• list of .be sites hacked by Iranian hackers - many still defaced

    some of the hacked .be sites by the Iranian campaign of the last days

    2010/09/30 Iranian DataCoders Security Team M R sadoradesigns.be/datacoders.htm Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M bluewolf.be/datacoders.htm Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M dev4.t-raw.be/datacoders.htm Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M dev5.t-raw.be/datacoders.htm Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M 2011.duchenneheros.be/datacode... Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M thirry.be/datacoders.htm Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M sferato.be/datacoders.htm Win 2003 mirror

    2010/09/30Iranian DataCoders Security Team M R www.emoasbl.be/datacoders.htm Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M trappen-thirry.be/datacoders.htm Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M denisdewitte.be/datacoders.htm Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M desplentere.duotix.be/datacode... Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M new.himreyscreen.be/datacoders... Win 2003 mirror 2010/09/30 Iranian DataCoders Security Team M www.designclinic.be/datacoders... Win 2003 mirror

    2010/09/30 Iranian DataCoders Security Team M shops.designclinic.be/datacode... Win 2003 mirror

    2010/09/27 Iranian DataCoders Security Team   M     www.coupedeclat.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     490.duotix.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     hetenergiehuis.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     nr17.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     www.vetraco.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     fortbvba.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team         sevencootebrugge.be/datacoders... Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     demikke.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     sevencootebrugge.duotix.be/dat... Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     feys-vanacker.be/datacoders.htm Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     www.dc-beroepsmode.be/datacode... Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     helpdesk.yuniit.be/datacoders.htm Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     services.q2c.be/datacoders.htm Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     www.remotepc.be/datacoders.htm Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     www.dcberoepsmode.be/datacoder... Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     test.verspurten.be/datacoders.htm Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     www.boness.be/datacoders.htm Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     park.q2c.be/datacoders.htm Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     www.vanderveren.be/datacoders.htm Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     helpdesk.yunit.be/datacoders.htm Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     rits.yuniit.be/datacoders.htm Win 2003 mirror
    2010/09/26 Iranian DataCoders Security Team   M     rits.yunit.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     vanidesign.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M   vierdamme.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     westhoekvillas.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     maescp.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     maes-cp.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     maesconstructie.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     kastelrutherspatzen.be/datacod... Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     oud.comfortexpress.be/datacode... Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     oud.zabadoo.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     kaparket.be/datacoders.htm Win 2003 mirror
    2010/09/27 Iranian DataCoders Security Team   M     wielrijdersrust-hetdorstigehar... Win 2003 mirror


  • Iranian hackers on the rampage (ALSO IN BELGIUM) vbulletin ?

    they hack linux systems

    they hack windows systems

    they like vbulletin and essentially a registration bypass vulnerability is it patched yet ?

    they hack systems that were already hacked once (once hacked always attacked untill you are hacked again)

    In Google you will find a few thousand sites that are still hacked by them and in zone-h.net you will find a selection


  • this protection after breach of personal information should become law

    after the UK lawagency breach one ISP responded

    "We would like to re-iterate that we have contacted all the affected customers via email. However, if you haven’t received an email from us and you have previously received a letter from ACS Law in relation to Plusnet, then please raise a ticket via our Help Assistant .

    As a result of the incident at ACS Law, Plusnet will be providing all affected customers with an Identity Protection Service, including internet security software, free of charge for the next 12 months. We will contact customers directly regarding this over the coming days."

    It is not enough as in my view the internet security software should be freely incorporated anyhow (because you don't ride without brakes, don't you) and the Identity Protection Service should be permanent as your information will stay available for years to come (by reselling them and combining them with other new information about you over and over again).

  • campaign payback, the found copyrightthreats by email and data retention

    another thing that is interesting from a policy stand of view about the ddos campaign payback against copyrightfirms is that they had by accident (or stupidity) access to a database of emails by a legal firm that threated to sue suspected cyberpirates unless they paid up.

    Aside from the legal consequences for the firm and the possibilities that are are fined by the national UK privacy- commissioner there is a very interesting aspect for the debate about data retention.

    The European commission wants all ISP's and communicationfirms to keep logs of all connections for a period between 6 months and 2 years. Belgium didn't enact this and the discussion about the technicalities and legal problems with this European proposal are still ongoing (and we will need a real government to take a decision).

    This case in the UK has shown that the ISP's transferred the connectioninformation (to a private legal firm without court order) without any protection. The firm kept the information without any protection, even as it had very sensitive personal information that is now published on the internet.

    This means that if you want institutions or providers to keep personal information the protection of the information has to be regulated from creation to destruction with enough independent auditchecks built within.

    Otherwise we will be building a privacymonster of Loch Ness that now and than will pop up because somewhere some database or network has been hacked or just brought down by a louzy stupid DDOS.

  • operation payback - why DDOS attacks (and cyberwar) can be a boomerang

    The terms cyberwar and cyberoffensive have been popping up the military strategy thinking as of late. They only forget one thing. The internet makes it easy to thwart such attacks and it is easy to turn the tables on your attackers.

    The mediafirms thought they were clever by paying some Indian firm to put out torrentsites with an DDOS attack - effectively overloading them.  As the firm did illegal things the legal way they were found out and admitted it. So what started as a smart 'gimmick' turned into a massive catastrophy. Never understood why they just didn't buy some computers and install some DDOS software and activated those around the world. Or why not every artist just installed some software that would go every minute to an updated list of the most active torrentsites. If every artist did this around the world...... It would even not be DDOS (as jews are using it against jihadi websites and russian and chinese nationalists against other websites). It shows that those firms are not that 'cybersmart'.

    After that it didn't take long for the community (of which the most daring are to be found at 4chan.org) to organize the payback campaign and do an DDOS on the copyrightorganisations and their lawyers themselves. By accident (or stupidity by the agency) this also gave them access to a database of hundreds of mails about legal threats against suspected copyrightinfringement in the UK.

    It proofs the main argument about cyberwar. If you do it openly - because you have decided according to official strategy and procedure that country X was attacking your critical infrastructure through the networks - you can easily be discovered and be attacked yourself. If you do it covertly the attacked will be responding to the wrong parties (and infrastructure). You never know on forehand if you attack the right target and create a more complicated situation (or was being provoked in cyberwar by a third party). If you do it undercover and through illegal operations (hiring Russian Botnetherders for example) you can be sued by the national courts and will have to answer to a lot of investigators and judges. With cyberwar you can never win.

    The question is not cyberwar but cyberinsecurity. In military terms there is no security, infrastructure, commando and strategy in the cyberfield. Because if there was, than why is report after report year after year tellling us that even the most critical military cyberinfrastructure is not secure enough ? Slowly things are starting to go the right way but it all stays too much on the level of documents, conferences, declarations and big stuff. The real hard stuff is not following fast enough and that are the soldiers, the strategy, the clear lines of commando and communications and reconaissance.

    In flemish they say : do not start throwing stones at your neighbor if you live in a house made of glass

  • 5 lessons for the security-officer from the ongoing anticopyright campaign

    1. There is and will be a lot of DDOS activity around against the websites of those firms and all those consulting them. Infrastructure leading to those websites or webservices (copyright organisations and big mediafirms) are prime targets. Anyone using the same infrastructure will be hit also or feel some effects.

    2. The importance of protecting personal information is shown another time as a 450 MB database is published with all the details and information from people that are contacted by law firms because they alledge that they are downloading or distributing material without paying copyrights. Those claims have no other basis than the information in the letters.

    The fact is that after the defenses and the applications on the server were downed by the DDOS attack, the FILES on the server were easily downloadable by the attackers (interesting technique that makes DDOS very usuable again in targeted attacks). This means that the files were on the same server as the application server.

    3. The fact of the matter is that this personal information was not sent encrypted by the ISP's to the law firm and was not stored encrypted by the tech law firm itself (of all people....). Some will say that it are mailboxes and their backups but mail can be easily encrypted.

    4. The importance of regulation is the possibility to impose fines and other penalties when those obligations are clearly not met. The British Tech law firm can be fined up to 500.000 pounds by the British Privacy Officer. Europe wants such a law across Europe, Belgium doesn't have one.

    5. The law firm can also be sued by the different peopel in the database who have now their names and reputations smeared all over the internet (and for the rest of their lives) because of this. Also there are some personal information details available (full addresses and creditinformation) that can be used by fraudsters and thiefs. The reputation damages alone can cost the firm enormously.


    It was clear from the number of attacks that an out-of-band patch was coming our way because the attacks were too simple and the defenses and workarounds too difficult.

    From the Internet Storm center

    Microsoft is going to release an Out-of-Band Security bulletin tomorrow, 28 September 2010, which will address a security vulnerability in ASP.Net affecting all current versions of Windows.






    Be sure that every windows servers (also the internal servers) install this patch. You never know when an internal server will become external or someone external has a connection or an infiltration or infection has internal consequences (black rabbit hopping around on the network)

  • You are responsable for your VOIP/PBX infrastructure and the fraud on it

    Most networks forget about their PBX of VOIP infrastructure and don't secure it, monitor it or test its security. They just think that as it is just a phonesystem you can't do anything with it - and even more if you have limited your security to blocking international calls (which is a start but not security an sich).

    So what will happen if your phonesystem is hacked and abused to make international phone calls

    Your telecom-internetprovider will say that it is up to you to secure your infrastructure and if you don't have any security-monitorcontract with them they are not responsable. These bills can be tens of thousands of euro's in a few weeks time. Your non-investment in security and monitoring has been lost. (and VOIP/PBX attacks are becoming general, permanent and international)

    What will happen if your phonesystem is hacked and abused to do vishing calls

    The bank-victim will have to register an official compliant and the local cyberpolice will visit you. If you have no backups or logs they will take down the machine to find any logs or other information that they can use. Imagine your network or enterprise without a fixed phoneservice. "The phones are down because of an investigation by the police". In the worst case the bank-victim will sue you also for lack of security and monitoring and you may have to pay part of the lost money. 

    If you had forgotten about the phones or the security of your phonesystems, you should think again very hard.

