security - Page 2

  • the forums of our national tv and radio are hosting childporn links

    they didn't place it on their forums

    but they didn't look after it neither

    and this has been blogged about several times the last year

    how do you find this

    by using the searchterm those sick bastards use   ""illegal cp"   site:be " and after site you can place whatever domainextension or domainname

    So for Belgian .be sites we find around 100 references of which

    één - Plaats een antwoord op een bericht
    ... http://www.baselinejumper.com/forum//viewtopic.php?f=2&t=11682 ">free illegal cp >:-( http://www.cleanandgreenscene.com/forum//viewtopic.php?f=3&t=5621 ...
    www.een.be/VRTForum5/post!reply.jspa?..

    Klara - Plaats een antwoord op een bericht
    ... ">preteen girl masturbating bmzg http://senseless.messwithyou.com//viewtopic.php?f=2&t=22383 ">very little girls, illegal cp 632256 ...
    apps.klara.be/VRTForum5/post!reply.jspa?..

    but you do also find

    mijndomein.nl • Toon onderwerp - lolita cp preteen
     - [ Vertaal deze pagina ]
    illegal cp little lolita cyber-lolita nude lolitas lolitas kds hot little lolitas dark lolitas bbs lolita sweet pussy pics underage bbs preteen lolita pedo ...
    www.ict-coordinator.be/.../viewtopic.php?f=2..

    Société Vétérinaire Pour La Protection Animale - Diergeneeskundige ...
     - [ Vertaal deze pagina ]
    Very Good Site little child models 02011 free naked kids 568109 blueteens :( preteen pussy porn 8-)) free illegal cp %-] hugeclit %-P boy kids naked 6748 ...
    www.svpa-dvdb.be/?id1=5&from=0 - In cache

    Reply to comment | Cycli
     - [ Vertaal deze pagina ]
    ... http://forum.seedcamp.com/users/552 ">ls nymphets kvo http://forum.engineyard.com/users/287 ">bbs russian banned illegal cp porn prelolita fucked nyjg ...
    wina2.ugent.be/~karel/cycli/comment/.../3296 -

    Opzoeking van een commentaar
    43244, http://mail5230937.5gbfree.com/illegal-cp.html illegal cp [url=http://mail5230937.5gbfree.com/illegal-cp.html]illegal cp[/url] ...
    annuaire.fiscus.fgov.be/loqw/rechlivre.php?page...

    and also a skynetblog

    The ITS was calculated for each percentage - The ITS was ...
    ... games movie bondage pictures of adultbabys little juicy cunts gorgeous crossdressers 3d mom illegal cp dragon ball z spanking stories android 18 hentay ...
    alopanere.skynetblogs.be/ - In cache -

    free Aurora mpeg to dvd
     - [ Vertaal deze pagina ]
    ... mac screensaver crack, where is product code tomtom5, Easy Cafe - serial, mp3PRO plugin f r Nero 7 crack, illegal cp lolitas porno, crack vegas 50, ...
    www.scoutsbonheiden.be/.../free%20Aurora%20mpeg%20to%20dvd.html -

    Zйtйtique thйвtre
     - [ Vertaal deze pagina ]
    Date: 06-06-2009. Commentaire par: qjygl. Votre Commentaire: jananese loli pics jqin illegal cp sktxhv. Date: 06-06-2009. Commentaire par: fybbi ...
    www.zetetiquetheatre.be/photos/.../limitstart,3/ -

    ASBL Les Jeunes Entreprises
     - [ Vertaal deze pagina ]
    illegal cp qtpekf great lolita bbs lokynx. Commentaire ajouté à: Mon Jun 8 00:57:10 2009 ... illegal cp pics olmelh forbidden bbs berto ...
    www.lesjeunesentreprises.be/index.php?.

     

  • risk, prisoners and evasion

    First there is no central office which is responsable from A to Z for everything concerning the transfer of prisoners. The risk analysis of each prisoner who needs to be transferred is done by the different departments with different objectives.

    Second the people who have to safeguard the security of those transfers have NO GUNS. You read it right. THe persons who have to guard sometimes very dangerous criminals (with limited risks because they have been behaving well lately) have NO arms. They also don't have the powers of the police, they are only administrative workers. If the risk of evasion is too high or there are other risks the police is asked to do the transfer.

    Third the service responsable for the transfer of the prisonsers has not enough manpower, especially during holidays, after standard working hours or when they have too many transfers at the same time.

    Fourth the Justice Palace in Brussels where those court sessions are being held is in fact a protected monument. It is a really impressive building (built to impress the population living around it) but it is not a building that could be used for court sessions with dangerous criminals. Even placing cameras can take months because each change has to agreed by a kind of architectural protection commission. Maybe the court sessions for dangerous criminals should be held in the prisons themselves. We are planning to build new ones anyhow.

    Fifth as several politicians are all responsable for part of the problem, the blame game has begun.

  • why we couldn't liberate the Belgian ship from the pirates

    The reason why the Belgian special forces didn't intervene to liberate a Belgian ship that was hijacked by Somalian Pirates and why the Belgian government choose to pay 1.8 million Euro's is explained in a leaked secret internal note from the the Belgian Crisis Cell.

    In the note it is explained that the Belgian special forces didn't have enough firepower (needed 9mm but only had 5.56mm) and enough nightvision gear (4 sets instead of the 40 that were needed) or other material.

    To make the whole story even more incredible is that the two undercover officers that were sent over there had their visa expired because nothing happened in between and couldn't get them prolonged. Their colleagues that were supposed to replace them there didn't get their visa in time either.

    http://www.standaard.be/Artikel/Detail.aspx?artikelId=M32CV9UA&word=piraten (dutch)

    Two things.

    First publishing facts - even from a leaked memo - which show the material shortcomings of our special forces is something that is really unresponsable. Those forces will be in the first line of duty when it comes to liberate hostages or arrest dangerous criminals and terrorists.

    The positive effect may be that now they will have to get the necessary material very soon because otherwise they will be fundamentally handicapped as their 'opponents' have too much information about their material shortcomings.

    Secondly If you have special forces that you want to use for special operations you should give them special budgets to buy the special materials that they may need at whatever circumstances. Special forces are our first and last line of defense and they should have whatever material and manpower to do their job as they are expected to do. Doing otherwise would have a great impact on the trust in our public police forces because if the special forces can't do their job, who can. And as we have seen today the criminals of today are more daring and better equipped than before.

  • physical security : Justice palace in Brussels and gangsters walking out

    Today some very dangerous and brutal gangsters escaped from the Justice Palace in Brussels while they were being entered in the court room. Some masked and armed friends came to liberate them and escaped together with them. They are known for using violence in a very brutal and relentless way.

    Some interesting details

    * The metal detectors in the building were not on

    * The investment plan 2005-2009 of 6 million Euro's to secure the building was never used.

    some other questions

    * where is the filtering of people who enter and leave the building ? You don't need metal fixed metal detectors for that. (answer : there are a great number of doors through which you can enter and leave the building).

    * where is the general video surveillance linked to a central alarmpost that can close doors and alert the necessary people and police-forces

    * where is the standby intervention team. In such an important building with so many trials and important trials you should have some - even small - standby team that can intervene if there is danger or a problem somewhere.

    * some trials are better done in jail or by video. There are some interesting experiments taking place in the US and UK with that.

     

  • around 500 websites on Belgian servers and networks infected or infecting

    The count is 488 but that count is neither complete nor authorative. It is based upon the malware that Google has found with its security initiative and like all other such initiatives it is just an indication.

    THe number is for the last 90 days and counts the number of infecting websites and relays for infecting websites.

    Not all of them are active today but a whole series needs to be checked and maybe cleaned. You will find them in http://insecure.skynetblogs.be

    The real importance is that if Google begins to blacklist that the commercial and reputational effects can be enormous, so one should follow your site or network or host.

    This is not easy, but it is one of these things to do. We have made a page with the most important ones, but it is up to you to make your own pages with yours and to monitor it.

  • new watchservice for Belgian malware site

    You can now follow for a whole series of ISP's and hosts in Belgium, the number of sites that Google badware service has found and published.

    They are only indications, but with most of the ISP's and the most important Belgian hosters you really have a clear view.

    http://www.netvibes.com/mailforlen#Google_.be_diagnostics

    another exclusive from Belsec

  • Joomla ducks are hacked again in aLpTurkTegin campaign

    Joomla ducks this is the name we gave them around here when an exploit was published last year (that even took down their own community servers) and that afterwards was not patched and communicated as it should have been. This has not changed since then, even as the security situation has totally changed for Joomla. It has changed because it has become clear that Joomla (which is one of the most popular open source content management systems) has not only a whole bunch of security problems it has no security awareness and no security procedures in place.

    It is easy to complain afterwards that you have been hacked when your software is totally outdated and the software you use should in fact under the present circumstances not be used for serious sites unless you have everything in place to compensate for the lack of securityservice and monitoring. And it is not because it is open that it is secure and it is not because it is free that you don't have to invest in security. There is something as total cost of ownership and your online reputation may also be taken into account from now on.

    So http://www.zone-h.org/archive/defacer=aLpTurkTegin decided to hack a few thousand .nl domains using primarily linux and Joomla according to the press. He wanted to give some new exposure to Wilders (who thanx him by the way to be able to play the poor victim again).

    Let us directly correct this, it is according to zone-h.org it were at most 200 websites in the and it is not at all a big vague or a recent one (it started the 22th of july and ended the 31th). So maybe someone wants to call that cyberwar for laughs ?

  • Skynetblogs According to Google Security Diagnostics is hosting malware

    CMS is the content management system. The thing we use to log on for our blogs or to write our stuff. The last couple of weeks we had several problems with it.

    Another possibility is that cms.skynetblogs.be is the name Google has for all of our skynetblogs. This is something to clear out. If this is the case than you have a Google indexing problem that needs to be fixed because if some blogs go bad, all blogs could suffer as the central CMS site will be blocked.

    This is what Google Security Diagnostics is saying about cms.skynetblogs.

    http://google.com/safebrowsing/diagnostic?site=cms.skynetblogs.be

    2 domains are being used as referrals to the malware and exploits goparkscan.com/, imucon.be/

    razing.info/, in5id.com/, scanonlinedirect.com/ are responsable for 22 trojans and 39 scripting attacks of which 4 succeeded.

    Time to clean up ?

    What I also know is that there are a lot of dead blogs that don't seem to be used anymore (I know I have some of them) but there should be a way to desactivate them (for example commenting for spammers). If the user after a long while still wants to use his blog he can re-activate it after logon. But it should make the attack surface smaller.

    Meanwhile more reports are being published on http://insecure.skynetblogs.be

  • blackhat 5 your laptop tracer is an insecured rootkit

    There is a general rule in secure that the more the layer of security is on the outside, the safer and harder it has to be and the more you will have to presume that it will be the first to be attacked and the first to crack.

    So when you develop something that loads up before the OS and the security tools it has to be as secure and well thought as any other security process at the outside of your prime defenses.

    THis seems not to be the case for the popular and already installed rootkit that the firm Computrace installed on millions of laptops worldwide. This software will send an signal if the laptop is registered as stolen and will destruct data on the laptop.

    According to some security researchers at Blackhat who are specialists in rootkits, it is not difficult to change the website it sends a signal to nor other characteristics. The configuration information is in fact on the PC self and not very protected and there is no authentification/control process between the rootkit and the server (other malicious botnet server ?) it connects to.

    How are they going to upgrade that ? It is a rootkit that is launched before the BIOS. This is a real big vulnerability for secured laptops.

    source

  • why cloud security first defense line is the next new layer

    Security is laying layers before the goal that the 'others' want to reach and compromise or copy. Each layer (isp filtering, routerfiltering, firewalls, IPS,  internal routerfiltering, hostbased security, dataprotection) has its own functionalities and defects. Building your onion of defense of depth layers is a hard thing to do in which you need to take care not to have two layers filtering the same things and to be able to monitor each layer or have a dashboard.

    It is now not possible anymore to filter all the antivirus and malware and zerodays attacks from your own antivirus appliances (network based) nor on the workstations or servers. Another layer of defence will need to be added for highsecure networks (or ISP's ?) the Cloud malware filtering. This won't replace your desktop or networkfiltering because if you place the cloud malware filtering too strict you will lose too much time and files (false positives). But it will need to filter out the oldest, typical and send others to the check box for the security people of the network or client.

    There seems no other way because even the oldest viruses seem active somewhere on the net because the workposts aren't updated, patched and secured enough. Maybe ISP's will need to install such cloudware securityservices or develop for business secure pipe services.

    len24

  • blackhat 4 Is your parking meter hackable ?

    Well we already had the hackable RFID enabled public transport chips and the blocked talk about the US hackable toll tax system and now we have hackable parking meters

    If you read the documents and presentation than it is just a problem of process. The firm has never thought that people could be interested in hacking or abusing their system. Well, people buy cracked satellite cards and download free music and films, so why wouldn't they reset their parking card (especially as everyone hates paying (so much) for just parking their car. So it seems incredible that a firm that publicizes its ISO9001 norm (for quality certainly not security but what does quality without security mean ?) and its blablabla we are secure propaganda on its website. You can find out here if there are firms selling their products in your country and than you will have to find out where these machines (and if they are the same) are installed. And if you are lucky and a bit technical (or knows somebody who is) You can read this article and presentation and do nothing :).

    It stays illegal. It is not because the front door is open of a house that you have the right to steal something or even to go in. It is even expected that you phone the owner or the police to say that the door is open. This is more or less what they have done.

    if you change the security of a human presence by something digital or electronic you will have to secure and count those costs into your product from the start. Otherwise you are not comparing the same costs. And it could be that those costs are more expensive (to digitalize) if you take everything into account including the social security costs for paying those lowincome people that have lost their jobs to a machine that isn't secure.

  • do you use an embedded search tool and are exploitable

    MI5 the British Spy agency has a website with a search engine. They made headlines because they were vulnerable to XSS and iframe injection through their search engine.

    "The MI5 site uses an embedded Google search engine, said a spokesperson for the agency, who also confirmed that the site had been vulnerable through the search tool.
    http://news.zdnet.co.uk/security/0,1000000189,39700487,00.htm"

    The code for the XSS attack that was injected in the search engine was

    http://search.mi5.gov.uk/search?q=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E&ie=&site=mi5&output=xml_no_dtd&client=mi5&lr=&proxystylesheet=mi5&oe=&x=23&y=9
    http://nemesis.te-home.net/Forum/3100_Bad_Settings/31000_XSS/20090721_MI5__Military_Intelligence__Section_5____XSS.html

    and for the Iframe injection

    http://search.mi5.gov.uk/search?q=%22%3E%3Ciframe+src%3Dhttp%3A%2F%2Fnemesis.te-home.net%3E%3C%2Fiframe%3E&ie=&site=mi5&output=xml_no_dtd&client=mi5&lr=&proxystylesheet=mi5&oe=&x=23&y=17

    to test you have to change it to your site and to another site than theirs.

    All those embedded things will one day become embedded vulnerabilities.

     

  • blackhat 3 the Mac hack

    The third presentation that is making the rounds is about the hacking of a Mac Lap.

    But sometimes the details are more important than the titles.

    Detail number 1 the Mac has to be already compromised with another virus or hack before this hack could work. THis could be done (and has already been done) by malicious or infected downloads. But this makes it in fact a second attack, not the first one because the laptop is already compromised.

    Detail number 2 the Mac has to use Safari to surf which many users have let to rot on their machines because it is buggy and unsecure. You can better close down your Mac and your surfing security by installing Firefox with the necessary addons. (noscript for example)

    The hackers explain for the rest that Mac is a really interesting platform for hacking because there is so much code under the hood and so on. But that we did already knew. Even more interesting is that the  Mac Users think they are safe because there are no viruses for Mac. They think.

  • blackhat 2 the Iphone and mobile hack

    Yesterday we had the diclosure by Apple that the software that controls the transmission towers is not very secure which is the reason it wants to close down the IPHone (and make lots of money with its exclusive deals). 

    At the same time at Blackhat security researchers were showing how to crack smart mobile phones going from iphone over MS enabled phones to Google's androids.

    The security of mobile phones is only starting and some products are on the market, but there is no guarantee at all that the networks an sich and the providers have a security infrastructre for the defense and monitoring that equals that of a professional ISP. There is no official obligation to do so and the number of incidents in Western Europe isn't high and dramatic enough to change that. The situation is different in China and Asia, but maybe this is because in such countries the internet is for most lower-income groups only affordable by mobile. The number of internet-enabled mobiles is  higher than the number of internetconnected computers.So it is normal that attackers do more research on mobile malware and phishing.

    This doesn't mean that this situation couldn't be exported to Europe and the US.

    But contrary to the computer and the internet, there is no security awareness with the general public and the executives about mobile security and mobile malware and some of that awareness is so commercialised and hyped that it has no credibility. It also depends on how you see it. If you look at the general numbers  you can say that even in Asia malicious SMS and mobile traffic is so limited that it is not worth the millions that should be invested by the operators and producers to secure the network, the traffic and the mobiles.

    But as more and more people have only a mobile connection, the mobile networks have become strategically more important. And for this reason a securisation is important.

    The Iphone and other hacks that were demonstrated have to be placed in this context. The firms will have to adapt the internet security strategies to their networks, users and mobiles. And the users will have to do the same. The problem is that if the industry follows the Apple ideology they won't patch and they won't communicate and so they won't be ready and have no credibility. If the industry follows the Microsoft ideology of security today they have big investements and communication plans before them but their networks, users and mobiles will be more secure. In the article it is clear that iphone didn't do a thing since a month while Microsoft has already provided an upgrade.

    So if you have an iphone, you should be more on your guard and only open things that are expected and logic and destroy everything that seems 'strange' or 'too good to be true'.

    You are on your own.

  • Blackhat 1 the SSL phishing

    After the serious DNS bug but that didn't bring down the system (even is many of the DNS servers aren't patched yet) Daminsky presented at Black hat a new phishing or social engineering tric that could be closed very easily if some institution like ICANN could have the guts to do it.

    When you use a website to transfer money or personal information, the website secures this with an encrypted SSL certificate (which most forget to manage professionally). This makes the HttpS connection and certifies that fortis.be is really belonging to fortis and not to some crook in Russia. The websites have to ask such a certitificate for each domain or subdomain. This means that if they want to secure secure.fortis.be and invest.fortis.be they have to ask a certificate for each of them seperately.

    Daminsky has shown that when he had a certificate for mydomain.com he could ask one for the subdomain fortis.be/mydomain.com. Well this doesn't surprise me much.

    Many anti-phishing organisations and antivirus firms and myself (with DNS.Be) want that an international blacklist is set-up with tradenames and their variations that can't be registrered with any domainextension without the explicit approval of the owner of that tradename. Most urgently this should be the case for banks, online payment systems, credit companies and big retail firms. Later on this system could be extended.

    This system would not only protect the surfers against phishing by socalled phishing domains, but also for such SSL-phishing or social network tradename hijacking.

  • DNS spoof attacks and others underway in Belgium

    According to Arbor Networks DNS spoof attacks are underway in Belgium and for this reason Belgium is again in the top 5 of the most insecure networks it is monitoring.It is the only network where such attacks are occuring. And in Belgium it is mostly on Belgacom networks.

    More details

    1. DNS SPOOF query response with TTL of 1 min. and no authority  0.39   +100.0 %        23.8%

    DNS spoof attacks are increasing with about 100% in 24h and are now the most important attack on Belgian networks monitored by Arbor.

