06/29/2008

Some interesting US documents

June 6, 2008 - The Strategic Petroleum Reserve: History, Perspectives, and Issues

June 11, 2008 - Telework Legislation Pending in the 110th Congress: A Side-by-Side Comparison of Provisions

The report, entitled Preliminary Review of Adaptation Options for Climate-Sensitive Ecosystems and Resources, identifies strategies to protect the environment as these changes occur...To develop this assessment, scientists studied national parks, national forests, national wildlife refuges, wild and scenic rivers, national estuaries, and marine protected areas

the 2008 Trends in Sustainable Development report published by the Department of Economic and Social Affairs. The report highlights recent trends in agriculture, rural development, land, desertification and drought

Quickly, Carefully, and Generously - Task Force for a Responsible Withdrawal from Iraq, June 2008. Preface by U.S. Representative James P. McGovern (MA-03). Commonwealth Institute, Cambridge, MA

Actions Are Needed to Control Risks With International Transactions Reported on Corporate Income Tax Returns, May 30, 2008, Reference Number: 2008-30-114  "The compliance risk associated with international transactions continues to grow and to present tax administration challenges as companies both small and large expand operations across international boundaries

OIG-08-61 - DHS Must Address Internet Protocol Version 6 Challenges (PDF, 14 pages): "We evaluated the Department of Homeland Security’s (DHS’) transition to Internet Protocol Version 6 (IPv6).

OIG-08-60 - Logistics Information Systems Need to Be Strengthened at the Federal Emergency Management Agency (PDF, 33 pages): "FEMA’s existing information technology systems do not support logistics activities effectively. Specifically, the systems do not provide complete asset visibility of disaster goods, such as commodities and property, from their initial shipment to final distribution in disaster areas.

US plans for a new natonial bio-defense research facility

 Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information, GAO-08-536, April 19, 2008

Privacy: Congress Should Consider Alternatives for Strengthening Protection of Personally Indentifiable Information, GAO-08-795T, June 18, 2008

The Annual Threat Assessment, released in February by the Director of National Intelligence, confirmed that Al-Qaeda has regrouped in Pakistan and that terrorists continue to pose significant threats to the United States. In addition, the Department continues to believe that the aviation sector is at a high risk of attack

Permalink | |  Print |  Facebook | | | | Pin it! |

European documents about immigration and border controls

30-06-2008Round table with National Parliaments: Freedom and Security in the integrated management of EU Borders
Draft programme | Projet de programme | poster
Session I : SIS II: when, why, how?
Decision on the establishment, operation and use of the second generation SIS II
Regulation on the establishment, operation and use of the SIS II
Regulation regarding access to the SIS II for vehicle registration certificates
Proposal on migration from the SIS I to the second generation SIS II (Decision)
Proposal on migration from SIS I to new generation SIS II
Working document on the functioning of the current Shengen Information system
Working document: New elements of the proposals in comparison to the current acquis
Session II: Border surveillance: the contribution of FRONTEX and EUROSUR
Examining the creation of a European Border Surveillance System (EUROSUR)
Impact Assessment
Summary of the Impact assessment
Session III: Protecting freedom, security and privacy
Preparing the next steps in border management in the European Union
Preliminary Comments of the European Data Protection Supervisor (EDPS) Peter Hustinx
Entry-Exit Impact Assessment
Summary of the Impact Assessment
links to the U.S. Department of Homeland Security
Open Society Institute written contribution
Oral presentation by Rebekah Delsol

 

Look also hear

http://www.europarl.europa.eu//activities/committees/hear...

 

It is a bit curious, all that exitement about the problem of illegal immigration and how easy it is to smuggle people in and throughout Europe. This is a natural consequence of the Schengen Agreement. The Idea of the Schengen Agreement was that borders had no security sense and that it would be much better if people were controlled throughout Europe and not only at some borders. But these internal controls weren't done for financial and political reasons, so the fact of the matter is that once you get into Schengen Europe, there is very little chance that you will be controlled if you lay low and try to do nothing wrong or to get attention.

Borders are like firewalls and should have been there as a detergent and as a checking point. The first purpose was that freight traffic was losing hours at each border control, but maybe if the border controls would chance from freight control to checks on people traffic than the results could be much more interesting.

Permalink | |  Print |  Facebook | | | | Pin it! |

New versions of interesting freeware (security and utilities)

 

Software & Games Updates

   Zortam Mp3 Media Studio 8.15


Get new version now  
What's new in this version: Version 8.15 may include unspecified updates, enhancements, or bug fixes.
updated: 6/25/2008
new version: 8.15
filed under: Music Management

   ePostMailer 4.1.0.23


Get new version now  
What's new in this version: Version 4.1.0.23 may include unspecified updates, enhancements, or bug fixes.
updated: 6/25/2008
new version: 4.1.0.23
filed under: Utilities

   Burn4Free CD and DVD 4.6


Get new version now  
What's new in this version: Version 4.6 includes improved Vista compatibility/fix and adds some improvements and optimizations.
updated: 6/19/2008
new version: 4.6
filed under: CD & DVD Burners

   X-Lizard Password Generator 1.2


Get new version now  
What's new in this version: Version 1.2 has few small improvements.
updated: 6/24/2008
new version: 1.2
filed under: Encryption Software

   Ayrun 1.1


Get new version now  
What's new in this version: Version 1.1 includes unspecified updates.
updated: 6/24/2008
new version: 1.1
filed under: Management Tools

   deVault Pro 2008 X7


Get new version now  
What's new in this version: Version 2008 X7 adds new interface, real time vault search and task scheduler.
updated: 6/25/2008
new version: 2008 X7
filed under: File Compression

   Activ 1.2


Get new version now  
What's new in this version: Version 1.2 added user interface program ActivSetup.exe to ease Activ settings selection and Registry monitoring is re-engineered using Microsoft Registry filtering model.
updated: 6/19/2008
new version: 1.2
filed under: Monitoring Software

   TrueSafe Personal Edition 3.14


Get new version now  
What's new in this version: Version 3.14 may include unspecified updates, enhancements, or bug fixes.
updated: 6/25/2008
new version: 3.14
filed under: Backup Software

   URL Monitoring Tool 2.8


Get new version now  
What's new in this version: Version 2.8 includes unspecified updates.
updated: 6/24/2008
new version: 2.8
filed under: Web Servers

   Ping Test Easy 4.06


Get new version now  
What's new in this version: Version 4.06 may include unspecified updates, enhancements, or bug fixes.
updated: 6/22/2008
new version: 4.06
filed under: Network

   DomainScan 6.52 build 110


Get new version now  
What's new in this version: Version 6.52 build 110 improved database engine and has faster performance.
updated: 6/22/2008
new version: 6.52 build 110
filed under: Network

   SmartFTP Client (32-bit) 3.0.1018.3


Get new version now  
What's new in this version: Version 3.0.1018.1 may include unspecified updates, enhancements, or bug fixes.
updated: 6/22/2008
new version: 3.0.1018.3
filed under: FTP Software

   SendEmails Free Edition 2.0.12


Get new version now  
What's new in this version: Version 2.0.12 adds localizations for English, German, French, Spanish, Dutch, Portuguese, Greek, Russian, Chinese, and Japanese.
updated: 6/24/2008
new version: 2.0.12
filed under: Clients

   Ad-Aware SE Definition File SE1R261 (06/18/2008)


Get new version now  
What's new in this version: The latest release adds new definitions.
updated: 6/24/2008
new version: SE1R261 (06/18/2008)
filed under: Spyware Removers

   Advanced WindowsCare Personal 2.7.2


Get new version now  
What's new in this version: Version 2.7.2 is a bug fixing release.
updated: 6/19/2008
new version: 2.7.2
filed under: Diagnostic Software

   Spiceworks IT Desktop 3.0.23470


Get new version now  
What's new in this version: Version 3.0.23470 increases performance (up to 40% faster). New features include Microsoft Exchange support & monitoring, the ability to create custom navigation items for web-based tools, custom group creation, the ability to track service providers, shared reports.
updated: 6/24/2008
new version: 3.0.23470
filed under: Management Tools

   CyeWeb One Channel 2.1.9


Get new version now  
What's new in this version: Version 2.1.9 includes unspecified updates.
updated: 6/19/2008
new version: 2.1.9
filed under: Webcam & Video

   Email Director Classic Edition 9.1.3


Get new version now  
What's new in this version: Version 9.1.3 may include unspecified updates, enhancements, or bug fixes.
updated: 6/23/2008
new version: 9.1.3
filed under: Clients

   Clean My Registry 4.6


Get new version now  
What's new in this version: Version 4.6 has new languages.
updated: 6/25/2008
new version: 4.6
filed under: System Utilities

   Radio Stream Player 1.5.0.11


Get new version now  
What's new in this version: Version 1.5.0.11 includes unspecified updates.
updated: 6/26/2008
new version: 1.5.0.11
filed under: Streaming Audio

   TruxShare 4.0.5


Get new version now  
What's new in this version: Version 4.0.5 may include unspecified updates, enhancements, or bug fixes.
updated: 6/22/2008
new version: 4.0.5
filed under: MP3 Finders

   TubeSucker 5.0


Get new version now  
What's new in this version: Version 5.0 includes a new Video Editor so you can make your own videos, a "Two Minute Volume Mute" for when you are watching live TV on your PC and want to mute the commercials, without missing any content.
updated: 6/24/2008
new version: 5.0
filed under: Video Players

   Acala 3GP Movies Free 3.0.3


Get new version now  
What's new in this version: Version 3.0.3 may include unspecified updates, enhancements, or bug fixes.
updated: 6/20/2008
new version: 3.0.3
filed under: Video Converters

   Coollector 2.12


Get new version now  
What's new in this version: Version 2.12 adds 200 movies & series and 300 persons.
updated: 6/24/2008
new version: 2.12
filed under: Home Inventory

   Auslogics Disk Defrag 1.4.16


Get new version now  
What's new in this version: Version 1.4.16 fixed shared modules errors.
updated: 6/19/2008
new version: 1.4.16
filed under: System Utilities

Permalink | |  Print |  Facebook | | | | Pin it! |

06/27/2008

3 of the 4 CCC Secours rouge militants liberated

For an outsider the fight against terrorism in Belgium is a real rollercoaster and in the end you don't know who is winning or who is losing. I grew up in the 80's with the CCC and the Bende van Nijvel and WNP and fascist street violence and targeted attacks. It were fascinating but dangerous times. But it were also times in which the police and intelligence services did what they like the way they liked to do it. Sometimes it seemed we where living in a police state in which militants and activists were followed and indexed for very unclear reasons.

Aside from some sleeping jihad cells with big dreams and plans that were arrested, Belgium didn't know any big terrorist attacks since than. Some times there was some tension and sometimes there were alerts and we were asked to be vigilant but nothing compared to what happened in France in the metro stations, 9/11, 7/7 and so on.

So we have to be doing something right ? Well there are things going wrong somewhere. It is the 4th time that the DHCKP will be brought to trial. The PKK trainingcamp that was invaded by a huge police force seemed to be an international congress about women rights or something like that. And now three of the 4 suspects of Secours Rouge/CCC are liberated because there was no real evidence.

I remember that after 9/11 there was an enormous discussion about privacy versus security. Privacy and anonimity are relative, just as security and so one can't been seen without the other and can't be taken out of the context of the total picture.

If we would like to make privacy the basic principle on which all other laws are built upon, than we will never have enough security because the police and intelligence services will never have enough information to act or they will act wrongly because they have too little real hard information and are supposing too much based upon too little information. Than they make mistakes and lose credibility, which can be fatal for an intelligence agence, especially with its foreign partners (and in today's world you can't function as an intelligence service if you don't have enough trust relationships and cooperation from other intelligence services).

The other thing that makes it dangerous to put only privacy in the center of all the laws and practices is that you will have the information - or try to get it - whatever the law says. You will than act on that information because you will have the security of the society in mind - not the privacy of the few. And than you will go to court and the court will ask for your proof and you can't give it - because it will be (rightly) thrown out of court. You may have a thousand laws and auditors to try to keep your intelligence and police officers under control but the information will always flow to them and they will always try to act on it - because it is what they are trained to do (protecting us).

So I make an enormous difference between the surveillance of a whole society - which I hate and which doesn't have any operational benefits (you can never - even with today's technology- collect, interlink, translate and analyse all the information that is flowing through our digitalised societies) and the very thorough surveillance of those groups that are defined by law as being terrorist or very dangerous to the society as a whole. We should be sure that when those groups are brought to court, the police and the intelligence services can show 'all the evidence they have without any doubt'.

When I hear how Luc Beirens from the FCCU describes the process when he tries to disband cybergangs, it is to lose your patience and sympathy for the law. THis way the police services can't work with online criminal activity. They should have more powers in specific strictly defined domains that are supervised by the judicial powers and are controlled by the parliament.

The police services ask now that by law they could have access to your computer. The question is not if they may have access to your computer. There is nothing special with your computer that makes it apart or different from your phone, house, car or whatever. The question is for what and on basis of what and under the supervision of what. If it is only to do some fishing or suspicion than that would be difficult to approve. If it is because there are international sources and other information that give indications that are strong enough to give the judge the incentive to approve this kind of operation (and to make sure that only useful information is kept and all the rest is destroyed) than that is another case.

You can't say it is or security or privacy. Both are relative interdependent. We have in Belgium in comparaison to the US a relative better protected privacy environment but that is only because our security situation is for the moment better. If our security situation would worsen and bombs would effectively explose in our cities, than few would care about the privacy rights of their sympathisants and suspected sleeping cells or groups. ANd all the others that would be associated without any logical reason. We have seen this before in Belgium with the Mammouth operations after the CCC explosions that went through the leftwing organsations and sympathisers without much discrimination.

At the other side we have also a security environment because we feel that we live in a democratic society that respects the privacy and the democratic rights of its individual democratic citizens (even if they have the right to say their point of view).

Permalink | |  Print |  Facebook | | | | Pin it! |

EID Rijksregister teaches the wrong lesson

It is important that EID uses safe online services that give a sense of trust to the users. One of the things that are important is that the certificates are in order. Now this doesn't seem to be the case when you want to look up your information in your national file with your national unique number (RRN, Rijksregister).

THis service should be a showcase - an example of how it should be done ? ScreenHunter_01 Jun. 27 08.55

How do you want to educate the population how to work correctly with certificates and what is the sense of working with certificates and the whole very expensive infrastructure behind it, if you teach them that you should click on anything without checking or controlling. There is not much explanation in the text why people see this and what they should do here and why they shouldn't do this when they go to a bank for example.

Permalink | |  Print |  Facebook | | | | Pin it! |

Global security week in Belgium september 08

The Global Security Week takes place annually in the week leading up to September 11th . It is a non-profit initiative run by a team of volunteers across three continents to support and coordinate a range of security awareness activities worldwide in that week. This is a public awareness initiative, not a commercial or political venture. Its long-term aim is to become the focal point for security awareness activities in years to come.

This year, with the central theme being Cybercrime; LSEC will be coordinating the Global Security Week initiatives in Belgium with amongst other workshops and afternoon seminars by LSEC itself :

Preliminary Program :

1.       Monday September 8th : LSEC Budget Control Workshop and Information Security Economics Seminar

During this workshop and seminar, LSEC wants to support the development of Information Security professionals and experts by providing them with a number of basics on the organization of their information security projects. The morning workshop has been intended to provide some hands-on experience and practical support. In the afternoon the focus will not be on technology sales, but principles that help getting an understanding of the
economical drivers for information security technologies and projects.

For more information and subscriptions please visit :  http://www.lsec.be/index.php/whats_happening/event/lsec_i...

2.       Tuesday September 9th : LSEC Application Security Seminar

Learn about the current trends and evolutions in Application Security, including Web Application and Web 2.0, AJAX, webservices & XML, database security. Learn from recent threat models, best practices and current evolutions. During this seminar some of the experts will guide you through some of the threats that organizations are facing or could face using a variety of applications. Those could be as trivial as just a website that hosts the company profile, but could have adverse effects on the companies’ image or online transactions.
Those could also be very sophisticated attacks aimed at the heart of the business, by penetrating the deep insides of the applications themselves and changing their face and business logic, without being able to notice ...

For more information and subscription, please visit : http://www.lsec.be/index.php/whats_happening/event/lsec_a...

3.       Wednesday September 10th : Introduction to risk management and information security, together with Leuven Inc. evening session

Leuven.Inc themasessie: Beveiliging van mobiele data: Waarom en hoe?, an afternoon seminar in Flemish intended to the business community and start-up companies, in collaboration with Leuven Inc.

For more information and to subscribe, please visit : http://www.lsec.be/index.php/whats_happening/event/leuven...

4.       Thursday September 11th : LSEC Trusted Computing and Embedded Security Seminar

The Trusted Computing Initiative is reaching the market. Trusted Computing is a collaboration of a number of large computer manufacturers such as HP and Sony, that had the objective to increase the level of securitity by building in security potential on a hardware level. Some of these measures have been built in, into the most recent laptops and could facilitate and number of solutions and tools that allow for a better security measurement.
The idea of embedding security on a hardware level is not new, and is gaining increasing ground. Separate dedicated co-crypto-processors do exist today, and will be available more towards the future. But also the process of securing the chip development itself and securing some of the programmable chips today and towards the future should be considered.
During this seminar a number of those topics will be considered and investigated, with the objective to understand the opportunities and potential that embedded security can offer today and towards the future.

For more information and subscription please visit :

http://www.lsec.be/index.php/whats_happening/event/lsec_t...

5.        Friday September 12th : LSEC Malware Revisited Seminar

Malware attacks are increasing in volume, that is a fact and should be considered; but at the same time, the level of custom attacks, especially engineered for directed attacks against people or companies has also increased. It is suggested that both criminal - organized crime are behind the large scale attacks, especially oriented towards
financial gain through large scale fraud. How can you and your organization better prepare yourself against those attacks that have their origins on a worldwide level ? How can we as a whole community can support the fight against potential cyberterrorism ?
During this seminar, LSEC wants to revisit the developments of Malware and some of the solutions against them. We will gain condifence on the tools and technologies we acquire and why they should be implemented, but we also consider some of their concerns and how we should increase the level of awareness within our organizations.

For more information and to subscribe, please visit :

http://www.lsec.be/index.php/whats_happening/event/lsec_m...

Subscirbe now and participate to one or even all of these awareness events during the second week of September.

Practical :

  • Global Security Week 2008
  • Monday September 8th - Friday September 12th : morning workshops, afternoon seminars and discussions
  • Entrance :
    • Free upon registration prior to July 1, 2008 for
    •  
      • Free upon registration prior to July 1st, 2008 for
         -  LSEC vouchers (or presentation of this email)
         -  LSEC website members (register below if you haven’t already done so), LSEC members,  
           
            LSEC member invites and LSEC affiliates (ISSA, ISACA, Agoria-ICT, KTN, TeleTrusT,
           
        EEMA, ...)
         -  information technology professionals with in interest in becoming information security
            professionals (subscribe below to apply)

      • Submission fee of 150 €
        - upon registration after July 1st
      • Submission fee of 500 €
        - for consultants, vendors, industry representatives NON-member of LSEC

About :  LSEC is an internationally renowned IT security cluster, a not for profit organization that has the objective to promote Information Security and the expertise in Flanders and Belgium. It is supported by the Flemish institute for sciences and development (IWT) and has a broad membership base of over 65 IT Security specialized companies, and more than 200 individual IT Security Professionals , representing in total over 2500 IT Security specialists in Belgium.

 

For the latest full program and subscription* pages go to our websites : www.lsec.be  

Permalink | |  Print |  Facebook | | | | Pin it! |

06/26/2008

ICANN domains defaced by DNS hacks ?

from zone-h.com

Hijacked domains include "icann.com", "icann.net", "iana.com" and "iana-servers.com".
We reached the defacers by email but they refused to tell us how they changed the DNS records, however a cross-site scripting or cross-site request forgery vulnerability might have been exploited.

Here is the mirror of the ICANN.com defacement:
http://www.zone-h.org/component/option,com_mirrorwrp/Itemid,0/id,7635102/

You can have a look at their other defacements here:
http://www.zone-h.org/component/option,com_attacks/Itemid,43/filter_defacer,NetDevilz/

and after their decision to liberate the domainextension space the dns mess will only become a living hell if you don't secure and monitor it as hard as possible.

Permalink | |  Print |  Facebook | | | | Pin it! |

EID : online webservice is opt-out not opt-in

There is a lot of discussion between privacy advocates and service operators. The first are mostly for an opt-in in which the person has to make clear that he or she wants to use that service, the second are mostly advocates of the opt-out in which one has to say that he or she doesn't want to use those additional services.

Security persons are mostly for the opt-in because it is much more simple to secure a situation by having all additional services off and securing one after another if you would like to add them, than by going through all the activated services and trying to secure or cut them all. This is a bit the difference between NT/2000 and 2003 and later. And between a secure basic setup of a program and a standard one.

Now it has been said that every citizen that receives an EID at the cityhall in Belgium has automatically all the certificates activated that are needed for the online services. It is up to the citizen to phone or to send in a form to desactivate these services/certificates (for example because he or she doesn't has a computer at home).

There is also the following tip. Go to an EID reader where you have to put in your pincode and type three times a wrong ping code. The certificates will be automatically desactivated as any possible online use of your EID.

Permalink | |  Print |  Facebook | | | | Pin it! |

Toolz traceroute

 IPAddressGuide
IPAddressGuide
1Enter host name (or
IP/IPv6)
2Press the button "Tracert"

Permalink | |  Print |  Facebook | | | | Pin it! |

Toolz Decimal IP into IP address

IPAddressGuide.com
IPAddressGuide.com
1Enter decimal IP
2Press the button “Decimal”

Permalink | |  Print |  Facebook | | | | Pin it! |

Toolz deobfuscator URL

IPAddressGuide.com
IPAddressGuide.com
1Enter URL
2Press the button “De-Obfuscator”

Permalink | |  Print |  Facebook | | | | Pin it! |

Tool : Geolocation

IPAddressGuide.com
IPAddressGuide.com
1Enter IP
2Press the button “Find City”

Permalink | |  Print |  Facebook | | | | Pin it! |

Microsoft upgrades its anti-sql injection defenses


Everybody that follows a bit the hacking and scanning on the internet knows that sql scanning is the most used technique to get your site or data in troubbe because you didn't take the time to test it yourself before you announced your website to the press and the world. So now you sit on a broken egg (to say it mildly).

Microsoft is updating its defenses in asp and has upgraded URLScan so that more malicious SQL injecting urls will be rejected.

UrlScan version 3.0 Beta is a Microsoft security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from reaching the Web application on the server. UrlScan 3.0 will install on IIS 5.1 and later, including IIS 7.0. UrlScan 3.0 can be found at URLScan Tool 3.0 Beta.

UrlScan version 3.0 is a tool that will allow you to implement many different rules to better protect Web applications on servers from SQL injection attacks. These features include:

The ability to implement deny rules applied independently to a URL, query string, all headers, a particular header, or any combination of these.

A global DenyQueryString section that lets you add deny rules for query strings, with the option of checking un-escaped version of the query string as well.

The ability to use escape sequences in the deny rules to deny CRLF and other non-printable character sequences in configuration.

Multiple UrlScan instances can be installed as site filters, each with its own configuration and logging options (urlscan.ini).

Configuration (urlscan.ini) change notifications will be propagated to worker processes without having to recycle them. Log settings are an exception to this.

Enhanced logging to give descriptive configuration errors.

YOu can also use

A SQL Source Code Analysis Tool has been developed. This tool can be used to detect ASP code susceptible to SQL injection attacks. This tool can be found in Microsoft Knowledge Base Article 954476.

The Microsoft Source Code Analyzer for SQL Injection is a standalone tool customers can run on their own ASP source code. In addition to the tool itself, there is documentation included on ways to fix the problems it finds in the code it analyzes. Some key features of this tool are:

Scans ASP source code for code that can lead to SQL Injection vulnerabilities.

Generates an output that displays the coding issue.

This tool only identifies vulnerabilities in classic ASP code. It does not work on ASP.NET code

and some more info

Links to other documentation on SQL injection and coding best practices:

SQL Server Injection Protection

Preventing SQL Injections in ASP

How To: Protect from SQL Injection in ASP.NET

Coding Techniques for protecting against SQL Injection in ASP.NET

Filtering SQL Injection from Classic ASP

Security Vulnerability Research & Defense Blog on SQL Injection Attack

source Microsoft (thanx)

Permalink | |  Print |  Facebook | | | | Pin it! |

06/25/2008

Rehacked Again (and again) FEDIS.BE/swan

1_29
how many times and how much or 'is there gonna be no next time' ?

Take your security seriously yourself instead of telling everyone that internet is so safe and that you shouldn't worry about anything......  

ps source zone-h.com and we didn't do anything, we only report it

Permalink | |  Print |  Facebook | | | | Pin it! |

Hack of the day : brochurewijzer.be

1_28

Permalink | |  Print |  Facebook | | | | Pin it! |

Rapport Gezonheid en microgolven (ook wifi)

Uit het rapport van de Hoge Gezondheidsgraad

Hoewel tot nu toe niet experimenteel bewezen, toont de wiskundige benadering in de bijlagen aan dat het erg aannemelijk is dat biologische systemen kunnen demoduleren en dus onder invloed kunnen staan van de ELF (Extreme Low Frequency) afkomstig van gepulseerde en gemoduleerde golven.

Nederlands rapport / Français /

Addendums (nederlands, Français, English)

Permalink | |  Print |  Facebook | | | | Pin it! |

citizen media : is crowd funding a way forward

http://www.Spot.us is a nonprofit that allows an individual or group to take control of news in their community by sharing the cost (crowdfunding) to commission freelance journalists to write important, or uncovered news stories

It would off course give freelance journalists a way to survive as general media are becoming more general and lookalikes and local news is feeling the pressure from advertisers. But how do you guarantee that the writer doesn't write (of puts his or hers name under it) what he or she has been asked to to ?

It does make it possible although that this way forgotten stories can become news because they are written by journalists that are used to write stuff that get attention.

Permalink | |  Print |  Facebook | | | | Pin it! |

EID how to make it unusable online directly or from now on (updated)

You can make your EID unusable online if you don't activate any of the digital certificates that are on it when you go to the cityhall to get yours.

You won't be able to use it for any online service but if you refuse the activation that is probably your intention.

Probably they won't say you aren't obliged to activate both and just try to do it, but I have been hearing from several sources that you have the right to do so. Contradict me if I am wrong.

The law says that we don't have to activate the necessary keys for online authentification that would be necessary for digital signatures or online services.

art 14 §2 (...)
De elektronisch leesbare gegevens van persoonlijke aard betreffen :
1° de identiteits- en handtekeningsleutels;
2° de identiteits- en handtekeningcertificaten;
3° de geaccrediteerde certificatiedienstverlener;

4° de informatie nodig voor de authentificatie van de kaart en voor de beveiliging van de elektronisch leesbare gegevens voorkomend op de kaart en voor het gebruik van de bijhorende gekwalificeerde certificaten;
5° de andere vermeldingen, opgelegd door de wetten;
6° de hoofdverblijfplaats van de houder.
De houder van de kaart kan desgewenst afzien van de activering van de onder 1° tot 3° van het vorige lid vermelde gegevens.
http://www.juridat.be/cgi_loi/loi_N.pl?cn=2003032530

So some questions

1. Are people informed in an understandable manner that they don't have to activate that ?

2. Can you - except by 'losing' the card and asking a new one - desactivate it if it has been activated without your consent ?

3. So how many people didn't activate it or asked to desactivate it - if they were told they could do so. I have heard and read about communes where it was activated by default.

It shows the importance of having a very secure and robust security-organisation, audit and upgrading backoffice for this enormous project. It is not something to be taken lightly and to be done 'between the croissant and the coffee'. Because every scandal, vulnerability or problem that arise can have an impact on the (des)activation of these certificates (and so on your ability to use it for online services). The very smart card will become so dumber each time. And the nirvana of all those technological wet dreams of our evangelistic technopriests will  become fata morgana's (except that they have cost millions).

Permalink | |  Print |  Facebook | | | | Pin it! |

Documents about Itsecurity, terrorism and privacy for today

Itsecurity

http://www.dhs.gov/xoig/assets/mgmtrpts/OIGr_08-58_May08....  Lessons learned from an outage at the Los Angeles Airport. Even if some information is yellowed out, it is interesting to read that it took 6 hours for Sprint to have someone at the site present and that hot swapping had as a consequence that there was a fireL Luckily there was a decommissioned router that could be used (was it updated and patched ?). It was also interesting to read that they first disconnected the wireless network - even if this didn't solve the problem. They finally found a connection with 12 devices that seemed to be the heart of the problem. In its conclusions it is stated that these turn on turn off actions should have been started from the beginning and that such important networks should have more analysis and alerting tools.

NSA Suite B Base Certificate and CRL Profile (30pp, 835KB)  guidelines for the NSA how to sign your certificates if you are from the NSA, nice template more or less, good idea if you are a complex organisation

Terrorism

http://cryptome.org/dhs060608.htm revision of the US critical infrastructure plan

http://www.mcclatchydc.com/259/story/40334.html The other side of Guantanamo and the internal US antiterrorist prisons nobody talks about.

http://cryptome.org/uscg061708.htm  The protection of a LNG terminal (we have one in Belgium - I don't know what we do, I hope we do something)

http://www.gao.gov/new.items/d08757.pdf the Congressional Accounting Office (a much stronger version of our Rekenhof) has used UNDERCOVER investigators to actively test the border controls and found astonishing results. Imagine that. The research department of our parliament sending undercover investigators to our ports to test the effectiveness of our border controls.

FBI training on IED or improvised Explosive devices (that don't look at all like bombs)

Privacy

http://cryptome.org/dhs061008.htm US electronic Travel system that controls who is coming without a VISA before they arrive

http://www.dni.gov/reports/IC_Legal_Reference_Book.pdf US law book (688 pages) for the Intelligence Community

Permalink | |  Print |  Facebook | | | | Pin it! |

joke of the day optimuminvest.be

So you would think it is an investfirm or something like that ?

No it is just a forum with explicit porn - but maybe it is some mad investor who got...... 

Explicit

yourdomain.com :: View topic - lavalife virgin fuck batman porn

tawnee stone hacked · web cam girls · free rape movies · teen in shower · tatu mp3 · gay asians · pictures of naked girls · hot teen girls · preteen pussy ...
www.optimuminvest.be/forum/viewtopic.php?p=19597 - 103k - 19 Jun 2008 - Cached - Similar pages - Note this

Permalink | |  Print |  Facebook | | | | Pin it! |

1 2 3 4 5 6 7 8 Next