security - Page 92

  • regetel.be belgian crisiscommunication website not only hacked but also very unsecure

    regetel is the website of the crisis communication if our country has a natural disaster, a big terrorist attack, an explosion, internal revolts, a cyberwar or war

    "Alle 100 centrales (medische noodoproepen), de crisiscentra van de gouverneurs (CCPROV) en de permanente eenheden van de Civiele Veiligheid werden aangesloten. De aansluitingen naar andere belangrijke crisiscentra zoals het Maritiem Redding- en Coördinatiecentrum (MRCC) te Oostende, het Maritiem Informatie Kruispunt (MIK) te Zeebrugge, het secretariaat van de Zeewacht in Oostende, belangrijke sites van Fluxys, Electrabel, Elia, nucleaire installaties in Doel, Tihange, dispatchings van het Rode Kruis en de crisiscellen van de Communicatie- en Informatiecentra (CICASTRID) werden onlangs gerealiseerd of zijn in uitvoering."

    it is the website that should make sure that everybody knows who they have to talk to and to manage the crisis telephonenetwork that is put into place  (of which it has placed the directory online for everybody to see)

    oh yes and it uses VOIP (that is telephone over the internet, block the internet and there is no telephone) but they also have public telephone numbers.

    do you understand now how critical this may become ?

    than go here : http://www.regetel.be/master/RegetelFlex.swf  an external login page with password (and NO SSL encryption) so all these passwords are in cleartext and even if they were encrypted, such a network should have double authentification because in times of crisis you don't have time to reset stolen or abused password or to double check the identity of someone, you have to be absolutely sure

    and how they were hacked ?  even more stupidly probably

    http://www.regetel.be/index.php?option=com_search&view=search  this page is hacked so this page is a searchpage which means that probably they were hacked by sql injection. Now sql injection is as old as the year 2000 and should be known as something to check for before you put anything online, you even have specialised tools and better professional codingtools have the protections even integrated when you start coding searchforms and so on

    it also means that this network or site has never had an external securitytest because this would have been found immediately

    it also means that this network or site is not behind a good Web Application Defense or that the application is so badly coded that no Web Application Defense will be able to protect it

    one of the three telephone directories  dutch  french

    and if you are planning an attack on the VOIP network you should know where the system is developed or just not (so that there are still bugs you can use). That you can see on this page without password (the page is hacked so you can't see it now)

    read also this for backinformation

    http://webcache.googleusercontent.com/search?q=cache:-s6ZXTscL8cJ:www.regetel.be/index.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D3%26Itemid%3D6%26lang%3Dnl+&cd=17&hl=nl&ct=clnk&gl=be&client=firefox-a

    this is a form

    http://webcache.googleusercontent.com/search?q=cache:W1l3eIsCGoUJ:www.regetel.be/index.php%3Foption%3Dcom_contact%26view%3Dcontact%26id%3D4%26Itemid%3D27%26lang%3Dnl+&cd=21&hl=nl&ct=clnk&gl=be&client=firefox-a

    but the best I found with web-sniffer.net

    Date: Sat, 02 Feb 2013 12:38:13 GMT  
    Server: Apache/1.3.41 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a  
    X-Powered-By: PHP/5.2.10

    not one part of this is patched and in order and really OpenSSL for highly critical networks ? Didn't have the 200 euro's for a real certificate ?

    jokers

    oh yes, if you have taken this down, you will have to take everything to the dustbin because how will you be 100 percent sure that there are no backdoors, keyloggers, sleeping accounts, insert bugs or timebombs

    CLOSE THIS SHIT DOWN - and we will be more secure (oh and by the way you will have to change the numbers because they were distributed over the cybersoldiers over the whole world who one day may decide to do an undercover operation against the capital of the European Community or something like that

    don't shoot the pianist - I already said and blogged about this stupid website in......2008 and before the belgian parliament during hearings

  • regetel.be belgian crisiscommunication coordination website still hacked (close it down)

    waaahaahahahaha

    instant crisis communication  where are the cybersoldiers

  • oprrn more unsecure belgian ehealthservices with only rijksregisternummer

    http://www.digitalewachtkamer.be/%28S%28ul41ri453gyxuo55pi3ytp55%29%29/Users/newaccount2.aspx?D_ID=467

  • oprrn = unsecure e-health, get any medical file if you know the rijksregisternumber and some public info

    http://opleiding.e-zorgplan.be/login/Directlogin.aspx?ReturnUrl=%2f

  • hacked : website regetel, the national disaster communication network in belgium

    the website is built in Joomla and was hacked yesterday

    and even the website itself is just stupid in dataleakage because you can find all the numbers of all the critical offices and administrations that should be contacted if there is a disaster in our country

