No trust without independent control - Page 12

  • Chinese networks are attacking US networks live here (not a game)

    this is just small sniper fire

    if you don't need traffic from China, don't accept traffic from China, just block it at the router or the firewall

  • networks are slow because the biggest DDOS attacks ever are happening

    this is a  picture

    it is around 400 GBPS a second

    OVH in France in implicated like several servers in the US

    the strangest thing is that nobody is seeing this or doing something to stop it

    we really need an international center that could cut those servers or routers or hosters untill they have cleaned up their act

  • Fake leaks, fake hacks but real leaks and possible leaks

    There are some fake leaks around and as an alert blog you will get caught by them. The reason that we can get caught by them is that we have no authority whatsoever to test them. If we would test them than we would be breaking the law and than every stupid lawyer or just some of all the decisionmaker over here which would rather see me go could land me in court so I could lose my job and so on. Because whatever you do or say the fact that you land up in court means that you lose and there is no way that you can correct this. People will always think that there is still something to it and that suspicion will always stay - even if you are looking for another or better job.

    So since ten years I have never been in court and I tend to keep it his way even if I was reporting and researching or discovering all kinds of leaks and breaches.

    So we never test those leaks because the only test would be that I would try to use the published credentials to get access and that is illegal whatever you say about it.

    It is up for the people who own these credentials or the services they use to do the tests and to take immediate measures of protection if that should be needed.

    There are also sometimes hacks that aren't hacks because as in the case of some forum the forum wasn't hacked but the old admin had copied all the information of the members and placed it online. It is maybe not a hack but it is a leak and as such it stays a big problem.

    So the information we publish here are possible leaks. Something some services need to check out and if it ain't a leak than it was worth testing it because if it would be a real leak than there would be a lot of trouble and work.

  • NATO stops 200 million cyberattacks a day of which 5 very serious each week


    that is why training is so important and that has to be according to scenario's because attacks follow a complicated scenario's in which there are several different aspects that in case of discovery or breach have to be treated at the same time and of which some have to be visible to the attacker and others don't because it is all a mindgame in the first place (chess)

  • US legal framework for information sharing about cyberincidents is stalled

    the reason is that it isn't seperated from the more overal discussion about information sharing with the intelligence and securityservices and as such is part of the global discussion about surveillance, democracy and what is a security threat

    these things are much clearer in cybersecurity and it is necessary that such discussions and agreements are seperate from discussions about terrorism, subversion and surveillance

    they should talk about ddos, hacking attemps, botnets, phishing attacks and so on

    source article that follows

    On information sharing, Representatives Rogers and Ruppersberger pushed for passage in the lame-duck session of a bill to permit sharing of cyber threat information between the private sector and the government. Rogers and Ruppersberger’s bill on the issue, the Cyber Threat Information Sharing & Protection Act (“CISPA”), passed the House in April 2013, but drew a veto threat from the White House and generated broad public opposition due to privacy concerns about the businesses providing Internet users’ information to the government. A Senate information sharing bill, the Cybersecurity Information Sharing Act, has prompted similar concerns. Proponents of cyber threat information sharing see it as crucial to facilitating increased security for U.S. systems and networks, but such information sharing has been pulled into the broader debate about surveillance reform and the flow of information to the intelligence community. The failure of the USA FREEDOM Act earlier this week substantially dims the chances for information sharing legislation until the new Congress.

  • some damn clear facts about terrorism in 2013

    that doesn't mean that in your physical securityplan you don't have to take the protection into account (there are several books about specific physical protection for buildings against terrorism going from bomb attacks (perimeter defense) to hostage taking (secret entrances and secret hide rooms))

    source (the documents can be downloaded at the site without registration)

  • #ukraine just a reminder that this is a local limited but REAL daily war

    so those who think that we shouldn't have so much attention for it are wrong

    here weapons are tested, here strategies are being adopted, here future special soldiers are being trained, here plans are being made for 2020 (by Russia) when its military will have finished its transformation and will have all the new weaponary it needs for...... (read what Putin is saying publicly and you know)

    or we win this war and send a clear message now, or we have another one and worse in a few years

  • #ukraine is becoming the biggest real testfield for military hardware in Europe

    Even if those weapons have been developed for the wars in Afghanistan and Iraq, they have never been tested in real war in Europe with another climate and other battle conditions. So both sides are starting to send their newest military hardware to the Ukranian battlefield (this is what it is really, sad to say) and to learn what works and what should be changed - especially in the new doctrine of waging or combating a Hybrid war (which is even different from the kinds of wars that are being fought in Iraq and Afghanistan).


    for those interested in the networking of the battlefield, you will see that secure communication is part of the infrastructure and the success of these military hardware

    This is in fact a big argument for NATO or other countries or even industries to get their newest weaponary to Ukraine so they can achieve some military balance and keep the conflict under control as long as there is no diplomatic solution and have a learning process that no exercise can give. When it comes to real or limited war somewhere on our Eastern European borders than those leassons will be very important. The Baltic states surely think so.

