10/31/2008

Fortis Emailgate

As there is in Belgium no clear legal definition of the value of an email - nor any guidelines about how to treat it in a professional or financial environment or to handle it as legal proof (ediscovery) emails keep turning up now and than.

Now it is claimed that when it became clear in internal documents that Fortis has neglected since september 2007 the warnings from its risk department about its US subprime investments and didn't communicate their information to the shareholders - who didn't know the right value of their stock, the solvability of the bank and the risks it was taking with this take-over of Amro (the history of Nemo trying to eat a shark), that the top manager were sending each other emails about that research. They now say that they never have sent such emails. I hope that Fortis has an emailarchiving solution that can be used in a legal situation (if it is compliant with US reglementation it should).

The lawyers of the different courtcases against Fortis should also ask the judge to take measures to be sure that no proof was or is being destroyed that could be discovered in a ediscovery investigation.

It becomes clear that if internal risk auditors in a financial institution have no real independence, they can't work for the good of the bank because they will lack the independence and resources to do their work as they should have done, although it was difficult for them to go public at that time. After the accountants and the ITsecuritypeople, maybe it is now time for the risk auditors to get some official statutary independence. Speaking of independence. Our independent Financial and BankCommission that should have supervised the operation and the risks the bank was taking was informed about the notes from the risk department but choose not to act than and not to comment now.

It looks a bit like the IT world. Nobody is responsable.

Permalink | |  Print |  Facebook | | | | Pin it! |

Urgent VMware patches and updates

VMWare have released a new security advisory, and has updated two previously announced advisories.

Details are available via the VMWare web site:

- VMSA-2008-0017 (new advisory)
 http://lists.vmware.com/pipermail/security-announce/2008/...

Summary : A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding.

CVE Reference: CVE-2008-3281

Summary: A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet.

CVE Reference: CVE-2008-0960

Summary: Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.

CVE Reference: CVE-2008-2327

- VMSA-2008-0014.3 (updated advisory)
 http://lists.vmware.com/pipermail/security-announce/2008/...

This is an updated advisory which impacts a wide range of VMWare products (both desktop and server), and covers 16 CVE's.

- VMSA-2008-0011.3 (updated advisory)
 http://lists.vmware.com/pipermail/security-announce/2008/...

This is an updated advisory which ESX products only, but covers 9 CVE's

These advisories list security issues that have been fixed in the patches for ESX 2.5.4, ESX 2.5.5., ESX 3.0.2 and ESX 3.0.3 released on 30th October

source Internet Storm Center

Permalink | |  Print |  Facebook | | | | Pin it! |

E-discovery why you need electronic and paper copies

Over the years, it’s become less and less appropriate to convert discovery materials originally stored in an electronic format into hardcopy (i.e., paper) form for production to a requesting party. The downsides to receiving materials in this format are obvious and well-documented: greatly reduced ability to search the collection, potential loss of helpful (and relevant) metadata, and significantly higher storage costs. That said, in many cases that involve a limited amount of discovery materials, litigation teams continue to exchange electronically stored information (“ESI”) in printed form. After all, for only a few boxes of documents, paper remains fairly manageable. And, if the parties agree to a paper production format - or haven’t specifically requested an alternate format -no further discussion is needed, right?

http://www.llrx.com/columns/hardcopyesi.htm

Permalink | |  Print |  Facebook | | | | Pin it! |

dns.be sold ebaye.be to speculators

len33

and you maybe lucky it isn't used for phishing or redirect or malware installations .....

That is why certain important names and trademarks shouldn't be sold without the approval by the owner or some other guarantees.

Ebay you should look at the Belgian law on the unlawful use of domainnames and a stringent interpretation of the condictions of DNS.BE. Typosquatting is illegal in Belgium. That DNS.be doesn't mind is their (big) problem.

Permalink | |  Print |  Facebook | | | | Pin it! |

US electoral politics heavily influenced by online video

The Internet (via computer) was identified by 62 percent of respondents as a regularly used source for 2008 presidential election information, and was surpassed only by television (82 percent). Other sources were selected as follows: newspaper/magazine (49 percent), radio (30 percent), cell phone/mobile device (4 percent).

About 30 percent of registered voters reported using online video for following 2008 presidential election coverage. And 75 percent of these online video users felt that watching video online enabled them to follow presidential election news and events more closely.

the document can be found here

http://www.cisco.com/en/US/solutions/collateral/ns341/ns5...

