another none story hitting the presses during this boring campaign which has all the ingredients to be hardhitting but where the audiovisual media are doing everything to kill any debate and explanation that is longer than 20 seconds. I love the US debate about which so many people thought that they were empty marketing but which are very interesting compared to what the journalists are asking here and the politicians are getting as opportunity to tell. (sometimes I think that it is not because the journalist has heard the same arguments and stories and facts already a thousand times before that he or she should censor them away from their readers and viewers who didn't have access to or interest for that information before the elections).
So he is on facebook, verhofstadt and that makes the international news ?
He has 2000 friends as member of a party with thousands more of members and sympathisers (who are mailing or spamming as crazy to get his number of friends as high as possible) and as the leading prominent candidate for the European elections (asking for the vote of millions of voters). And he has only 2000 friends ? I hope he has more votes .....
even more remarkable, the news should not be that he has 2000 virtual friends, no the news should be that he has ONLY a bit more than 2000 friends and that all the facebook hype is more hype than having any impact on this election this time around.
"The form sends your stolen credentials back to bestspace.be for processing:
<form method=”POST” action=”/?login_attempt=1″>
Digging a little deeper we find this site is hosted on 220.127.116.11 which hosts a few other malicious domains as well:
The registrant of daratop.cn is email@example.com, a couple of searches for this email reveals many different attacks that this individual has been involved in.
In closing, all of these sites are hostile and should be blocked and avoided."
who has registered it
only the email address is different
and where is it hosted - even if no dns information is found(robtex)
vous les avez récupéré comment ?
Un 0day qui permet une injection SQL radicale. Facebook classe ses données des plus anciennes aux plus récentes. Il y plus de 4 millions de comptes dans l'espace que j'ai "découvert".
under this you can find 4000 logins that he gave as a proof
facebook didn't want to react to the article
HatXwhiTe is his name and if you Google him you will find that there is a file with his name and some free sql securitytools. he is mostly active on hackerforums, even if his age is 24 there and not 18 like in the article. In which he claims to have worked for 1&1 hosting. He says he is looking for work, but I am not sure this is the best method.
Do not be surprised. One of the biggest financial hacks this year was done with an SQL injection. If you use SQL servers you should be 100% sure that they are totally secured and monitored (also by humans) and patched and hardened.