  • and the DDOS storms get bigger and bigger : 500 GBPS (against Hong Kong Protest sites)

    "The websites, Apple Daily and PopVote, have been vocal supporters of the pro-democracy protests and even carried out mock chief executive elections for Hong Kong. Cloudflare, a company which is employed to protect websites against distributed denial of service attacks, has revealed thatsince June, these two websites have been bombarded by attacks of unprecedented size.

    According to Matthew Prince, CEO of Cloudflare, the attacks have hit 500 gigabits per second (Gbps), which tops attacks in February of 400Gbps that were at the time the biggest in internet history.

    According to Prince, who was speaking to Forbes: "[It's] larger than any attack we've ever seen, and we've seen some of the biggest attacks the Internet has seen."

    Last year a DDoS (distributed denial of service) attack on the anti-spamming group Spamhaus was declared the "biggest in the history of the internet" peaking at 300Gb

    now where does that come from  ?

  • Danish tax administration will use #luxleaks as evidence for reviewing the taxes

    the tax administration in Danmark has said that it will use the luxleaks documents and they will ask the firms for an explanation and maybe even ajust the taxes (upwards). They will also use the documents to understand how these countries are negotiating and setting up such tax-rulings, probably to find ways to make them even more difficult or illegal in the future

    source for translation that follows

    ""Tax examines the publicly available agreements between individual companies and the state of Luxembourg closer. If there is information in the material, and this will affect the settlement of tax in Denmark, it will be treated based on the rules of Skat control work - in addition to this materiality and risk, "said in a written statement to Politiken .

    Insight into the secret world

    Taxes do not want to elaborate. But before the publication of the hundreds of tax treaties, which escaped from the accounting firm PwC Tax expressed interest in gaining insight into how these tax treaties are designed:

    "We have heard that such agreements exist, but we have never been told what is in them, and we have never seen one," said Troels Kjølby Nielsen, Tax Administration Division, responsible for international tax treaties"

    my comment : this kind of discussions have been going on before about stolen listings and documents and sometimes they have been holding up cases for years or even decennia (ubs case for example) but in the end they were used somewhere - even if it was to blackmail the firms or people into coming to some agreement with the tax administration because they also can't always go through a public conflict about their taxes for years.

  • the Russian hacker showing thousands of unprotected webcams is looking for a job

    he is in all the itblogs and newsmagazines all over the world

    thousands or millions of people are visiting his site

    regreting they didn't change the standard password of their videocam and not encrypting the stream if it goes outside (imagine a smart-tv with reverse videocam)

    but hey, does he get your attention ? He is just looking for a job

  • a very honest 404 error page

  • happy birthday to #Euromaidan while Ukranian Mad Max are still fighting the invading Russians

    looks like a Mad Max car if you ask me - they made it themselves in the factory based upon the battlefield experiences

    meanwhile at Euromaidan people are now remembering the fallen 100 and the people they lost there


    We have hundreds of posting about Kiev, Maidan and Ukraine they are all here in chronological order

    and this is when it for us all began and we started to take notice and from that moment on we were hooked and chose our site, those of the people for the people and by the people (in all there are about 800 postings about Ukraine since than). Several times our frontpage was even changed to show the importance of the burning tyres resisting the attacks every night or the invading russian tanks that have been coming without an end the last months.

    we have also a tweetlist about Ukraine and in our main tweetfeed Ukraine is always on our mind (and in our eye). We always keep a close watch on what is happening in this new Front for democracy.

    and this was one of the first barricades to appear in Kiev

    and this is how it ended - when even snipers couldn't end the protest are killing a 100 people and wounding several hundred - they fled and the regime with them

    and since one year they had military battles with defeats and success and two elections and a lot of support but not enough of it and yet after one year Putin only occupies 5% of the territory and didn't accomplish his strategic goal.... or not yet

    but if anybody would have told us that one year ago, nobody would have believed that that was possible

  • After the DDOS on gamenetworks, here are the stolen passwords (also belgians)

