No trust without independent control

The Argentine mistress of the US governor released a statement. Her emails about the relationship were published in a newspaper. She won't press charges but feels disappointed anyway.

Another reason to keep your emails to yourself.

"She said someone accessed her Hotmail account without permission and sent the e-mail correspondence to the newspaper.

Chapur denied that the person was a friend — as reported by some news outlets — saying he was as much a victim of the media frenzy as she.

"I have a strong suspicion of who is responsible for this evil act that was directed at me, but also destroyed the lives of so many others," she said. "But without sufficient proof, and for legal reasons, I am obligated to not reveal the name."

http://news.yahoo.com/s/ap/20090629/ap_on_re_la_am_ca/lt_...

About 1000 RSS feeds about several aspects off IT and off course some fun aspects are now public at http://www.bloglines.com/public/ekz

They are those that we are using at Googlereader. And they will be updated monthly.

enjoy

more will come one bit at a time

My ISP has lifted it but I can't disclose which one. But others seem not to have lifted it. In any case there is no legal reason to keep the firewall up as the reason for it is gone. The question is if they are going now to pull another one up against the new US based website.

well if you want to go behind it, you can still get one of those proxies we are publishing above.

and ask your ISP to get it down that firewall as one big one has already done.

You can publish here where it is up or not. If there is enough reaction we will follow the situation.

ps it could also be your cache in your Internet explorer or the proxy of your network that is serving you the wrong page.

Some weeks ago some people thought that it was a good idea to put a firewall between the Belgian surfers and stopkinderporno.com which was publishing pictures and addresses from Belgian Free but convicted child predaetors. This is illegal under the Belgian privacy law and the Privacycommission (which doesn't have other things to do ?) declared together with the minister of Justice that this should be blocked.

But as we all known and have shown several times around here. Firewalls and blocking have only a limited effect because there are so many other possibilities to circumvent those that after a while they become useless.

The firewall was also becoming really stupid as the owners of the site launched another site and stopped publishing the personal details of those free child predaetors. You can in fact republish that information on thousands of sites which would be impossible to block with the technology today (unless you would be investing millions, not to say billions).

So the firewall was lifted. The decisionmakers may say that they have succeeded because the personal details aren't published anymore on that site (which is right) but they have also failed because they will now be published on an US site under US hosting law and freedom of speech. Try to make a courtcase out of that without having the whole world read how you are trying to silence such a site while the number of child kidnappings (that luckily failed untill now) has gone up the last few weeks. Or this is what the press is reporting. But as parents like us have learned since the Dutroux saga that we have to learn our kids some tricks and tips and are much more prudent it will become much harder for such a predaetors to find their victims.

The Belgian convicted pedo's will be for all to see here

http://www.dutchpredators.org/?page_id=276

I still believe that professional organisations and instutions who work with children or around children should be able to check the pedo background of their (future) employees. Pedo's should never be able to work with or around children ever again.

First there were the reports that there is cocaine in Red bull (that is why it gives us so much energy :)) and a panic went through the European health administrations.

The Belgian food health administrations now say that there is NO cocaine in Red Bull. Or better there is some cocaine in Red Bull but the volume is so low that it can't be detected.

So the headline should not be 'No Cocaine' but 'Not enough cocaine in Red Bull to be detected'.

Maybe Boonen had drunk too many Red Bulls ? Better drink beer or wine and let somebody else drive ? Bob maybe.

in 2008 Card stop blocked around 900.000 Belgian creditcards but 80% was the result of loss (or just not finding it around the house and just blocking it as a preventive measure as you have to declare it within 24h) or theft.

There are about 13 million creditcards in Belgium, which means that during a year one in 13 more or less is being blocked and changed.

The other fact that is going under the radar (but this is why we are here) is that around 180.000 Belgian creditcards have been blocked preventively by Atos and the banks themselves. This means that the cards have been in online databases of creditcards that have been hacked or on listings that were compromised or were found in listings that were being sold on the cardercommunities. Or because they were seeing transactions that were not normal and imposed an immediate dramatic action.

According to the federal financial crime unit of the Belgian police 43 mules were arrested in Belgium in 2008. As journalists don't really understand what a mule is, they made a headline as if only 230.000 Euro was won by the criminals. This is not reading the real numbers and facts.

