25-07-07

not everything called antispyware on downloadsites is good stuff

These downloadforums host also malware that disguises itself as antispyware or pchelpware. You should really stay with the freeware securitystuff that is known to all and has a long history of service. (see in http://freeware.skynetblogs.be )

 

Spyware Scrapper  from spywarescrapper.com   description of negative effects (and they expect you to pay for it)

 

But you can find it on the following downloadforums

www.newfreedownloads.com

www.freedownloadmanager.org

publisher.brothersoft.com

www.downloadjunction.com

www.programurl.com

rbytes.net

www.bestvistadownloads.com

www.softpedia.com/

betterwindowssoftware.com

www.trialfiles.com

www.filedudes.com/

www.filebuzz.com

www.download-by.net

www.vicman.net

www.vicman.net

www.askfiles.com

www.heise.de

exefind.com

www.soft3k.com

software.ivertech.com

www.simtel.net

www.google.com/Top/Computers/Security/Malicious_Software/Spyware_and_Adware/Detection_and_Removal_Tools/

 

and so on.....

BUT NOT ON http://www.DOWNLOAD.COM   

They say at least they are trying to test any software for malware and spyware before placing it on their site. If there are toolbars and other installations that come with freeware they will explain so.

 

 

 

 

 

00:09 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

24-07-07

Search for hardcore Porn on the forums of VRT

The VRT is our flemish family tv station and they have forums where you can chat about programs and other nonsense. Witse is one of the most popular programs about an detective. Only they have no security at all at that forums, so for the moment they are being overwhelmed by spam promoting hardcore porn, viagra and poker. Maybe they should send out Witse to get the bastards that did this or he should wake up the securitypeople and ask them to do the job they are paid to do.

 

The second problem is that if you don't clean up that stuff it stays in Google and you will receive traffic that is just looking for the links.

23:49 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

as foreseen Iphone can be webhacked

http://www.securityevaluators.com/iphone/

 

the real lesson is that any application on any tool can be compromised if it can go on the web without proper protection and limitations and the more functionalities and code you put on a machine the more vulnerabilities you will create.

 

Another lesson is that this iphone seems not to have gone through proper security testing as the exploit was written with the help of fuzzing (tools that attack code to find mistakes) that could be used by the securitypeople from Apple. Fuzzing an application or tool before releasing it in the wild should be standard for commercial firms or bigname opensource operations (with social responsabilities).

 

The last lesson is that this is the first (but not the last one) exploit that gives an active possibility to bring down phone networks (DDOS by SMS), smishing (phishing by SMS), spam in SMS and ID theft. Some have proposed that the phone should be used for identification, payment and authentification for anything from petrol, shopping and access controls. This first hole shows that this would only be acceptable if security tools are installed on phones and phone networks. Or maybe we should just use a small very very stupid phone for that stuff (no java, no music, no games, no internet).

 

Another date to keep in mind is that the exploit will become public the second of august and that we may hope that Apple will release a patch before and that everybody will have it installed before. But what happens with the iphones that have hacked their way around the ISP lockin ? It are the same questions as with websecurity.

16:01 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

If you wanna hack, play these games

http://www.hellboundhackers.org/challenges/basic.php

15:37 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

I didn't hack the BCC site

To be sure that everybody understands it all right. I didn't hack the BCC site, I don't know who hacked the BCC site and I didn't scan the BCC site for vulnerabilities nor published any of them. If somebody would start publishing scanning results from vulnerabilityresearch on the Belgian web than we may have much more to fear.

 

I don't accept that it happens. I just don't accept at the other side that it is so easy to hack important sites and infrastructure in Belgium because nobody cares about security the way they should do and this is because the lawmakers don't give a damn. Maybe Leterme and the new government but who knows ?

 

You should be stupid to hack or scan a Belgian site because the laws are very stiff on this as the hacking of the polfed site showed. But as long as the ISP's don't protect their clients against hacking attacks and hosting firms that aren't professional enough to withstand those attacks are allowed to operate.

 

This is IT security activism and you don't need to hack for this. You just take the examples from zone-h.org and your case is proven. Period. I rest my case.