    First there were the big DDOS attacks, but these were only the diversion, the real goal was to penetrate and to steal passwords and other stuff while all the staff was busy trying to keep the network up and the securitytools were being overwhelmed, downgraded or just set on hold to be sure that the traffic past fast enough 

    this is nothing new

    it has been done before by hackers and is in fact a very old military tactic 

    now there are thousands of logins (and some are from belgians) 

    • Dear Internet, the following is a very small portion of Lord Gaben and the rest of his crews glorious raids across the high seas of the Internet.
    • Portions of our raids include:
    • 2K Gaming studio user credentials
    • Windows Live Email user credentials
    • PlayStation Network user credentials
    • These usernames our bestowed upon you in the humble name of Derp.
    • @DerpTrolling - @GabenTheLord - @UGLegion
    • Let this be a warning to all.
    • Nothing is safe from Derp

  • 9lives - een antwoord van de Privacycommissie (en enkele bedenkingen)

    Dit is de brief die ik mocht ontvangen van de privacycommissie 9lilves1.PNG


    enkele opmerkelijke zaken 

    First these are all the postings we did about 9lives

    1. Telenet kan NIET zonder enige twijfel vertellen welke gegevens werden gecopieerd wat erop wijst dat de logging van haar database beperkt is terwijl er toch veel professionelere software bestaat die toelaat om te weten welke gegvens uit welke colomnen van de database werden gestolen (en dat in feite zelfs onmogelijk te maken).  Indien men natuurlijk zo goedkoop mogelijk wenst te werken zonder geld uit te geven dan kan men niet verwachten dat men veel informatie heeft. 

    2. Niet iedereen werd geïnformeerd omdat de hacker waarschijnlijk niet zoals Telenet de data copieerde maar ze ook vernietigde. Hoe is het anders mogelijk dat Telenet in dezelfde brief zegt dat ze de mensen niet persoonlijk kon verwittigen omdat ze geen backup meer had. Je hebt een backup enkel en alleen nodig als je niet meer over het origineel beschikt.  Het doet tevens de vraag rijzen wat de hacker eventueel nog heeft vernietigd, logs vb ? Dit verklaart dan ook weer waarom breach notification rules of 48 hours were not respected tegenover een aantal personen. 

    3. wij blijven bij onze zaak dat de gebruikte software wel kwetsbaarheden had want het was NIET de betaalde onderhouden software maar de gratis versie die al een geruime tijd niet werd onderhouden en waarvoor met een simpele zoekopdracht op het internet exploits voor konden worden gevonden. En we spreken hier wel over slechts 400 dollar, dit is gewoon al die miserie niet waard. Ook ik ben voor opensource software maar we nemen bijna altijd betalende of ondersteunde versies indien er belangrijke data mee gemoeid is. 

    De privacycommissie noteert enkel dat Telenet dit ontkent. Ik begrijp dit niet. Dit is toch zo duidelijk. 

    Trouwens wat is dit ? "Telenet kon door het onderzoek gedurende een week niet aan de servers van de site, maar heeft ondertussen een oplossing gevonden. Het lek zat naar verluidt bij software van een externe leverancier, maar Telenet heeft het probleem zelf opgelost.  Dus toch een lek of een kwetsbaarheid, waar het ook vandaan komt, dat doet er niet toe, je blijft even verantwoordelijk voor je platform. 

    4. De privacycommissie heeft haar onderzoek niet voortgezet om het juridisch onderzoek niet te hinderen, maar deze zijn in feite twee totaal verschillende zaken en misschien moet moet het FCCU en de privacycommissie hierover een aantal afspraken maken. De FCCU kan gerust werken op basis van een copie terwijl de privacycommissie haar 'feitenanalyse' kan voortzetten. De doelstelling van de FCCU is om de verantwoordelijke te vinden als enkel de firma klacht heeft neergelegd. Indien gebruikers of hun vertegenwoordigers klacht zouden neerleggen tegen Telenet en 9lives dan moet zij ook onderzoeken of wel alle nodige maatregelen zijn genomen.  In de toekomst zou ze zich hiervoor misschien moeten laten bijstaan door specialisten die de juiste vragen stellen en de antwoorden ook technisch kunnen beantwoorden. Het kan zijn dat de software veilig is maar 

    En om af te sluiten kunnen we gewoon vaststellen dat deze ooh zo veilige server van 9lives na de veilige heropstart een zodanig onveilige encryptie en certificatie gebruikte dat er het aantal aanvalsmogelijkheden nog altijd groot genoeg was. 