    2.They use mostly the port UDP 1024 for this

    3.     195.238.2.22 (dnspool042.isp.belgacom.be)     0.23    
            195.238.2.21 (dnspool041.isp.belgacom.be)     0.16

    4.   DNS scanning on port 53 is for the moment very intensive in Belgium

    BE (Belgium)     9.52 kB     39.3%
        ZA (South Africa)     4.87 kB     20.1%
        CN (China)     4.84 kB     20.0%
        US (United States)     2.48 kB

    And according to networks

        ASN     Bytes per subnet     Percentage
        AS5432 (BELGACOM-SKYNET-AS)     8.75 kB     36.1%
        AS4134 (CHINANET-BACKBONE)     4.46 kB     18.4%
        AS3741 (IS)     2.61 kB     10.8%

    And according to servers

        195.13.1.13     1.73 kB     7.1%
        195.13.2.13     1.16 kB     4.8%
        91.181.91.72     663.45 B     2.7%
        41.245.210.64     623.92 B     2.6%
        217.117.32.3 (ns.nrb.be)     603.70 B     2.5%
        194.78.200.245 (mail.voltis.be)     568.18 B    2.3%
        91.183.49.181     543.72 B     2.2%
        196.211.30.190     522.05 B     2.2%
        41.195.74.152     488.16 B     2.0%
        116.5.55.173     467.96 B

    We would also like to remind Belgacom that it also has still according to Arbor a Botnet command and control center running on its network.

    Telenet shouldn't think that it has cleaned up all of its attacks that were happening the last days because it still is responsable for about 18% of all attack traffic in Belgium according to Arbor Networks.The incoming DDOS attacks have been stopped.

    They have now an increase in Solaris attack and exploit attacks.

     

     

  • Belgian gaming (control) commission has 4 agents

    De Standaard had a big article about the plague of illegal pokergames (forgetting the pokerculture that is being pushed by all media and even toy shops as if it is a normal game) that are organized in Belguim.

    The biggest problem said the president of the Gaming Commission who is responsable for the control and licensing of legal organizers and pursuing illegal organizers of all kinds of casino"s and games-for-money is that he has only 4 agents for the whole of Belgium.

    But we also use the internet to track those illegal organizers.

    As if that is going to replace the 10 agents at least they would need to work more effectively.

  • workaround for problems with active x TIFF cutting patch of Internet Explorer

    The announced but not explained dramatich urgency patch that Microsoft had put on Internet Explorer can have dramatic impacts in professional environments and for several webservices. Programmers and software have become to rely on the functionality of opening all kinds of files from applications in their browser with active x and didn't foresee that anything could happen to that function.

    But what is safe today can be insecure tomorrow and just as our Operating Systems and servers have gone through radical changes to secure them, our browsers and applications will be losing more functions than they will add in the following months. A browser can not be all things to all people and it should go back to its main function, which is surfing the internet or the computer. It is not built as a secure interface between the user and the applications, servers and whatever one imagines. It is maybe a interface but it is not necessary secure enough to withstand the ever increasing possibilities of attack and compromise.

    So many applications and online webservices lose some of their functions after this patch. The patch breaks the possibility of opening now TIFF (but what file next) from within the browser. What you should do if the pc or user still needs to go on the internet and the pc can't be a dedicated internal pc is look if you (or the developer) can't link the files that were opened with Internet Explorer with another tool (faxviewer) or browser on the computer.

    The second option is an interesting challenge to hackers. Write a TIFF attack file for Firefox and get from there to IE. After cross platform to cross browser attacks.

  • scribd.com first big victim of new DDOS attack on BIND servers (upgrade)

    Yesterday scribd.com a ebookhosting web2.0 service we use around here was out of reach or not reachable at all. On their blog they said that their small ISP was being DDOSSED on their DNS server.

    It happens that there is a big securityhole in Bind 9 and that you should upgrade whatsoever if you have configured it the way the exploit needs to use it. This is the securityposting

    "Urgent: this exploit is public. Please upgrade immediately.

    Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.

    This vulnerability affects all servers that are masters for one or more zones – it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround.

    dns_db_findrdataset() fails when the prerequisite section of the dynamic update message contains a record of type “ANY” and where at least one RRset for this FQDN exists on the server.

    db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed
    exiting (due to assertion failure)
    .

    Workarounds:  None.

    (Some sites may have firewalls that can be configured with packet filtering techniques to prevent nsupdate messages from reaching their nameservers.)

    Active exploits:  An active remote exploit is in wide circulation at this time.

    Solution:

    Upgrade BIND to one of 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. These versions can be downloaded from:

    http://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz

    http://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz

    http://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz

    source https://www.isc.org/node/474