05/13/2008

the list of the broken .be websites

We don't say that these sites are bad or that they are hackable, we just say that they don't receive the care they should be and that administrators should at least Google themselves now and than, just to be sure that no information or loopholes are published by Google before others find them.

It is a good practice that if a technical mistake is encountered, the website doesn't show the technical explanation (and all the rest) to the visitor. You can just as well redirect the visitor to a page with excuses, with a 404 or back to the homepage.

It is also good practice to patch and update your services and scripts. If you wanne be sure you can use metasploit to test against your own site.

What is a bit amazing in this web2.0 world is the high number of websites that still lose all that time with programs and scripts that are implementing guestbooks, forums, photogalleries and stuff like that. There are for the moment enough free services that do all that stuff for you without any risk for you. A high number of websites would have been able to solve its programmatic problems if they should have used these services.

The websites that will arrive in the feed http://rss.furl.net/member/mailforlen.rss?topic=be_googled

Permalink | |  Print |  Facebook | | | | Pin it! |

05/09/2008

How Google knows what the flemish Call Center will answer

Well if you use this Googledork than you will have a list of all the contactpersons and solutions that the people working in the call center of the Flemish Regional Administration will use. So why call them.

You search a person and have more information than they would even give you

Naam: Balci
Roepnaam: 
Voornaam: Ozgur
Aanspreektitel:  Dhr.
Geslacht:  Man
 
Adresgegevens: Hendrik Consciencegebouw
Koning Albert II-laan  15
1210 Brussel
België
 
Tel.:  02 xxxxxx Doorschakelen:  Nee
Mail:  ozguxxxx@ond.vlaanderen.be Escaleren:  Nee
Faxnummer: 
Mobielnr:  
Mobielnr:  
 
Bereikbaarheid:  

Permalink | |  Print |  Facebook | | | | Pin it! |

12/10/2007

Belgian Google Hacks Nr 6 Excel files with email adresses

filetype:xls Exel @ site:be

and than you get some sites with whole lists of emailadresses that are quite easy to put into a listing or database

Yeah, you are right, people don't think that spammers have very good programs that do all the work for them and than they complain about having too much spam in their inbox.

as an example here are some of them

1, Naam, Voornaam, Organisatie, Email. 2, Maes, Jef, Boek.be, jef.maes@boek.be. 3, Van Loon, Rene, Boek.be, rene.van.loon@boek.be ...
www.vcv.be/pdf/1_3/deelnemers_sem_kennisbeheer.xls

And you know what, some people even publish their GSM telephone number on the web. Yeah with their address and email along with it. You don't believe me ? watch this ........  http://www.kdken.be/reunielijst.xls.  (some of them have studied ICT so I presume they knooow the internet....)

and some even publish internal information in public .xls files or do you find this normal to be published on the web ?

File Format: Microsoft Excel - View as HTML
89, Ruwet, Raymond, 13/02/2007 Payé P, Rue Ernest Solvay, 142, 4000, Sclessin, 04/2522687, raymond.ruwet@skynet.be, Email, 8/30/06, Françoise à répondu à ...
www.solidaris.be/servlet/Repository/.XLS?IDR=5179

Check out your .xls files for your website  site:xxx.yyy filetype:xls

Permalink | |  Print |  Facebook | | | | Pin it! |

12/06/2007

Google Hack trick : are you a proxy, a spammer or is your network infected

Google goes to everywhere on the web and puts everything in their database. So it also goes to the forums and listing of IP adresses and sites or domains that people complain about or have problems with.

It is an old trick - but not everybody uses it - to check yourself or better to check what others are saying about you.

So if you wanne know if others have a problem with your network you don't know about, try these tricks

make a list of your public servers with your domain, your Ip adresses, your mailadresses and than try the following searches

ex 128.147.123.  will show what any user of your network has done on the web and that has been publicly published in counters, IP indicators or blocklists. This is also very useful in discussions about Wikipedia. If you have a problem convincing your CEO that you need to limit the internet usage of your network users than try your public IP and probably you will find some reasons....

ex if your mailserver is for example this 121.33.246.59  ( a known Chinese spamserver) than just inserting this in Google will give links to spamlists with this server on

You can also add things as 'proxy'  to see if you have an open proxy

Instead of an Ip address you can also use your @domain or .domain

There is no better indexer of all the complaint forums, blacklists and whitelists (for abusers) than Google. Google is the mirror at which you ask, "mirror mirror on the wall, do I have a problem I don't know about at all ?"

Permalink | |  Print |  Facebook | | | | Pin it! |

12/05/2007

How to social engineeri the flemish administration

It is time for some informationmanagers to read some military strategy books (art of war to start with even if it is only the first 30 pages - we will treat this book later on), go to a course social engineering or have a social engineering penetration test or just learn about the mindset of hackers and what defense in depth is. If you publish information you must always ask yourself what someone else could do with it that could harm you.

The flemish administration is blurring the distinction between intranet, extranet and internet and has lost control over the kind of information it is publishing online. This way it is publishing a guideline for a social engineer to work his way into the building because every internal fault and procedure is published online. Information should always be checked for confidentiality and security before being published online.

It is not even hidden. You don't have to search for it. You don't have to bypass authentification. No, just surfing and clicking.

We publiceren niet de link, maar het is duidelijk genoeg zo

Gebruik nooddeuren

De nooddeuren aan de achterzijde van het gebouw mogen alleen gebruikt worden in geval van nood. Lees hier de $$$$$$ verwijderd******

Lijst met knelpunten

Er is een lijst opgesteld met knelpunten die nog moeten weggewerkt in het xxxxxxx. In de lijst kunt u ook de huidige status daarvan bekijken. Download de . U kunt de lijst ook als  downloaden. De lijst zal regelmatig geüpdatet worden.


Presentatie vol praktische info

Wie is de gebouwverantwoordelijke? Wilt u meer informatie over de parlofoon, de werking van de onthaalbalie, de prikklok, opening van het restaurant en duizend en een andere onderwerpen? Dan kunt u hier de presentatie downloaden die tijdens informatiesessies in het xxxxxx werd gebruikt.

  • Download de presentatie als powerpoint-voorstelling (pps, 1.731kB) - opmerking: in de voorstelling zijn enkele grafische effecten opgenomen. U kunt vooruit gaan door op de spatiebalk te drukken.
  • Download de presentatie als pdf (pdf, 367kB)

Permalink | |  Print |  Facebook | | | | Pin it! |

12/04/2007

some sad things when you are google hacking

A big institution investing millions in internet services and infrastructure had just let its old portal still up and all the preliminary documents abouts its infrastructure.

Another hoster did even better and published the scan reports of a vulnerability scanner that tested its ebizz clients.

A very critical and dangereous infrastructure is linked with a website that is publishing the whole index of her database.

and for those that think this is not possible in Belgium, this is Belgium.

people, Google your infrastructure and be surprised

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgian Google Hack NR 5 Access to log files

site:be filetype:log

with this search you have access to logfiles (in the .be domain but that can be changed). I don't think I have to tell you that this is a very bad idea and that if it is so you are giving away way too much information. I didn't access any logfiles myself as the Belgian law doesn't allow me to.

Permalink | |  Print |  Facebook | | | | Pin it! |

12/03/2007

4 times a week another working Belgian Google Hack

All important and popular attack tools have Google hacking incorporated in their discovery and scanning phase before they select the vulnerabilities and exploits they will try on your site or network. Google Hacking is one of the different artforms of penetration testing. So you should Google yourself to be able to protect yourself and to ask Google (after you have taken a Google account) to limit the information it publishes about your site or network.

To help you we will publish every working day of a working week a Google Hack. 4 times a working week. They will all be published at around 10 o'clock Brussels time.

You could do as some site-owners have done (absolutely nothing even if we mailed or contacted them before) or you could take notice and correct things if you see that those Google Hacks also work with your site.

We have a list of 30 new working Belgian Google Hacks. If they have results in the .be domain, they will surely have results in any other domain.

Not all give information that is readily usable for hacking or identify theft, but all the information that is being published shouldn't be published.

So to remind you of two simple rules. The first is to check your network or domain yourself permanently and to monitor what others do against your network. The second is that all input and pages and technical mistakes should lead to the homepage or a 404 without any technical information whatsoever. The less information you give, the better. The more the admin and technical people have in the logs the better.

Permalink | |  Print |  Facebook | | | | Pin it! |

11/29/2007

Belgian Google Dork Nr 4 find local source of file

intext:file:///C:/Documents and Settings/ site:be

You will find linkes to documents that will tell you the name of the person, the folder, the program with what is made, all you would need for a targeted attack and that without even leaving one trace with your future victim.

You should always clean your documents of all unnecessary information. 

Permalink | |  Print |  Facebook | | | | Pin it! |

11/28/2007

Google hacking for penetration testers by Johnny Long

This book is in its third edition I've read somewhere and it won't be its last, even as Google is trying to limit the number of malicious searches very timidly (they could do much more) and even if Googlehacking is only showing a very limited part of the online vulnerabilities. The forum by Johnny Long that started it all isn't too active anymore and every exploit has now a Google search string adapted to it. Some worms even use Google to find infectable computers.

Some parts of the book may be dated, but it stays an essential handbook for the securitypeople around here. The most important thing is not only the copying of the lists with useful searches but learning to think like a hacker that is using Google to try to do some discovery searches. There are automated tools for some of the searches but it is only the human eye and mind that will find the little snippets that have to be put together to arrive at a Google Dork that may show you the list of vulnerable sites that you were hoping for.

PS It has some very useful scripts for Google hacking that you can install for your security work.

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgian Google Hack NR 3 IIS5 (part I)

We all remember that the subwebsite van antwerp.be that was hacked was running the old and defunct IIS 5.

We said that it was time to upgrade to IIS6 because you can't defend an old server like that.

This is one way in Google to find IIS 5 servers running in the Belgian domain

googlebot-com Server_Software Microsoft-IIS-5.0 "HTTP_FROM googlebot " site:be

No big sites, but just a first warning

If I can Google it, the hackers can and Googling ain't illegal

Permalink | |  Print |  Facebook | | | | Pin it! |

11/27/2007

Belgian Google Hack NR 2

These are Google Hacks that have results on the .Be domain.

If the Google results are old you should take a Google account and clean out your cache so the information is not visible anymore.

"access denied for user" "using password" site:be  or change be with your domain

There is far too much information in it. You can find website structure, admin pages, coding names, hidden folders, user names and so on

Nothing too dangerous, but you shouldn't publish all this.

The only rule is that any mistake should redirect to a 404 page with "something went wrong, we know, try again, your problem is logged" and nothing technical, no case information, no names, nothing NOTHING else.

Permalink | |  Print |  Facebook | | | | Pin it! |

11/26/2007

Why you should check your sites in Google and not be the only BAD site

In this article (dutch) a dutch ITsec bloggers describes what he can do with a certain Google hack (specific search form) and which internal information on the printer was published. We checked no .be domains, in fact that printer is the only one that Google found with such a BAD configuration. I know that with homeworkers and so on printers, faxes and other multifunctionals have to be made accessable to outside workers, but what about authentification an control and monitoring ?

That is why you should Google yourself and look through every link - eventually you should take some long links and try to do some directory surfing. It is not because it is not in Google that it is not accessable.  But blocking some things is only a good start. You don't have to make it the guys too easy to find your vulnerabilities.

 

Permalink | |  Print |  Facebook | | | | Pin it! |

11/16/2007

SiteAdvisor maakt ondoordacht linken gevaarlijk voor je promotie

door mailforlen: Dinsdag 21 November 2006, 4:50 archief be.theinquirer.net

update dit is een jaar later nog altijd zo

Je hebt nu je website aangemaakt en je hebt vb betaald voor een dure promotie en je hebt het personeel dat er dagelijks aan werkt en opeens merk je dat voor miljoenen gebruikers van de plugin van siteadvisor.com van McAfee je website gevaarlijk of bedenkelijk is.

Siteadvisor.com is een collectieve databank van reeds zo'n 8 miljoen websites die de kleur groen, geel (opgepast) of rood (echt gevaarlijk) krijgen. Die bolletjes verschijnen naast de zoekresultaten in Google of IE als de betrokkene de plugin heeft gedownload en geactiveerd. De indicatie is gebaseerd op wat enerzijds de deelnemende surfers zeggen (na registratie) en wat anderzijds uit eigen onderzoek zal blijken.

Op dat vlak blijkt dat er vooral 4 zaken automatisch worden onderzocht (aantal mails die binnenkomen, aantal cookies die men probeert te installeren, welk soort downloads en welke links er aanwezig zijn). Daarom is het ook geen absolute waarheid. Zo worden veel sites aangegeven als rood terwijl ze enkel de links van malware bevatten omdat ze bespreken hoe je het kan verwijderen en welke sites gevaarlijk zijn. Dit is niet het geval indien je textlinks gebruikt.

Tevens wil een groen bolletje niet zeggen dat het absoluut veilig is en dat alles volledig is getest. Maar een geel of rood bollejte wilt toch al zeggen dat er zeker iets fout kan zijn.

Het resultaat is dan ook dat de surfer op zoek naar vb een screensaver uw site zal overslaan als ze een rood bolletje ziet staan en gewoon wat verder zal kijken en wat verder zal zoeken voor één site die wel groen is. Resultaten en dus keuze heb je meestal genoeg. Wat nog verontrustender is voor de eigenaren van deze gele-rode websites is dat we later waarschijnlijk ook automatische blokkeringen zullen kunnen invoeren op basis van de kleur van de veiligheid van de websites. Op die manier krijg je de gele en rode websites zelfs niet meer te zien.

Dit betekent dat je dus indien nodig je website of de pagina's van de gebruikers of hun forums zult moeten opkuisen en zo houden want anders kan je kleur veranderen van je veiligheidsindicator van siteadvisor en dat kan een invloed hebben op het aantal bezoekers en dus op het aantal links dat naar je linkt en dus op je Googleranking en dus op de waarde van de website.

Als voorbeeld enkele .be websites (uit 2006 en in 2007 nog altijd slecht)

* abconcerts.be krijgt een gele kleur want ze verstuurt teveel e-mails per week na het opgeven van ons e-mailadres op deze website. Deze waren enigszins spam-achtig.
http://www.siteadvisor.com/sites/abconcerts.be

* mess.BE krijgt rood want volgens siteadvisor zit dit vol met virussen, popups en publiciteit
http://www.siteadvisor.com/sites/mess.be

* skin.be is rood omdat ze downloads bevat met trojans-adware en slechte links heeft
http://www.siteadvisor.com/sites/skins.be?ref=safesearch&...

* wijfzonderlijf.be bevat een toolbar met adware die je kan downloaden
http://www.siteadvisor.com/sites/wijfzonderlijf.be?ref=sa...

Het linken naar deze sites of naar sites die naar deze sites linken levert je bijna gegarandeerd een gele of rode kleur op.

Momenteel worden links in forums daar nog niet in opgenomen en behandeld, maar dit zal niet lang meer kunnen blijven duren want voor de gevaarlijke site 'desktopmachine.com' zijn er 391 links op Belgische sites en dan nog vooral op forums en dagboeken en dat zelfs bij sites zoals www.vtm.be/auto/forum/ - www.f1journaal.be/ forums.thisisbasketball.be/ - www.autoscoops.be/autoforum/ -

U kunt steeds links of uw eigen website laten controleren door siteadvisor.com

Permalink | |  Print |  Facebook | | | | Pin it! |

11/14/2007

Test your onw site or links for Google's badware blocking

We had results for for example skynetblogs.be but you can also try google.com or belgium.com and if you type in for example porno.com or another domainname you will find all domains in the .com domain that have porno in their domainname and that have badware according to this organisation.

Permalink | |  Print |  Facebook | | | | Pin it! |

More Belgian badware according to Google on Telenet

Permalink | |  Print |  Facebook | | | | Pin it! |

how to get your site cleaned from Google warnings that it may hurt your computer

From the blog at Google for webmasters. It is clearly another reason why any webmaster should have a google account for his websites. Make sure your hoster or servicefirm has one. You also need one if you need to clean up your cache quick and fast - instead of waiting weeks or months (for example when it was hacked)

start quote

Better badware notifications for webmasters

Monday, February 26, 2007 at 12:33 PM

In the fight against badware, protecting Google users by showing warnings before they visit dangerous sites is only a small piece of the puzzle. It's even more important to help webmasters protect their own users, and we've been working on this with StopBadware.org. A few months ago we took the first step and integrated malware notifications into webmaster tools. I'm pleased to announce that we are now including more detailed information in these notifications, and are also sending them to webmasters via email.