15:12 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

blocklist .info sites made for Adsense

Some sites have only snippets of texts that come from different sites and are put together just to attract a number of visitors - searchers whatever the text they were typing. The only thing that interests them are the views of Google's Adsense

 

Even the security warnings from Google are used in between their text.

 

http://www.theportable-air.info/freecon-portable-aircondi...

the site itself is full of crap and every site has a number of pages, that have sometimes nothing to do with the subject itself

 

http://www.theamerican-greeting.info/   www.mexicopuertovallarta.info/ www.pop-cornbowls.info/   www.maxcase.info   www.lanerecliner.info/  www.1moneylaundering.info/   www.delloftoday.info/  www.onlineenglishcourse.info/ www.compassed.info www.lanerecliner.info www.easywirelesstechnology.info/
www.onlywebsitesoftware.info/  www.2medicalfield.info/
www.morecontacts.info/  www.online-certifications.info/
www.theroyal-cruises.info/  www.proboardgreat.info/
www.quesadilla-maker.info/  www.gascookers.info/
www.2privatesecurity.info/ www.greatoutdoorfun.info/
www.2printerwireless.info/ www.probatean.info/
www.improvementprocess.info/ www.muchlearning.info/
www.excellentvideos.info/  www.workoutequipment.info/
www.seerugs.info/ www.homefurnishingsgroup.info/
www.onlyglasses.info/  www.justopals.info/
www.superiorespressomachine.info/ www.bestfitnessapparel.info/
www.businessoftwarehq.info/ www.lasertonerhq.info/
www.qualitysoftwarehq.info/ www.1jewishwedding.info/
www.quotesdb.info/ www.diningfurnitureplus.info/
www.1replacementdoor.info/ www.1jewishwedding.info/
www.sportsticketsnow.info/ www.retirementime.info/
www.password-softwares.info/ www.1insurancemutual.info/
fast-registry-repair.info/  www.outlookweb-access.info/
www.babygearworld.info/  www.adobereaderdown-load.info
www.network-scanners.info/ www.job-infos.info/
www.bunkforbed.info/  www.motloid.info/  www.mybacksplash.info/
www.findinjets.info  www.sportsticketshq.info  www.muchjewelry.info
www.slipperyegress.info  www.chokersource.info  www.greathomelender.info

09:46 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Should all terrorist websites be closed down

Yes and No

 

As with other forms of illegal transactions, the organisation of these transactions happens on three levels.Each level should be treated differently.

 

The first level is the pseudo official newssite or opinionsite that defends and proopagates but sometimes says that it is not linked to the groups in question. But as they are a propaganda channel countries or ISP's or hosting firms should decide if it is appropriate to approve them. It depends on how you interpret freedom of speech. If you think that freedom of speech gives you the right to post videos of people being beheaded or blown to pieces, than host them. But you should keep in mind that hosting them can get you or your other partners and firms in trouble with different laws (UK, USA, Germany,....). They are too easy to find and too acceptable to be left easy to find. You will not stop this kind of sites or communication, but you will make it much harder by closing the first level down.

 

The second level is not so easy to find and needs some authenfitication and acceptance by the other members. It is more used by people that have passed the first level and are ready to do some things. You may find guides and very explicit videos and language here. In security discussions on the web the general trend is to leave them for a while and to collect all the information from the members and to close the shop down once everybody that seems apt to do something is identified and localised.

 

From the second level you can sometimes go down to what is sometimes called the deep underground. These sites and chatboxes you will not find on your own. You have to be invited and it will take some time before you are trusted and accepted. Penetration into this level takes time and effort and should only be disclosed (by shutting down the shop) to prevent danger or because the undercover operation has gone public.

 

So in my opinion close down the first level as fast as you can, concentrate on the second level before you bust the lot of them and monitor very closely the third level until you can prevent some danger and have to intervene.

 

ps I have no sympathy for all those rightwing, sometimes racist anti jihad websites that are as extreme on the other side and I really do not need them to explain to me the danger of blind terrorism, whatever the cause.

09:37 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |