11-07-07

some things about the fedpol hacking

Just back from holidays and more busy with backing up stuff than getting back to the actual deer state of the internet security in Belgium.

 

When the lone stupid young hacker was arrested the day after he hacked the forgotten website from the police (during lunch hours) he surely got the attention of the press - and as ususal the press felt silent afterwards. The press is only interested in the picture, the comical story effect of the act and is not asking any critical questions.

 

You can ask questions like

- are there many sites hacked in Belgium every week ? Yes there are. You can find a history and a fresh line up on http://be-hacked.skynetblogs.be

- is somebody actively informing those webmasters that they are hacked and that they should clean up their act ? No. I have done it sometimes but it sometimes takes too much time or even an agressive response. The reason is that nobody is taking any responsability for anything here.

- Are websites that are being hacked and stay hacked taken offline or blocked by the ISP's to protect their users ? No and even if Google is starting to block some hacked websites, they don't do it for all, even if I find them based on search words I use in Google.

- Are hackers being prosecuted or are ISP's trying to block access to and from control- or attackcenters on Belgian websites ? Sure not, who cares ?

 

So the SANS formed technician from the Belgium internet crime center didn't have to much trouble finding the stupid press hungry hacker and so he did what he had to do in the time-frame that it had to be done.

 

Let it be a lesson for anybody that reads and finds here security materials and guides. You can not under any circumstances use any of this stuff against any belgian infrastructure for which you don't have the explicit approval of the owner of the website and maybe of the infrastructure (if for example you are trying a DDOS or a DNS attack) .

For those who remember redattack. Well he is at home without work.

There is in Belgian no protection or exception for security researchers nor for white hackers and as far as I know there is also no sure way you can inform the people responsable of security wholes you have stumbled upon without putting yourself in danger. Maybe this is one thing to do for the next government. Or for the Computer crime center to reach out to the community.

 

17:13 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (1) |  Facebook |

10-07-07

some light changes around here

Next to this blog I have adapted the Furlfeed. It will now take the latest 100 IT security articles I have passed over and furled.

 

In the http://be-hacked.skynetblogs.be you will only find one post with a Furlfeed to hacked websites. The copy of the hack itself you can find by clicking on the sign after the description. Some beautiful ones.

 

In the http://ebooks.skynetblogs.be you can now search directly into a collection of already more than 800 articles and books on my page in scribd.com. I have also placed a FURLfeed with links to sites and pages with lots of documents and articles.

 

In the http://freeware.skynetblogs.be you can now find also a FURL feed of sites with freeware, most of it is security and hacking stuff.

23:47 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

22-06-07

fedpol.be and ecops hacked into history

after mil.be

the police and the digital cops

how good are the ecops

will they find the so-called 17 year old hacker

Can they do real forensics ?

Can they traceroute through proxies, botnets, hacked DNS and so on ?

 

the most funny thing is that they were hacked around 12u - they are not sure - so normally the security people would have been watching live - or would they be busy eating sandwiches and talking about the coming holidays ?

 

This is the reason why you should have real-time monitoring software on big monitors in your monitoring room with one looking at your servers and alerting about changes. (Hey somebody working at our site right now ? No ? Oké someone is getting root - get the logs there, put the sniffer on catch-all there, be sure to have the logs from the host intrustion detection software on a cd - do you already know which ISP - yes, call them - we' re gonna get that ....)

 

or is it

hey joe, had a phone call that our site has been hacked

our site hacked, no your are joking

look in my browser it still looks fine

maybe it is your cache

my what

oh I will refresh

oeeeepsie

 

Spycheck team is it called

for the joke, spycheck is an antiporn software

The names that are mentioned are not known like that in the public hackers world, spytech is intelligence technology so that is interesting

 

Maybe it is an insider joke

porn vamps against antiporn software that uses spytech

 

the journalist that took the screentest also lost much of his information

- he uses internet explorer

- he uses Yahoo toolbar

- he uses yahoo chat (exploits)

and no linkscanner or something of that kind

pretty naked

 

http://www.sudpresse.be/la_une/details/2007/06/22/article...

 

and the site is still down

laatst_006

 

laatst_007

 

 

17:45 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (2) |  Facebook |

fedpol.be and ecops hacked into history

after mil.be

the police and the digital cops

how good are the ecops

will they find the so-called 17 year old hacker

Can they do real forensics ?

Can they traceroute through proxies, botnets, hacked DNS and so on ?

 

the most funny thing is that they were hacked around 12u - they are not sure - so normally the security people would have been watching live - or would they be busy eating sandwiches and talking about the coming holidays ?

 

This is the reason why you should have real-time monitoring software on big monitors in your monitoring room with one looking at your servers and alerting about changes. (Hey somebody working at our site right now ? No ? Oké someone is getting root - get the logs there, put the sniffer on catch-all there, be sure to have the logs from the host intrustion detection software on a cd - do you already know which ISP - yes, call them - we' re gonna get that ....)

 

or is it

hey joe, had a phone call that our site has been hacked

our site hacked, no your are joking

look in my browser it still looks fine

maybe it is your cache

my what

oh I will refresh

oeeeepsie

 

Spycheck team is it called

for the joke, spycheck is an antiporn software

The names that are mentioned are not known like that in the public hackers world, spytech is intelligence technology so that is interesting

 

Maybe it is an insider joke

porn vamps against antiporn software that uses spytech

 

the journalist that took the screentest also lost much of his information

- he uses internet explorer

- he uses Yahoo toolbar

- he uses yahoo chat (exploits)

and no linkscanner or something of that kind

pretty naked

 

http://www.sudpresse.be/la_une/details/2007/06/22/article...

 

and the site is still down

laatst_006

 

laatst_007

 

 

17:45 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Important Belgian mailservers becoming a spamrelay for infected clients of their ISP

Last week we wrote that some mailservers from Big Belgian ISP's were being identified by a honeypot network. Some of them were not yet identified as spammers worldwide. This is becoming the case. It becomes urgent now to do something.

 

please participate at this network - this is another proof that we need more honeypots to find problems before they escalate - if only administrators would DO something.

 

1. 81.169.105.17  Proximus

 

laatst_001

 

 

The second server    213.132.131.104  Chello.be

 

laatst_002

 

 

3. Tele2  83.182.176.169

 

laatst_003

 

 

4. 212.68.218.201   Brutele

 

laatst_004

 

 

And they all seem to have been used the last day in a spamstorm.

Maybe the days that you don't filter outgoing mail on virus, malware and pure spam are over, because otherwise you will become a relay for the botnets inside your network.

14:34 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

and the hacking goes on and on

The list of the newly hacked sites added to the archive (furl) can be found on

http://be-hacked.skynetblogs.be

 

Meanwhile some thoughts after 150 visits

* few but some try to use exploits against your machine or downloads

* many are just noise like putting hacked by in the title of a forum or as a message in the forum

* another popular technique is adding a page to a website (can't you log that folks ?)

* most are turks, hacking even their own domain

* Google blocks some but not all, even if it could block all hacked - so it could be sure that it would draw the attention of its owners

* free.fr a freepage provider in France has a problem because many of its pages have been repossessed

 

and the belgian .be sites are also being hacked and stay that way sometimes

 

 

13:00 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

BLogoloog liegt niet over de populariteit

Je moet als bloggertje bescheiden blijven. Je blijft maar de vlieg op de wand. En ondanks het feit dat bloggers en journalisten graag over elkaar schrijven (zoals vrouwen graag over elkaar babbelen - stomme grap) is de invloed en het belang van de bloggers in Vlaanderen toch maar beperkt.

 

http://www.blogoloog.be/popular.cgi  jazeg de eerste zijn met 4 links naar je site is nu toch niet echt populair zijn.... Oftewel zijn veel blogs helemaal niet bezig met actuele dingen maar met kat, kind, koers en kont

12:50 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (1) |  Facebook |