As there is in Belgium no clear legal definition of the value of an email - nor any guidelines about how to treat it in a professional or financial environment or to handle it as legal proof (ediscovery) emails keep turning up now and than.
Now it is claimed that when it became clear in internal documents that Fortis has neglected since september 2007 the warnings from its risk department about its US subprime investments and didn't communicate their information to the shareholders - who didn't know the right value of their stock, the solvability of the bank and the risks it was taking with this take-over of Amro (the history of Nemo trying to eat a shark), that the top manager were sending each other emails about that research. They now say that they never have sent such emails. I hope that Fortis has an emailarchiving solution that can be used in a legal situation (if it is compliant with US reglementation it should).
The lawyers of the different courtcases against Fortis should also ask the judge to take measures to be sure that no proof was or is being destroyed that could be discovered in a ediscovery investigation.
It becomes clear that if internal risk auditors in a financial institution have no real independence, they can't work for the good of the bank because they will lack the independence and resources to do their work as they should have done, although it was difficult for them to go public at that time. After the accountants and the ITsecuritypeople, maybe it is now time for the risk auditors to get some official statutary independence. Speaking of independence. Our independent Financial and BankCommission that should have supervised the operation and the risks the bank was taking was informed about the notes from the risk department but choose not to act than and not to comment now.
It looks a bit like the IT world. Nobody is responsable.
VMWare have released a new security advisory, and has updated two previously announced advisories.
Details are available via the VMWare web site:
- VMSA-2008-0017 (new advisory)
Summary : A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding.
CVE Reference: CVE-2008-3281
Summary: A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet.
CVE Reference: CVE-2008-0960
Summary: Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.
CVE Reference: CVE-2008-2327
- VMSA-2008-0014.3 (updated advisory)
This is an updated advisory which impacts a wide range of VMWare products (both desktop and server), and covers 16 CVE's.
- VMSA-2008-0011.3 (updated advisory)
This is an updated advisory which ESX products only, but covers 9 CVE's
These advisories list security issues that have been fixed in the patches for ESX 2.5.4, ESX 2.5.5., ESX 3.0.2 and ESX 3.0.3 released on 30th October
source Internet Storm Center
Over the years, it’s become less and less appropriate to convert discovery materials originally stored in an electronic format into hardcopy (i.e., paper) form for production to a requesting party. The downsides to receiving materials in this format are obvious and well-documented: greatly reduced ability to search the collection, potential loss of helpful (and relevant) metadata, and significantly higher storage costs. That said, in many cases that involve a limited amount of discovery materials, litigation teams continue to exchange electronically stored information (“ESI”) in printed form. After all, for only a few boxes of documents, paper remains fairly manageable. And, if the parties agree to a paper production format - or haven’t specifically requested an alternate format -no further discussion is needed, right?
and you maybe lucky it isn't used for phishing or redirect or malware installations .....
That is why certain important names and trademarks shouldn't be sold without the approval by the owner or some other guarantees.
Ebay you should look at the Belgian law on the unlawful use of domainnames and a stringent interpretation of the condictions of DNS.BE. Typosquatting is illegal in Belgium. That DNS.be doesn't mind is their (big) problem.
The Internet (via computer) was identified by 62 percent of respondents as a regularly used source for 2008 presidential election information, and was surpassed only by television (82 percent). Other sources were selected as follows: newspaper/magazine (49 percent), radio (30 percent), cell phone/mobile device (4 percent). About 30 percent of registered voters reported using online video for following 2008 presidential election coverage. And 75 percent of these online video users felt that watching video online enabled them to follow presidential election news and events more closely. the document can be found here By the way, Cisco has invested enormously in online video....
The Internet (via computer) was identified by 62 percent of respondents as a regularly used source for 2008 presidential election information, and was surpassed only by television (82 percent). Other sources were selected as follows: newspaper/magazine (49 percent), radio (30 percent), cell phone/mobile device (4 percent).
About 30 percent of registered voters reported using online video for following 2008 presidential election coverage. And 75 percent of these online video users felt that watching video online enabled them to follow presidential election news and events more closely.
the document can be found here
By the way, Cisco has invested enormously in online video....
Smart CD Catalog is software designed for organizing and managing CDs, DVDs, and other digital media collections. It will allow you to catalog your disks and create an ordered CD/DVD database. It is much more comfortable to use Smart CD Catalog than keep a list of disks on paper, in text files, or in Excel. Just add a disk to Smart CD Catalog once and you can view its contents, even if the disk is lying on a shelf or is being borrowed by a friend of yours.
All types of media are supported: CDs and DVDs, hard disks, floppy disks, mounted network disks, USB drives, and RAM disks. You can also add separate folders to the catalog. You can view the list of files on any disk and their properties in the same way you can do it in Windows Explorer. Plus, you can add your comment to any disk, folder or file.
How blogging becomes more an echochamber than looking for original stories. Hi. this ain't the case here I think. If you have original stuff, send it.... Don't wait for the traditional media, they are reading this here (by the way...) and may pick up your stories.
Sarah Lacy - The Growing Blogosphere Angst
This is why Obama needs to win by a landslide so the difference isn't decided on technical and legal discussions like in 2000 and 2004.
This is what Google gives
Crombé-Berton, Marie-Hélène - http://mhcrombe.axeweb.be/ Sénatrice fédérale MR et questeur du Sénat. Présentation, activités parlementaires, agenda, ...
Pregnant Angelina Jolie asked the media to leave her alone while she waits to give birth to twins http://mhcrombe.axeweb.be/r.html ...
In the .eu domain there are hundreds of domainnames blocked, that is to say they can't be used by anyone else but the legitimate owners.
If that had been the case with the .be domain, the names of regions, cities and administrations or important persons would also have been blocked before.
It is a reminder for those that want to set up their own domainextension.
Sun was making a total mess of its Java installations. Old versions stayed and there were different versions. THe result was not only that it ate diskspace but older programs weren't obliged to upgrade and up their security and performance. These older versions on the computer became even a security hazard.
Is Sun cleaning up its act ? In the new update of Java JDK http://java.sun.com/javase/downloads/index.jsp there is a function that looks like a desinstallment of the older versions but there are doubts that is works automatically. Maybe that is the first step and the automatic auto-cleaning will come afterwards.
Untill than you will have to destroy these old versions by hand. And if software is still working with Java that is totally insecure, you can pose yourself a few questions about that software.
- A Campaign-based Characterization of Spamming Strategies
Pedro Calais, Douglas Pires, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers and Klaus Steding-Jessen
- A Mail Client Plugin for Privacy-Preserving Spam Filter Evaluation
Mona Mojdeh and Gordon Cormack
- A Survey of Modern Spam Tools
- Activity-centred Search in Email
Einat Minkov, Ramnath Balasubramanyan and William Cohen
- Analysis of Spectral Parameters of Audio Signals for the Identification of Spam Over IP Telephony
Christoph P�rschmann and Heiko Knospe
- Breaking out of the Browser to Defend Against Phishing Attacks
Diana Smetters and Paul Stewart
- Detecting Known and New Salting Tricks in Unwanted Emails
Andre Bergholz, Gerhard Paass, Frank Reichartz, Siehyun Strobel, Marie-Francine Moens and Brian Witten
- Do Zebras get more Spam than Aardvarks?i
- Empirical research on IP blacklisting
Christian Dietrich and Christian Rossow
- Exploiting Transport-Level Characteristics of Spam
Robert Beverly and Karen Sollins
- Filtering Email Spam in the Presence of Noisy User Feedback
D. Sculley and Gordon Cormack
- Global-scale Anti-spam Testing in Your Own Back Yard
Margaret Nielsen, Dane Bertram, Sampson Pun, John Aycock and Nathan Friess
- Improved Phishing Detection using Model-Based Features
Andre Bergholz,Jeong-Ho Chang, Gerhard Paass, Frank Reichartz and Siehyun Strobel
- Improving Email Trustworthiness through Social-Group Key Authentication
Vivek Pathak, Liviu Iftode and Danfeng Yao
- Improving Image Spam Filtering Using Image Text Features
Giorgio Fumera, Fabio Roli, Battista Biggio and Ignazio Pillai
- On Free Speech and Civil Discourse: Filtering Abuse in Blog Comments
- Personalized Spam Filtering for Gray Mail
Ming-Wei Chang, Scott Yih and Robert McCann
- Reducing E-Discovery Cost by Filtering Included Emails
- Resolving FP-TP Conflict in Digest-Based Collaborative Spam Detection by Use of Negative Selection Algorithm
Slavisa Sarafijanovic, Sabrina Perez and Jean-Yves Le Boudec
- Social Honeypots: Making Friends With A Spammer Near You
Steve Webb, James Caverlee and Calton Pu
- The Effectiveness of Whitelisting: a User-Study
David Erickson, Martin Casado and Nick McKeown
- Toward a stochastic speech act model of email behavior
John Mildinhall and Jan Noyes
- Tracking Email Reputation for Authenticated Sender Identities
Gautam Singaraju, Jeffrey Moss and Brent ByungHoon Kang
Spam Filtering Challenge Competition Entry Abstracts
- Adaptive Spam Filtering Using Only Naive Bayes Text Classifiers
Aris Kosmopoulos, Georgios Paliouras and Ion Androutsopoulos
- Spam Challenge 2008: IBM ISS Spam Filtering Technology
C. Hagemann, D. Harz, R. Iffert and M. Usher
- Joint NLP Lab between HIT2 and CEAS Spam-filter Challenge 2008
Haoliang Qi, Xiaoning He, Muyun Yang, Jun Li, Guohua Lei and Sheng Li
- Introduction of Fingerprint Vector based Bayesian Method for Spam Filering
Bin Chen, Shoubin Dong and Weidong Fang
The general rule for an ISP is that clients shouldn't be allowed to send mail themselves through their own mailagents. It should all go through a mailserver and security installations and filters and preferably not on port 25.
About 90% of all email is spam according to new figures I have seen flowing around.
Actions speak louder than words.
When domainregistrar Directi (which was linked to estdomains and other ecrime infrastructure) clearly felt that its privacyprotect service was having an impact on its image and business and that they could have all kinds of investigations running against them, they chose to clean up their act.
Together with the most stringent attackers of their whois privacyservice, they decided to clean up their act and to refuse this service for any abusive service or domain.
Privacyprotection of whois should be conditional and in fact exceptional.
If the organisation responsable for the .eu domain lets an organisation that is linked to cybercrime sells .eu domains, that it should not be surprised that cybercrime is interested in the .eu domain. The .eu domain is as interesting as the .us domain...... which shows why the general and local domainextensions are so predominant.
But the fact that it will lose its right to register domains, will have a huge impact because even if it is small in total percentage, it are still a few hundred thousand domainnames (in the international general domainextensions) that need to be transferred. source
Many of these domains are used for fraud, crooks and all kinds of ecrime. I am not sure that there are many hosters and registrars around that would like to take those on - especially as it is clear that any new cybercrime domain registrar can lose its right to sell any international generic domainextension. In my head you should be mad to accept any domaintransfers at face-value without doing a background check (blacklisting, security listings, background of the owners and so on). Except if you don't care about your other clients and crime money is for you no different.
For ICANN there is no way it could launch the new domainextension business at 100.000$ a piece without cleaning out the malafide registrars it has now among its distributors of existing domainextensions. The greatest dangers of its new scheme is that a malafide organisation gets a hold on such a domainextension and infects it with malware and crimeware domains.
It is perfectly understandable why both banks andvendors cut corners if they can: the costs of acompromise are widely spread. A bank that supplies its merchants with a cheap but easily-compromised
It is perfectly understandable why both banks andvendors cut corners if they can: the costs of acompromise are widely spread. A bank that supplies its merchants with a cheap but easily-compromisedped saves millions at once, while the cards compromised later will have been issued by many different institutions. The negligent bank does not face the full economic costs of its actions, and the lucky vendors had their product ª evaluatedº by banking organisations with little incentive to look hard for problems. The stakeholders wanted to believe the assurances they got from other stakeholders, and no one had an incentive to blow the whistle (except academics, who can be ignored for a while). Thus the level of investment in system security was much less than optimal.According to this expert, the government should step in http://www.cl.cam.ac.uk/~rja14/Papers/fraudfailures.pdf