• the closing down of the belsec network - a new task lays ahead for us

    The goal of my action is changing things and setting things in motion. It is not looking for ways to earn more money or to promote myself. The goal is a public service.

    To change things you have to change laws and to set the necessary institutions and organisations into place and to make those that could be responsable act as if they are.

    We have been doing this from this blog and this information in Belgium. Some of the Belgian security bloggers have even set up Brucon.org which is the first ITsecurity event in Belgium. I hope it helps pushing more people to do things, to do research and to have open discussions about the risks of all those new cyberpossibilities if you don't take security as a basis of your design (and not as an afterthought).

    More news will follow in the coming days, but this blogaction is closing down. It has been a very interesting last 5 years (ekz, ITenquirer, belsec) but as new opportunities arrive by which we can do much more with less effort and with more authority, we are obliged to take them and use them. It would be irresponsable for us not to take that opportunity.

    If it proves to be a fata morgana, we will be back again, no doubt about that.

    Secondly, there is now a National CERT in preparation and it is up for that CERT with people who are paid to do their job to do their job and it is up for the parliament and the stakeholders to see to it that they are doing their job as they are supposed to do. They shouldn't be thinking for a second that they only have to do a little more than me or just use what is being used here. They have to do it by themselves. They are paid to do it, they are intelligent enough to do it, so they just should do it. And no excuses. This is not a job for volunteers who have other things like jobs and families and a private life to think about. Volunteers come and go, while a national CERT should be there to stay.

    Thirdly It should be clear to everyone that I can't be Belsec and the new positions at the same time. It should be clear that this is for everyone a new beginning of a continuing battle for a secure internet in Belgium and that old disputes and thoughts are a thing of the past and that we will all have to work together in some form or another to get this going, one step at a time. So it is better to stop the Belsec thing altogether so it is clear for everyone that the Belsec period - as an activist provocateur period - is over and that the time of searching for practical solutions and propositions has started. Something we also have already proposed during the hearings in our parliament.

    Those who have contacted me in the last years will receive soon an email with more information and a proposition to join me in this new opportunity to get things changing a bit faster than we are used to in cyberworld here.

    I loved every minute of it and I appreciated the millions of visitors the last years.

    I am sure that the other Belgian security bloggers and brucon will continue to do their thing. If there are people who want to start also a security blog in Belgium they should get into contact with brucon.org.

    ps some resources will not be updated anymore and some will be deleted. The idea is also that new and more tools and resources will be available for members of the organisation.

  • consumers and online banking

    The Belgian consumers organisation Test Aankoop says that banks should stay responsable for all problems with online banking and shouldn't expect from users to be security experts and to keep everything uptodate and to punish them if they get defrauded because their computer wasn't updated.

    I agree with that. But there is no fundamental human right to have access to any online service if your computer is insecure and could pose a threat to the service you want to use (or to yourself but that would reflect on the company).

    So there is a right for banks and other online service to refuse access to computers that don't have an updated antivirus, security updates or a firewall installed. And banks or other services could decided that to make it easier to secure the connection their users should use pre-installed software or special dedicated lines. They should also be able to set whatever norm they want for the login and authorisation (or whatever combination of authentification methods).

    If they are to pay for any damage, they have the right to limit the risk as much as they want.

  • national newspapers will continue to suffer unless they interconnect

    You read since years that newspapers will disappear because of the internet and that you will have to pay for all that and that newspapers are old news. You will read all kinds of standard tried-all-that-before solutions that effectively won't make a difference such as online payments, cut staff, develop stupid online versions and the likes.

    What you won't read is the following

    Newspapers are only worth buying if they give things you can't find online

    * this can be the easy format and organisation of the news (online is a clicking chaos) that you can go through in a few minutes

    * large interesting articles that you won't read online (because it is not handy and it is more difficult to fastread on a screen than on paper)

    * articles that you won't find online because they are behind paid walls and because they are published because of agreements between newspapers.

    Newspapers are now more online islands in a see a news. As long as they only stay islands some will disappear. For me a good quality newspaper has three things

    * quality reporting, investigations and different opinions (facts, history and necessarily knowledge about the issues)

    * an interesting online presence in which you will find for each item the files or reports to download, the links to the sources and other interpretations and the possibilities to follow up on the issue). The online newspapers may be twice or three times as big as the real newspaper if you would print it out.

    * articles from different newspapers around the world about the subjects that are published in the newspaper (because they are imminent or will soon become so) or online because it is part of one of the subjects. If newspapers want to survive they should work together.

    For example I read every week the NYT supplement of Le Monde. And so I think of hundreds of other possibilities. As there is no money it would be based upon bartering.

  • swine flu back and forth and back and forth

    First we heard during the first months that there was really no problem in Belgium and that if you weren't travelling and weren't part of a particular risk group that you shouldn't be worried and that even if you did get an infection that it would all go over without much harm.

    Than there was some fever during a few weeks in which one message after another was sent out that this was a real pandemie that could destablize our economy (or what is left of it) and public life. Thousands of people would get killed and the public health services would be overwhelmed, we were at the beginning of an public health crisis that concerned all of us.

    Now they are saying that it is a normal cold and that even fewer people would get killed by the flu than in previous other flu- seasons because people are better preprared.

    I don't know but the crisis communication is still in crisis because by going back and forth like that you lose in the end all of your credibility with the general public who as a result tend to decide to make up their own minds about what to do and will not listen to this ever changing tango of public messages. So if they decide to panick, they will panick and at that moment you are faced (just as during the Dioxine crisis) with the problem that you will have to re-act to the general tendencies and actions of the public and not vice versa.

    The reason they give for this is also incredible. The reason for this total reversal into panick communication is to make the government and institutions aware that they have to prepare themselves urgently to take the necessary measures in case it becomes a general crisis. This is a political responsability and should have been treated as such. Communication can not and will not replace this. It are the actions that count, not the things that you say in the media. Speaking to the media will not replace the necessary actions that you should haven taken already a few months ago. Communication will not hide this inaction. The only thing they can hope is that it just flows over and that there is no crisis because to prepare for a crisis they will have to work very hard now or be ill-prepared.

  • UK flu pandemie : maybe many just wanted prolonged holidays

    Many firms and organisation have a 'limit the risk' policy in which people who claim they have a cold or the flu are asked to stay at home for at least 3 days so the period of contamination is over when one returns to work.

    So when many people started calling upton the doctors because they thought they had the flu - or a cold that looked alike - the system was very quickly overwhelmed and replaced by a call center.

    You have to call and describe the symptoms - as described in detail in all the publications - and than they say you have to stay at home and take some medicine.

    You than call to your work and say that you have to stay at home according to the national anti swine flu center and there is rarely a doctor free to come by and control you in the days after.

    So there is one explanation why the numbers of people declaring themselves sick in the UK is so high.

    While being in London you don't see people with masks, you don't see many signs or warnings. It may be different in enterprises and organisations, but the public life goes on as if nothing happens. So this popular explanation seems even more plausible.

    Meanwhile it has also become clear that Tamiflu is not ready yet for population-wide protective or preventive distribution. First one of the new versions of the flu is resistant to tamiflu. Secondly because is seems now after such a wide use that there are so many complications that it would more endanger the health of a great number of otherwise healthy people than it would cure. Before a vaccin or a medicine is ready to be used on such a wide scale it has to go through so many tests that the risks to people are so limited or so well known that you could organise such a distribution.

    Another argument for the people who believe that this all is a plot by the industry and or the government to make millions or to force us to take bad stuff. It is one big conspiracy if you believe them.

  • belgium firewall back against antipedo site

    So while some time ago the Belgium firewall seem to be gone, it is back again and probably because they have decided to publish some parts of the names and the general locations where they live of some not yet convicted but under investigation pedo's (one has been arrested several times before).


    they also have an rss feed

    You will need to use our free online proxylistings (see link to site up here) to bypass that firewall.



  • Pro Iranian President hackers defacing 1000 + linux sites in 2 days

    The group is called nobodycoder.

    if you add .be in the filter you will see that a server with around 100 .be sites was also defaced

    the attack is still ongoing as zone-h.com is adding new sites as they arrive




    click on the pictures to enlarge

    this attack is ongoing so if you have linux servers be sure you are secure and patched and on the lookout.

  • Stijn (ex Ubizen) still thinks that the US has no ITsecurity

    source (dutch)

    It is maybe because he has sold/left the business of ITsecurity (to Verizon) that he has lost touch. He is now manager at a local 'reconversion of the local economy' organisation.

    He says that the Europeans are very good at securing their business because they always want to secure it while the Americans are very bad at securing their business because they only want to insure it. Securing their business - in his opinion - is only an option if it costs less than the insurance.

    Secondly he still thinks that in the US it is only the market that decides if networks or data get secured and that there are no laws and reglementations over there.

    You know, we as Europeans are so smart and confident and intelligent that those things don't happen to us. It is only those stupid Americans that get hacked - is a bit the tone of the non-researched article in a national newspaper around here.

    I didn't know if I had to laugh or to cry with these opinions but

    * Europe has no IDtheft or breach notification or a bunch of other privacy and ITsecurity laws that the US or a great number of US states already have. It is not perfect but at least it is something and it is better than nothing.

    * Europe has no global and private/public partnership and vision about the security of its netwerks and assets. The US has a whole bunch of programs englobing the whole industrial-economic spectrum and government. These programs are all setting up contact networks, processes and guidelines. That those aren't perfect and aren't always used as it should be is normal, but at least they exist.

    * There is no Europe just as there is no US. Many of the mentioned American laws are State laws and not federal but the advantage is that you don't have to wait untill the most resistant state finally accepts to secure its networks and assets to begin securing your own. The situation in Europe is much different than presented. The security of the  use of creditcards hasn't the same safety precautions throughout Europe. In some countries you don't need a pincode to use some creditcards.

    * And if we are so secure than why do we have a site be-hacked in which online shops pop up from now to than ? It is not because the media doesn't talk about it that the ITinfrastructure in Belgium (and Europe) isn't attacked and hacked. But as there is no obligation to tell and as the press doesn't want to give it much attention and no parliament or governmental institution has the right to ask questions, we still think that we live in a safe fata morgana in the middle of a desert. And as long as we think we live in a fata morgana and we think we have water and green and shadow we don't have to think about the desert.

    We are in a desert.

    Here in Europe.

    In the US they are planting trees and building pipelines and fortresses.

    We are still discussing if we have to do something and what.

    If you believe the article by Stijn, not much.

  • the domains .in and .at used in fast flux botnets

    There is also the .ru and the .cn domainextension but I don't think that they will be blocked by the domainextension managers anyway soon. And the same goes for the .net, .com and .org domainnames. If they change their mind they could maybe contact Arbor networks.


    Because when in the beginning of this year the .be domainname was used/tested by the operators of the fastflux botnets (in which the IP address and the location changes every tiime but only the domainname stays the same so it makes no sense in trying to get the server down) it was by a drastic but effective coordinated action by the FCCU, the magistrate and the DNS responsable for the .be domainname that those names were quickly blocked at the root level. The reason is that or the domains were registrered by fraudulent addresses or they were used for fraudulent illegal activities and based upon our commercial and cybercrime laws those domains could be blocked immediately. Also the conditions of use by DNS.Be gave dns.be the possibility to do such a thing if they were instructed by the justice department.

    The .at and .in domainextension managers should look into it and demand themselves if they will let the problem continue and grow (and arrive at the same blacklist as .ru and .cn if you don't need them extensively) or if they will act and preserve the trust in their domainextension.

    Start with getting into contact with arbor networks.

    Check the listings often.

    Have a process for handling such cases quickly (standard form for the magistrate from the police/cyberpolice with the standard proof from the web and the registration) and block it at your root dns of the domainextension. They will continue to try now and than, but if you follow up they will just go on untill they find another domainextension that doesn't have such processes.

    Oh yes and if you find 10 domains that are registrered by the same person you should block them all, even if they were not all used because if 5 were used for phishing than the other five will not be used for personal means.

    It is effective because aside one or two new trials we haven't seen any .be domains in the list of fastflux domains in 2009 after the first re-action.

  • september can result in big political and judicial chaos in Belgium

    There are two major investigations going on that can result in big political and judicial chaos in Belgium in september/october. Every day there are new developments in both of these investigations/scandals and the scope widens which means that the possible impact of those investigations/scandals deepens.

    1. Fortigate

    This is the investigations in who leaked the information to the lawyers of the government that the court was going to overturn a favorable decision for the government regarding the Fortis case. Some strange things were happening in the hours before the judgement was made public. Afterwards it became known that the cabinet of the minister of justice and the prime minister were informed one way or another about this judgement in the hours before. This was illegal and so the government fell and an investigative commission was set up.

    Meanwhile an investigation judge started his investigation using all the powers that the law give him and untill now he has found three new 'leakers'. It is unclear but probably that the minister of Finance now (and at the time) may also have been informed before. Which is illegal. It is also clear that one of the highest judges of Belgium has also leaked this information. If this is the case it will be difficult not to sanction him also as the politicians find that they are untill now the only ones who have paid a price. It will be interesting to see if the independent justice department will bow under this pressure.

    2. The dirty war between a judge and the public prosecutor

    The top public prosecutor of Brussels (Audenaert) which is a public figure has sent a letter to the minister of Justice saying that the justice department didn't want to investigate the corruption charges against a top judge in Brussels, responsable for big cases like the Fortis case, Sabena and Sobelair between many others.

    It seems she has invested enormous lots of money into a failed african investment of her Brother (or a fraud) and has to pay that money back. She still got a top promotion even if she could be corrupted because of that. The charge goes that she wrote the decisions for some trials together with a lawyer of the parties in exchange for money.

    The lawyer and the judge immediately fought back and said that the whole case was the fabrication of the top public prosecutor to help his friends. It seems he has friends who lend them their yacht in France or meet him in the luxury resort Knokke but who also have been convicted by this judge and lawyer for fraud. The speciality of the lawyer is finding the black funds that enterpreneurs want to hide from their ex-spouses when the divorce battle begins (or should I say war). To make victory even more sweet, they don't only have to pay more to their ex-spouses but also have to pay taxes on all these funds and assets.

    It is clear that we haven't seen the end of this and that this could become a full out war between some judges and lawyers and some members of the Public prosecution. As both are leaking daily to the press, the public will lose every day some more confidence in the people it should trust.

    Because even if the system is broken, you can say that the people who work in it are trying to do their best. But if even they seem corrupt and only guided by self-intrest, what else rests

    If the judge is found guilty the Belgian state will have to pay millions of Euro's because many of her big and small judgments will be nullified.

  • destroying your emails but using your own phone (how secure ?)

    In the investigation who leaked to the ministers the judicial decision the highest court of Belgium would make in the Fortis case, there is something funny. A detail of course.

    It seems that some of the leakers have destroyed the emails on their computers and that there is a problem of material evidence (forensics and ISP ?)

    But also in the three investigation into the three illegal leakers of this information (that was already responsable for the fall of our government last year) it is funny to read that in the three investigations all the persons were using their own phones. That easy. Person x phoned to person Y. How do you know ? He used his own phone number.

    He didn't go to a public phonebooth in a railstation for example or use the phone of someone else ? They are doing something illegal and they know it and they still use their own phones ? Those are people who are working at the justice department for years and who should know that the telephone logs are one of the easiest things to use.

  • hack of the day Brucity.be

    They claim to be a cityguide for Brussels.

    But they were hacked yesterday and still are today.



  • water leakage in archives and onlooking workers

    It was a strange sight on tv. You saw water falling from the room in the archive of the Central Courtoffice in Brussels. You saw some firemen trying to keep the roof from falling by pushing the water through some holes on the paper files beneath it.

    Someone was explaining before television that all they would have a look afterwards what the damage was and how the files could be rescued. Meanwhile the water was still falling on those paper files without any plastic protection.

    I am not making this up.

    They didn't take the files away. Damage control. No security reflex. No reflex to protect what was to be protected. It could be that the firemen were afraid that the whole roof would come down (somewhere above it some waterpipeline was broken). But somebody could have taken 10 minutes to put it in plastic boxes and in safety.

    It were the files about the investigation in the possible corruption of one of our most important judges which is making headlines nowadays (and pages and pages of comments and new developments each day).

  • When you are nude before your webcam, somebody may be watching and saving

    One of the candidates for one of those Miss elections around here is just 18 years old. But some time ago she was chatting with her boyfriend over the webcam and as kind of a game she undressed before the webcam. That ex-boyfriend sold them to some magazines. (how many of those pics with ex-sexpartners (some are fake) are not published on the web ?)
    Naturally that would have ruined all her chances to become elected. Or not ?
    But it is forbidden in Belgium to publish nude pictures of underage kids without the consent of the parents. Would you agree that a national magazine publishes nude pics of your underage daughter - however stupid she has been and angry you may be at her.
    So a judge have ordered both magazine to retire all of their editions from all of the shops by tonight.
    Two questions
    These magazines have lawyers no ? And these lawyers didn't check the age of the girl at the time the pictures were taken ? And they didn't warn their client that publishing them would cost them dearly ? Or they did but the editors just wanted to have the publicity (one is a 'family' tv magazine). And even if she was 18 at the time the pictures were taken, it is not the decent thing to do.
    That girl is really stupid. So girls if your boyfriend wants nude pictures of you, tell them to buy a playboy. Everything that is digital will travel and once it travels it will go around the world forever and ever. 
    Hope the pics are worth all that trouble :)

  • Obama may be shot - like Kennedy

    One of the things that I remembered about the several books I have read about the Kennedy's (still what an inspirational president even if he didn't change as much as he should) is that in the months up to his assassination there was in the south a whole campaign about how dangerous and unpatriotic he was and how he had betrayed his country and so on.

    What the conservatives in the US are doing now in their astonishing brutal and radical campaign against the necessary health care reforms is of the same kind. They tell every nut (and be sure there are enough 'New World Order', survivalists, white pride hooligans and other nuts around there) that it would be OK to kill or shoot this president because he is a president, in fact a Nazi, he is not one of them, he is even not an American (the birth certificate nuts) and according to some he may even be ready to declare a state of emergency (and take away your guns). In fact in the US nuts have guns and they use them. They train to use them. And no small guns to protect themselves (as they say) no, real guns you can go to war with.

    It should come to no surprise that the intensity of 'assassination' chatter on the internet between those armed nuts is increasing. I think every security professional working for and with the president is going nuts now and working overtime. And each time the president wants to go out to campaign (because he will have to campaign to get this fundamental reform through now - it won't be possible later politically) than all those physical security professionals (bodyguards, secret agents and the rest of them) know that they will need to be at their best for 1000%. Because if this president gets shot than I am not sure if the 'black pride' nuts will behave and if there is as much doubt about the security precautions of the security service as there was about the victory of George Bush in 2000 than you will have more 'conspiracy industry' writers than about 9/11.

    But there needs not to be a real conspiracy. There is already a conspiracy by the conservatives to create an atmosphere is which a normal and open democratic debate based on facts is impossible and in which your opponent is described as the biggest threat to anything America stands for since the second world war and Stalin. He will even kill your old mother and father.

    And so some nut(s) will say one day that if all these politicians just continue to talk without doing something against such a big threat (and confirmed by those very wise and powerful influential conservatives) "than they will do it".

    Nuts are like timebombs. They only start ticking if the environment in which they live becomes explosive. Or if they perceive it as such.

    tic tac tic tac tic tac tic tac tic tac

    And I already accuse those who create that atmosphere for anything that may happen to any elected official. And the PR masters behind this campaign should remember the film Fantasia in which Mickey takes the hat of the master and has finally so much power that he loses control. I do not think that you really know what you are doing and what the end result may be of this kind of campaign. And do not complain afterwards that you didn't foresee this or that. You started the wildfire, you are responsable for the damages, included the things you didn't want to happen (afterwards). There was Kennedy and Martin Luther King before.

  • my profile ? It is nearly empty my profile - go away

    spam like this makes me laugh

    "Yo,! i don't mean to annoy you, I came across you in the search and thought you seem cool :P I guess I don't have a lot of info on my profile here but you can see my other profile if you wanna see more, date-bucket.com?id=2545&profile=tma0422 (my name there is star_beauty). it'd be cool if we could chat sometime :> hope to see u soon, Kiara Johnson "

    On same places I have some things in my profile but they are mostly closed and I don't so often go there for the moment. It is one of my todo's.

    Profiles are on a need to know basis and if the service or the members don't have to know more about you than why should you fill it in ? Because they ask it ? Privacy is also keeping stuff for yourself or just making it up.

    It is not who or what you are that is important, but what you are saying or doing.

  • an OPML file with 1200+ rss feeds about IT, IT security and physical security and risk (terrorism etc...)

    When I tried to upload the XML OPML file to bloglines it was the same story again. Folders were a mess, older folders and feeds were coming back and not all feeds were added. So It decided that enough is enough and I am not going to spend some hours at trying to fix this.

    So I thought of something better. Here is the OPML file of all the feeds. You can import it for your personal use. If you want to incorporate it as such or a bit changed in your website, than you should contact me before - out of courtesy I think.

    It is a personal selection and many of the folders have been re-organized to make it easier for me to work with in Google Reader. There are fewer of them but the selection now is more or less permanent.

    Some feeds are also gone - you will find them on the dashboard but just to warn you - the dashboard only works well with firefox (Internet Explorer takes a lot of time) and when you have given it enough rights (noscript will for example block a lot of things). I have taken away many of the self-loading things and try to limit it more to feeds and links but some things are better when you can follow them directly (for example the speed of the Belgian websites and the malware monitor).

    The next big update is for september. There are a lot of other feeds waiting to be added and there will also be some cleaning up. Feeds that don't publish stuff very often are no feeds and will be retired except if they are important an sich.

    In the dashboard itself a few hundred links have been added so far. The dashboard is changing also. Now that the feeds have been re-organised, the dashboard will be the next point of attention. The weather page is gone because it took to much loading time. It has been added as links on the map page.

    The freeware blog will also get a new future in september. It will present freewares day with a direct download. The selected freewares will be useful as I use them myself.

    The ebookblog is still under consideration and work.

  • so many people on both lines of security that are gone

    I am shifting through some hundreds of links and feeds. The result of which you will be able to see and use in hte coming weeks.

    But what is amazing is that so many people seem to have gone. So many ITsecurity blogs and hackersforums (you need to get your info from somewhere). Just gone.

    It is just a pity that they are gone. Meaning that all their work is just gone. It is out there somewhere. But maybe someone in the ITsecurity business should start a project of archiving all the papers en analyses and blogs. Because - as bugs sometimes seem to be years old - someone somewhere may find the thing he is looking for at that time to resolve a problem that has been written about now but that nobody cared enough about to fix it.

    It also reenforces the argument that we need a real cert with real people who are paid to work all day because it is clear that you can't let the security of your networks depend only on activists and volunteers.

    At some time they will just stop. There are other things in life than being a volunteer or activist.

  • for IT professionals with too little time to monitor

    We are setting up a page on which you can monitor about all that has been kept and written around here.

    There are for the moment two tools - widgets that you can place on your blog or igoogle or whatever.

    And on the page a set of links and feeds

    the freeware and bookblog will be re-energized shortly

    Meanwhile the whole dashboard is getting new links every day (cleaning house) and there are lots of new feeds that will be added to the bloglines index also

    On the dashboard a great number of applications and widgets have been removed in the hope to limit any difficulties in speed or loading.

    But as you will see, there has already been some great work

    I don't think there are many other resources like that around here (but if you know some more practical tool links that could be of interest, just mail them)