07/29/2008

Some interesting research coming out of Holland

* Thesis about information exchanges and confidentiality is online and free and has been written by another dutch security researcher that has been often in the news the last months. He is a member of the research lab that has broken the RFID transportcard of NXP that is used in Holland and of which the same model is being used all around the world. http://www.teepe.com/phdthesis/

* F. Korthals Altes et al., Stemmen met Vertrouwen, report of the national advice committee on the organisation of voting in the Netherlands, sept. 2007.  [Dutch copy] [English summary] [English copy] [French summary] [Picture of report presentation] Lees ook Stemmachines een verweesd dossier

E. Hubbers, B. Jacobs, and W. Pieters. RIES - Internet Voting in Action

PKI: Vloek of Zegen?. Informatiebeveiliging, 3:4-8, April 2002. PDF document PostScript document  (klik iconen)

K. Cartrysse, R. Corin, M. Dekker, S. Etalle, J.-H. Hoepman, G. Lenzini, J. v.d. Lubbe, J. Verschuren, and T. Veugen.
Privacy in an Ambient World (PAW): Using licenses and private computing as PET. Technical report, January 2004. PDF document PostScript document (click icones)

Data voor Daadkracht,

Van privacyparadijs tot controlestaat? Misdaad- en terreurbestrijding. in Nederland aan het begin van de 21ste eeuw en

B. Jacobs and M. Jochems, DigiD en Privacy, Automatisering Gids 42, 10/07

B. Jacobs and I. Hasuo, Semantics and Logic for Security Protocols, Journal of Computer Security

J.-H. Hoepman, E. Hubbers, B. Jacobs, M. Oostdijk, and R. Wichers Schreur. Crossing Borders: Security and Privacy Issues of the European e-Passport

Permalink | |  Print |  Facebook | | | | Pin it! |

07/28/2008

The US army robot in Iraq (pix)

robot

Permalink | |  Print |  Facebook | | | | Pin it! |

some holiday literature for today

* second report of the english parliament about personal internet security and the political actions it awaits from the government and the initiatives it expects from the private sector

* report by CDT about a firm that tries to use surf habit metrics to send specific advertising and its impact on privacy

* the july report on spam from mcafee that has some very interesting methodical descriptions

 

Permalink | |  Print |  Facebook | | | | Pin it! |

07/27/2008

some holiday literature for today

* Lateral SQL Injection: A New Class of Vulnerability in Oracle. or how even the normal anti sql injection attacks don't project you in Oracle against such attacks (or better said a variation of them)

http://www.aclu.org/images/asset_upload_file864_35873.pdf  why the ACLU wants to know when mobiles are being tracked in the US

http://www.oecd.org/dataoecd/7/1/40605942.pdf The OECD report on IPv6

 

Permalink | |  Print |  Facebook | | | | Pin it! |

07/25/2008

some stuff to read about data breaches and medical identity theft

* list of data breaches in the US and some explanation about each breach and they also publish an important report discussing the impact of identity theft victimization. Since 2003, the Identity Theft Resource Center has conducted annual victimization surveys to study the impact of identity theft crimes on its victims.  Now in its fifth year, the report allows us to analyze the data, draw some conclusions, map trends and identify areas for further research.

* Another important page they have is about medical Identity theft and the rights you have on your medical information (in Belgium some are trying to set up an ehealth platform)

 

Permalink | |  Print |  Facebook | | | | Pin it! |

07/24/2008

Who is using this tiny_mce ?

for the whole world

Personnalisé Résultats 1 - 100 sur un total d'environ 131 000 pour allinurl: "tiny_mce plugins"

for Belgium

Personnalisé Résultats 1 - 40 sur 40 pour allinurl: "tiny_mce plugins" site:be.

spamhacked

Buy Viagra Online. LOWEST PRICES GUARANTEED! viagra uk purchase- [ Traduire cette page ]

viagra uk purchase. Effects. Or avodart work by increasing structures built from chemicals and cjalis in the central nervous system functioning, ...
www.slagerijvandewalle.be/tiny_mce/plugins/filemanager/files/viagraukpurchasevs.htm - 6k -

Broken site of the european Commission

https://maritimeaffairs.jrc.ec.europa.eu/home  and look at this one

Permalink | |  Print |  Facebook | | | | Pin it! |

attacks happening on TinyMCE (NOW)

TinyMCE Javascript Content Editor by Moxiecode Systems AB- [ Traduire cette page ]

TinyMCE is a platform independent web based Javascript HTML WYSIWYG editor control released as Open Source under LGPL by Moxiecode Systems AB.
tinymce.moxiecode.com/  There is NO INFO HERE
we see in zone-H.com for the Belgian sites that today already 4 sites using that code have been hacked by different groups, showing that there is an exploit, vulnerability or problem with the default install
If you use this system you should control it. It is also used with wordpress and integrated in other stuff.
the spamhackers are also busy today using the exploit
Il y a 14 heures -

Buy Cheap Phentermine Online! Order Phentermine Online! cheap ...

cheap phentermine. Pruritus, invit; alopecia, fexofenadine postmarketing a whitelist of assays pronounce antidiarrhea shoes. Some acquaintances immensely ...
www.dcxproject.com/.../jscripts/tiny_mce/plugins/filemanager/files/templates/in/cheapphentermineli.htm - 6k -
Il y a 9 heures -

Buy Cheap Cipro Online! Order Cipro Online! cipro gonorrhea

cipro gonorrhea. Which need for weather without comrade, formal. If lot or limit a search report. This type of therapy would alter an individual s genetic ...
www.circles.cc/includes/tinymce/jscripts/tiny_mce/plugins/filemanager/files/in/ciprogonorrheanx.htm - 6k

Permalink | |  Print |  Facebook | | | | Pin it! |

is this the website of Karadzic ?

researchers are searching for the website he had as a faux psy

some of the websites have already been dismissed as a hoax

but this one should it be http://www.psy-help-energy.com/ 

source http://cryptome.org  even as a joke it is jokingly to see that he had a consultancy called PAVLOVic consulting. Maybe this was the way he organised the slaughter by all these soldiers, being nothing more than players in a sick experiment ?

just watch out for news and links and stuff like that. Could sometimes just be a stormy worm looking for a new angle.

Permalink | |  Print |  Facebook | | | | Pin it! |

What does Govcert do in Holland ?

* It gives security information to the official networks and website administrators and helps them when an incident is taking place or has taken place. It also advises them in the use of security and encryption.

* it works together with the banking sector and with ISP's to take down phishing sites. But in the article it is mentioned that this takes around one day, while a phishing site makes its money in the 4 hours after it has send out the spam with its link. If an antiphishing strategy wants to be successful it has to take them out immediately.

* it patrols the internet from 9 to 21h to look for problems and rassemble the information about new security problems and attack methods. This information is than shared with the administrators in the network. But I ask myself how do you explain otherwise that you are saying that you are working and intervening around the clock ? Well just to dehype the initiative, they have 30 specialists.

Some of this information is published on waarschuwingsdienst.nl for all members of the public. But the number that has subscribed to its emailnewsletter is quite low.

* it has also installed a system of sensors across the service providers so it can monitor the internet traffic for new attacks that are actually taking place.

http://www.security.nl/article/19098 

maybe this is an idea for our minister of justice that has set aside an enormous budget to get some center somewhere going to do something somewhat somehow whatever when what etc.... you get the picture

Permalink | |  Print |  Facebook | | | | Pin it! |

Dexia, Fortis and the fight against rumors and speculation

There was a time that I worked for a currency speculator before the Euro (for one of his other media projects). By chance I had the 'chance' to see 'live' how currency speculation took place against the French, Belgian and English currencies and how speculators always won. They were with too many with too much money (looks like DDOS to ITpeople). The only way that it was stopped was when all the national banks created a front of resistance together and held that line, cost what cost. It helped. Now we have the Euro in Europe and that time seems more or less a history long ago.

When i read the last days the newspapers and I change the names of the currencies with the names of Big Belgian banks than there is in fact nothing that has changed - except that there is no central coordination between those private banks to help each other against such (DDOS) speculation attacks. It is each for himself and all against each other. Fortis and Dexia have lost about half of their market value and there is no security that such attacks won't happen again.

Only the world has changed dramatically since than. First everybody has bought investment stuff from anywhere (what do Belgian banks have to do with US mortgages anyhow ?). Secondly buying and selling is done electronically and by mathematical models and risky riskcalculating (the same kind of calculations that gave us the present creditcrisis anyway). Third the internet has given a forum to lots of forums and speculations that can be used to jump and dump stock or to win on short-sell strategies.

