security - Page 3

  • hacked and LOL

    this is a very old server time to throw it away

    and the following even I couldn't make up

    and this is for the following cities

  • and to end 2014 the most hacked belgian server ever ..... hacked again (no joke)

    even with IIS7.5 they can't secure their server

    but there are some other websites on that server that are also hacked from time to time

  • #rexmundi this is why webdevelopers should have a securitycertificate (for starters)

    the installation itself should also be certified

    never sign a contract or renew it with a firm that doesn't have it or doesn't use a securitycompany to review its code and its architecture

    these two sites have very obvious stupid securitydefaults and they are in fact lucky that Rexmundi didn't take more time and didn't hack them sonywise

    for z-staffing it means that all passwords will have to be blocked and changed and that people will have to change the passwords everywhere else they have used them

    Z-staffing and tobasco should inform their victims

  • #sonyhack more information about the wipeware that was used

    source (with more technical information)

  • hacked and leaked (also belgians)

    due to lawyers no more links to leaks here

  • #sonyhack if you don't spend money on security, you don't have security

    securitymanagers and all that kind of blablablabla stuff is makebelieve security hard to make you believe that somebody is busy with security because somebody is talking about it

    that is what happened at Sony

    too many managers talking

    no people actually doing things


    and this after a history of defacements, leaks and hacks which are summed up here

  • BIPT and other ISP regulators will have to oblige IPS's to put their gaminginfrastructure far away from the rest


    in means that in the ddos battle against gameservers (now going up to 400GBPS attacks) ISP's should get there gaming infrastructure and services as far away as possible from any other service or infrastructure because whatever you do when your network is attacked with that volume than everthing connected or going through the same pipes will be impacted

    Telia is not a small ISP and it has 5 million customers that were impacted during the attack against 1 gamingserver

    this is an example and the BIPT will have to look at this in Belgium

    Telenet has a gaming site and forum that has already been attacked and hacked - are there ready to resist a 400 GPBS ddos attack

  • #rexmundi this is the public information that could have been leaked

    here is a form with contactinformation

    but it also depends on what is on your cv that you can send also - without any protection that is

    at the other side it are full profiles because there is also a pic with the cv and so on

    and as the logins aren't protected than you could in theory extend that with other information

    and if the same person used the same password for other things - like email or shopping - than it is a bigger problem (but not sure that RexMundi has those logins or just sqlinjected these forms)

    but there is better - without any ssl protection - that is in cleartext


  • #rexmundi their ssl certificate is soooo strange

    first we have this response in

    to make a long story short : NO SSL protection No encryption, everything in cleartext also your passwords and logins

    and than we get this

  • #rexmundi hacked and leak but finds security its trademark - HAHAHA


    they have to follow a course in cybersecurity because without cybersecurity you don't have security at all (as cybersecurity without fysical security is just as insecure)

  • #rexmundi the dataleak with came from here - so STUPID STUPID STUPID

    when you have to make your online account with tobasco to be able to compete for a job, than you have to fill in a form without any SSL protection as we have seen in the previous post

    well it gets even better and that is because it is STUPID STUPID STUPID

    instead of just asking for your emailaddres and another identifier you have to fill in all your personal details ONLINE without any SSL protection instead of making your profile once you have logged in - without any ssl protection

    and instead of emptying the database each time somebody had made his or her account so that the data goes behind the 'closed extranet' it stays public and online (it is a good practice to empty your online public data from your database and migrate it every x hours to a private protected database so that the impact during a breach will be very minimal)

    and this is only part of the data of the form

  • spicy belgian online tempoffice hacked and leaked by #rex mundi

    well it is spicey allright


    First they have a logon to a secure space but it has NO ENCRYPTION (SSL) at all  so if this one is breached all the information (login and passwords) is in CLEARTEXT (just downloading)

    and this another public form (with everything in cleartext)

    some forms or documents seem to have gone meanwhile

    but the best is yet to come ........


  • Refuse to fill in any national registry servicenumber in Belgian webservices period

    if they want all that information they should

    * protect it behind locked down webservices hidden after logins with double authentification

    if they can't give you that security

    you should refuse to fill it in or fill numbers in that are partly correct (the known numbers are your birthday and if you are a boy or a girl all the rest you can fake)

    just refuse it or fake it - that will learn them

    and in fact institutions and organisations that ask for information online should ask for as little as strictly necessary if they can't give you a secured environment behind a locked down extranet with double or hard registration (and not with the full explanation online of how to do that like the army did with its extranet for Human Resources)

    it is your power to refuse because they have no legal or other base to ask you for that number, none  and surely not if they can't secure it

  • we would ask one thing from #Rex Mundi - one thing only - don't publish the national registry

    do not publish the national registry numbers please they are the UID of every belgian

    and the only victims of you publishing this are the victims which will already be victimized again and not because you have published emails and telephone numbers and so on, but because you have also published the unique number they can't change and that will be the their UID for the rest of their lives

    and this is the only GOOD thing you can do - it is nearly christmas right ?

    it is only one column and won't make the difference in the leak but it will make a world of difference to all the people involved - the simple people that is

    nobody else in Belgium cares if you publish these numbers - the privacycommission don't want to ask the online webservices to stop asking them and the online webservices themselves are just thinking of amassing all the possible information without any more security controls