In total the mules send about 230.000 Euro from Belgian hacked bankaccounts to the criminal gangs. They wanted to send 383.215 euro but they were blocked by the banks, cardservices and police to do so. The police found about 154.083 Euro that was given back to the rightful owners. So, this means that there is still a time-lapse that is too big between the hacking of the account and the sending of the information to the mules and the transfers done by the mules and especially the last one (to the crimegangs).

The mules that were recruted in Belgium were really poor and marginals. Maybe this explains some of the time-lapses. You have to know something about the workings of computers and banks and moneytransfer services and have some social capabilities to not being caught.

If you recruit monkeys as mules you are a mule and will get caught. :)

This means that over time - as with the online crimebusiness - the mulebusiness will become professionalised. The crisis gives them every opportunity.

Microsoft has unveiled the consumer prices for Windows 7. Here's the rundown of prices for a full version:

    * Windows 7 Home Premium: $199.99
    * Windows 7 Professional: $299.99
    * Windows 7 Ultimate: $319.99

The prices are lower for users who are upgrading from Windows XP or Vista:

    * Windows 7 Home Premium: $119.99
    * Windows 7 Professional: $199.99
    * Windows 7 Ultimate: $219.99

But wait, there's more. Starting tomorrow, US customers will be able to pre-order the operating system at much lower prices:

    * Windows 7 Home Premium Upgrade pre-order: $49.99
    * Windows 7 Professional Upgrade pre-order: $99.99

Discounted Pre-order prices will also be available in Canada and Japan for the next few weeks. A pre-order program will launch in the UK, France, and Germany starting July 15th.
There will only be a limited number of pre-orders available. But here's the other bit of good news. If you buy a computer running Windows Vista Home Premium, Business, or Ultimate from a participating OEM or retailer between June 26th, 2009 and January 31st, 2010, you'll likely be able to upgrade to Windows 7 for little or no cost.
http://www.google.com/reader/view

So if you count that a new PC or laptop costs about 400 Euro's than you have or the computer or windows 7 nearly free if you are running windows2000 (or older) because the prices for windows7 are rather high. It is really time to throw your older computer with windows2000 in the dustbin. THere is no way it can be defended and its hardware will by now begin to deteriorate bit by bit. You have no patches for it and less and less compatible software without bugs.

And secondly why buy a professional if an ultimate is not so much higher ?

I expect illegal upgradetools to become available soon.

Swine flu has infected as many as 1 million Americans, U.S. health officials said Thursday, adding that 6 percent or more of some urban populations are infected. The estimate voiced by a government flu scientist Thursday was no surprise to the experts who have been closely watching the virus.

"We knew diagnosed cases were just the tip of the iceberg," said Dr. William Schaffner, a Vanderbilt University infectious diseases expert who was in Atlanta for the meeting of a vaccine advisory panel.

Lyn Finelli, a flu surveillance official with the Centers for Disease Control and Prevention, made the 1 million estimate in a presentation to the vaccine panel. The number is from mathematical modeling, based on surveys by health officials.

http://news.yahoo.com/s/ap/20090625/ap_on_he_me/us_med_sw...

Did you already prepare your swine flu prevention and business continuity ? Many people are going to and returning from the US during the holidays. From around the world and from than it goes really fast. It doesn't kill everybody but sure can destabilize your operations.

Do not forget also to reserve your normal flu vaccins. I am sure that the demand will be much higher than last year (even stock prices think so) and I am sure that in firms and institutions or organisations where the workers don't get it for free the unions will demand this this year. Be sure to have enough stock and prescriptions when it comes out and do not wait too long to go to the doctor to get it. It diminishes the possibility of sickness or death in the worst case.

There is an unofficial patch for Apache

"Finally, an unofficial patch has been released at http://synflood.at/tmp/anti-slowloris.diff - I haven't tested it but the patch is supposed to dynamically change the TimeOut value depending on the load (which depends on the number of Apache processes that are currently processing HTTP requests)."
http://isc.sans.org/diary.html?storyid=6622

* There is no compiled list of who is vulnerable and who not but if you are in the money or government business or can have the attention of some angry and stupid people and are running Apache, sun or some other vulnerable server, you should take attention to DDOS or just drop incomplete packets faster.

* more attack and discovery tools can be found here, at the father of this kind of attack against Apache. He says that the new tool doesn't still use the full capacity of the attack method. THis promises

* do not buy any anti DDOS equipment that is not designed to cope with this kind of attack and contact your account manager if you have anti-DDOS equipment to ask if they protect you against this (if you are running an Apache or other vulnerable server)

* you can think about a proxy or copy of your webserver on another environment (like windows) so you can swith according to the vulnerabilities and attacks.

Microsoft has a partnership with Feeding America on which they will donate 8 meals for every download of IE 8 HERE.

Why not ?

And if you use a proxy, you can download it over and over again and feed hundreds of Hungry americans if you want. ANd if you virtualise your machine you can re-install it over and over again.

Every time there are 8 hungry people that get a meal in the US. Why not in any other country, although helping hungry Americans is also something worthy.

http://blog.posterous.com

without going to twitter

maybe they should incorporate proxies and not go directly to twitter and learn from the Iranian situation

According to the WHOIS policy for .EU domains, I am not allowed to share with you in my blog the patently false registration information for the domain 1il1il1.eu.

You would have to WHOIS the information yourself from: www.eurid.eu, which is probably part of why criminals like .eu domains so much.

.be domains, like .eu domains, require you to visit the Registrar's website to reveal WHOIS details. According to www.dns.be, its not allowed for me to post information from their WHOIS database about hftiili.be here, so you would have to look that information up yourself:

Lookup WHOIS for hftiili.be.

http://garwarner.blogspot.com/2009/06/swine-flu-pandemic-...

Time to change that I think.

Why not do like most of the other domainextension - except for those that promote the privacy and protection of that information even to the police

There are about 100.000 to 200.000 tweets every hour about the Iranian protests and crisis. There are millions of blogposts about Iran and the protests and than we don't count the number of pics and vids on other social media sites. BBC says that around 7 videos are arriving every minute when there is a protest going on.

For the moment the police is searching cars and people on the street and confiscating phones and cameras. Maybe we should send thousands of them. Bombard the country with wireless free fast internet access with sites that are accessable for mobiles.

On CNN a web2.0 specialist said that as the web becomes entrangled with normal communications it becomes too difficult for the censors to block them. They have reestablished SMS or texting traffic in Teheran after a week because it was too difficult to work without any SMS for even a normal business person. Filtering is very hard to do.

What it is about blablabla

http://www.londonactionplan.org/?q=node/1

Belgium:
DG Enforcement and Mediation of the Federal Public Service Economy
Federation of European Direct and Interactive Marketing
http://www.londonactionplan.org/?q=node/5

Report and statistics untill 2006....

http://www.londonactionplan.org/?q=node/26

An international research has analyzed a selection of spam to find some malicious servers or hosters and ISP's. Some were located in China and pressure will be put upon the authorities to close them down. THis is a scientific way to attack spam by prioritizing according to volume. It makes the effect greater when you get one of those bigger spammers down.

The research also found 199 Belgian spammers

Hosting Country
================
48,331 CN - 70% of all spam domains hosted in China
8,412 US
3,914 KR
1,555 RU
1,053 UA
884 CA
719 MY
594 BG
524 DE
460 HK
323 AR
228 BR
210 IL
199 BE
187 NL
185 PL
179 GB
178 RO
104 CZ
http://garwarner.blogspot.com/2009/06/spam-crisis-in-chin...

we hope to publish them soon

Spamming is illegal in Belgium.

I am not interested in your conferences, websites and blablabla. I have heard that over the years over and over and over again. It doesn't change a thing and only now and than you have a sole criminal who is being arrested.

Now you can do the right thing and save a community effort that is serving 30 billion antispam controls a DAY. I am talking about SORBS. Sorbs should be saved by an international institution or group or some governments.

Somewhere it is normal that the university is stopping to finance this projects. It is not its main role and in hard times it has probably other obligations that are more central to its main role. It is the obligation of the government to finance such operations that have become so central in the defense of the internet and its users. And this goes for other anticybercrime initiatives that aren't commercialised and effective.

"It comes with great sadness that I have to announce the imminent closure of SORBS. The University of Queensland have decided not to honor their agreement with myself and SORBS and terminate the hosting contract.

I have been involved with institutions such as Griffith University trying to arrange alternative hosting for SORBS, but as of 12 noon, 22nd June 2009 no hosting has been acquired and therefore I have been forced in to this announcement. SORBS is officially "For Sale" should anyone wish to purchase it as a going concern, but failing that and failing to find alternative hosting for a 42RU rack in the Brisbane area of Queensland Australia SORBS will be shutting down permanently in 28 days, on 20th July 2009 at 12 noon.

This announcement will be replicated on the main SORBS website at the earliest opportunity.