One important banking consultant said that it is in fact unacceptable that speculators buy banking stock (the fundamentals of our financial infrastructure and the livehood of our economy) with the option that the value will go down, they launch rumors and when the stock effectively starts sliding or running down, they sell their options and win. There is no way for the bank to win this.

They should invest more money and resources in Internet observation and have a quick communication reaction taskforce ready around the clock. No rumor should be left unanswered.

But even than financial sites and forums will have to ask themselves in how far they can be used as a launchpad for these speculative attacks done by false or anonymous sources.

Permalink | |  Print |  Facebook | | | | Pin it! |

e-recycling publicatons from EPA (US)

http://www.epa.gov/epaoswer/osw/conserve/plugin/resources...  resources

http://www.epa.gov/epaoswer/hazwaste/recycle/ecycling/rul... US legislation

http://www.epa.gov/epaoswer/hazwaste/recycle/ecycling/pub... publications

http://www.epa.gov/epaoswer/osw/conserve/plugin/recycleit... how to plan e-recycling

http://www.epa.gov/epaoswer/osw/conserve/plugin/govts.htm Guidelines for governments and tools (US legislation)

http://www.epa.gov/epaoswer/osw/conserve/plugin/pilots.htm  pilot projects

Ideas and guidelines that can be used in whatever situation.

Permalink | |  Print |  Facebook | | | | Pin it! |

hacked .be hoster internetservice of the week cfiweb.be

1_55

Permalink | |  Print |  Facebook | | | | Pin it! |

Updated interesting freeware

   Zortam Mp3 Media Studio 8.25


Get new version now  
What's new in this version: Version 8.25 improves MP3 tags support.
updated:7/21/2008
new version:8.25
filed under:Music Management
 

   Grouped Access Tools 1.2


Get new version now  
What's new in this version: Version 1.2 added many Hotkeys, including show GAT (Ctrl+Alt+Space); Fixed major install bug; Fixed Find DLL/Module unload; Fixed some logging bugs; Fixed some process handling bugs; Fixed many Options bugs; Fixed possible File Not Found bug on load; Increased loading time; File Properties, Go to File's Folder and Set Normal File Attributes now use multi-selection.
updated:7/14/2008
new version:1.2
filed under:System Utilities
 

   Glary Utilities 2.6


Get new version now  
What's new in this version: Version 2.6 adds support for Windows XP/Vista 64-bit version.
updated:7/18/2008
new version:2.6
filed under:System Utilities
 

   SUMo 2.0.0.50


Get new version now  
What's new in this version: Version 2.0.0.50 includes improved Vista compatibility, remember windows size & position, and new set of icons.
updated:7/16/2008
new version:2.0.0.50
filed under:Automation Software
 

   InternetScrap 2.15


Get new version now  
What's new in this version: Version 2.15 may include unspecified updates, enhancements, or bug fixes.
updated:7/15/2008
new version:2.15
filed under:Tools and Utilities
 

   Sakina Privacy Protector 2.4


Get new version now  
What's new in this version: Version 2.4 fixed small bugs.
updated:7/15/2008
new version:2.4
filed under:Privacy Software
 

   Serv-U 7.2


Get new version now  
What's new in this version: Version 7.2 adds Russian translation, Firefox 3 support, Safari support, and Mac OS X support for FTP Voyager JV.
updated:7/18/2008
new version:7.2
filed under:FTP Software
 

   Network Connectivity Tester & Logger 8.22


Get new version now  
What's new in this version: Version 8.22 fixes a minor bug.
updated:7/17/2008
new version:8.22
filed under:ISPs
 

   MSN Webcam Recorder 16


Get new version now  
What's new in this version: Version 16 improved video clips functionality.
updated:7/13/2008
new version:16
filed under:Webcam & Video
 

   PowerFolder 3.1


Get new version now  
What's new in this version: Version 3.1 may include unspecified updates, enhancements, or bug fixes.
updated:7/14/2008
new version:3.1
filed under:Remote Access
 

   BestSync 2008 3.6.14


Get new version now  
What's new in this version: Version 3.6.14 fixes a bug that may block the FTP function.
updated:7/21/2008
new version:3.6.14
filed under:Backup Software
 

   CitrixWire 4.0.8


Get new version now  
What's new in this version: Version 4.0.8 may include unspecified updates, enhancements, or bug fixes.
updated:7/14/2008
new version:4.0.8
filed under:MP3 Finders
 

   LiveStream Broadcaster 5.3


Get new version now  
What's new in this version: Version 5.3 enhances security and adds feature of automatic capture upon motion detection.
updated:7/21/2008
new version:5.3
filed under:Webcam & Video
 

   Wise Registry Cleaner 3 Free 3.61 build 122


Get new version now  
What's new in this version: Version 3.61 build 122 modify the rules of scanning to improve security; Cancel start splash window; and Multi-language be included in the installation process.
updated:7/17/2008
new version:3.61 build 122
filed under:Diagnostic Software
 

   SmartFTP Client (32-bit) 3.0.1020.3


Get new version now  
What's new in this version: Version 3.0.1020.3 may include unspecified updates, enhancements, or bug fixes.
updated:7/20/2008
new version:3.0.1020.3
filed under:FTP Software
 

   Ad-Aware SE Definition File SE1R269 (07/11/2008)


Get new version now  
What's new in this version: The latest release adds new definitions.
updated:7/15/2008
new version:SE1R269 (07/11/2008)
filed under:Spyware Removers
 

   dbQwikSite 5.3.0.8


Get new version now  
What's new in this version: Version 5.3.0.8 is a maintenance release.
updated:7/17/2008
new version:5.3.0.8
filed under:IDEs & Coding Utilities
 

   Clean My Registry 4.7


Get new version now  
What's new in this version: Version 4.7 has improved performance.
updated:7/13/2008
new version:4.7
filed under:System Utilities
 

   TCExam 5.4.002


Get new version now  
What's new in this version: Version 5.4.001 some PDF-related bugs were fixed.
updated:7/14/2008
new version:5.4.002
filed under:Teaching Tools
 

   DAVID-Laserscanner 2.0b


Get new version now  
What's new in this version: Version 2.0b includes several changes such as support of German, Italian and French language, manual cleaning tool, and other improvements.
updated:7/14/2008
new version:2.0b
filed under:3D Modeling & CAD
 

   WOT for Firefox 20080714


Get new version now  
What's new in this version: Version 20080714 may include unspecified updates, enhancements, or bug fixes.
updated:7/14/2008
new version:20080714
filed under:Firefox Extensions
 

   ZoneAlarm Firewall (Windows 2000/XP) 7.0.483


Get new version now  
What's new in this version: Version 7.0.483 is a bug fixing release.
updated:7/15/2008
new version:7.0.483
filed under:Firewall Software
 

   Mozilla Firefox 3.0.1


Get new version now  
What's new in this version: Version 3.0.1 is a bug-fixing release and its changes include: fixed several security and stability issues, fixed issue where the phishing and malware database did not update on first launch, updated internal Public Suffix list.
updated:7/17/2008
new version:3.0.1
filed under:Web Browsers
 

   FTP Voyager 15.1


Get new version now  
What's new in this version: Version 15.1 may include unspecified updates, enhancements, or bug fixes.
updated:7/16/2008
new version:15.1
filed under:FTP Software

   IrfanView 4.2


Get new version now  
What's new in this version: Version 4.2 adds Basic Unicode support and new options.
updated:7/16/2008
new version:4.2
filed under:Image Editing

Permalink | |  Print |  Facebook | | | | Pin it! |

Open source is less secure than it is hyped to be and is not ready to confront this

1_53

and they have every reason to implement this because when analyzing the so called very secure code (because it is reviewed by the 'community') for SQL, buffer overflows and cross site errors they came up with this

1_54

source the fortinet security study about open source

Permalink | |  Print |  Facebook | | | | Pin it! |

Some diverse reading stuff

* From Intel : Vision 2015: A Globally Networked and Integrated Intelligence Enterprise: "Vision 2015 expands upon the notion of an Intelligence Enterprise, first introduced in the National Intelligence Strategy and later in the 100 and 500 Day Plans. It charts a new path forward for a globally networked and integrated Intelligence Enterprise for the 21st century, based on the principles of integration, collaboration, and innovation

* From the US government :  Safeguarding Against and Responding to the Breach of Personally Identifiable Information guidelines what the administrations have to do to prevent breaches and how to limit their impact

* The Changing newspaper Newsroom in the US, less news and shorter (let's hope the people look for and find the rest on the internet....)

* Department of Commerce Office of Inspector General - United States Patent and Trademark Office, The Overseas Intellectual Property Rights Attaché Program Is Generally Working Well, but a Comprehensive Operating Plan Is Needed, Final Report IPE-19044/July 2008. a new job for other diplomatic posts ?