    "Het Projectbureau REGETEL (Telecommunicatienetwerk van de Regering) stelt U zijn telefoongids voor. Het REGETEL-netwerk is een belangrijk onderdeel van het volledige pallet van alternatieve communicatiesystemen dat in geval van crisis beschikbaar gesteld wordt door de federale overheid. Sinds 2004 maakt het Projectbureau REGETEL deel uit van de Algemene Directie Crisiscentrum, FOD Binnenlandse Zaken. Het REGETEL-netwerk beschikt over autonome spraakservers, autonome technische diensten en in Brussel over een autonoom netwerk. Hierdoor kan aan de gebruiker een onafhankelijk en alternatief communicatiemiddel aangeboden worden. De voornaamste toepassingen zijn telefonie- en faxverkeer, maar ook dataverkeer is mogelijk."

    you can download the full list of the telephone numbers here (yes it is fully public, totally stupid to do that but all these important overpaid crisismanagers have decided to make it fully public on the internet for all to see)

    the fact that this site is hackable makes it totally insecure and in a time of cyberwar a target and it may even be possible to find information but that some information has been changed or that some files that everyone will download have been infected by trojans

    so in cyberwar we will have no crisiswebsite becasuse it will hacked

    and just for your information

    the page where the hacking begun already gave in Google some mistakes

    Gedetailleerde tabel van de projecten - Regetel

    www.regetel.be/index.php?option=com_content&view...

    14 dec. 2009 – Regetel Hotline. OK. Send failed. Client.Error.MessageSend. OK. Send failed. Client.Error.MessageSend. OK. Send failed. Client.Error.

    and you don't need more to know as a hacker that that website has so many problems that you can hack it all

  • belsec blocked by bluecoats - censorship because there is no hacking here

    this was a visit

    46.235.154.39 UK - blue coat systems inc 1 feb 14:14 Nederlands http://notify.bluecoat.com/notify-Coach?http/bels

    and that site says

    If you were expecting another web site, this may be the result of a configuration error in your network. The domain notify.bluecoat.com is the default "virtual hostname" for user notification pages produced by security appliances from Blue Coat Systems, Inc. Requests in your network for that host should be intercepted by the appliance. Please seek assistance from your network administrators.

    If you came to notify.bluecoat.com deliberately, you have now seen the entire site.

    translation

    the user have seen that their bluecoat has blocked belsec.skynetblogs.be for its securitypeople so they can't read things about insecurity

    stick your head in the sand

    there is also dataleakage because the full url gives this which seems a lot of information if decrypted to go out

    http://notify.bluecoat.com/notify-Coach?http/belsec.skynetblogs.be/aHR0cDovL2JlbHNlYy5za3luZXRibG9ncy5iZS9hcmNoaXZlLzIwMTMvMDIvMDEvb3Bycm4tbW9yZS1zZXJ2aWNlcy

    10aGF0LXVzZS1ycm4tYXMtbG9naW4uaHRtbD91dG1fc291cmNlPWRsdnIuaXQmdXRtX21lZGl1bT10d2l0dGVy

  • NYT hack : see how stupid passwords are

    they are working with confidential sources and confidential material

    now they claim that 'hackers' have 'hacked' their systems

    no, they had access to their systems because they had the passwords of 50 employees

    but hey, why are you still using passwords in a confidential environment

    last year more than 40 million passwords were publicized on the net (and lets not forget all those that are not publicized)

    DOUBLE AUTHENTIFICATION should be the norm, passwords is for dummies, crybabies

    and have you ever heard about encryption and dataleakage prevention (do you have a security officer who knows what security is and has power and budgets to do something instead of going to presentations and having blablabla meetings)

    so don't blame everybody else - blame yourself - and do something about it

    if you want to be a trusted online source and publication you should have a security people can trust

    what will be the next thing : changing an editorial of the NYT or leaking internal files that were leaked to you or your sources or internal telephone number book with all your sources ?

  • no more blablabla do something - belsec in action mood

    we will not hold back anymore waiting this and that and just telling it to the cert and hoping that somebody will do something about it

    we will only hold back when we see that people are in danger and when we know that the service managers did before do something and are willing to do something fast

    we will never access systems or log in

    we will never steal files or change settings

    we will never NEVER access systems with specialised PC software - google is our friend as are online services that anybody can use (securitymanagers of big systems or networks can send me their contactdetails so I can warn them if there is something that may concern them - but at one condition and that condition only - never ask for sources and never put me under investigation as I do nothing more than googling and watching the net)

    we will not wait for the NEXT big ones (oh there was already a big one ?)

    tips are always welcome - but respect the groundrules (do not log in and do not abuse the information and do not publish it before contacting me) The publication of the nmbs file online was done with good intentions but was quite badly executed and was a new dataleak an sich.

    Let's make this interesting times (to make it less interesting for real hackers and criminals)

  • OPRRN 2 : VDAB.Be look at the unemployment file of any person of which you know the RRN

    first you have to know the RRN number of somebody

    we didn't do anything and we didn't try it as this is illegal

    I don't have a file there, so I can't know

    it seems that they know that it is insecure but as long as nobody publishes about it they won't do anything about it _ i HAVE NO IDEA WHAT YOU CAN DO WITH A FILE (change information for example, put as experience that your are a pimp :) )

    and if nobody publishes about it in Belgium, than why shouldn't I  do it

    I REPEAT :  DO NOT ABUSE The sytem AND i didn't DO IT

    vdab   CLOSE  THIS DOWN  THIS IS BAD STUPID AND SO ON

     

    we will continue OPRRN in the coming days

    all tips are welcome but at one condition

    DO NOT LOGIN AND DO NOT ABUSE THE INFORMATION

    not everything will be published if people are put in danger - but here the case have been brought to the attention of the VDAB according to different sources time and time again without any effect

  • OPRRN : more services that use RRN as login (update : some are reacting already)

    https://www.mtc-it2.be/DELEGE/DelegeNl.swf   as ID  pasword needed  - doctors

    https://www. SERVICE HAS NOTIFIED IT WILL CORRECT THIS  as ID password needed - Vlaamse Examencommissie and also to recuperate your password but you will have to control also the emailaddress from your target and also that http://www. SERVICE HAS NOTIFIED IT WILL CORRECT THIS /index.htm  vlaanderen.be is going to a private host somewhere for its logins is dangerous (xss), legally probematic and why do you have an authentification server at vlaanderen.be ?

    http://www.vdab.be/login/   paswoord or RRN   (you still need a password)  no https

    https://www.emut.be/EMUT2/Authentication.aspx?fed=311&lcid=2067&netw=INTER   mutualiteit but you need a password, the login itself is something to get

    http://www.g-o.be/Net_KandTijd/  no https  RRN and password  for future teachers

    https://www.ebcs.be/PensionPortal/Login.aspx?ReturnUrl=/pensionportal/Default.aspx&bol=yes  social secretariaat RRN and password

    http://www.west-vlaanderen.be/provincie/nieuws/ezines/burenbijkunstenaars/2011%20e-zine%20buren%20bij%20kunstenaars%20-%20april%202011.html  want RRN from artists to login

    http://www.denderleeuw.be/nl/160/restricted/login/index.html?print=1  extranet without https - login is RRN and password needed

    http://www.cursoa.be/registratie/registreer0.asp  even better, if you have the RRN of somebody you can make him a member of this - no verification

    http://www.oz.be/onlinekantoor/registreren  register somebody here without verification of EID you only need an RRN  no https

    https://www.euromut.be/MyEuromut/login.htm?language=nl_BE#popup_password  use of RRN (you need to know also the username and have control over the emailbox)

    http://wingene.grabbis.be/login.php  make an account if you have an RRN and the name and familynameno https

    http://b-rocks.be/login.php  RRN and password no https

  • OPRRN : close down RRNlogin at solidariteit.be please

    this is the most stupid thing I have ever seen and I still can't believe nobody has ever said to those organisations that this is the most stupid thing that they could every do but even than they do it  (and where is there securityofficer, doesn't he know that it is insecure and that this is NOT a way to do such things)

    will somebody wake up around here - this is asking for dataleakage - there were RRN's leaked on the web before (Rex Mundi leaked some) and some other were or are published or are in insecure databases online (in a more complex operation you have to hack first these databases to get the numbers and be sure that there are numbers in it that you may use in another database)

    stupid stupid stupid

    close it down and get back with a real solution before it is too late and don't shoot the pianist

    you are handling the most important files for your organisation for which you are legally the most responsable, those from your workers in a totally insecure way

    http://personeel.solidariteit.be/    no https  only RRN needed to logon

    but what is this than https://esol.solidariteit.be/secure/logon.aspx with password and certificate

    you can do it differently

  • portal for EID authentification at vlaanderen.be uses insecure ssl

     

    the reason is that they listen too much to marketing and not enough to securitypeople but the question is how can you market a program as secure if it isn't set up as a secure service ? People never like security when they first see it, untill they use it and become used to it and than begin to feel safe because of it and afterwards don't want ever to go back to the old insecure situation again

    this is the report (time to get the specialists in I would say)

    this means that it isn't that hard

    * to bring the service down

    * to intercept the data (from the EID and with the PC) if the PC is infected (banking or password or datastealing trojan, the most popular viruses nowadays)

