• Heathrow and risk taking

    If you are living between books about risk management and security project planning and stuff like that, you sometimes don't know what you are reading when you are looking at the news.

    Heathrow was investings billions of Euro's or pounds in a new terminal and had invited journalists from all over the world in a massive PR operation that would place Heathrow on the map of the European Hub of modernity, technology and some other buzzwords.

    In 2007 excessive delays and concerns about the airport's sprawling layout could threaten London's status as one of the world's leading financial centres. It had became one of the least favored airports of Europe but British Airways said that the new terminal would solve all that.

    It seems they had one of the most modern and whatever buzzwords system for the handling of the baggage but according to some accounts the personnel that had to use the system didn't had any training to use it, so even after only 30.000 pieces of baggage the system just broke down and flights were cancelled. Oh just teething problems they said, it will all come into order. But we are now already several days further away and there are still 15.000 pieces of baggage waiting to be reunited with their owners and every day dozens of flights are just cancelled.

    Nobody heard of testing before and training and stuff like that ?

    Now it is called another time a PR disaster for England, London and British Airways. Especially with the live reports of those hundreds of journalists that were invited from all over the world to report live the opening and found themselves amid anger, frustations, protesters and incompetence.

  • The FIA chief Mosley Nazi Film with prostitutes

    How can such smart, wealthy and powerful people be so stupid ? The web doesn't forget and with the social web the stuff you want to keep off the web keeps reappearing over and over again


  • Belgian sites now used for phishing operations

    http://sjca.be/www.poste.it/index.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid=  Italian Post

    this is a site from a school, something that should be organised and not be left alone to the chinese volunteers trying to keep up with things.

    to which other sites are redirected, as is this one

    http://wezembeek-oppem.info/fileadmin/red.html  which wouldn't surprise us because the site is under construction but probably not secured


  • Fitna the film that found other distribution channels

    We were afraid of a very harsh film and got a joke. We were afraid of riots and got silence (the right answer). We were afraid of a cyberstorm - like the danish - and got a few more hacks but nothing extra-ordinary (at first sight).

    What we got that is unacceptable is that it was not the law, not public pressure that brought this amateuristic piece of .... off the internethost was not a cyberstorm (against which you can defend yourself more or less) but real terrorist threats against real people with families just doing their work as they thought they were doing right.

    But that doesn't change a thing. The film is everywhere in P2P and downloadsites and it will be nearly impossible to kill them all. The stupid people who did this have given the film this way much more symbolich weight than it is worth it.

    Otherwise we shouldn't forget that there is a message from Bin Laden that Europe will be his next target. These messages have many times been followed by attacks (or foiled attempts). It seems as if these messages are wake-up calls for sleeping cells. This comment doesn't mean that I agree with whatever Wilders is writing or saying. The islam is as responsable for terrorism as communism or anarchism for their isolated terrorist groups. But this doesn't mean we should ignore that there is a message and that the message gave us a warning and that we should be alert that somewhere somebody may think he has been called to act (stupidly).

  • How well is the Belgian Security Bloggers network doing ?

    Well, the numbers speak for themselves

  • Published on 11/11/07
  • 116905 runs of the RSS pipe which means around 25.000 times a month
  • Recently some other Belgian security bloggers joined the integrated RSS feed.

    A discussion text was used for the presentation by one of them when he spoke before the Belgian federal parliamentary hearing on cybersecurity. Some action points will stay high on the political calender. Some of them are personally very dear to us, others are more general.

    Material is being published on EID and there are other things happening - but not all of them are public. We need although more concrete signs of acceptance of the facts.

    some information was forwarded to the security people of networks and sites to fix things before publication. This channel is being used when necessary.

    Some people seem to be mad as hell that some of us write the things we do. They were getting too used to the good old days of the Omerta. It is time for the Omerta to be over if we wanna secure things around here.

    The belgian organisations of ITsecurity professionals are starting to discuss about how they could move on together and organize things together. I may say that we gave them some inspiration and hope they will continue. Belgium is too small for everybody to do exactly the same thing.

  • IFRAME attack continues - update and Belgian infected sites

    The massive iframe attacks that we were writing about - and that hasn't been taken up by any Belgian press - is still continuing and according to the researchers is still widening.

    But as we aren't here to only echo what other bloggers are writing (follow the furl links for that) we can add some information about the Belgian aspects and some things that we are seeing here that could be used elsewhere

    Destination / / d08r.cn /

    The iframe is included in the following Belgian sites

    Yider=Buy%20Phentermine%20for%20lowest%20prices%20Buy%20Phentermine%20Online%20Now%20%3Ciframe%20src=// ...

    Superprestige Cyclo Cross

    %20Online%20Now%20%3CIFRAME%20src=// ...
    +us+approved+pharmacies%20%3CIFRAME%20src=// ...
    Toegevoegd door fob watch op 10th March, 2008 @ 14:40.
    SRC=//d08r.cn/1-0%3E Phentermine ...
    www.fantasiaworks.be/index/html/guestbook.php - Similar pages
    phentermine%20%3CIFRAME%20SRC=//d08r.cn/1-2%3E Cheap phentermine ...
    as we know there are a lot of other forums that aren't monitored - even
    from respectable news organisations and governmental institutions.
    There is now enough reason to put input controls and blacklists on
    all your interactive functions if you don't want to be a mule for
    these criminal  malware ecosystems as they are called now

  • The difficult problem of disclosure

    I never thought that the question of disclosure could be that hard. I have read a lot about responsable disclosure versus full disclosure and I can now understand both arguments even better. The people of responsable disclosure say that you should give them the time to correct the problems before you publish them. We have done this a few times already.

    At the other side we understand the problem of frustration if the other side won't understand what the issue is and has no intention of fixing it because for them it is not only not a problem, but if there is a problem because of this issue it is the fault of the user who didn't protect his computer. As security professionals who want to secure the web for all the people all the time at the best of our capabilities we can't agree with this point of view, even if it would come from a private enterprise (social responsability you know).

    It is the responsability of each of us to do our utter best to secure every part of the web for which we are responsable and to keep it as secure as possible for as many people and connected networks as long and as good as possible.

    Trying to dodge this responsability by jongling with terms and trying to smokescreen the issue will not take away the possibility that others with much more dangerous intentions will find out the same thing and exploit it to their advantage.

    So at a certain moment I start to understand that responsable disclosure can become full disclosure at a certain point of time. At the point at which it will become totally unresponsable to keep such information to yourself and you have the social responsability to inform the public about the information you have and to inform them of the weeks or months of tractations with the interested shareholders and their reactions. And than it will be interesting to see if the public will also think if we were responsable by keeping it ourselves or by informing them when the responsable people were acting irresponsable and not open to any reasoning.


  • The limits of limiting Google hacking

    You can limit Google hacking (robot txt is one of them) but this will not defend you against targeted attacks. Google Hacking is only the way to discover exploitable servers for the lazy hacker who doesn't mind much which sites he hacks. But if you are focusing and targeting a certain site or service, than you will use many other tools to find exploitable vulnerabilities.

    We didn't scan to find this. It was forwarded by a responsable security man/woman/dog.  We need responsable disclosure in Belgium. We are on our way to have it - we hope - but this again proofs that there are responsable securityresearchers around here that need this thing.


  • Vulnerable EID login servers without monitoring

    and than there are login servers that fail and show on their login page all the technical information that one would need to hack the server, because it isn't patched and it is in some open source stuff (I like PERMANENTLY SECURED open source not ORPHANED INSECURE open source) 

    It is a service that is being used for civil servants to log in with their EID. This is an important service because it is after this login that civil servants can give rights to other civil rights to see the information of enterprises and civilians.

    The problem is an internal error. The attacker would have to do nothing himself to see all the necessary information.

    The servers hasn't been patched since MARCH 2007 and there are for the moment 10 different exploits possible against such servers in the same state.

    More information is available for those whom it should concern - even if this unsecure server concerns all of us.


  • Internet Storm Center keeps an eye on the Dutch cybernetworks

    After being alerted that the film was online and that according to zone-h.org the first groups were hacking away already in the .nl domain, Internet Storm Center informed that they will keep an eye on the situation.

    if somebody is capable of seeing tendencies and getting all the interested important stakeholders to act, they can be it

    and even if nothing happens, it is still a good exercise for in case something really bad happens later. If at that time you already know what to look for and how to follow it up in realtime and who to contact to do what, than you have gained a lot when the internet becomes a targeted cyberwar

  • EID replacing the root certificates and rootservers


    all info there

    if you call that techical robust and tested and prepared info that is....

  • Site hosting Wilders Film already under heavy attack

    From the front page

    Welcome, and thank you for visiting LiveLeak.com. Due to an increase in traffic and targetted hacking attacks, we have had to disable certain features. We hope you enjoy all that we have available at this time and we further hope that you will visit us again to explore the full range of features and interactivity that LiveLeak has to offer. If this is your first visit to LiveLeak.com we apologise for the fact your first impression of the site will be limited, check back in with us soon and you can join one of the most unique media sharing sites on the net offering everything from uncensored news through to entertainment. Thank you for your patience.


    The film by the dutch representative Wilders with his contested viewpoints about the Islam is online. This can mean - as we have said before

    Attention the tool registrybooster that is advertised under it seems to be very difficult to delete from your computer. So don't click on it.

    that you can be the target of a scanning or real hack attack if

    * you have a .nl domain

    * if you are hosted on a dutch server or on a server with .nl domains

    * if you have links with .nl or dutch webservices

    this means that you will have to

    * make sure your server is patched and your interactive functions are disabled or closed down

    * you have tested your server with metasploit and patched it accordingly

    * you have made a clean copy that you can rely on

    * you have a monitoring system that will alert you if your homepage changes, somebody logs in or a page or function is added to your server

    If there will be attacks, they will be automated and not targeted. The goal will be to bring enough damage to the dutch cyberinfrastructure to be 'newsworthy'. So don't think they won't scan or attack you because you have nothing to do with this online film or are even against it. The attack tools won't make the difference.

    I hope it won't be necessary, but I hope the dutch have augmented their cyberalert and have organised a bit their response teams and put together a list of standby people and telephone numbers and stuff like that. If something happens it will be a nice opportunity to test these and ameliorate them afterwards.

    One thanks to Wilders that he didn't put it online on friday or in the weekend. So the security people have still one working day (but some maybe working or on standy the whole weekend) to fix things that ought to be fixed if there is an onslaught coming this weekend. Better be prepared than be sorry. Don't think I am alarmist. And it is a good exercise.

  • A cyberdefender seal that says it all

    Free Image Hosting at www.ImageShack.us

    QuickPost Quickpost this image to Myspace, Digg, Facebook, and others!

  • typosquatters of .be domains still parking their stuff

    It has been more or less a year that we published that typosquatters were registering famous domainnames in Belgium with typos (mistakes) in it and even as it is totally against the Belgian law, nothing seems to be done against them.

    Here is a list of them

  • Belgatom.be - Belgatom - Parked at Trasys
  • Blgacom.be - Blgacom - Parked at Sedoparking
  • Zatevrienden.be - Zatevrienden - Parked at Belgates
  • Zattenvrienden.be - Zattenvrienden - Parked at Intoworldwebhostings3
  • Zattevienden.be - Zattevienden - Parked at Sedoparking
  • Zattevreinden.be - Zattevreinden - Parked at Dahhosting
  • Zattevrieden.be - Zattevrieden - Parked at Intoworldwebhostings3
  • Zattevriend.be - Zattevriend - Parked at Nlhosting
  • Zattevriende.be - Zattevriende - Parked at Eurodns
  • Zattevriendne.be - Zattevriendne - Parked at Phreneticus
  • Zattevrienen.be - Zattevrienen - Parked at Fastpark
  • Zattevrinden.be - Zattevrinden - Parked at Intoworldwebhostings3
  • Zattvrienden.be - Zattvrienden - Parked at Fastpark
  • Zttevrienden.be - Zttevrienden - Parked at Sedoparking
  • Ebaey.be - Ebaey - Parked at Fastpark
  • Ebaye.be - Ebaye - Parked at Parkingspa
  • Ebays.be - Ebays - Parked at Sedoparking
  • Ebayy.be - Ebayy - Parked at Metaregistrar
  • Ebbay.be - Ebbay - Parked at Full1
  • Ebby.be - Ebby - Parked at ns0000.ns0.com
  • Ebqy.be - Ebqy - Parked at ns31894.ovh.net
  • Eby.be - Eby - Parked at Domaincontrol
  • Ebya.be - Ebya - Parked at Worldnic
  • Ebye.be - Ebye - Parked at Aligneddns
  • Eebay.be - Eebay - Parked at Sedoparking
  • Microsot.be - Microsot - Parked at Securenetim
  • Mycrosoft.be - Mycrosoft - Parked at ns23307
  • and so on and so on and so on......  http://typosquat24.com check it out


  • Is it a bird ? No it is the smallest spyplane or drone

    smallest surveillance

  • How do you look through a through-clothes airport scanner ?

    through clothes

  • Atos Banksys time-attacked itself

    Around 10.00 Belgians who had paid something on the 8th of march in 2005 had the same sum deducted from their accounts on sunday.

    But something is not perfect in their monitoring because they only saw it on monday. Maybe they should do some profiling of their datastreams so they could so if something totally different and abnormal was happening and maybe needed a bit of analysis - you never know. It could be that payments from long time ago were being re-activated. If somebody would tell them that this was possible, they would say that there is not a change.

    BTW this is the same company that according to Delhaize is the best guarantee that all our personal financial transaction and financial information is safe in Belgium. THis was the response after Delhaize lost several millions of personal ID's and financial information. 

  • Fire in main Belgian trainstation and security

    One of the main Belgian trainstations was closed yesterday because there was a fire in the replacement batteries.

    So now health monitoring or environmental monitoring ?

    They were placed next to the control room.

    They were very lucky the fire wasn't so great, because otherwise they would have lost the control room also.

    Security is also about physical and environmental elements. The integration of logical and physical security is one of the biggest headaches nowadays, but it is so necessary.

  • Fraud domains for sale in .be domains

    and so many others because who cares ?