    I could ask you not to publish the information but that is something impossible to ask - not publishing the national registry number of the database is something you can do and

    something that you have already did before - not publishing the national registry number because we asked you

    if nobody in Belgium cares about the use and security of that number in Belgium, except me harrassing the privacycommission and some online webservices about it for years with not much effect I would say - than we could do just one thing good

    that is not to say that I agree with your methods or your criminal enterprise - but that you knew already

  • #Rex Mundi hacks two Belgian online Temporary work agencies with 6000 files to come online

    due to legal threats we can't give the source of the information - if you are smart you will find it yourself

    the sum is now 5000 Euro they ask - so nor the bitcoin enormous sum nor the let the curious pay something in some small bitcoin cent seem to have worked

    this is back to the beginning for Rex Mundi

    we were already sending alerts through different channels but to no avail - every one thinks that they won't be next - so if your security is so lax that you leave sql injections and other security mistakes - why in the hell do you think that you won't be next - do you have a guardian angel or something ?

    you are just an url in a database and an application that will test your defenses

    there is nothing more to it

    for all those not understanding this blog and jumping to conclusions

    * I am not Rex Mundi and I have no links to Rex Mundi

    * I do not hack nor do anything that is not strictly within the law

    * and if I didn't try to make people aware of the dangers with this blog and setting up an open intelligence network than it would even be much worse

  • #sonyhack should you set up your own corporate DDOS attack army online ?

    because this is what Sony is doing - some call it offensive security

  • #Sonyhack this is why emailboxes should be encrypted and protected if they are businesscritical

    "he hackers said the email boxes belong to Steve Mosko, president of Sony Pictures Television, and Amy Pascal, co-chairman of Sony Pictures Entertainment.

    The Microsoft Outlook mailbox files run to several gigabytes and apparently contain thousands of messages sent to and by both executives over several months.

    A handful of the emails, seen by IDG News Service, appear to include discussions between company executives, lists of phone messages that include contact details for executives at other companies, business information, and personal messages to family members

    There is nothing as critical as a mailbox from an engineer or businessmanagement 

    but they hardly get an double authentification, password or encryptionprotection or to say automatic archiving to another protected environment if it is put in for example a folder secure archive

    this is what I personally think : if one puts a mail in a folder 'secure archive' the exchange server takes them once a day and puts them in an archived but secured mailbox that the owner can only access online and only if he uses specific procedures (eventually password, specific hardware or decryption key and so on....) 

    so no more old mails that are lost during a hack or leak 

    and for the mails of today - one should use the same protection as for important files. Sometimes files are secret on the server and hard to reach but are send around in mailboxes as if it is candy 


  • windows10 will be the perfect platform for securitymanagement for networks

    "The new Windows will also offer a unified user experience across all devices, from PCs to tablets to phones. Microsoft drew closer to that with Windows 8, but Windows 10 will complete the vision. The new OS will also offer a universal platform for developers to deploy apps. That's something even Apple lacks, as its Macs, iPhones, and iPads all operate on different -- albeit similar, in the case of the phones and tablets -- operating systems.


    Offering a universal experience in which a phone app closely resembles its tablet and PC counterparts should provide a seamless experience for Windows users as they switch between devices. This will actually expand beyond phones, tablets, and PCs: Nadella said he expects Windows 10 to power even "the smallest Internet of Things devices," offering the same experience across the board.

    now read this from a security point of view 

    you can have in your network the same patching, logging, antivirus and other controls for whatever tool the person is using (desktop, server, laptop, tablet, phone) as long as it is windows10 

    imagine that, collecting your logs from all the different tools and putting them in one database being able to follow the attack on a pc, the penetration of his phone and extracting of his address book and than the attack on some-one else in the office or on a server .... 

    imagine having one antivirus, one patchmanagment, one application or softwaremanagment for all your tools 

    it is not only developers and programmers who may be able to re-use more or less the same code for apps on tablets that become software on desktops or serverbased applications on servers but in the first case it makes it possible for the security-industry to now make real platform for the platform that will give the network- and securityadministrators the possibility to englobe their whole network whatever the tool or the location with the same securitysolution as long as it works on windows10

    this change is as big as the famous memo by Bill Gates about security because this changes security in the networks fundamentally from a fragmented always too late solution to a global solution that after the migration and the knowledge management can start to think more preventive and make attacks from taking place instead of trying to stop or correct them

    off course, there will be new holes, new strategies and new mistakes but that won't offset this revolution that is now only theoretical but - if the security industriy has any vision left in their immediate salesvisions - also practical. If they don't than I think that Microsoft will develop and integrate its own solutions for its platform and than you will have all those shortvision norisktakers cry to the European Union and the US administration about a new monopoly and so on. If they want to be ready for this revolution - and help make our digital world much more safer than it will ever be possible to make it today - they should start today 

    just as Mozilla browser crashed when Microsoft put all of its intelligence and power behind their IE - now much less attractive than at the time - and the linux desktop that was going to replace windows crashed when windows7 came it may be a time of adapt or crash for the too fragmented security industry 

    the future is in overview of everthing digital in your network or enterprise and that overviewplatform is in the making and it is not the totally fragmented unixmarket or the confusing Applemarket or the even more individualized androidmarket 

    imagine, whatever phone or tablet or desktop you take you have the same stringent security that can be updated anywhere anytime anyhow 

    this is also a new securityservice opportunity for ISP's and other operators 

  • #tor buy stolen bitcoin wallets

    they are being stolen

    not sure if this is a scam or not but it is being advertised