Webmaster tools notifications
Now instead of simply informing webmasters that their sites have been flagged and suggesting next steps, we're also showing example URLs that we've determined to be dangerous. This can be helpful when the malicious content is hard to find. For example, a common occurrence with compromised sites is the insertion of a 1-pixel iframe causing the automatic download of badware from another site. By providing example URLs, webmasters are one step closer to diagnosing the problem and ultimately re-securing their sites.

Permalink | |  Print |  Facebook | | | | Pin it! |

update Staatsbladclip website kan schade toebrengen aan uw computer

Het is Google die het zegt

de website is niet het staatsblad maar wordt door velen in de administraties gebruikt alsof het het staatsblad is omdat deze site zoveel gemakkelijker is dan de officiële website van het staatsblad zelf, waarover we maar even zwijgen.

Het is een dienst van Telenet  "ter illustratie van zijn Internet-gebaseerde betrouwbare opslagdiensten. Deze diensten maken gebruik van TrustClips: gegarandeerd onbreekbare Internet referenties naar bestanden die opgeslagen zijn in het beveiligd data center van Telenet"

Het Belgisch Staatsblad dagelijks in uw mailbox - overzichtelijk ...

Deze site kan schade toebrengen aan uw computer.
Dagelijks alle wetten, decreten, besluiten, verdragen, benoemingen en arresten uit het Belgisch Staatsblad in uw mailbox. Doorzoek het Belgisch Staatsblad ...
www.staatsbladclip.be/ -
Het toont nogmaals aan waarom je goed moet opletten hoe je in Google verschijnt want de stopbadware.org waar Google op vertrouwt om aan te duiden welke sites gevaarlijk zijn voor de gewone gebruikers, kent er al langer weinig van. Het staatsblad is trouwens niet de enige site die hierdoor genekt wordt. Vergeet trouwens niet dat buiten de VS Google in veel landen tot 80% van de zoektraffiek vertegenwoordigt.

Permalink | |  Print |  Facebook | | | | Pin it! |

11/13/2007

Google hacking voor peuters

 door mailforlen: Woensdag 20 September 2006, 1:37 uit archief be.theinquirer.net

We gaan Google niet hacken, maar via Google kan je wel nagaan of administrator pagina's wel goed beveiligd zijn. Dit wil zeggen of Google niet gewoon de login is voorbijgestoken......

Wat zou u denken van pagina's met alle scripts van de website ?
Wat zou u denken van pagina's met alle paswoorden van de website ?
Wat zou u denken van pagina's met alle inhoudsmappen van de website ?
Wat zou u denken van pagina's met alle licentienummers ?

Dit alles kan je vinden met enkele gewone opdrachten via Google en u zal verbaasd staan wat we allemaal kunnen - konden vinden. Sommige operatoren van Belgische websites zijn ondertussen reeds gewaarschuwd en hebben de nodige maatregelen genomen.

Ga naar Google advanced Search
beperk de zoekopdrachten tot het domein waarvoor je verantwoordelijk bent (vb appeltjes.be)
vul niets in en vraag alle pagina's. Dit geeft u een overzicht van alle pagina's die Google kent van deze site.

Indien u teveel pagina's hebt, dan gebruikt u woorden in de links of pagina's van de website waarvoor u verantwoordelijk bent en waarvan u NIET wilt dat ze in Google staan. Indien ik vb op mijn site na de login pagina's heb waar in de url staat 'yoursite' dan zoek ik op yoursite.

Mijn 2 favourieten
allinurl: "admin" site:.be -- de .be dient u te vervangen door uw site en de admin door de file die u niet wenst te zien in Google resultaten
allinurl: ".exe" site:.be -- de .be dient u te vervangen door uw site en de exe door de file die u niet wenst te zien in Google resultaten

Permalink | |  Print |  Facebook | | | | Pin it! |