hash with the one it resolved to, by this "bubbling" hashes upstream, removing nesting layers.
    http://forum.md5decrypter.co.uk/topic612-colons-in-passwords-seem-to-break-import.aspx

    the more passwords you have cracked the easier you can crack the others - if you need to crack them anyway because maybe that password has already been used-encrypted-desencrypted somewhere before

    this means that your password has to be unique

    result - nearly all the 6 and a half a million passwords have been cracked (in less than a day of two) and this thanks to the collaborative online (social) effort (nobody having any problems with their conscience)

    secondly, only a very small number were not unique passowords

    another question I am asking myself. If you take a new password and it ressembles your old one and it is going to be hashed encrypted again, will it be easier to decrypt the new one if the old one has been hacked. Because this is what the NSA is telling in fact.

  • Belgian government don't want to give all that passengerdata to the US

    The party of the prime minister of Belgium, the Parti Socialiste has said no to the demand of the US to Belgium to hand over automatic access to all personal (passenger) information about everyone who from belgium wants to take a plane to the USA. Already a million people are for some reason or another on the terrorist watch list. Research by US activists already showed that that list is too big and flawed and has unwanted consequences.

    So the PS said no, we don't want the Belgian government to agree to something in which

    * we don't know what will happen to the data and can't complain about it

    * we don't have any security or privacy guarantees

    * the US can't clearly show the pertinent danger it would be face if we don't agree in full to the full scope of their demands

    this is very courageous because the US government has said that if the Belgian government doesn't agree, they would re-install the lengthy visa obligation for Belgians

    Visa's as blackmail and punishment of another democratic country in the name of the battle against terrorism

    terrorism is a very specific fight (as the success with the drone attacks show) and shouldn't be used to watch every move of millions of people in the hope of finding finally one maybe terrorist (while considering 999.9999 others as possible terrorists)

  • Eharmony.com lost also 1.5 million logins yesterday

    business networking and love relations go hand in hand here

    this is what eharmony says

    Now, it looks like the same hacker has also compromised 1.5 million passwords from popular dating site eHarmony. eHarmony has confirmed that a “small fraction” of its users’ passwords have been compromised and said it has reset the affected members’ log-in information. “After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected,” eHarmony wrote on its blog. “We are continuing to investigate… as a precaution, we have reset affected members passwords.”
    http://mashable.com/2012/06/06/eharmony-passwords-stolen/

    I wouldn't call that number slight.

    And sending out so many paper letters (because emails may be compromised as a result of that, surely if the person used the same passwords

  • how a complicated authentification process can be bypassed so easy (cloudflare and Google account)

    “The morning of June 1, AT&T's customer support receive a call from the hacker impersonating me. AT&T's logs show that the hacker was not able to answer the account's official security question, but the customer support agent verified the account with the last four digits of my social security number,” he explained.
    However, the AT&T account is a corporate one and it shouldn’t have contained Prince’s social security number. Furthermore, he claims that the hackers shouldn’t have been able to access the account based only on that information.
    “The hacker asked the voicemail box to be redirected to the phone number (347) 291-1346. That is a landline or VoIP line controlled by Bandwidth.com. That, subsequently, allowed the hacker to fool Google's voice authentication system into leaving the account recovery PIN on my voicemail,” he added.
    While the telecoms company continues to investigate the incident, CloudFlare has implemented an additional security measure that requires all individuals who want to access and modify the AT&T account to know a 4-20 digit password.According to Prince, Google has also done its share to prevent such incidents from occurring in the future.
    “Google appears to have removed the voice verification option from the Gmail account recovery process. Given how easy it appears to redirect voicemail, voice calls should not be considered a secure out-of-band channel,” he said.
    In addition, Google’s Authenticator app has been implemented for two-factor authentication, this method offering an enhanced protection as opposed to a system that passes through a mobile services provider’s network.
    http://news.softpedia.com/news/CloudFlare-Details-How-AT-T-Systems-Were-Bypassed-by-Hackers-274231.shtml?utm_source=twitter&utm_medium=twitter&utm_campaign=twitter_web

    first : procedures and procedures and they weren't followed at ATT. THey have been put in there for a reason, not just to fuck you up

    secondly : double authentification that is based on something that depends on a third party (phones for one) is something different than something that you have. If the third party decideds to stop or to do stupid things, than everything that uses this technique is fucked up

    thirdly : VOIP is a real social engineering tool because your phone has become virtual and can be everywhere

    but Google took the right decision

    a number of companies and products may close their books now

    they are game over - surely in the US

    VOIP-phreaking has also been used in the US for scamming and impersonating

    real determined hackers use all available techniques to get you and these are not only virtual

  • linkedin : why passwords are stupid (go for double authentification)

    It was quite a hassle when my bank decided that only double authentification would be allowed in pc banking and that passwords only weren't accepted anymore. A necessary and good decision but not an easy one. There is always someone of marketing (usability), finance (how much does this cost) or management (everyone else does it with passwords) to corner you (alone or all together) in a meeting.

    But the fact remains that passwords are on the way out.

    they are only as good as the passwordpolicy but a good secure passwordpolicy is such a hassle - even if you use long passphrases and not very complicated passwords (which can be broken anyway if they are under 12 characters) - that a good authentificationpolicy is based upon something you have as first filter.

    we have looked at mobile phones but they are too personal and there are too many fysical problems with them (and there are securityproblems with that process)

    we have looked at fingerprints but that ain't that easy and there is a very simple way to bypass that

    we have looked at EID an saw that it doesn't work in a fully encrypted environment and what is the sense of encryption if you don't encrypt the full process from end to end. And as a private citizen I don't want to use my EID on the internet. That is too personal.

    we have arrived at the usb token as the easiest, cheap and fastest solution

    No authentification to the pc without USB and afterwards no authentification to certain webservices without your usb as first control (there is still a password afterwards, single sign on is one big vulerability that will blow up in your face if it is breached)

    the only thing to learn people is  : If you close down your tablet or PC or laptop you put your usb in your pocket totally seperate from the device. That is all.

    For the rest to break in the thief will need the USB stick and the password and be faster than the desactivation services callcenter.

    oh yes, some firms like Oracle want to give firms the possibility to outsource the authentification to facebook or google or open-ID so that people can use their passwords of these services. Imagine now a service or network using the linkedin passwords......

  • 5 good reasons to change your linkedin password now (and why)

    First reason is that you don't want to look in your professional network as a stupid beginner like that NATO officer who lost his password in a NATO related hack last year and saw his linkedin profile changed because he used the same password. Being ridiculed on your professional network is something totally different than in a dark corner of the internet.

    Second reason is that you have all the professional details and contacts laid out on the web, publicly or not. So even if they don't change your profile they will assess all your contacts, professional and personal details (social engineering) and be able just to monitor what you are doing and with who you are talking (espionage or monitoring)

    Third reason is that they can take it on from here and try with your password and personal and professional details to hack your other accounts or networks and get to information that could be much more valuable than that of a gamersite or anything else.

    Fourth reason - for the US mostly - is that Identity theft with your private complete linkedin information can be much more easier and could cost you more.

    Fitfh reason - do you really think that a corporation that didn't care to protect your passwords enough really knows what happend, how it happened and that they will be doing enough to change the situation. It now also appears that your linkedin passwords are sent in the clear between your IPAD and linkedin. The mistake of the app developer but also of linkedin to accept this.

    Anybody in the States already thought of a complaint ?

  • #twitterpedoring first results encouraging

    the first results are encouraging and in fact they should make you mad as hell

    if it is this easy for a group of volunteers and activists to find about 1000 pedo who are using twitter as their communicationchannel and groupapplication

    than why the hell did twitter not do anything themselves before that

    it is all too easy to stop anonymous and other activists (even antipedo activists) from using twitter

    but it seems very hard for twitter to reign in the porn and other illegal activity in twitter

    they have the resources for them and these technical tools exists and even give results in realtime and the behaviour is totally illegal and in contradiction with the accepted behaviour and with any law of the country they are hosted in (the USA)

    some activists even believe that the government doesn't act against those pedophiles from the start because they need those pedophiles to be able to ask for more monitoring and censoring rights and laws and budgets 'to attack the pedophiless' (who are forgotten) after which they attack the activist. Totally paranoïd off course, who would believe that ?

    take down the pedorings and the activists take down the reason for those censor to have an example too easy to use, also in the operations we still have also to do some 'good things' to counterbalance the milions of accounts that were thrown online since last year.

  • #twitterpedoring time for twitter and others to set their house in order before they are shut down

    if anybody could have imagined that in a time in which Anonymous and filesharers are pursuid at high cost with much media-attention that there is a whole underworld on Twitter that exists of pedophiles, animal sex and sex trade and probably any other illegal service or practice without being filtered, censored, controlled or blocked into a seperate environment (it could be that sexmaterial is automatically sent to http://3X.twitter.com or twitter.xxx)

    I could hardly believe my eyes when I have typed the searchterms in Google for twitter for pedophelia terms or animal and violent sex

    you would get anything you evern wanted but couldn't even get in a sexshop (and you don't have to go on dangerous or monitored websites for it)

    and what is more is that there are people who are even publishing their phone numbers, emailaddresses and so on and who are actually in their amateur pornvids - how stupid can you be

    but that is now all coming to an end I hope and twitter and the other services (bitLly, tumblr.com and others) may have to ask themselves if that kind of sex or porn is anything else but criminal and has nothing to do with personal freedom and so on

    I will publish more links that are published in the leaks list of diigo.com for mailforlen but I will not pursue the hunt any longer. It not only takes a lot of time but it is really sicking to see what you see and you still have to go back to your kids and not become paranoïd.

    I mean there should be automed tools to download all that stuff automatically and get it in police database and let the police databases shift through the data and pick out those that are most active, most dangerous or in the jurisdiction

    Meanwhile Twitter should not only pre-filter that kind of traffic it should also start preparing the files for the police services to follow up

    For twitter it can mean that there is a before and an after because honestly : after you have seen all that shit without any filtering or agecontrol would you trust your kid on twitter

    and yes, there are some very sick people out there and they are all for the moment on twitter

    Google is of the same opinion because it has protested against my searchterms quite often, something that twitter didn't do any time

  • download enormous lots of emails from Premier marketing alliance media group

    9 months ago Yahoo answers wrote

    The site pmaftp.com belongs to the marketing company called Premier Marketing Alliance (PMA) Media Group > http://www.pmamediagroup.com/

    They registered this domain name in 2005 to deliver email address lists to customers of their lead generation programs who were prompted for a login/password to enter. Somehow that security barrier went down and all the lists are now exposed to the public through search engines results.

    This is a serious security breach because people—like you did—face a public disclosure of their personal, hence confidential, information.

    search and download from pmaftp.com

    just open the links and download

    they even sells those lists :)

    the belgians are here to be found

    http://pmaftp.com/robspecial/GIclicks-feb27.txt

    no there is no real security issue as it is sometimes only lists with email addresses (for which I don't understand why you would pay for them as there are thousands a day being published on pastebin.com) but it would make a spammer or spearphisher happy (as there are also military, governmental and business emailadresses in the list)

     

     

     

  • 2 sites with belgians hacked and accounts dumped online and no

    1. hannahair.nl - Pastebin.com

      pastebin.com/cCNMGjYg
      26 mei 2012 – adriaenssens1@telenet.be evy lucien bevernagestraat evy adriaenssens. aertgeertsstubbe@skynet.be wendy vremdesesteenweg wendy ...
    2. verkoop.ambisphere.be SQL ATTACK - Pastebin.com

      pastebin.com/MwiJpic8
      25 mei 2012 – <td bgcolor="#FFFFFF">armand.engelen.wouters@telenet.be</td> ... <td bgcolor="#FFF7F2">baert.lieven@skynet.be</td> ...

    but if you look you will see that pastebin has deleted the account and that the information hasn't been dumpled elsewhere - which is good news

    yes and no

    yes because the information isn't that public anymore

    no because it gives a false sense of security and it will give no incentive to inform the customers, to resecure the site and so on (because it ain't active anymore)

    only we have found it in the cache

    http://webcache.googleusercontent.com/search?q=cache:vpZgAZsLfUoJ:pastebin.com/cCNMGjYg+&cd=1&hl=nl&ct=clnk&gl=be&client=firefox-a

    http://webcache.googleusercontent.com/search?q=cache:CEQsQQJI-5oJ:pastebin.com/dUt7hMUi+&cd=4&hl=nl&ct=clnk&gl=be&client=firefox-a