For information about the possible purchase of SORBS, the source code, data, hosts etc, I maybe contacted at michelle@sorbs.net, telephone +61 414 861 744.

For any hosting suggestions/provision, please be aware that the 42RU space is a requirement at the moment, and the service cannot be made into a smaller rackspace without a lot of new hardware, virtual hosting is just not possible. The SORBS service services over 30 billion DNS queries per day, and has a number of database servers with fast disk to cope with the requirements.

Thank you for all your support over the years,

Michelle Sullivan (Previously known as Matthew Sullivan)
http://www.au.sorbs.net"

This is a technique in which one machine opens a port on a webserver (function port 80 only) and than another and another and another untill there are none left and no one else can access this server. It can do so because it only sends partial requests and the server keeps its connections open waiting for the rest of the datapackage - which will never come. THe longer the server waits for the other data the easier it is to bring it down for a certain period of time. And if you thought that this isn't important how much would your ecommerce lose if it wasn't accessable for let's say an hour at it highest selling moment ? The investment for the attacker is very minimal (one linux box and a dsl), the effect is guaranteed and the chances that the attacker is discovered are minimal to nonexistant.

But as we are reading through the documentation and comments on the original hackersblog there are some things that become clear

* The apache people don't understand how IIS manages at being immune for this kind of attack

* proxies and IPtables and load balancers have no use against this attack if one doesn't put a specialized DDOS defenderbox before it. This seems now to be a new appliance one should put before the rest of all the infrastructure (not behind it) and it could also be a single point of failure it is isn't hardened and patched itself

* Sun webservers also seem vulnerable

* Nor IPtables nor the different modules for Apache that should protect against it do so because they don't work in a sequential way, this is to say they don't control the IP address of the host that asks for another connection and don't refuse it if the same Ip address has already an open connection. IIS does so without modules.

This means it even more dangerous if it is being launched by a botnet with fastchanging IP addresses

Maybe one should place the content on a technological failover system. If IIS fails you go to Apache and vice versa.

Apache has no clue and no news about patches or solutions.

If you go to IIS, go to IIS 7 or higher. IIS 6 is insecure an sich. Just as a Lada is in traffic.

Half of the servers of the internet are using Apache open source servers. They can now be brought down by a simple linux-pc that uses a  program that will attack only the webserver function in such a way that it will become unavailable for all others. There is no real mitigation and if you read the conclusions by the Internet Storm Center even those solutions should be used with caution as they all have serious side effects.

The biggest webservices will have enough defenses and back-up or failover and those that are running IIS can go one securing and patching their servers with other stuff but those with vulnerable servers such as Apache and Squid should get to work.

There is no really simple solution. You will have to think conceptually and look at your infrastructure and your business plan and objectives. Every measure you will take will have its costs and/or implications for your visitors and users or clients.

The public release of this tool is based upon a problem that has been written about since 2005 and has been proven to work since 2007 and about which nothing was done - probably because one thought that no one would do the old hat DDOS stuff anymore.

But that is what changed since last year with the massive DDOS attacks against countries (Georgia, Estonia,....) or Tibetian dissidents or the sites of the Iranian government now. DDOS has become so simple that it has become very popular. It is also difficult to prosecute someone for a DDOS because if you are with many, they won't arrest everyone of them - if they can find them anyway because the first thing one does during a DDOS attack is try to drop the traffic.

So anyone who knows how to install a phyton program on a linux box can now take out any website that is using apache 1 or 2 or squid and some others. THe IIS servers are NOT vulnerable (yet ?).

http://isc.sans.org/diary.html?storyid=6613 You will read here how difficult it is to defend against such an attack if you didn't invest heavily in failover and proxying and fastload and stuff like that.

http://ha.ckers.org/slowloris/ this is a must read

Tax on web is used by thousand of civil servants and accounts who fill in online thousands of tax forms for individuals during these last few weeks. Last week the service was bugged down during nearly a day. There were several questions in the parliament and from the answers we can read the following.

There was a cable to a harddisk that was posing problems so that the harddisk was not accessable. Maybe you should read this again and than take your IT-architecture handbooks and look up the following words

fail over - monitoring - pre-testing - business continuity - virutalisation - spare parts -.... and so and so on

Remember this is one of the most popular and most critical installations of egov in Belgium. of an applications that still is easy to spoof by the way - something we blogged about .... a year ago. If their hardware installation has been tested the same way one can understand the problems they had.

Security people should never underestimate hardware or take it for granted. It is only hardware.