    Secure Renegotiation Not supported   ACTION NEEDED (more info)
    Insecure Renegotiation Supported   INSECURE (more info)
    BEAST attack Vulnerable   INSECURE (more info)

    with this grade this means that they wouldn't be accepted in the US as complaint for egov services

    Server signature Apache
    Server hostname authentication.vlaanderen.be
    PCI compliant No
    FIPS-ready No
  • het rijksregisternummer als Unique Identifier - in sommige gemeenten gaan ze daar ver in

    dit is een klachtmail van persoon x over stad y maar dit is het geval bij steeds meer diensten

    "Ik ben inwoner van de stad en maak geregeld gebruik van het digitaal loket van deze stad: 

     

    Van het inschrijvingsformulier voor de kinderopvang maak ik meerdere keren per maand gebruik: inschrijven, annuleren, zowel voor voor- en naopvang als voor de vakantiewerking. Hiervoor gebruik ik het rijksregisternummer van mijn kinderen. En hier wringt voor mij het schoentje; enkel het nummer volstaat om deze zaken uit te voeren. Dus, elke persoon die op de hoogte is van het rr-nummer van mijn kinderen kan deze actie uitvoeren. Ik vind dit heel onveilig; mijn persoonsgegevens (of die van mijn kinderen) worden onvoldoende beschermd. Een bijkomende beveiliging, wat mij betreft liefst token of eID, is noodzakelijk.

     

    Ook de toegang tot de bibliotheek gebeurt op deze onveilige manier. Een rr-nummer volstaat om zicht te krijgen op welke boeken ik lees (daar heeft niemand zaken mee), om boeken in mijn plaats te reserveren, om de uitleentermijn te verlengen, ... Ook hier vind ik een bijkomende beveiliging noodzakelijk."

    het schoentje past wie het past

    het is niet omdat het rijksregisternummer op je EID staat dat het een PUBLIEK gegeven is dat zomaar kan gebruikt worden als ENIGE IDENTIFICATIE (soms zelfs zonder EID)

    het wordt tijd dat de privacycommissie zich opnieuw publiekelijk hierover beraadt want het aantal formulieren met rijksregisternummers zonder noodzakelijke bescherming, het gebruik van het rijksregisternummer als login (vb bij het leger) leidt er langzaam maar zeker toe dat die dezelfde status begint te krijgen als het social security number in de VS en waar men daar nu zoveel problemen mee heeft dat men een EID wilt invoeren.

    een nummer is maar een nummer en niet meer dan een nummer en bewijst niets anders dan dat je het nummer kent (omdat je het bent, het nummer hebt gevonden of het nummer hebt kunnen raden want het is GEEN GOED NUMMER als enige identifier want er zijn teweinig onbekenden)

    en als je EID gebruikt, laat dit dan doen en controleren door specialisten en niet door mensen die het ergens op het net hebben gevonden, er zijn al genoeg onveilige EID oplossingen geïnstalleerd

     

  • more about cma.be the online medical defaced dataservice

    you can get your medical results here

    https://online.cma.be   (but that is also running IIS 6)

    and what is the use of installing ssl encryption if you do it the wrong way 

    https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fonline.cma.be%2Fonline%2FDefault.aspx

    so whatever one says here there is no security blablablabalbal

    Security of your Personal Information
    Centrum voor Medische Analyse secures your personal information from unauthorized access, use or disclosure. Centrum voor Medische Analyse secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other Web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
    http://www.cma.be/Home/tabid/36/ctl/Privacy/Default.aspx

    and it is not conform the latest technologies as stated here

    Na een volledige facelift en volledige hercodering van de software is de nieuwe webstek voor de online resultaten beschikbaar! De webstek is volledig conform de laatste ontwikkelingen op software gebied en werd gebouwd op het .net framework 3.5, microsoft visual studio 2008, XML- en CSS-technologie
    http://www.cma.be/Arts/iLabOnlineHelp/tabid/268/Default.aspx

    because just as this documentation shows their website dates from 2008

    see this documentation  http://www.cma.be/Portals/0/downloads/online.pdf

    and Microsoft visual studio is already in version 2012 and IIS in 7.5 (so not the LATEST)

    if this is e-health, than we can expect some things and we shouldn't be surprised to have found excell tables from a bloodbank online

