Does your payslip contain confidential information?



Would you trust a real estate company when buying a house? Especially if they ask to provide your monthly payslip for finance reasons?

Of coarse we do. We want that house and/or we need the money that we do not have. :-) So we provide them the payslips and trust in god that all remains confidential.

And then there is the almighty Google who sees it all.

Seems that omnicasa.com is providing real estate agencies the ability to have a software in order to manage their business. To maintain pdf's containing real estate information. But some smart salesperson also seem to have put the payslip of 1 of his customers online.

Naughty naughty boy.

I'm pretty sure more payslips are available on internet (just caught 2 others flying by during lunch) Some people getting a lot of money, others not.
But what I fear the most... I have a lot of personal data. RRN, adres, ... I smell Identity Theft !

BTW... Are real estate agencies allowed to request this kind of information? Do they have the approval from the privacy commission? Do they know the penalty for not safeguarding this information?

Let's get another coffee and continue life. :-)

Do we have a non-disclosure agreement with Belgium Defense?

"He who plays with the devil, could burn his fingers." 

Lots of people know this application: "HijackThis". Whenever you get stuck with your PC for some reason, some tech people will ask you to pull a HijackThis report. Nothing wrong at first sight.

But HijackThis grabs a lot of information. Information about your IE settings and thus about proxyserver definitions, etc...:

 IE - HKU\S-1-5-21-1935655697-343818398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-343818398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.mil.intra;portal.mil.be;dghr.mil.*;http://intranet;http://10.999.0.999;intranet.mil.intra
IE - HKU\S-1-5-21-1935655697-343818398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxyREMOVED:REMOVED

The example above was found back on a Dutch computerforum where they were discussing about the ecops virus. Information that should be covered in a non-disclosure agreement as it contains a small part of network-design information. And that agreement was never signed between the "Belgian Defense" and "The Internet".

If you look to the export, I could also tell that Belgian Defense has Dell machines with next info:

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

1,99 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,09% Memory free
3,33 Gb Paging File | 2,69 Gb Available in Paging File | 80,71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 21,68 Gb Total Space | 0,04 Gb Free Space | 0,18% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 0,16 Gb Free Space | 0,33% Space Free | Partition Type: NTFS
Drive G: | 15,62 Gb Total Space | 3,49 Gb Free Space | 22,32% Space Free | Partition Type: FAT32
Drive H: | 465,76 Gb Total Space | 224,79 Gb Free Space | 48,26% Space Free | Partition Type: NTFS

Computer Name: LAPTOP-XXXXXX | User Name: XXXXXX | Logged in as Administrator. 

Next items are installed: F-Secure, Java 6 runtime, Windows Defender, Azureus VUZE remote, Adobe Reader 9, Free YouTube to MP3 Converter, ICQ lite, ... And this poor guy, Patrick, likes to read "De standaard" as this was set as his homepage in IE8.

I suppose any hacker  would benefit if having such information to make a custom virus. And when he will pretend to be the helping hand of this "soldier in need" at the forum, it will be easy social engineering to hand over the virus to get triggered in the military network. Think about the MiniDuke or the ATP1 report.

So if they are so free to provide all this info to the public, I'm not surprised that they got infected with the ecops virus. 

And maybe also some nice side note. Keep in mind that also copy-write organizations like BRAIN or BAF might be reading this info and find it interesting when someone would have torrent software (Azureus) or Youtube-mp3 convertors on their machine.