• Some interesting US documents

    June 6, 2008 - The Strategic Petroleum Reserve: History, Perspectives, and Issues

    June 11, 2008 - Telework Legislation Pending in the 110th Congress: A Side-by-Side Comparison of Provisions

    The report, entitled Preliminary Review of Adaptation Options for Climate-Sensitive Ecosystems and Resources, identifies strategies to protect the environment as these changes occur...To develop this assessment, scientists studied national parks, national forests, national wildlife refuges, wild and scenic rivers, national estuaries, and marine protected areas

    the 2008 Trends in Sustainable Development report published by the Department of Economic and Social Affairs. The report highlights recent trends in agriculture, rural development, land, desertification and drought

    Quickly, Carefully, and Generously - Task Force for a Responsible Withdrawal from Iraq, June 2008. Preface by U.S. Representative James P. McGovern (MA-03). Commonwealth Institute, Cambridge, MA

    Actions Are Needed to Control Risks With International Transactions Reported on Corporate Income Tax Returns, May 30, 2008, Reference Number: 2008-30-114  "The compliance risk associated with international transactions continues to grow and to present tax administration challenges as companies both small and large expand operations across international boundaries

    OIG-08-61 - DHS Must Address Internet Protocol Version 6 Challenges (PDF, 14 pages): "We evaluated the Department of Homeland Security’s (DHS’) transition to Internet Protocol Version 6 (IPv6).

    OIG-08-60 - Logistics Information Systems Need to Be Strengthened at the Federal Emergency Management Agency (PDF, 33 pages): "FEMA’s existing information technology systems do not support logistics activities effectively. Specifically, the systems do not provide complete asset visibility of disaster goods, such as commodities and property, from their initial shipment to final distribution in disaster areas.

    US plans for a new natonial bio-defense research facility

     Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information, GAO-08-536, April 19, 2008

    Privacy: Congress Should Consider Alternatives for Strengthening Protection of Personally Indentifiable Information, GAO-08-795T, June 18, 2008

    The Annual Threat Assessment, released in February by the Director of National Intelligence, confirmed that Al-Qaeda has regrouped in Pakistan and that terrorists continue to pose significant threats to the United States. In addition, the Department continues to believe that the aviation sector is at a high risk of attack

  • European documents about immigration and border controls

    30-06-2008Round table with National Parliaments: Freedom and Security in the integrated management of EU Borders
    Draft programme | Projet de programme | poster
    Session I : SIS II: when, why, how?
    Decision on the establishment, operation and use of the second generation SIS II
    Regulation on the establishment, operation and use of the SIS II
    Regulation regarding access to the SIS II for vehicle registration certificates
    Proposal on migration from the SIS I to the second generation SIS II (Decision)
    Proposal on migration from SIS I to new generation SIS II
    Working document on the functioning of the current Shengen Information system
    Working document: New elements of the proposals in comparison to the current acquis
    Session II: Border surveillance: the contribution of FRONTEX and EUROSUR
    Examining the creation of a European Border Surveillance System (EUROSUR)
    Impact Assessment
    Summary of the Impact assessment
    Session III: Protecting freedom, security and privacy
    Preparing the next steps in border management in the European Union
    Preliminary Comments of the European Data Protection Supervisor (EDPS) Peter Hustinx
    Entry-Exit Impact Assessment
    Summary of the Impact Assessment
    links to the U.S. Department of Homeland Security
    Open Society Institute written contribution
    Oral presentation by Rebekah Delsol


    Look also hear



    It is a bit curious, all that exitement about the problem of illegal immigration and how easy it is to smuggle people in and throughout Europe. This is a natural consequence of the Schengen Agreement. The Idea of the Schengen Agreement was that borders had no security sense and that it would be much better if people were controlled throughout Europe and not only at some borders. But these internal controls weren't done for financial and political reasons, so the fact of the matter is that once you get into Schengen Europe, there is very little chance that you will be controlled if you lay low and try to do nothing wrong or to get attention.

    Borders are like firewalls and should have been there as a detergent and as a checking point. The first purpose was that freight traffic was losing hours at each border control, but maybe if the border controls would chance from freight control to checks on people traffic than the results could be much more interesting.