  • another defacement in jobsindehandel.be (forem-vdab) and what forem does a litte better

    this is one

     

    but the french speaking forem does something right that the VDAB does totally wrong when you click on french and you click on information or to insert information, than you go to the site of Forem.be, you don't stay on this site with a shitty security

    but this doesn't say that the forem encrypts its information (or your information)

    http://www.leforem.be/particuliers/chercher/CV/creer-un-CV-simplifie.html

    but it is already under its own domain making an xss attack or injection more difficult

  • another belgian online creditcompany defaced and unsecure

    this is the hack- sending out the warning to everybody that they are vulnerable

    this is them

    and they have also an unsecure webform in which personal and financial data is in CLEARTEXT

    and they are running NO HTTPS and still on ...... yeah   not IIS 7.5 but

    Server:Microsoft-IIS/7.0Set-Cookie:.ASPXANONYMOUS=BVI6kFo2zgEkAAAAMjAwYjMxMmQtYjY1OS00MGUyLTgwNjctYzI5MGU5ODBjYjgy0; expires=Thu, 11-Apr-2013 02:16:23 GMT; path=/; HttpOnlyX-AspNet-Version:2.0.50727
    http://www.web-sniffer.net   (better but not perfect enough to secure a website with that kind of data)

  • yahoo spamfilter too stupid to stop phishing for yahoo logins

    first never use those messages

    hoover with your cursor over the link and you will see that it is not the yahoo.com domain so it is false

    but what is most astonishing

    is that Yahoo spamfilter are normally very good

    and the fact that they are so good people begin to think that yahoo estimates that arrive in their inbox are real messages from Yahoo because they see so few spam (and so much in their spambox) that they think that as it has passed the very good antispamfilters it is real

    yes, really that is the biggest danger of nearly efficient spamfilters - that people think that the 1% that gets through is genuine

    what should yahoo do

    first you should educate the people with a banner or warning above the mailbox stating that yahoo or any other service will never ask for your logins by email or to change them by email

    secondly you could make a servicewarning - together with other big operators - in a banner or servicepage in which you could place warnings (not about an email but that people have to relog to for example this website to change their credentials)

    third you could make a special button in the mail in which you could send all emails asking for your yahoo logins that comes in the mailbox of a 24H team that will immediately put them into the filters for the future ones (and set up the procedure to kill the phishing page online)

    fourth you should augment your spamfilters with everything that is yahoo service or login message or in which the link that message has doesn't belong to the yahoo domain (even if the link is in text)

    fifth you should make spamfilters refilter the last 100 messages or so to empty the box from spam that has only be identified as such afterwards

    fifth never trust emails instantly, take your time, nobody is going to kill you if you have waited a day, to see it disappear into the spambox

  • hacked medical labo website asks belgians a lot of medical information (close it down)

    so when a website is defaced it doesn't mean that it is penetrated and hacked but it means that automated vulnerability scanners have found a way to inject information but this doesn't necessarily mean they have rooted the server and have access to the database

    but it does mean that there are a few problems with the server and that if the defacement is old enough that nobody is watching over the security of the server and so it indicates that those servers are like house without strong frontdoors or who have windows open on the groundlevel when everybody leaves for holiday (which doesn't mean that they will find the juwels)

    but that on the same server there is an UNENCRYPTED LOGIN and an UNENCRYPTED FORM that asks all that information in CLEARTEXT is just enormous

    imagine all that information being in a database and that database being leaked on the internet

    but that information can be hackable because it is running a very old server version against which we are campaigning (like Microsoft itself) as being totally undefendable (meteokust.be uses it)

    oh and this is the hack

    and Google cache says this dates from "Dit is een momentopname van hoe de pagina eruitzag op 31 dec 2012 19:01:20 GMT"  exactly one month old

    and even more there is a second page - they also didn't see

    http://www.cma.be/Portals/0/ulow.txt

    this is the reason why

    Connection:closeDate:Thu, 31 Jan 2013 14:52:32 GMTServer:Microsoft-IIS/6.0MicrosoftOfficeWebServer:5.0_PubX-Powered-By:ASP.NETX-AspNet-Version:2.0.50727
    http://www.web-sniffer.net

    CLOSE THIS DOWN AND UPGRADE