Monday there will be the official announcement of the Belgian CERT something we have fought for since 2004 and got into Belgian law in 2006 and pushed as the highest priority since 2008. I won't work there, for those who have asked. I can now relax a bit and don't have to play freelance CERT without having the resources.
Friday was the first day of Brucon which is organized by a group of good guys and some girls and proves that there is a will to make things happen and to work together. I helped a bit today, but it is mainly their work and they should be proud of their work. It was a good event and there were many people. Tomorrow there is even a party. I won't be there I have family from the US coming over and before they leave to discover more or Europe, I should spend some time with them and my family.
I am already looking forward for Brucon 2010. The minister didn't come and the public annoncement of CERT (or any announcement) didn't happen. His loss. He lost the opportunity to get the historic picture of a minister being applauded by the community for realizing something they have been fighting for for years. His loss. If I angered some people by my hardhanded tactics to try to force the situation, excuse me. I bluffed and I have lost this time.
I am reading this blog now
this is a definitive closing down of the belsec experiment. It has been interesting to say the least.
If you are asking yourself if those sql attacks against the Belgian banks were just an accident or some stupid attacks from kiddies or one of the smartest weapons (together with xss for example) around, you should go to this presentation
Brucon the Belgian place to be for securityminded IT people 18th-19th september
If you are in Belgium the 18th and 19th of september you should go to Brucon.org in Brussels. It is not free but I don't think there is any ITsec happening in Belgium where so many people that are thinking about and working with ITsecurity will be together. Not the commercial stuff, not the salespeople but the real ITsec researchers, testers and 'hackers' (refusing the limits of discussion).
If you are serious about Itsecurity you should be present.
If it is not for the speakers, it is to network.
Belgium is a small country, so if you want to know who is an active ITresearcher and will make name in the future (or already has like some bloggers) you can't miss this event.
http://www.brucon.org (there are still some tickets available, but you shouldn't wait too long)
The last year we had several times to use all our imagination to keep people out of court or to publish information about critical securityproblems with some ITprojects (EID). It was clear that with the very vague Belgian cybercriminalitylaw we were very limited in our possibilities and we had to be sure that we had our back covered before doing anything. An open discussion about ITsecurity is something different as also some University researchers discovered.
The last year we also pushed for some new legislative and policy decisions and some are more or less established (the decision to establish a CERT finally) but some other still need some initiative. It was clear that even if we had some influence from the bloggersworld that we had to move up the ladder to the level were we would be involved in the discussion instead of discussing them afterwards.
My readers also know that after 5 years my family around me asked me to take some hard decisions and put me before some hard choices. The virtual world is beautiful but even if you are all day before your computer, you are alone. And all the rest is one big illusion. So I also decided to use my limited resources in a more effective way.
The only goal of EKZ, mailforlen or Belsec is just to change policy so that the internet becomes more safe for everyone. I am not making many friends with that and the victims of the present situations don't understand very well what is all about, but in the end if our actions lead to a more secure internet and a more responsable attitude and response by those responsable for guarding and securing this and other digital networks, it won't be in vain, how little progress even may be.
So after some discussions the last months, belsec has decided to integrate into an international organisations and to try to get some policy things and some thoughts about ITsecurity directed in a better way. The international organisation is ISOC and the Belgian Chapter will set up a group about esecurity. All details are not really filled in yet and some things may be changed during the course of events, but ISOC belgium has the clear intention of setting ITsecurity on the top of the agenda.
This is normal because you can't have quality or good communication or transactions without security. Security is the beginning and ending of everything that is code. And you are only as secure as the weakest link.
There are many and big plans but it is my intention to begin one step at a time. Also we will try to push for self-regulation and responsability in a first phase. If it seems totally unrealistic, than the government will have to step in. But normally the online Belgian world will have to understand that it is in their best interest to act more responsably and to set up their own strict self regulations and controls and punishment proposals if they want to be the safest place on the world wild west.
For us it is a new beginning. We will do our best not to offend someone or to come out with proposals that won't take the other side under consideration. We will do everything to work with people and organisations or institutions and hope that they will understand that with a bit of good will we can accomplish much.
I have already heard a lot from some people and some initiatives and organisations have already contacted us to work with us. You can still contact us, we are always open for new ideas and initiatives. We will however try to limit double work or to rewrite the bible.
You can find us at http://www.isoc.be
The information on these blogs will not be updated anyhow. It is not yet clear if we will migrate totally to isoc with the rest of the information around here.
For the flemish people, read De standaard tomorrow.
I don't know what will be written, so it will be a surprise.
Thanks and good bye
ps Belsec was a collective and not everything written under the alias is to be attributed to the person that will take part in the ISOC structure in Belgium from now on. He will deny having written himself anything here. Just for legal reasons.