    Een andere reden waarom het voor de privacycommissie zo belangrijk is om het onderzoek naar 9lives toch weer op te nemen is om de sector van de hosting er toch zo op te wijzen dat zij ook bepaalde verantwoordelijkheden hebben en meer beveiliging van hun servers, hostingplatformen, netwerken en firewalls moeten voorzien - ongeacht de verantwoordelijkheden van de eigenaren van de websites zelf.

  • detekt espoinageware on your computer with this new tool

    espionageware is not spyware because it is used to follow your political information and your political friends and it is not spyware because spyware wants just to make some bucks independently of your political views

    'Detekt is a very useful tool that can uncover the presence of some commonly used spyware on a computer, however it cannot detect all surveillance software. In addition, companies that develop the spyware will probably react fast to update their products to ensure they avoid detection.

    This is why we are encouraging security researchers in the open-source community to help the organizations behind this project to identify additional spyware or new versions to help Detekt keep up to date. Contact information is available here.

    It is important to underline that if Detekt does not find trace of spyware on a computer, it does not necessarily mean that none is present. Rather than provide a conclusive guarantee to activists that their computer is infected, our hope is that Detekt will help raise awareness of the use of such spyware by governments and will make activists more vigilant to this threat.

    you can find the tool here :

  • mensura lek : ACV vraagt regering en sociale partners om onmiddellijk actie te ondernemen

    het is voor de eerste keer na zoveel lekken dat een vakbondsorganisatie zich openlijk inzet voor de privacyrechten van de werknemers en daar een plaats voor maakt in het sociaal overleg 

    For the first time a major labor union in Belgium has understood that the privacy rights of its members have a place in the social negotiations that they have on a national level. In ten years of security-activism, this is really the first time and a major change.


    Privacy van honderden Belgische werknemers zwaar geschaad door Mensura leaks
    ACV vraagt onmiddellijke oprichting task-force

    Hackers hebben zich toegang verschaft tot een deel van de gegevens van  de dienst controle geneeskunde van Mensura. Hackers verkregen zo de identiteitsgegevens van honderden werknemers, onder andere hun rijksregisternummer. Ook de bemerkingen die de betrokken werkgever meedeelde aan Mensura over de betrokken werknemer werden gehackt: aanwijzingen over hun gezondheidstoestand, maar soms ook over hun gedrag in de onderneming, bemerkingen over hun familie, zwangerschappen, aantal ziektedagen, incidenten in de onderneming, evaluatiegesprekken, activiteiten op sociale media, …

    Na een mislukte chantagepoging tegen Mensura werden door de hackers een deel van deze bestanden online gezet. Daardoor zijn deze bestanden vrij beschikbaar op internet en werden ze  inmiddels honderden keer gedownload. De privacy-rechten van de betrokken werknemers worden daardoor zwaar geschaad. Deze gegevens dreigen hen voor eeuwig te achtervolgen op het internet.

    In weerwil  van de gedragscode maakte Mensura dit incident pas bekend nadat op een IT-blog dit voorval werd gesignaleerd . Mensura verwittigde tot nog toe enkel de betrokken werkgevers van dit lek, niet de betrokken werknemers. Deze zijn vaak nog steeds niet op de hoogte. Mensura beschikt nochtans over de precieze adresgegevens van de betrokken werknemers en over alle persoonlijke gegevens over deze werknemer die werden gelekt. Mensura vroeg de werkgevers om op hun beurt de betrokken slachtoffers, de werknemers, te informeren. Het is daarbij zeer de vraag of alle werkgevers de betrokken werknemers zullen informeren, en ook de info zullen meegeven die door de werkgever aan Mensura werd bezorgd. De aard van die commentaren brengt sommige werkgevers immers in een vrij gênante situatie. 

    We vragen dat Mensura onverwijld alle betrokken werknemers informeert  over welke informatie gestolen is. Dit is  de toepassing van de regels van de privacycommissie.  Tot nog toe publiceerden de hackers immers slechts een deel van de gestolen informatie. Werknemers hebben er recht op te weten welke persoonlijke informatie over henzelf in handen is gekomen van criminelen.

    Het ACV vraagt  aan Minister van Justitie Geens, de Minister van Werk Peeters en de Staatssecretaris bevoegd  voor Privacy Tommelein om onmiddellijk een taskforce samen te stellen met de sociale partners en de federale computer crime unit om deze crisis-situatie aan te pakken en de gevolgen voor alle betrokken werknemers zo snel mogelijk ongedaan te kunnen maken.  Deze Task Force moet ook een debat ten gronde voeren over de wijze waarop gevoelige informatie wordt opgeslagen en uitgewisseld.  In het kader van  de invoering van de medische enkelband kan het belang van duidelijke en goede afspraken niet onderschat worden .

    Ook de regelgeving dient aangepast zodat werknemers inzage krijgen in de gegevens die over hen aan derden worden bezorgd in toepassing van het arbeidsrecht. De rechten van werknemers op persoonlijke informatie indien ze het slachtoffer worden van incidenten dienen in de wetgeving ingeschreven en afdwingbaar te worden. 

  • antwoord van de privacycommissie over mijn klacht tegen mensura (gelieve neer te zitten)

    anders zult u zelf moeten neerzitten want dit slaat echt alles 

    het was een klacht omdat mensura ook mijn gegevens bevat 

    en natuurlijk heeft de Commissie reeds mensura gecontacteerd 

    so what

    wat heeft ze ermee gedaan

    wat gebeurt er met mijn klacht

    moet ik nu echt naar het gerecht om klacht neer te leggen wegens onverantwoordelijk gedrag en niet naleving van de voorschriften van de privacycommissie zelf over de bescherming van data van januari 2013 ? 

    de mensen van mensura moeten wel lachen zeker

    geen boete, geen vermaning, een beetje pers maar dat gaat wel over (zolang geen van hun grote klanten naar het gerecht stapt en dan nog dan duurt het een paar jaar) en ondertussen doen we gewoon verder en de volgende keer (dan betalen we wel, dan zijn we van al die zever af die we nu hebben gehad en kunnen we tegen iedereen die tegen betaling was zeggen dat ze beter hadden betaald want zoveel gezever hebben we nog niet gehad en dat heeft ons veel meer geld gekost) 


  • Update 2 : releak by Rex Mundi (pizza

    Rex Mundi said he was looking at some new targets yesterday 

    so we published an alert for the financial, HRM, ISP sectors 

    today he is publishing a file claiming to come from  ----- NO they retract it is their old file 

    they say that they have also hacked the NL database - maybe the database with France or Domino Pizza is in the backoffice one big mess but so what .... 

    I need confirmation or more proof to announce belgian as officially hacked and leaked 

    now was hacked (with a file of half a million people - now disappeared again) 

    but there is something strange with that file - there are french addresses in it (in the total of 3000 addresses) amongst Belgian adresses and the biggest bunch that can't be localised 

    the passwords are encrypted and salted and so I don't see the big securityproblem in this one for the moment except that you have some mobile numbers and some emailaddresses together which make a fine combination for a combined attack 

    it also shows why big data is a big risk and why you should never keep data that is old 


    @mailforlen Just 2 b clear, this data is from our old hack. On the same server, Domino's had 3 DBs: FR, Be-FR and Be-NL

    @mailforlen Yes, as we said, this one is from the French-speaking version of the Belgian website of Domino's. We also have NL version.



  • securitymarketeers are abusing the easypay and mensura database ... phishers may follow

    Do not 

    * click on links that are send in mails about your data in the easypay and mensura database (especially if you are not in the public database of 1100 out of the 32.000) 

    * think twice before you are responding to these emails - it is a very lousy marketingpractice that doesn't show a clear sense of ethics.  Or they are desperate (and any securityfirm that is desperate nowadays is doing something terrible wrong because it is a booming business) or they are just moneygrabbers out for an opportunity 

    * I am not sure of the it but I think the use of stolen data - even published - for marketingpurposes may be something the privacycommission doesn't like (because the purpose is to get that data OFF the internet and not in as many databases and emaillists as possible .....) 

    I hope that everybody keeps their calm and do the things that you know you should be doing (and that doesn't cost any money like changing passwords) and go to real professionals with clear business and professional ethics for solutions for problems that you seem to have discovered now (double authentification being one of them, centralised logging another, WAF and securitychecks another and encryption and so on) 

    if you receive such an email where you can also file an complaint about the way things are going 

    you have also the right to file a complaint - if you are a bigger customer - at the local court (maybe some of the bigger ones should do this - to send a clear message to all their other outsourced serviceproviders that they better take datasecurity seriously)

    there is already enough evidence on this blog of all the reasons why the the best principles weren't followed before, during and after the incident

    I filed a complaint against mensura for these reasons with the privacycommission.