07-11-07

hack of the day antwerpen.be (updated)

They have been replaced this morning, but yesterday they were hacked and this shows for important hosters nowadays the importance of permanent monitoring.

I WILL REPEAT THIS OVER AND OVER AGAIN : IF YOU WERE ALREADY HACKED BEFORE YOU WILL BE ATTACKED OVER AND OVER AGAIN AND YOU WILL BE HACKED AGAIN IF YOU LET DOWN YOUR GUARD.

ocmw.antwerpen.be/ Hacked By PowerDream   (click here # and mycopy for the hack)
antwerpen.be Hacked By PowerDream   (click here # and mycopy for the hack)
antwerpen.be Hacked By PowerDream  (click here # and mycopy for the hack)
Update : the question is of course if they have analyzed what happened and if they have taken action to fix the whole and to better defend their machine - or migrate. I am not going to scan their machines that would be totally illegal but I would - if I was them - scan their servers with the three most popular attack tools from outside the network with a 'black box'. The three tools to use are Metasploit - nmap en nessus
If there are still people that don't believe that a turkish hacking campaign is under way and still don't have the guts to do something it is becoming time because if antwerpen.be falls than or the antwerpen.be IT guys are a bunch of irresponsable amateurs or the hackers do really know what they are doing. So control your servers, control your logs, make backups, close down access to people that don't really need it and upgrade and patch everything that you have forgotten to do lately.
technical note : there are problems with the RSS feeds from furl.net and they have been informed. We hope to have clean RSS feeds when the problem will be solved and we hope this will be soon. For the moment the published feeds take all the headlines not only those from the chosen categories.

23:29 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

ING first to massively replace its workers by callcenters

ING is moving in Belgium from mortar banks to webbanks and for this reason will put more than 800 people out of a job. They will take others, but these will have to work in a callcenter and will probably be less paid. So you don't have to go to India to lower workingstandards.

So if you do only webbanking or selfcashing at your supermarket, don't be surprised afterwards that those not-so-quite intelligent won't a find a job any more. And don't be surprised either if you find out afterwards that the webservice won't stay cheap or free or as safe as they say.... You already have less consumer rights on the online banking against those on paper.

read the 'player piano'  by Kurt Vonnegut (google :  "piano player" vonnegut )

15:06 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

3% of all Belgian municipal websites are compliant with accessibility

06/11/2007 : Update of the accessibility level of Belgian municipalities websites : 3,1% are compliant. It is a very slight improvement but still very low.

http://www.belgif.be/index.php/Main_Page

and security or privacy ? Oh I forgot, we don"t have any rules or controls for websites.

11:19 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Do not watch only a change in your homepage but also

Some people say to me that they have their site totally under control. And when I ask them how, they say that they watch any change to their homepage every minute. Well, that is a start, but it only takes into account part of the defacements.

An enormous part of the defacements is by ADDING pages to your website. That is also the reason why many websites don't see this. A google alert isn't enough because Google only comes around every so many weeks and you shouldn't wait that long. You should really activate the logs that tell you when somebody logs in and when somebody adds a page or changes something on any other page.  Off course the homepage is the flag for the defacer, but it looks like many off them are already very proud to have added a page to your website and don't bother to change the homepage itself.

07:49 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

06-11-07

some hacks of the day

infordrogues.be

and meteo sites that stay being hacked over and over again, maybe they are on holiday to spain, these sites were already hacked once and have fallen victim again to their own ignorance.

and a website that does ecommerce with cars. But no problem it disappeared already and should really have high confidence in the belgian ecommerce, you can take my word for it..... They don't need any audits or reglementation, they do it all by themselves and for themselves. They are serious professionals. Really. You should trust all your credit and personal information to them. They will really take care of it. And they surely don't need any audits or reglementation because they really know what they are doing.

a good news is that the turkish hacker clans seem very busy hacking websites all over the world. One day it is australia, than France, than canada, than thailand, vietnam and their biggest favourite China. This is good news for us because it means they are not really concentrating their efforts on us and are just trying to collect the most hacked websites possible. Period. Yeah keep on hacking the world and leave us alone, even if this is very very very egoistic - and stupid because cyberdefense is built on cooperation.

13:48 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

How to detect storm infections on your network

You will get enormous spikes of traffic just after infection and sometimes after and this can even be as HTTP traffic (website traffic) or if you have blocked IRC traffic you will see a huge quantity of connections (dropped). If you didn't drop IRC yet on your firewall, you should. There is no business reason to keep it open and this way you block most of the botnetcontrol traffic and furthermore if you block it you can have an idea who is infected by the drops you have at your firewall.

There are some good freeware/shareware products that you can install on your switch to monitor traffic and there are nowadays very cheap big screens that you can put on your computer to have a monitoring screen.

13:42 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

How the Al qaida DDOS attack may look like

First there are cyberjihad websites around which have sometimes 110.000 members (how much of them are poilice and intelligence or just the curious is another matter)

Secondly it is very easy for someone to participate in this massive attack. THe only thing he has to find is the software cyberjihad 2.0. It works a bit like a the seti software (distributed software) and it gives every computer that participates a list of servers that it has to ping (together with some thousands of others they hope). This way they hope they will create a huge DDOS campaign that could bring down hosts as they are overwhelmed by traffic.

This means that ISP's and hosters have to - as an exercise - watch their traffic flows and prepare for DDOS attacks. This would be a very good exercise for Belnet who had much trouble keeping up with traffic demands during a certain RTBF documentary and the french elections.

I haven't found an example of a traffic package made by this software but as a precaution it would maybe be wise to make one so that snort, IDS and routers can be installed to drop all such packages.

The new version of the software claims that it is commanded by an mailserver that is highly secured while the old version send all credentials in clear text ofver the wires (even passwords).

A warning for all kidz out there. It could be that you have a full bag of resasons to participate in something like that that seems so easy. But you have to take the following things into account - after you have drunk your tea and have sit down for a minute instead of clicking without thinking.

* It is totally illegal to host or participate in such activities and if you try to do this from Belgium or many other countries you will get caught and you will be sentenced, period. Even if this will get big, you can be assured that the authorities will set things into motion and that you won't believe what will hit you when they come banging at your door, especially in some countries.

* You don't have any idea what you have downloaded and you don't have any idea who is behind it. You don't know if it is the real software or just an undercover operation or just a bunch of spammers or pornhosters using this as a new 'phishing' scheme.

* You don't know how long the central server that says it is coordinating it will stay in the hands of jihadists or that some police or intelligence service won't be looking over their heads. Do you really think that the governments don't have the will, the power and the counter-hacking knowledge and that they will never use it ? They use it permanently against the cyberjihad sites and networks, so why would they leave this attempt without response ?

12:26 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |