29-08-07

something about being hacked and in the public directory

something funny in the visit logs

people all over the world looking for a specific site and coming out at the directory of hacked sites

yeah once hacked, once in the public library, always remembered

think about that the next time you set up a site without patches or security testing or with a hoster that doesn't guarantee any security

12:06 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

joining EKZ team has some advantages

 well you get access or can ask information from hidden resources like

1200 RSS feeds about itsecurity in 3 languages and in its broadest sense and other stuff monthly cleaned and updated 

5000 links of which more than 1000 hidden resources

a secret wikipedia that tries to centralise all that ITsec information into something you can use on your network

and who knows

who can ask access

well you have to work in the IT buzz, be buzzy with IT or publish or do something interesting with it

well, there is some work to be done to get a bit of action around here, so you will have to post when one of these blogs around here (or propose another one) when they become teamblogs, take a subproject into hands or help cleaning up some online libraries and stuff like that

simple leeching won't do

no illegal activities although and always with responsable disclosure - we are no hacking group. We are an IT security activist group. For more security for everyone online. We should break the omerta.

how do you get into contact

just mail me and I'll contact you

greetz

ps don't be surprised that much more stuff is going to be private for active members only in the near future.

11:11 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (1) |  Facebook |

28-08-07

who wants to join EKZ here

Finally, skynetblogs have announced that they are working to make it possible so that more people can write for one blog. That would be fantastic news. So are there any people out there who like to co-write about freeware, online video, interesting online free books and itsecurity and hacking stuff. You will get as much money as I (nothing but respect) and you may write what you want as many or few times as you want about the Belgian unsecure internetspace. I can even give you the tools and hints to get a story going for which I have no time.

And you will be really anonymous. Because EKZ is not just me.

What does EKZ stand for. Integrity and a safe internet for all.

Oh yes, you will get access to some hidden info and links that I normally don't share.

23:05 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

I feel so sorry for Mr Beirens from fCCU

Today i've read in the newspaper that Belgium is getting a new group that will pursue small internet fraud and crime because the local justice all around our small country has no will or time or expertise to treat it. So Mr Beirens of the fCCU says that the new staff will inventarize and treat it and try to exchange international information if possible.

He says he wants to reduce internet crime that way.

Poor Mr Beirens. I feel sorry for him.

He wants to reduce internet crime with a DNS provider that sells domainnames with the names of banks and other financial services in it to people that don't have any right to do so.

He wants to reduce internet crime in a country where Visa and mastercard says that eshopping is safe but in which every month hacked belgian eshops are listed on http://be-hacked.skynetblogs.be

He wants to reduce internet crime in a country where the law that would oblige ISP's to filter out spam, phishing and malware before it reaches the servers and surfers is a dead forgotten piece of paper without personnel, budget and the necessary administrative framework.

He wants to reduce internet crime in a country where nobody is responsable for what happens or doesn't happen online and nobody takes any responsability because no law obliges them to be secure and to inform if you were compromised.

He wants to reduce internetcrime in a country where nobody wants to talk about it because .......  You don't break the omerta and you don't want to create panic, don't you.

Well Mr Beirens, don't be a Don Quichotte or yes be one and together we'll clean this mess up. In that case I'll even be happy to be the mule.

16:55 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

the scandal of the hypocritical DNS.Be and typosquatting

Datanews brings the news today. DNS.be - that is the almost private company out of controls that gives the impression that it cares about our domainname .be - said that it is going to do something about typosquatting.

The general manager who lived on the moon before told Datanews - seriously - that it is relatively new.

Let me correct this. There is nothing new about typosquatting .be names because I have tested this already more than a year ago and typosquatting the belgian domainname was already good and well present than.

http://ekz.skynetblogs.be/post/3286928/typosquatting--bel...  24 april 2006  about an article in De Morgen based upon research that was published here http://itsecurity.pbwiki.com/  2 april 2006

And what do they propose ? They propose now a commercial service for which you have to pay to monitor your domainname for typosquatters after which - hold on - you will have to pay another service 1600 Euro to get an arbitrage to get that domainname of the web. And you think that the DNS root provider will do that instantly ? No, 14 days after a decision has been reached (oh yes you receive 800 euro in return if you win....). Now if they think that will kill typosquatting..... Giving scammers another 14 days to get paid by adsense.

And how do they know that that variant is free to get ? Very simple they can find it for free on the website of ...... dns.be. Well you can do the same thing (or use the tools on itsecurity.pbwiki.com)

But if you use the tool from Microsoft with which they have already prosecuted typosquatters and tried to convince Google to clean up its - not so public - nasty act as hoster and sponser through adsense of typosquatted domains, than you will find the websites that will try to domainsquat you. Last year in the Inquirer we have written lots of articles about that - making dns.be not to happy.

But as there is an omerta and nobody wants to ask serious questions, dns is able to put its propaganda and lies and newsspeak in an IT magazine that says it is professional.

But lets go on. Well lawyers and holders of domainnames, dns.be wants your money to control and manage your domainname. Than it has to do something in its place. Why is it possible to buy Belgian domainnames that are surely typosquatters and trafficstealers from existing domains even with the name of the trademark in it ? Why does it take so long to take action ? Because it is a commercial enterprise that is selling a public good without any political and public oversight.

And mr Lawyer and domainholder of .be, it should also interest you that the domainsquatters are still there since 2006. They haven't changed. With some you even ask yourself why did bought the domainname when the free period was over. Did that really bring in so much money that it was worthwhile ? Just curious. 

Oh you say that the presence of the ISP's and some representatives of ministers - that afterwards say they have nothing to do with it - is public oversight. Get serious. On the board of DNS.Be should be people representing the small domainholders, the consumers, the activists. The boardroom should be a room of discussion and debate en scientific analysis, even if that can get rough from time to time. But afterward a consensus has to be found and the public character of the domainname has to be maintained and protected.

16:42 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

how simple is sql injection for stupid people

and how stupid are webmaster to underestimate the power of sql injection and not to patch or upgrade or just throw out the stuff they didn't need anyway

take an sql injection exploit

look for the Google dork (search term)

look for the search term for its own search engine

do the Google

type in the search term

click for results

see the passwords of sites flipping up before your eyes

be amazed  be afraid  be very afraid

it really does not take more than that and I am not going to publish here the names of the exploits, google dorks and sites with which it works, but it works and webmasters should really test their site profoundly and upgrade and patch it all the time.

and in fact this goes for many exploits so have an inventory of all - all - your OS, applications and software that is not inside your network behind your firewalls and patch fast and if you are serious about your ebusiness, place an HIDS, set it after an reverse proxy and application firewall and if you have some more money subscribe to some 0day information service or defense.

00:14 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

27-08-07

SQL injection after Leuven and the UN are you next ?

As the number of hacked Belgian sites (http://be-hacked.skynetblogs.be) continues to grow weekly and the news of the hacked Leuven.be site was in some papers, it is maybe time that you wake up and do some testing yourself if you didn't already. Do not believe that there is only one test and only one kind of SQL injection. SQL injection is a changing attack and new techniques are being developed. In the best case you are only scanned by script kiddies that have downloaded some tools from the internet - so you must be sure that you are covered against these (that is a minimum). In the worst case you are the victim of a targeted attack and someone has taken a big coke, some cd's and a huge pizza and has taken it on himself to get you tonight, whatever the reason. As sql injection is used manually he will take the time to find whatever mistake somewhere in your database to get you.

If you are really professionally on the web you should contract with a firm that does on at least a monthly basis a checking of all the old and new vulnerabilities, exploits and attack techniques against your site.

Meanwhile you can start for free with these tools

http://www.sqlpowerinjector.com/

and 100 articles and tools collected here

http://www.furl.net/members/mailforlen?enc=UTF-8&sear...

23:52 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |