16-06-07

zone-h.org the last archive of hacked sites seems down

gone, down after struggling for some months

the only archive of Belgian hacked sites can be found here

http://be-hacked.skynetblogs.be

 

update we will place there now a listing of hacked websites that are encountered during the surfing on the web and the special searches

 

Some will think this is a good thing

but I don't

As Google doesn't scan the internet every day

it was the only way to follow up on hacked sites

and get attention to them so they were cleaned up - sometimes

and even if you try some Google search tricks

it is very difficult to find all the right search terms for hacked sites

 

So administrators you will have to keep a good eye on your sites and logs

because nobody else is doing it for you

22:09 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

ac.be and .edu should watch out

Links in forums on domains that seem to be academic (ac.be - .edu) have a greater value in search machines. So placing links to your crap in these forums is much more rewarding. The more if you can place links to these links in other forums.

 

dit2_1

 

and than you have this kind of stuff in your forum

If you don't care about your forum

others will take care of it

22:04 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

15-06-07

One European research project website for sale ?

dit2_2

 

maybe they need to learn English

16:38 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

EU website against organised crime not organized yet

divers_001

16:37 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Omerta about Belgian passports in the Belgian Press

Just as I thought

No major Belgian newspaper has taken up the story that the Belgian passports are so unsafe they should be collected and destroyed. The online IT press has written about it but that will make no difference.

Omerta rules. So why care.

Unsecure programmers and unresponsable project managers, come to Belgium, we need thousands of you. Don't be afraid, nobody will prosecute you here for bad codes, being hacked or compromised. Be as incompetent as you want, it is only IT. In Belgium this means Insufficiently thought -through

10:15 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

the ratrace against Apple Iphone has started

Apple is now in a ratrace with the underground. The system that seemed untouchable untill now and that has prided itself at being 'unhackable' and goes on a - sometimes very aggressive - offensive if somebody says he found a way to get access to or control over a mac (remember the wireless driver incident or the month of apple bugs) has finally released a product they can really have fun with.

First of all it is a browser. A browser makes for the moment a connection between the internet and your OS - desktop - harddisk. The internettraffic still has to go through several security checks and can find itself blocked by several limitations but the number of possibilities to reach the OS - desktop or harddisk are nearly unlimited. As long as all the interactions between the internet and the browser aren't seperated (quarantined) it will alsways be a door you can't lock. And firefox, IE or whatever doesn't make any difference. The power of javascript, the millions of lines of code for every possibility of interconnection and the monthly new driveby methods and tools make this difference propaganda, salestalk or just stupidity. This is 2007 and malware code is installing itself on the web in much greater numbers than we ever could imagine.

So Apple wanted to do what Microsoft is trying to stop : Transforming its products for another platform in another code. This doesn't mean that the other platform is less safe or robust. It just means that it is totally different and that it is much easier to make mistakes because you don't necessarily have all the knowledge and history, experience to make it as robust and good as your own code for your own platform.

It is also mindblowing that Apple wanted to launch a browser for windows. Why a browser ? You don't earn any money with browsers, it is a free product and you can only lose. Lose money, time and image. Why didn't they just make a toolbar or a kind of makeover of IE like slimbrowser or theworld ?

Fact is that the ratrace has begun and that the underground is now having fun looking for holes and trying to exploit them, bragging about the codes they already have developed and are keeping by hand.... The big question is not when the first exploit will be published for safari on windows, but for safari on iphone. There will always be more iphones than macs and it will be much more difficult to defend an iphone than a mac (try installing a firewall, antivirus, antispyware, process controller, HIDS, privacyproxy on an iphone or any pda for that matter).

The biggest question will be who will be able to make attackcode that

* sends an email or message (MMS) to friends to also visit the infected website

* sends an email with infecting code

* sends all itunes logon information to another address

* blocks the iphone with encrypted malware and asks 50 dollars for the unblocking code or encrypts all the songs on it

* has an updating function to add new functons

* makes the phone send an sms to a very expensive number or subscribes it without knowing to such expensive services

 

And even as Apple has released a new version that has fixed 3 of the 4 published bugs and exploits, this doesn't change anything. Rumours tell that there are already 14 bugs that were found. That means there are 10 left. If one of those could be remotely exploited..... One out of ten is more than feasable because it is only a browser.

And browsers have by definition always too much power and authority - on a desktop or a pda. They should be in an isolation cell, but no - they are the masters of the place where they are. Even if there are more criminals than writers around.

So just as Microsoft has learned, Apple will now definitely have to install a security team, security website, security communication plan and will have to test everything ten times more before releasing it in the wild and have a clear line of contact with security researchers and build a relationship of respect and cooperation with them, because even if you think you are the smartest kid on the block, you will always forget something or make a mistake.

How big this one was has yet to be seen. But they can't deny that damage has already been done.

10:08 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

14-06-07

Free counter with adware-spyware-dialers

http://www.freestat.ws/conditions.htm

 

Possible uses include (but are not limited to) a directory
of the sites using our service, the script inserted in your site web
can be used by us for every purpose of profit, general promotional
uses, any purpose of profit, activx, pay internet,Dialer, Premium
Number, redirect, etc. You agree to use our services at your own risk.

be sure before you click yes on free

12:02 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |