24-04-07

Belgian dictionary attacks

The honeypot project also makes theIp adresses public from pc's that have sent them email with constructed emailadresses. They call this a dictionary attack but it can also be that they are only infected with a spam virus and are just following a constructed list.  For me this is much too broad. There is certainly something wrong with the IP adresses concerned, but a real dictionary attack consists of hundreds of mails trying to find the ones that work.

 

 

13:00 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Belgian spamharvesters and spamzombies

The Honeypotproject is a collection of honeypots that tries to receive as much bad traffic as possible and puts out the resulting IP addresses publicly.

 

Spamharvesters are pc's that crawl over the internet looking for emailadresses on webpages that aren't protected. They send those afterwards to mailservers. The spamhoneypots try to make the connection between the visit of the harvester and the resulting spam from the mailserver.

 

The Belgian emailharvesters in april were for example

1. spamharvester 81.82.51.113  Most treathening
Connected with NL IP adres mailserver 193.138.206.83 mailtotaal.com

senderbase voor mailtotaal
robtex voor mailtotaal

2. spamharvester  217.136.254.79 

ISC Systems iRc Search 2.1

Connected with mailserver 213.4.149.12   terra.es
http://www.sorbs.net/lookup.shtml?213.4.149.12

 

3. Spamharvester  81.245.251.93

American mail servers associated

 

4. Harvester 86.39.2.230 
american mail servers associated
1 Indian mail server
sends also russian spam
connected with American  harvesters

The Belgian PC's that are sending spam through other - mostly American - mailservers are for example
http://www.projecthoneypot.org/i_f07d4dc0a739593dd7b32033...
217.136.253.224 (S)   -  harvester 209.160.32.70  (US) - mailservers US
217.136.253.239 (S)   -  harvester Singapore 204.9.52.5  - mailserver US
217.136.254.41 (S)    -  harvester 209.160.64.178  (US) - mailserver US
217.136.254.166 (S)   -  harvester 84.176.176.152  (D) - mailserver US
217.136.254.203 (S)   -  harvester 208.53.147.137  (US) - mailserver US
217.136.253.161 (S)   -  harvester Singapore 204.9.52.5  - mailserver US
217.136.253.164 (S)   -  harvester 69.41.163.15  US

11:20 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

23-04-07

taxonweb (belgian online tax) waiting to be phished

The IRS, the US tax service is shutting down other sites than the .gov site that have the same  name because some phishing sites came popping up. Under a new taxpayer protection act it became also illegal to do this.

 

In Belgium we have taxonweb (they thought of nothing better because we have three different official  languages and so communicate between us online in yet another one). So if we look at who has tax on web, we see the following things

 

* http://minfin.fgov.be/taxonweb/ (with a very bad banner so it could be copied without looking suspicious - also the fact that it is a subdivision of a site makes it easier for phishers)

If you click on one of the languages, you will see that the page is saying the service is not ready yet (and the redirect makes it also easier)

Even if you go to taxonweb.be you have this (not in https)

 

hack5_011

 

(also in a style that is highly amateuristic and quite copyble for phishers)

And by having this kind of pages, you make people used to outages and so they may think that phishing alert-outage page are 'normal'.

But we have also other domainnames

* TAX ON WEB :: www.taxonweb.eu

Buy exclusieve gadgets and. gifts online. www.gadgetshop.be. BMW Motoren. Officieel dealer van BMW moto's. te Rotselaar. www.wingemotors.be ...
www.taxonweb.eu/

It is clear that taxonweb is not at all been built to defend against phishing and scams that will come one day or another. It is better to learn from some lessons the banks have learned the hard way and to include them from the beginning in the construction of your webservice.

All is not lost. They still have a chance to reconstruct a seperate website with all the necessary defensese around them. Because that is also not very prepared, without saying too much.

15:16 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (2) |  Facebook |

My kind of people

comic2_009

13:30 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Even PBX webinterfaces can be hacked for phishing

https://my.agnnetworks.com/  They have an webinterface for their customers with an open source asteriks http://pbx.voipenable.com/recordings/  but it was defaced and used for phishing with a loginscreen for an American bank http://pbx.voipenable.com/.bank/index.htm   as was verified here

 

12:46 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

net gemist en andere oplichting

De BBC zal het overgrote deel van haar library van uitzendingen gratis ter beschikking stellen. Tevens zal je gratis kunnen multimediaal programma's opvragen. En je zal daarvoor ook geen speciale box moeten huren of kopen.

 

Hier in België moeten we betalen per programma, moeten we een box huren om te kunnen opnemen en dan moeten we nog betalen om die functie te kunnen gebruiken. Ik denk dat public service hier uit het woordenboek is vergeten. Misschien wordt het dan ook maar tijd dat ze ook ons belastingsgeld beginnen te vergeten want dit is oplichterij. En voor wat betreft de private firma's moet het - naar Amerikaans model - maar bij de maatschappelijke randvoorwaarden worden gevoegd.

 

Hetzelfde met Youtube. De BBC brengt er een kanaal op onder, maar de VRT denkt erover na om op te treden tegen de VRT programmaclips die erop zouden staan. De VRT is NBC niet, ze is geen private maatschappij, ze is een overheidsdienst en het wordt stilaan tijd dat ze weer als een overheidsdienst gaan handelen en denken, want alles wat te maken heeft met een normale gewettigde uitvoering van een overheidsmedia bestaat niet of is amper die naam waardig en ik som op

 

* schooltelevisie en opleidingstv (waaronder taallessen)

* kunstprogramma's die naam waardig en documentaires over onze kunstgeschiedenis

* maatschappelijke debatprogramma's die met echte specialisten over een onderwerp op een verhelderende manier spreken (zonder steeds dezelfde egotrippers en commentatoren en politieke herhalers uit te nodigen).

* maatschappelijk nuttige voorlichtingsprogramma's zoals veilig verkeer, veiligheid thuis, opvoeding, energiebesparing, budgetbeheer, onze democratie,....

12:00 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Wikipedia making publicity for spyware

Wikipedia is the global encyclopedia where anybody more or less can write anything and that consists of millions of pages (of which some are crap and others are better). Sometime real editing battles endure and this is here the case. Some (ex) spyware companies are trying to have clean presentation pages about their products on Wikipedia, while antispyware activists are trying to change them back (and forth and back...).

 

The battle for control between these PR companies and the antispyware activists can be followed here as an example.

09:45 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |