security - Page 118

  • #interim hack - rex mundi wants payment by wednesday or the biggest Belgian IDtheftinfo will be published

    rex mundi has published the transaction logs of an American Loan bank - nothing special but just to show that if you don't pay, you will eventually get published

    now the lawyer of the Interim agency has said today in the newspapers that they were said that they had untill wednesday to pay but that they did not pay and will not pay

    so what does this mean

    if rex mundi has the data - something the lawyer wisely doesn't speak about - than it is time to start panicking if he has the data and publishes them

    9900 belgian people will be the victim of the biggest publication ever of a series of information about them that together will be the biggest IDtheftinfo publication ever (RRN (national identification number), SIS (social security number), real address, emailadress, phone number, password (change all yours) and some other personal info) and we don't know what other information is included in some files (apart from the personal appraisals)

    and even if you pay, how will you be sure that the information is not being copied elsewhere, so in any case you should as a precaution give all those people other emailaddresses, other phone numbers and eventually another ID card.

    the reason is also that we know that since a few years criminals are trying to build big databases with sets of stolen data and logins to combine them into usable information (for example if you access to ebay accounts it is better to have at the same time also access to their emailaddresses)

  • hackers between excitement and real fear

    if there is one message that the whole successful sting operation by The Great Sabu (sic.) for the FBI sent through the antisec-lulzsec-hacking world is that

    * you may get arrested, even if you use 7 proxies and 5 virtual environments and x number of routers

    * you will need to trust someone and you will never know if that great intelligent hacker is working for the FBI or not

    * you will be profiled (or doxed) if you use the same identity elsewhere or you leave too many indications that will be mixed together and ultimately will give them some idea

    * they will try to make you to respond, to react, to talk to the press or just to go with the same network or the same tools to some other activist or underground sites

    * you will get arrested, punished and you will do time in prison (even if the US is at the other side of the world)

    so you see that the new generation of lulzec antisec doesn't give much information about themselves, doesn't react to tweets or chats, and doesn't use the same avatars somewhere else (even if there are maybe more clues already published than they can imagine)

    and you also see that there is sometimes the fear of having been one bridge too far or to have come too close to the very hot sun of the public spotlight and you start having doubts. So you leave out numbers or details of the leaked information just to protect yourself a bit later in court because the information couldn't be used for financial crimes, you only publish partial information and than aren't sure what to do with the rest and you think that you have still too much to lose to spend the rest of your life in prison because you have gone that bridge too far and you have now been targeted by every major public and private intelligence and police (cyber)force for arrest and some of them will make it their most important case, the thing they want to go in history with or build a career on (arresting you that is, is the thing they are working for every minute of the day)

    There is really some excitement in having access to sites and going through networks and getting data people shouldn't have. It is even like a drug - if you read the texts they write. But there is also the day after, there is also the hangover and the recovery from it all.

    so now some people are sitting on so much data - for example 50 Gb of visa and mastercard data - and they don't seem to know what to do with it

    in either case, the data is compromised and should be treated as such

  • a disaster waiting to happen : sites asking for too much information

    if we remember 1 thing about the #interim hack it is the following : if the person had also the number of the ID card itself (and not only the RRN number) than there is a theoretical possbility that the citizen tokens (those we use for taxonweb and so on) could be maybe compromised (eventually together with other information)

    this is not the place to elaborate on this but we like Google

    so GOOGLE GOOGLE ON THE WEB SHOW US WHAT WE WANT

    "Rijksregisternummer" + "Nummer identiteitskaart"  -pdf -doc -docx          as searchterm in Google

    there can be other searchterms to find this kind of information or these kinds of sites but this is just a teaser to make you think

    and look for yourself :)

    and you will be surprised

    do they really need all that information online or in digital format (because if you send the forms in pdf or doc than it will probably be encoded somewhere)

    do they know the risks that they are running

    do they have enough protection for that kind of information

    does the Privacycommission know about that

  • why pentesting your webservice (espcially financial) is so important

    do you want them to find this

    For those who didn't follow the whole story, we are Rex  Mundi, a group

     of hackers. We noticed last week that AmeriCash Advance had left a page

     completely unprotected on their server. This page allowed anyone to access

     the following records.
    http://www.scribd.com/doc/97408710/AmeriCash-Advance-Database

    or do you want your securityofficer to be notified by it so he could close it down the next hour

    even if it is only a googlesearch  site:yoursite.******

  • rex mundi puts 945 pages of US cash advance logs on Scribd

    it will part soon but here it is

    http://www.scribd.com/doc/97408710/AmeriCash-Advance-Database

    and the kind of data is

    rovider:LBMCStreamSSN:*****7243FundAmt:$600Cost:$150.00

    Name:CarliIannottoEmail:ciannotto123@gmail.comSubID:P

    WorkedBy:Ginger


    so what do you have

    last 4 numbers of an US SSN card

    name and email and profile of finance

    scammers have now

    945 pages of emailaddresses of people who need cash in advance for free

    is it fatherday or something :)

    clearly some part of the processing isn't encrypted

    encryption is end to end or there is no encryption

    even if some EID doesn't work in such an environment

  • Reck0zr playing with Cloudflare again ?

    What's CloudFlare?

     

    This website uses CloudFlare in order to help keep it online when the server is down by serving cached copies of pages when they are unavailable. Unfortunately, a cached copy of the page you requested is not available, but you may be able to reach other cached pages on the site.
    http://www.cyberwarnews.info/2012/06/02/aluminium-corporation-of-china-hacked-data-traded-on-the-black-market-by-deadmellox/

    he said this morning that he was in their systems and that he could play around (not the first time)

    maybe he is doing this

    btw there is no cache or failover with cloudflare

    very cloudcomputing that ....... that is all what cloudcomputing is about :)

    get it up in the air and up in smoke ...... gone

  • 150.000 accounts from online gaming forum customcod leaked - control yours

    @ Has posted a dumped to ozdc.net that contains an extremely large amount of users for a very well known and popular gaming forum based on the popular COD(call fo duty) game series.

     

    The website, CustomCoD.com(http://www.customcod.com) was hacked some time recently and a small preview of data was leaked onto pastebin with a link to the sites complete data thats been extracted from the hack.
    http://www.cyberwarnews.info/2012/06/14/150000-accounts-leaked-from-customcod-by-googleswe/

    You can control if yours is also leaked

    http://ozdc.net/search.php  (this is a database)

    the file itself is being reposted by the twitter Googleswe each time it is deleted

  • the problem with the maybe 50 giga visa-mastercard file (even if it is clean)

    before talking about 50 giga

    * there needs to be proof that it is 50 giga

    * there has to be proof that he has more than only the addresses, even if he has a good hack reputation (he delivers what he says he will do)

    * one has to know where it comes from

    but two big problems remain already with the leaked information

    1. you have an emailaddress and a (mobile) phone (scamming with VOIP installations or hacked telephone installations)

    a real address and name

    and you know if it is mastercard or VISA

    spammers, crooks and others can now go to work

    these people should be told not to answer phones or emails according to this leak and their account and await a letter from their personal bank

    2. the information is compromised, this means that it is somewhere out of control and it could fall unwillingly or because it is sold in the hands of other interested parties

    those cards will need to be changed - again

    maybe one would change all cards every year or 2 years (with higher security, correct information and other checks) and so the old cards would be worthless much faster

    3. Some part of the infrastructure or some big Ecommerce firm or some paymentprocessing installation will need to be shut down and be resecured because he couldn't have done this with good security and with encryption (it looks as if it is cleartext)

    it has to be something big to have such a great variety of victims

    but what does surprise is that for example there is no forcing on the emailaddress (some put it 'none of your business') what you wouldn't do if it was Mastercard or Visa itself because you would like them to inform you of a problem (as long as you still trust any email about your visa or mastercard).

  • a taster of 50 GIGA of hacked VISA and Mastercard accounts

    the information that makes it possible to do instant financial online robbery has been deleted - because this would lead to an effective standstill of the whole e-commerce business and maybe even banking business

    http://pastebin.com/K8k0uEEp

    1. "I have no special talents, I'm only passionately curious." - Me...
    2. Hello folks.
    3. I'm Reckz0r, oh fuck that part, I've been saying that for ages, Just call me Reckz0r or Reckz, or Jeremy.
    4. Today, I am here to fulfill your 'lulz' attention with some excitement & entertainment!
    5. Today's target is VISA & Mastercard, I will be only leaking a portion of the credit card information, as I cannot leak the entire data, it's too large, and this is the certain proof that i've hacked into VISA & Mastercard....
    6. I'm also censoring the credit card information such as CC Number, Secret Code, Expiry date for security measures, I also edited the way the information will look, the original one looked bullshit.
    7. TARGET: VISA & MASTERCARD
    8. REASON: Curiosity & Challenge
    9. DOWNLOAD LINK: https://anonfiles.com/file/684326ddacc98598972968a603343089
    10. Enjoy, folks.
    11. twitter.com/Reck0r
    12. Leaked by Reckz0r

    IN the files are addresses and other information of which also Belgians (and a lot of other nationalities)

    not 50 giga but a taster

    what we don't know yet if it is the master and visa systems themselves, a paymentprocessor or some big ecommerce firm that have been hacked

    CRISIS

    example of a Belgian in the file

    Visa|||| Daniel Callebaut ~ Rue Andrй Renard 26:Houdeng-Goegnies::7110:+32 64 214058   BE daniel@callebaut.org

    and so there are a few hundred of them as a taster

    Visa has been informed

    as the Belgian CERT

    just for journalists who don't know better : I have nothing to do with this in any case, nor am I linked to illegal Anonymous activities or supportive of them, I just report them so somebody can help the innocent victims

  • if you have tens of thousands of new viruses a day, flame will go under the radar

    When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely. Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010.
    http://arstechnica.com/security/2012/06/why-antivirus-companies-like-mine-failed-to-catch-flame-and-stuxnet/

    What f-secure is not saying that in fact analysis is first mechanical but that as long as there is no analyst pondering over it and turning it upside down and calling in others to have also a look and asking other firms what they have found - creating a buzz online so many more people become involved - such targeted attacks go under the radar

    it means that an antivirus will NOT protect you against dedicated professional attacks, it are stupid simple cheap stringent securityrules that will do the job

    * keep offline what has to be 100% secure

    * isolate everything that is to be kept secure

    * close down possibilities and capabilities to the least possible but workable

    * place monitors and loggers of activity

    * let humans check and follow up on all false alarms or securitychecks against secure installations

  • why even an insecurity of 1 millisecond can kill an otherwise totally secure process

    Regarding the MD5 Collision Attack, I suggest you to have a look at this very interesting presentation. You will be amazed in discovering that the first successful demonstration of this attack took, in 2008 (the alleged year in which Flame was created), about 2 days on a cluster of 200 PS3s (corresponding to about $20k on Amazon EC2). Together with the complexity of the attack, this aspect is enough to suggest a state-sponsored origin for the malware (i.e. the need of huge resources and know-how). But there’s more: to make the MD5 Collision Attack successful in Flame, the Attackers, had to overcome a huge obstacle corresponding to prediction the Serial Number of the Certificate (which is based on a sequential certificate number and the current time). Nothing strange apparently, except for the fact that they had a 1-millisecond window to get the certificate issued. What does this mean in simple words? A large number of attempts required to get the certificate issued at the right moment, an effort 10-100x more costly that the original MD5 Collision Attack Demonstration.
    http://hackmageddon.com

    so those who doing ITrisk based upon probablitity will just have called this process totally secure because the chances are so small that this could happen

    it happened

    so what - back to the drawing boards ? because just as with the financial crisis all your risk numbers are just .... wrong

    qualitative controls and analysis are always better than the statistical ones - especially if it has to be totally secured, always, anywhere, anyhow (like a certification process)

    secondly the cost of doing this is ....... enormous .... but the money was found by something somewhere somehow (and makes you wonder what else they have broken with this)

  • when the US begins to be nervous about a free encrypted chat program, you will be interested

    The developer of a leading open source application for encrypted online chat, Nadim Kobeissi, claims to have been detained and interrogated at the US-Canadian border yesterday. “Out of my 4 DHS interrogations in the past 3 weeks, it’s the first time I’m asked about Cryptocat crypto and my passport is confiscated,” tweets Kobeissi. The US interrogator also asked about which encryption algorithms Cryptocat deployed and they were curious about its level of censorship resistance.

    Cryptocat establishes a secure, encrypted chat session that is not subject to commercial or government surveillance. It uses client-side JavaScript to implement 256-bit Advanced Encryption Standard for message encryption and Elliptic curve Diffie-Hellman for key agreement.
    http://www.forbes.com/sites/jonmatonis/2012/06/07/detaining-developer-at-us-border-increases-cryptocat-popularity/

    the ratrace between encryptors and interceptors is on again....

  • the belgian interim hack - the situation

    it doesn't seem as tomorrow we will have a big leakage - and if any money has been paid we will never know because otherwise more blackmailhackers may be tempted

    the information on pastebin.com has been deleted - which has taken more than 48hours - long enough to be downloaded and redistribued

    the hacker seems to have put his boat to sail to other seas and attack other boats

    do will this mean we have to just go on - forget about the whole thing and do as if nothing happened

    * the vulnerable website is still online

    * there is no word about an official investigation by the privacycommission of the FCCU

    * the database with all these personal and ID information of 9900 persons is still 'out of control somewhere"

    * it is not clear if all the victims have been informed and have been asked to change their passwords

    * there are a lot of other sites that ask for the national register numbers in a totally insecure way

    so this should be taken as an opportunity to put more controls and obligations of personal information in place

  • interim hack the answer from Anonymous

    he or they are NOT Anonymous

    Anonymous made this clear in this tweet and rex mundi retweeted it to confirm this

    Behind this Mask we have no religions, no politics,no money. Behind this mask we are all equal, we are all .

  • did the interim hacker also hack the email account from taylor lautners

    it seems that this is what he is implying when decoding his message in pastebin announcing something very interesting

     

    Taylor Daniel Lautner (pronounced /ˈltnər/, LOWT-ner; born February 11, 1992)[1] is an American actor, voice actor, model, and martial artist. As a child, Lautner took up martial arts [2] in Holland, Michigan and was ranked number one in his category by the American Sports Karate Association. Lautner soon thereafter began his acting career, appearing in bit roles in comedy series such as The Bernie Mac Show (2003) and My Wife and Kids (2004), before having voice roles in television series like What's New, Scooby-Doo? (2005) and Danny Phantom (2005). In 2005, he appeared in the film Cheaper by the Dozen 2 and starred in The Adventures of Sharkboy and Lavagirl in 3-D.

     

    Lautner is best known for playing Jacob Black in The Twilight Saga film series based on the novels of the same name by Stephenie Meyer. He also starred in the action film, Abduction, which became a sleeper hit.
    http://en.wikipedia.org/wiki/Taylor_Lautner

    the message says that they have hacked his emailaccount and have messages from his gay male friends

  • DNS changer infection - check before the 9th of july

    One way to check if your system is affected by this DNS Changer malware is to use a free DNS check that several websites offer. If you rely (or have relied) on these websites, please be aware that some websites may be tampered with or malicious and give you the wrong advice. To be sure you use legitimate websites that offer this feature, ESET has verified that this US-website and this European-website have the proper checks and give sound advice.

     

    Another good way to check if your Windows system is affected by any variant of the DNS Changer malware or any type of other malware is to use the free ESET Online Scanner. ESET’s Online Scanner for Windows employs ThreatSense scanning technology and is updated several times a day with detection and automatic remediation of newly discovered threats.


    http://blog.eset.com/2012/04/21/dns-changer-relived-new-deadline-9-july-2012?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+ThreatBlog%29&utm_content=Netvibes

  • can some-one explain this very strange site .onu from France

    80.11.254.210     FR - france telecom     15 jun     16:49     Français     http://testing.bsspams.el.onu/posts/index.php

    Whois 80.11.254.210 IP Geolocation Information:
    Country: France
    State/Region: BASSE-NORMANDIE
    City: CAEN
    Latitude: 49.183
    Longitude: -0.35

    or is somebody using it as their intranet domain and by this not respecting the international standards

    and what is more strange - leaking it to the outside world

  • interim hack why we are so nervous about the RRN information in the hack

    as everybody is concentrating on totally stupid aspects of this case - we would like to show that legally this case is explosive - and that the total silence about this is totally astonishing

    http://www.privacycommission.be/sites/privacycommission/files/documents/beraadslaging_RR_35_2012_0.pdf

    The RRN or your national Registry Number is a very sensitive information and you can't use it without the consent of the Belgian Privacycommission. I haven't found directly a decision that the Belgian interim agencies can use it but I do find the website of the Belgian privacycommission not the most easy to use.

    The decision in the document shows that the Belgian privacycommission refuses very often the use of the Belgian RRN in a database or as identification. It is not used here as an indification to a website, but if one looks to the intent of the decision than one understands the gravity of the hack. If you use RRN numbers you have to secure it from end to end. Point Final.

    ANd if you are hacked you aren't secured. Point. Final. Especially if you don't encrypt anything and you are running outdated servers and you place this kind of information online or linked to an online database.

    No the silence of the Privacy Commission in this case makes me wonder, what is a lion without teeth ?

  • interim hack the agency is not following the rules of the privacycommission

    especially when it is about the conservation of the information and the kind of comments it is putting on the personal files

    La Commission préconise les mesures suivantes :
    Ø les agences de placement ne sont légalement pas autorisées à conserver, reproduire ou
    transmettre le certificat de bonne vie et moeurs des candidats inscrits auprès d’elles, sauf dans les
    cas où des dispositions légales obligent l'utilisateur à vérifier les antécédents judiciaires du
    travailleur (article 8, § 2 b) de la LVP);
    Ø pour les professions définies à risques selon la procédure prévue par le Règlement général du
    travail, une procédure de contrôle est organisée sous la surveillance d'un médecin et l'agence
    d'intérim ne traite aucune donnée relative à la santé du travailleur;
    Ø dans les autres cas, le traitement de données relatives à la santé des personnes ne peut se faire
    que pour des fonctions concrètement envisagées pour le candidat et où certaines déficiences
    physiques sont objectivement et généralement reconnues comme constituant une inaptitude. Il
    est préférable que tout traitement de données relatives à la santé soit effectué sous la
    responsabilité d’un professionnel des soins de santé;
    Ø les données sensibles ne peuvent pas être traitées même avec le consentement écrit de la
    personne concernée, du moins pendant la phase précédant l’engagement du travailleur;(14)
    Ø les annotations officieuses se retrouvant sur la fiche des candidats doivent se limiter aux données pertinentes eu égard au secteur d’activités dans lequel pourrait évoluer le candidat ; à défaut d’une idée précise de ce secteur aucune annotation de ce genre ne pourra être considérée
    comme pertinente.
    Ø les données ne peuvent être conservées plus longtemps qu’il n’est nécessaire à la firme d’intérim
    pour accomplir sa (ses) mission(s) auprès du candidat. En particulier, si le candidat n’est plus
    intéressé par l’intervention de la firme d’intérim, et à moins qu’il n’y consente, ses données ne
    pourront être conservées.

    http://www.privacycommission.be/sites/privacycommission/files/documents/avis_08_2002_0.pdf

    maybe some managers will have to reread those decisions and control if they are still abiding by them and if some employees haven't been too detailed in their personal comments about the candidates

  • interim hack stupid news coverage

    everybody is concentrating on

    * the hacker (some even think it is Anonymous)

    * the fact that there are some stupid evaluations in the those leaks

    * that money is asked for the data not to be released

    nobody is asking

    * why didn't the company secure better their information

    * why didn't the company come forward to warn their users

    * why is the system still online and how can you be sure that it is safe

    * where is the privacycommission and the FCCU

     

    looks like nosec, antisec and lulzsec has learned them nothing