* DOD Support to the Global War On Terror (GWOT) - D-2008-086 Challenges Impacting Operations Iraqi Freedom and Enduring Freedom Reported by Major Oversight Organizations Beginning FY 2003 through FY 2007, July 18, 2008 (Project No. D2007-D000XA-0249.000)

* Department of Homeland Security: Essential Technology Task Force, June 25 2008 (PDF, 24 pages)

* US Intergovernmental Panel on Climate Change, Technical Paper on Climate Change and Water, June 2008 (214 pages, PDF)  "The Technical Paper addresses the issue of freshwater. Sealevel rise is dealt with only insofar as it can lead to impacts on freshwater in coastal areas and beyond. Climate, freshwater, biophysical and socio-economic systems are interconnected in complex ways.

a lot of other documents are also uploaded to read to the Google group for its members.

Permalink | |  Print |  Facebook | | | | Pin it! |

07/23/2008

Some interesting books from docstoc

Google Search Shortcuts

Bloggers Handbook

WEP Cracking

Top-84-MySQL-Performance-Tips

Digital-Yearbook-2007---From-IDATE

Hacking_VOIP_Exposed

Practical-VoIP-Security

How-To-Login-From-an-Internet-Cafe-Without-Worrying-About...

Administrative-and-Technology-Services-Outsourcing

Checklist_Software-Development-Contract

Checklist_Website-Hosting-Agreement

Service-Level-Agreement

Confidential-Information-Exchange-Agreement

Web-Performance-and-Scalability-with-MySQL

Quick-Start-Guide-for-Server-Clusters-Windows-2003

1000-CCNA-Questions

Website-Load-Tester-Tools-Overview

Windows-Keyboard-Shortcuts

Good-Practice-In-Commissioning-Accessible-Web

Improving TCPIP

securing-php

software_testing

Active-Directory-Security

security_protocols

Authentication in webservices

Win2K_XP_Checklist

Permalink | |  Print |  Facebook | | | | Pin it! |

07/22/2008

and the winner of the Olympics of social engineering is

1_52

Karaznic living and hiding for 13 years under a false identity from all kinds of international and serb spies and investigators and earning a living as a doctor in a hospital in Belgrade without any license to do so. One reason is naturally that he never contacted his friends or family.

But now he may face trial for things that we have seen on tv and that will never leave our memory

79845319_62d37c8fa9

fire

Srajevo-sniper

never we felt so helpless against so much brutal violence that was so long diplomatically accepted in the backyard of Europe.

this video compilation of CNN shows this well

Permalink | |  Print |  Facebook | | | | Pin it! |

the secretive private Dow Jones Watchlist in your mobile ?

Dow Jones Watchlist is a global database, which tracks and monitors over
500,000 individuals and other entities that represent a legal or commercial
risk to institutions, including criminal activity that did not result in
political sanctions

This is used by Vodafone for its M-Pesa mobile money transfer service to ensure compliance with AML regulations from bodies such as the UK’s Revenue and Customs, the European Union, the Central Bank of Kenya, and the Central Bank of Tanzania as well as with the U.S. Patriot Act. The system checks customer names against Sanctions and Politically Exposed Persons (PEPs) from the Dow Jones Watch List.

Permalink | |  Print |  Facebook | | | | Pin it! |

Regulator BIPT has A war fund of 3 million Euro

It is strange to read that the minister that is responsable for the BIPT (our regulator of postal and telecommunication services) blasts his own administration away and says that it is nearly the worst regulator of the European Community. One reason - to make it totally hilarious - is that the public service operator Belgacom makes its work nearly impossible as regulator by taking to court against any of its decisions that it doesn't agree with.

So the minister says that more internal specialists of the BIPT should be internally transfered to these devisions of the BIPT that should open up the telecom market. It should also use - according to its minister - its own cash it has been piling up the last years.

Maybe it should use some of that cash to build finally a CERT that is worth that name.

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgium obliges the use of electronic documents but has no standards for archiving

the reason is simple, they have forgotten to make the necessary laws by december 2007 as was foreseen in the law that wanted to regulate the necessary services that would develop such services as electronic archiving.

well, who cares, who needs standards anyway ?

Permalink | |  Print |  Facebook | | | | Pin it! |

1 2 3 4 5 6 7 8 Next