By the way, Cisco has invested enormously in online video....

Permalink | |  Print |  Facebook | | | | Pin it! |

comix : totally paranoid : my epassport is in the fridge

len32

Permalink | |  Print |  Facebook | | | | Pin it! |

comix : crooks banking on the financial crisis

len31

Permalink | |  Print |  Facebook | | | | Pin it! |

Free For today Smart CD Catalog (tops)

Organize disc content without using your CD drive.

 

Smart CD Catalog is software designed for organizing and managing CDs, DVDs, and other digital media collections. It will allow you to catalog your disks and create an ordered CD/DVD database. It is much more comfortable to use Smart CD Catalog than keep a list of disks on paper, in text files, or in Excel. Just add a disk to Smart CD Catalog once and you can view its contents, even if the disk is lying on a shelf or is being borrowed by a friend of yours.

All types of media are supported: CDs and DVDs, hard disks, floppy disks, mounted network disks, USB drives, and RAM disks. You can also add separate folders to the catalog. You can view the list of files on any disk and their properties in the same way you can do it in Windows Explorer. Plus, you can add your comment to any disk, folder or file.

Main features:

  • Intuitive graphic interface;
  • Adding any types of disks;
  • Adding separate folders;
  • Automatically scanning inserted CDs and DVDs;
  • CDDB support;
  • Numbering disks;
  • Adding comments to disks, folders or files;
  • Filtering disks by categories, locations and types of media;
  • Maintaining a list of borrowers and a history of loans;
  • Displaying detailed information about disks, folders or files;
  • Displaying the size of folders in the list of folders and files;
  • Sorting disks, folders and files by any property;
  • Detailed statistics about the contents of the catalog;
  • Flexible report generator;
  • Minimize the program into the system tray;
  • Wide search features;
  • Password-protected access.

Permalink | |  Print |  Facebook | | | | Pin it! |

blogosphere today and angst video

 How blogging becomes more an echochamber than looking for original stories. Hi. this ain't the case here I think. If you have original stuff, send it.... Don't wait for the traditional media, they are reading this here (by the way...) and may pick up your stories.

Sarah Lacy - The Growing Blogosphere Angst

Permalink | |  Print |  Facebook | | | | Pin it! |

US voting abuse : new film about voting errors - chaos next week ?

This is why Obama needs to win by a landslide so the difference isn't decided on technical and legal discussions like in 2000 and 2004.

 

Permalink | |  Print |  Facebook | | | | Pin it! |

10/30/2008

personal website of liberal politician blocked as spam/malware site

in the list

2008/07/09_01:18mhcrombe.axeweb.be/r.html213.189.188.51host-213-189-188-51.brutele.beExchangerN/A

This is what Google gives

  • Crombé-Berton, Marie-Hélène - http://mhcrombe.axeweb.be/ Sénatrice fédérale MR et questeur du Sénat. Présentation, activités parlementaires, agenda, ...
    www.google.com/Top/World/Français/Régional/Europe/Belgique/Société/Politique/Pages_personnelles/ -
  • Welcome to Jame Investments International Inc: July 2008

    Pregnant Angelina Jolie asked the media to leave her alone while she waits to give birth to twins http://mhcrombe.axeweb.be/r.html ...
    jamesmiddleton007.blogspot.com/2008_07_01_archive.html -
  • Permalink | |  Print |  Facebook | | | | Pin it! |

    THis happens when you don't filter the queries in the search engine of your site

    http://nl.jobcrawler.biz

    and the searches that are showed have some very strange things to show

    ssl keys_12 Oct. 30 12.46

    Permalink | |  Print |  Facebook | | | | Pin it! |

    Estdomain is still a .eu domain registrar

    ssl keys_11 Oct. 30 11.44

    Permalink | |  Print |  Facebook | | | | Pin it! |

    what can be done for Eu should be possible for .be

    In the .eu domain there are hundreds of domainnames blocked, that is to say they can't be used by anyone else but the legitimate owners.

    http://www.eurid.eu/en/eu-domain-names/blocked-reserved-n...

    http://www.eurid.eu/files/reserved_EC.txt

    http://www.eurid.eu/files/blocked.txt

    If that had been the case with the .be domain, the names of regions, cities and administrations or important persons would also have been blocked before.

    It is a reminder for those that want to set up their own domainextension.

    Permalink | |  Print |  Facebook | | | | Pin it! |

    Will the new java update clean up the java install mess

    Sun was making a total mess of its Java installations. Old versions stayed and there were different versions. THe result was not only that it ate diskspace but older programs weren't obliged to upgrade and up their security and performance. These older versions on the computer became even a security hazard.

    Is Sun cleaning up its act ? In the new update of Java JDK http://java.sun.com/javase/downloads/index.jsp there is a function that looks like a desinstallment of the older versions but there are doubts that is works automatically. Maybe that is the first step and the automatic auto-cleaning will come afterwards.

    Untill than you will have to destroy these old versions by hand. And if software is still working with Java that is totally insecure, you can pose yourself a few questions about that software.

    Permalink | |  Print |  Facebook | | | | Pin it! |

    Documents 2008 Conference on Email and Anti-Spam

    Permalink | |  Print |  Facebook | | | | Pin it! |

    How ISP's and mailservers can stop the top botnet spammers

    http://www.secureworks.com/research/threats/topbotnets/?t...

    The general rule for an ISP is that clients shouldn't be allowed to send mail themselves through their own mailagents. It should all go through a mailserver and security installations and filters and preferably not on port 25.

    About 90% of all email is spam according to new figures I have seen flowing around.

    Permalink | |  Print |  Facebook | | | | Pin it! |

    privacyprotect in Whois is cleaning up its act

    Actions speak louder than words.

    When domainregistrar Directi (which was linked to estdomains and other ecrime infrastructure) clearly felt that its privacyprotect service was having an impact on its image and business and that they could have all kinds of investigations running against them, they chose to clean up their act.

    Together with the most stringent attackers of their whois privacyservice, they decided to clean up their act and to refuse this service for any abusive service or domain.

    Privacyprotection of whois should be conditional and in fact exceptional.

    ssl keys_10 Oct. 30 10.39

    Permalink | |  Print |  Facebook | | | | Pin it! |

    Estdomains will lose it rights to sell .eu domains now ICANN has thrown them out ?

    ssl keys_07 Oct. 30 10.03

    If the organisation responsable for the .eu domain lets an organisation that is linked to cybercrime sells .eu domains, that it should not be surprised that cybercrime is interested in the .eu domain. The .eu domain is as interesting as the .us domain...... which shows why the general and local domainextensions are so predominant.

    But the fact that it will lose its right to register domains, will have a huge impact because even if it is small in total percentage, it are still a few hundred thousand domainnames (in the international general domainextensions) that need to be transferred.  source

    ssl keys_08 Oct. 30 10.08

    Many of these domains are used for fraud, crooks and all kinds of ecrime. I am not sure that there are many hosters and registrars around that would like to take those on - especially as it is clear that any new cybercrime domain registrar can lose its right to sell any international generic domainextension. In my head you should be mad to accept any domaintransfers at face-value without doing a background check (blacklisting, security listings, background of the owners and so on). Except if you don't care about your other clients and crime money is for you no different.

    For ICANN there is no way it could launch the new domainextension business at 100.000$ a piece without cleaning out the malafide registrars it has now among its distributors of existing domainextensions. The greatest dangers of its new scheme is that a malafide organisation gets a hold on such a domainextension and infects it with malware and crimeware domains.

     

    Permalink | |  Print |  Facebook | | | | Pin it! |

    Why banks don't care enough about esecurity

     

    It is perfectly understandable why both banks andvendors cut corners if they can: the costs of acompromise are widely spread. A bank that supplies its merchants with a cheap but easily-compromised

    ped saves millions at once, while the cards compromised later will have been issued by many different institutions. The negligent bank does not face the full economic costs of its actions, and the lucky vendors had their product ª evaluatedº by banking organisations with little incentive to look hard for problems. The stakeholders wanted to believe the assurances they got from other stakeholders, and no one had an incentive to blow the whistle (except academics, who can be ignored for a while). Thus the level of investment in system security was much less than optimal.According to this expert, the government should step in http://www.cl.cam.ac.uk/~rja14/Papers/fraudfailures.pdf

    Permalink | |  Print |  Facebook | | | | Pin it! |

    1 2 3 4 5 6 7 8 Next