  • New versions of interesting freeware (security and utilities)


    Software & Games Updates

       Zortam Mp3 Media Studio 8.15

    Get new version now  
    What's new in this version: Version 8.15 may include unspecified updates, enhancements, or bug fixes.
    updated: 6/25/2008
    new version: 8.15
    filed under: Music Management


    Get new version now  
    What's new in this version: Version may include unspecified updates, enhancements, or bug fixes.
    updated: 6/25/2008
    new version:
    filed under: Utilities

       Burn4Free CD and DVD 4.6

    Get new version now  
    What's new in this version: Version 4.6 includes improved Vista compatibility/fix and adds some improvements and optimizations.
    updated: 6/19/2008
    new version: 4.6
    filed under: CD & DVD Burners

       X-Lizard Password Generator 1.2

    Get new version now  
    What's new in this version: Version 1.2 has few small improvements.
    updated: 6/24/2008
    new version: 1.2
    filed under: Encryption Software

       Ayrun 1.1

    Get new version now  
    What's new in this version: Version 1.1 includes unspecified updates.
    updated: 6/24/2008
    new version: 1.1
    filed under: Management Tools

       deVault Pro 2008 X7

    Get new version now  
    What's new in this version: Version 2008 X7 adds new interface, real time vault search and task scheduler.
    updated: 6/25/2008
    new version: 2008 X7
    filed under: File Compression

       Activ 1.2

    Get new version now  
    What's new in this version: Version 1.2 added user interface program ActivSetup.exe to ease Activ settings selection and Registry monitoring is re-engineered using Microsoft Registry filtering model.
    updated: 6/19/2008
    new version: 1.2
    filed under: Monitoring Software

       TrueSafe Personal Edition 3.14

    Get new version now  
    What's new in this version: Version 3.14 may include unspecified updates, enhancements, or bug fixes.
    updated: 6/25/2008
    new version: 3.14
    filed under: Backup Software

       URL Monitoring Tool 2.8

    Get new version now  
    What's new in this version: Version 2.8 includes unspecified updates.
    updated: 6/24/2008
    new version: 2.8
    filed under: Web Servers

       Ping Test Easy 4.06

    Get new version now  
    What's new in this version: Version 4.06 may include unspecified updates, enhancements, or bug fixes.
    updated: 6/22/2008
    new version: 4.06
    filed under: Network

       DomainScan 6.52 build 110

    Get new version now  
    What's new in this version: Version 6.52 build 110 improved database engine and has faster performance.
    updated: 6/22/2008
    new version: 6.52 build 110
    filed under: Network

       SmartFTP Client (32-bit) 3.0.1018.3

    Get new version now  
    What's new in this version: Version 3.0.1018.1 may include unspecified updates, enhancements, or bug fixes.
    updated: 6/22/2008
    new version: 3.0.1018.3
    filed under: FTP Software

       SendEmails Free Edition 2.0.12

    Get new version now  
    What's new in this version: Version 2.0.12 adds localizations for English, German, French, Spanish, Dutch, Portuguese, Greek, Russian, Chinese, and Japanese.
    updated: 6/24/2008
    new version: 2.0.12
    filed under: Clients

       Ad-Aware SE Definition File SE1R261 (06/18/2008)

    Get new version now  
    What's new in this version: The latest release adds new definitions.
    updated: 6/24/2008
    new version: SE1R261 (06/18/2008)
    filed under: Spyware Removers

       Advanced WindowsCare Personal 2.7.2

    Get new version now  
    What's new in this version: Version 2.7.2 is a bug fixing release.
    updated: 6/19/2008
    new version: 2.7.2
    filed under: Diagnostic Software

       Spiceworks IT Desktop 3.0.23470

    Get new version now  
    What's new in this version: Version 3.0.23470 increases performance (up to 40% faster). New features include Microsoft Exchange support & monitoring, the ability to create custom navigation items for web-based tools, custom group creation, the ability to track service providers, shared reports.
    updated: 6/24/2008
    new version: 3.0.23470
    filed under: Management Tools

       CyeWeb One Channel 2.1.9

    Get new version now  
    What's new in this version: Version 2.1.9 includes unspecified updates.
    updated: 6/19/2008
    new version: 2.1.9
    filed under: Webcam & Video

       Email Director Classic Edition 9.1.3

    Get new version now  
    What's new in this version: Version 9.1.3 may include unspecified updates, enhancements, or bug fixes.
    updated: 6/23/2008
    new version: 9.1.3
    filed under: Clients

       Clean My Registry 4.6

    Get new version now  
    What's new in this version: Version 4.6 has new languages.
    updated: 6/25/2008
    new version: 4.6
    filed under: System Utilities

       Radio Stream Player

    Get new version now  
    What's new in this version: Version includes unspecified updates.
    updated: 6/26/2008
    new version:
    filed under: Streaming Audio

       TruxShare 4.0.5

    Get new version now  
    What's new in this version: Version 4.0.5 may include unspecified updates, enhancements, or bug fixes.
    updated: 6/22/2008
    new version: 4.0.5
    filed under: MP3 Finders

       TubeSucker 5.0

    Get new version now  
    What's new in this version: Version 5.0 includes a new Video Editor so you can make your own videos, a "Two Minute Volume Mute" for when you are watching live TV on your PC and want to mute the commercials, without missing any content.
    updated: 6/24/2008
    new version: 5.0
    filed under: Video Players

       Acala 3GP Movies Free 3.0.3

    Get new version now  
    What's new in this version: Version 3.0.3 may include unspecified updates, enhancements, or bug fixes.
    updated: 6/20/2008
    new version: 3.0.3
    filed under: Video Converters

       Coollector 2.12

    Get new version now  
    What's new in this version: Version 2.12 adds 200 movies & series and 300 persons.
    updated: 6/24/2008
    new version: 2.12
    filed under: Home Inventory

       Auslogics Disk Defrag 1.4.16

    Get new version now  
    What's new in this version: Version 1.4.16 fixed shared modules errors.
    updated: 6/19/2008
    new version: 1.4.16
    filed under: System Utilities

  • 3 of the 4 CCC Secours rouge militants liberated

    For an outsider the fight against terrorism in Belgium is a real rollercoaster and in the end you don't know who is winning or who is losing. I grew up in the 80's with the CCC and the Bende van Nijvel and WNP and fascist street violence and targeted attacks. It were fascinating but dangerous times. But it were also times in which the police and intelligence services did what they like the way they liked to do it. Sometimes it seemed we where living in a police state in which militants and activists were followed and indexed for very unclear reasons.

    Aside from some sleeping jihad cells with big dreams and plans that were arrested, Belgium didn't know any big terrorist attacks since than. Some times there was some tension and sometimes there were alerts and we were asked to be vigilant but nothing compared to what happened in France in the metro stations, 9/11, 7/7 and so on.

    So we have to be doing something right ? Well there are things going wrong somewhere. It is the 4th time that the DHCKP will be brought to trial. The PKK trainingcamp that was invaded by a huge police force seemed to be an international congress about women rights or something like that. And now three of the 4 suspects of Secours Rouge/CCC are liberated because there was no real evidence.

    I remember that after 9/11 there was an enormous discussion about privacy versus security. Privacy and anonimity are relative, just as security and so one can't been seen without the other and can't be taken out of the context of the total picture.

    If we would like to make privacy the basic principle on which all other laws are built upon, than we will never have enough security because the police and intelligence services will never have enough information to act or they will act wrongly because they have too little real hard information and are supposing too much based upon too little information. Than they make mistakes and lose credibility, which can be fatal for an intelligence agence, especially with its foreign partners (and in today's world you can't function as an intelligence service if you don't have enough trust relationships and cooperation from other intelligence services).

    The other thing that makes it dangerous to put only privacy in the center of all the laws and practices is that you will have the information - or try to get it - whatever the law says. You will than act on that information because you will have the security of the society in mind - not the privacy of the few. And than you will go to court and the court will ask for your proof and you can't give it - because it will be (rightly) thrown out of court. You may have a thousand laws and auditors to try to keep your intelligence and police officers under control but the information will always flow to them and they will always try to act on it - because it is what they are trained to do (protecting us).

    So I make an enormous difference between the surveillance of a whole society - which I hate and which doesn't have any operational benefits (you can never - even with today's technology- collect, interlink, translate and analyse all the information that is flowing through our digitalised societies) and the very thorough surveillance of those groups that are defined by law as being terrorist or very dangerous to the society as a whole. We should be sure that when those groups are brought to court, the police and the intelligence services can show 'all the evidence they have without any doubt'.

    When I hear how Luc Beirens from the FCCU describes the process when he tries to disband cybergangs, it is to lose your patience and sympathy for the law. THis way the police services can't work with online criminal activity. They should have more powers in specific strictly defined domains that are supervised by the judicial powers and are controlled by the parliament.

    The police services ask now that by law they could have access to your computer. The question is not if they may have access to your computer. There is nothing special with your computer that makes it apart or different from your phone, house, car or whatever. The question is for what and on basis of what and under the supervision of what. If it is only to do some fishing or suspicion than that would be difficult to approve. If it is because there are international sources and other information that give indications that are strong enough to give the judge the incentive to approve this kind of operation (and to make sure that only useful information is kept and all the rest is destroyed) than that is another case.

    You can't say it is or security or privacy. Both are relative interdependent. We have in Belgium in comparaison to the US a relative better protected privacy environment but that is only because our security situation is for the moment better. If our security situation would worsen and bombs would effectively explose in our cities, than few would care about the privacy rights of their sympathisants and suspected sleeping cells or groups. ANd all the others that would be associated without any logical reason. We have seen this before in Belgium with the Mammouth operations after the CCC explosions that went through the leftwing organsations and sympathisers without much discrimination.

    At the other side we have also a security environment because we feel that we live in a democratic society that respects the privacy and the democratic rights of its individual democratic citizens (even if they have the right to say their point of view).

  • EID Rijksregister teaches the wrong lesson

    It is important that EID uses safe online services that give a sense of trust to the users. One of the things that are important is that the certificates are in order. Now this doesn't seem to be the case when you want to look up your information in your national file with your national unique number (RRN, Rijksregister).

    THis service should be a showcase - an example of how it should be done ? ScreenHunter_01 Jun. 27 08.55

    How do you want to educate the population how to work correctly with certificates and what is the sense of working with certificates and the whole very expensive infrastructure behind it, if you teach them that you should click on anything without checking or controlling. There is not much explanation in the text why people see this and what they should do here and why they shouldn't do this when they go to a bank for example.

  • Global security week in Belgium september 08

    The Global Security Week takes place annually in the week leading up to September 11th . It is a non-profit initiative run by a team of volunteers across three continents to support and coordinate a range of security awareness activities worldwide in that week. This is a public awareness initiative, not a commercial or political venture. Its long-term aim is to become the focal point for security awareness activities in years to come.

    This year, with the central theme being Cybercrime; LSEC will be coordinating the Global Security Week initiatives in Belgium with amongst other workshops and afternoon seminars by LSEC itself :

    Preliminary Program :

    1.       Monday September 8th : LSEC Budget Control Workshop and Information Security Economics Seminar

    During this workshop and seminar, LSEC wants to support the development of Information Security professionals and experts by providing them with a number of basics on the organization of their information security projects. The morning workshop has been intended to provide some hands-on experience and practical support. In the afternoon the focus will not be on technology sales, but principles that help getting an understanding of the
    economical drivers for information security technologies and projects.

    For more information and subscriptions please visit :  http://www.lsec.be/index.php/whats_happening/event/lsec_information_security_economics_2008/

    2.       Tuesday September 9th : LSEC Application Security Seminar

    Learn about the current trends and evolutions in Application Security, including Web Application and Web 2.0, AJAX, webservices & XML, database security. Learn from recent threat models, best practices and current evolutions. During this seminar some of the experts will guide you through some of the threats that organizations are facing or could face using a variety of applications. Those could be as trivial as just a website that hosts the company profile, but could have adverse effects on the companies’ image or online transactions.
    Those could also be very sophisticated attacks aimed at the heart of the business, by penetrating the deep insides of the applications themselves and changing their face and business logic, without being able to notice ...

    For more information and subscription, please visit : http://www.lsec.be/index.php/whats_happening/event/lsec_application_security_seminar_2008/

    3.       Wednesday September 10th : Introduction to risk management and information security, together with Leuven Inc. evening session

    Leuven.Inc themasessie: Beveiliging van mobiele data: Waarom en hoe?, an afternoon seminar in Flemish intended to the business community and start-up companies, in collaboration with Leuven Inc.

    For more information and to subscribe, please visit : http://www.lsec.be/index.php/whats_happening/event/leuveninc_themasessie_beveiliging_van_mobiele_data_waarom_en_hoe/

    4.       Thursday September 11th : LSEC Trusted Computing and Embedded Security Seminar

    The Trusted Computing Initiative is reaching the market. Trusted Computing is a collaboration of a number of large computer manufacturers such as HP and Sony, that had the objective to increase the level of securitity by building in security potential on a hardware level. Some of these measures have been built in, into the most recent laptops and could facilitate and number of solutions and tools that allow for a better security measurement.
    The idea of embedding security on a hardware level is not new, and is gaining increasing ground. Separate dedicated co-crypto-processors do exist today, and will be available more towards the future. But also the process of securing the chip development itself and securing some of the programmable chips today and towards the future should be considered.
    During this seminar a number of those topics will be considered and investigated, with the objective to understand the opportunities and potential that embedded security can offer today and towards the future.

    For more information and subscription please visit :


    5.        Friday September 12th : LSEC Malware Revisited Seminar

    Malware attacks are increasing in volume, that is a fact and should be considered; but at the same time, the level of custom attacks, especially engineered for directed attacks against people or companies has also increased. It is suggested that both criminal - organized crime are behind the large scale attacks, especially oriented towards
    financial gain through large scale fraud. How can you and your organization better prepare yourself against those attacks that have their origins on a worldwide level ? How can we as a whole community can support the fight against potential cyberterrorism ?
    During this seminar, LSEC wants to revisit the developments of Malware and some of the solutions against them. We will gain condifence on the tools and technologies we acquire and why they should be implemented, but we also consider some of their concerns and how we should increase the level of awareness within our organizations.

    For more information and to subscribe, please visit :


    Subscirbe now and participate to one or even all of these awareness events during the second week of September.

    Practical :

    • Global Security Week 2008
    • Monday September 8th - Friday September 12th : morning workshops, afternoon seminars and discussions
    • Entrance :
      • Free upon registration prior to July 1, 2008 for
        • Free upon registration prior to July 1st, 2008 for
           -  LSEC vouchers (or presentation of this email)
           -  LSEC website members (register below if you haven’t already done so), LSEC members,  
              LSEC member invites and LSEC affiliates (ISSA, ISACA, Agoria-ICT, KTN, TeleTrusT,
          EEMA, ...)
           -  information technology professionals with in interest in becoming information security
              professionals (subscribe below to apply)

        • Submission fee of 150 €
          - upon registration after July 1st
        • Submission fee of 500 €
          - for consultants, vendors, industry representatives NON-member of LSEC

    About :  LSEC is an internationally renowned IT security cluster, a not for profit organization that has the objective to promote Information Security and the expertise in Flanders and Belgium. It is supported by the Flemish institute for sciences and development (IWT) and has a broad membership base of over 65 IT Security specialized companies, and more than 200 individual IT Security Professionals , representing in total over 2500 IT Security specialists in Belgium.


    For the latest full program and subscription* pages go to our websites : www.lsec.be  

  • ICANN domains defaced by DNS hacks ?

    from zone-h.com

    Hijacked domains include "icann.com", "icann.net", "iana.com" and "iana-servers.com".
    We reached the defacers by email but they refused to tell us how they changed the DNS records, however a cross-site scripting or cross-site request forgery vulnerability might have been exploited.

    Here is the mirror of the ICANN.com defacement:

    You can have a look at their other defacements here:

    and after their decision to liberate the domainextension space the dns mess will only become a living hell if you don't secure and monitor it as hard as possible.

  • EID : online webservice is opt-out not opt-in

    There is a lot of discussion between privacy advocates and service operators. The first are mostly for an opt-in in which the person has to make clear that he or she wants to use that service, the second are mostly advocates of the opt-out in which one has to say that he or she doesn't want to use those additional services.

    Security persons are mostly for the opt-in because it is much more simple to secure a situation by having all additional services off and securing one after another if you would like to add them, than by going through all the activated services and trying to secure or cut them all. This is a bit the difference between NT/2000 and 2003 and later. And between a secure basic setup of a program and a standard one.

    Now it has been said that every citizen that receives an EID at the cityhall in Belgium has automatically all the certificates activated that are needed for the online services. It is up to the citizen to phone or to send in a form to desactivate these services/certificates (for example because he or she doesn't has a computer at home).

    There is also the following tip. Go to an EID reader where you have to put in your pincode and type three times a wrong ping code. The certificates will be automatically desactivated as any possible online use of your EID.

  • Toolz traceroute

    1Enter host name (or
    2Press the button "Tracert"

  • Toolz Decimal IP into IP address

    1Enter decimal IP
    2Press the button “Decimal”

  • Toolz deobfuscator URL

    1Enter URL
    2Press the button “De-Obfuscator”

  • Tool : Geolocation

    1Enter IP
    2Press the button “Find City”

  • Microsoft upgrades its anti-sql injection defenses

    Everybody that follows a bit the hacking and scanning on the internet knows that sql scanning is the most used technique to get your site or data in troubbe because you didn't take the time to test it yourself before you announced your website to the press and the world. So now you sit on a broken egg (to say it mildly).

    Microsoft is updating its defenses in asp and has upgraded URLScan so that more malicious SQL injecting urls will be rejected.

    UrlScan version 3.0 Beta is a Microsoft security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from reaching the Web application on the server. UrlScan 3.0 will install on IIS 5.1 and later, including IIS 7.0. UrlScan 3.0 can be found at URLScan Tool 3.0 Beta.

    UrlScan version 3.0 is a tool that will allow you to implement many different rules to better protect Web applications on servers from SQL injection attacks. These features include:

    The ability to implement deny rules applied independently to a URL, query string, all headers, a particular header, or any combination of these.

    A global DenyQueryString section that lets you add deny rules for query strings, with the option of checking un-escaped version of the query string as well.

    The ability to use escape sequences in the deny rules to deny CRLF and other non-printable character sequences in configuration.

    Multiple UrlScan instances can be installed as site filters, each with its own configuration and logging options (urlscan.ini).

    Configuration (urlscan.ini) change notifications will be propagated to worker processes without having to recycle them. Log settings are an exception to this.

    Enhanced logging to give descriptive configuration errors.

    YOu can also use

    A SQL Source Code Analysis Tool has been developed. This tool can be used to detect ASP code susceptible to SQL injection attacks. This tool can be found in Microsoft Knowledge Base Article 954476.

    The Microsoft Source Code Analyzer for SQL Injection is a standalone tool customers can run on their own ASP source code. In addition to the tool itself, there is documentation included on ways to fix the problems it finds in the code it analyzes. Some key features of this tool are:

    Scans ASP source code for code that can lead to SQL Injection vulnerabilities.

    Generates an output that displays the coding issue.

    This tool only identifies vulnerabilities in classic ASP code. It does not work on ASP.NET code

    and some more info

    Links to other documentation on SQL injection and coding best practices:

    SQL Server Injection Protection

    Preventing SQL Injections in ASP

    How To: Protect from SQL Injection in ASP.NET

    Coding Techniques for protecting against SQL Injection in ASP.NET

    Filtering SQL Injection from Classic ASP

    Security Vulnerability Research & Defense Blog on SQL Injection Attack

    source Microsoft (thanx)

  • Rehacked Again (and again) FEDIS.BE/swan

    how many times and how much or 'is there gonna be no next time' ?

    Take your security seriously yourself instead of telling everyone that internet is so safe and that you shouldn't worry about anything......  

    ps source zone-h.com and we didn't do anything, we only report it

  • Hack of the day : brochurewijzer.be


  • Rapport Gezonheid en microgolven (ook wifi)

    Uit het rapport van de Hoge Gezondheidsgraad

    Hoewel tot nu toe niet experimenteel bewezen, toont de wiskundige benadering in de bijlagen aan dat het erg aannemelijk is dat biologische systemen kunnen demoduleren en dus onder invloed kunnen staan van de ELF (Extreme Low Frequency) afkomstig van gepulseerde en gemoduleerde golven.

    Nederlands rapport / Français /

    Addendums (nederlands, Français, English)

  • citizen media : is crowd funding a way forward

    http://www.Spot.us is a nonprofit that allows an individual or group to take control of news in their community by sharing the cost (crowdfunding) to commission freelance journalists to write important, or uncovered news stories

    It would off course give freelance journalists a way to survive as general media are becoming more general and lookalikes and local news is feeling the pressure from advertisers. But how do you guarantee that the writer doesn't write (of puts his or hers name under it) what he or she has been asked to to ?

    It does make it possible although that this way forgotten stories can become news because they are written by journalists that are used to write stuff that get attention.

  • EID how to make it unusable online directly or from now on (updated)

    You can make your EID unusable online if you don't activate any of the digital certificates that are on it when you go to the cityhall to get yours.

    You won't be able to use it for any online service but if you refuse the activation that is probably your intention.

    Probably they won't say you aren't obliged to activate both and just try to do it, but I have been hearing from several sources that you have the right to do so. Contradict me if I am wrong.

    The law says that we don't have to activate the necessary keys for online authentification that would be necessary for digital signatures or online services.

    art 14 §2 (...)
    De elektronisch leesbare gegevens van persoonlijke aard betreffen :
    1° de identiteits- en handtekeningsleutels;
    2° de identiteits- en handtekeningcertificaten;
    3° de geaccrediteerde certificatiedienstverlener;

    4° de informatie nodig voor de authentificatie van de kaart en voor de beveiliging van de elektronisch leesbare gegevens voorkomend op de kaart en voor het gebruik van de bijhorende gekwalificeerde certificaten;
    5° de andere vermeldingen, opgelegd door de wetten;
    6° de hoofdverblijfplaats van de houder.
    De houder van de kaart kan desgewenst afzien van de activering van de onder 1° tot 3° van het vorige lid vermelde gegevens.

    So some questions

    1. Are people informed in an understandable manner that they don't have to activate that ?

    2. Can you - except by 'losing' the card and asking a new one - desactivate it if it has been activated without your consent ?

    3. So how many people didn't activate it or asked to desactivate it - if they were told they could do so. I have heard and read about communes where it was activated by default.

    It shows the importance of having a very secure and robust security-organisation, audit and upgrading backoffice for this enormous project. It is not something to be taken lightly and to be done 'between the croissant and the coffee'. Because every scandal, vulnerability or problem that arise can have an impact on the (des)activation of these certificates (and so on your ability to use it for online services). The very smart card will become so dumber each time. And the nirvana of all those technological wet dreams of our evangelistic technopriests will  become fata morgana's (except that they have cost millions).

  • Documents about Itsecurity, terrorism and privacy for today


    http://www.dhs.gov/xoig/assets/mgmtrpts/OIGr_08-58_May08.pdf  Lessons learned from an outage at the Los Angeles Airport. Even if some information is yellowed out, it is interesting to read that it took 6 hours for Sprint to have someone at the site present and that hot swapping had as a consequence that there was a fireL Luckily there was a decommissioned router that could be used (was it updated and patched ?). It was also interesting to read that they first disconnected the wireless network - even if this didn't solve the problem. They finally found a connection with 12 devices that seemed to be the heart of the problem. In its conclusions it is stated that these turn on turn off actions should have been started from the beginning and that such important networks should have more analysis and alerting tools.

    NSA Suite B Base Certificate and CRL Profile (30pp, 835KB)  guidelines for the NSA how to sign your certificates if you are from the NSA, nice template more or less, good idea if you are a complex organisation


    http://cryptome.org/dhs060608.htm revision of the US critical infrastructure plan

    http://www.mcclatchydc.com/259/story/40334.html The other side of Guantanamo and the internal US antiterrorist prisons nobody talks about.

    http://cryptome.org/uscg061708.htm  The protection of a LNG terminal (we have one in Belgium - I don't know what we do, I hope we do something)

    http://www.gao.gov/new.items/d08757.pdf the Congressional Accounting Office (a much stronger version of our Rekenhof) has used UNDERCOVER investigators to actively test the border controls and found astonishing results. Imagine that. The research department of our parliament sending undercover investigators to our ports to test the effectiveness of our border controls.

    FBI training on IED or improvised Explosive devices (that don't look at all like bombs)


    http://cryptome.org/dhs061008.htm US electronic Travel system that controls who is coming without a VISA before they arrive

    http://www.dni.gov/reports/IC_Legal_Reference_Book.pdf US law book (688 pages) for the Intelligence Community

  • joke of the day optimuminvest.be

    So you would think it is an investfirm or something like that ?

    No it is just a forum with explicit porn - but maybe it is some mad investor who got...... 


    yourdomain.com :: View topic - lavalife virgin fuck batman porn

    tawnee stone hacked · web cam girls · free rape movies · teen in shower · tatu mp3 · gay asians · pictures of naked girls · hot teen girls · preteen pussy ...
    www.optimuminvest.be/forum/viewtopic.php?p=19597 - 103k - 19 Jun 2008 - Cached - Similar pages - Note this