  • VOIP abuse directly linked to VISHING (a phone call from your bank)

    We have already heared about some successfull VISHING attacks in which a caller asked for bankinformation. As people get accustomed to service by phone (changing subscriptions, pay plans and so on) nobody thinks that a fraud will call and tell you that they are from a support center for a bank and that your account has been hacked (didn't you read that somewhere in the newspaper?)

    From the analysis from the VOIP honeypot it is clear that the messages VOIP hackers use to test the accessability of their numbers through the VOIP honeypot that they think is a hacked Asterix VOIP server are mostly 'hello this is your bank'.... He says that the numbers they try to call over and over again are under their control and that they are in fact seeing if a call comes through (the VOIP honeypot) or not. When they see that the call was in fact dropped they try again and again and again... for the same number.

    The researcher doesn't make the link but the frauders are in fact looking for a series of Asterix VOIP servers to hide. And probably they will use the number and hacked asterix server in the other direction. The phone number at their own asterix voip server will call hacked asterix voip server 1 who will call hacked asterix voip server 2 and maybe 3 and 4 untill the final server of their loop will call a list of numbers to contact with a recorded message or a real person phishing.

    Vishing with recorded message : this is an automatic alert from your bank. Your bank account has been compromised and has been debited by more than 5000 $. The bank wants to take immediate action but wants to be sure that it is talking to the right owners of the account. Our information shows that the person who owns this account has this telephone number. To be sure that this is the case please use your phone to send us your login and your password. Please start with your login for your online bankaccount......  and so on

    Vishing with fraudulent support desk help (real persons who say more or less the same).

    This can be made more professional with fake websites or a call-back (through the same circle but you would need phonenumbers in the same country) or even fake letters or faxes.

    It is clear that the fraudbusiness is setting up its infrastructure bit by bit and that it may be very amateuristic in the beginning but that this will all be a learning process.

    For banks who want to do phonebanking by mobile...... this will be fun once the mobiles get internetconnected. Fake email, fake website, fake VOIP message, fake SMS - real money lost (but who will be responsable ?)


  • VOIP abuse : increasing webattacks and one way to stop them (and how to help)

    If you look once in a while at the firewall of your network (and I hope that the access to your PBX or VOIPserver is BEHIND that firewall and limits incoming calls) you will see that there is daily a continuous stream of SIP attacks (filter logs on protocol). This are attacks that try to call in (if you didn't put strong passwords on administrative or modemlines) and redirect calls or start them. Before those hackers needed to hack or own a phone PBX themselves or they needed to own a phoneshop, now a simple good PC of 800$ and some opensource asterix server is already a good start. With a few thousands bucks more they are in full international business. (If you ask yourself why your cheap phonecard with a strange name doesn't work anymore, ask the hacked phoneserver of the business how much money they have lost....).

    For some other institutions and businesses it is also a matter of intelligence and protection as one can also hack into a system to listen to the messages or to find the numbers that were phoned or connected to a number. It would be interesting to listen to the messages and to have the phone numbers of the salesperson of your competitor, wouldn't it ? And if you could do it from Russia or Moldavia from a 'stonewalled' ecrime hostingplatform in which every name and address is fake and no one will sue you for anything, what is the risk ?

    The cheapest trick : limit international calls and watch at least every week the number of international calls, any big upswing is a strong indication of a potential problem. Ask your telecomprovider to block outgoing calls to certain countries where you have no business or alert immediately the securitydesk when the international access reaches a certain amount for vestigation.

    Now you are convinced (and if you already didn't activate the necessary firewalls, controls and monitoring and intrustion tests you will have to budget it for next year - except if you like to gamble and take unnecessary risks).

    Have a look at this project that tries to set up listings of VOIP attacking servers and networks.Off course this is only one honeypot/project and other honeypots should dump their SIP data here - or redirect it to here. It is a very international and lucrative (illegal) business - surely in these hard economic times.

    He has two scripts to help you

     a script to block out all non-ARIN addresses called AntiToll.

    a IPF/IPTables/PF based script for Asterisk PBX's

    He also has specific blacklists

    Addresses: These are the IP addresses of bruteforcing hosts

    Netblocks: These are the netblocks of attacking hosts

    Numbers Called: These are the numbers called by attackers from my honeypots and which are under their control. It are the testnumbers. (list with latest number at the end of the list)
    and you can help with this by sending in your own information (please do)
    * Information on how to submit data to this site
    * PGP Key for those willing to send in logfiles of attacks
  • Iran nuclear center not hit with stuxnet - and no cyberwar either

    except if you take this 'objective' analysis as truth or newsworthy

    "An electronic war has been launched against Iran", Mahmoud Liayi, head of the information technology council at the ministry of industries, told the state-run Iran Daily newspaper.

    Okay if every country that has 30.000 computers infected with a virus would attack the country where it comes from some countries would have more bombers above its cities than it has civil airplanes.

    and it is hardly surprising that in that context some people who work at nuclear facilities could have become the victim of this worm

    well, it is surprising that they could bring infected hardware back to the network and that the personal hardware they were using was not totally closed down

    so it is surprising that the security of one of the most controversial nuclear installations has so many enormous gaps in its cybersecurity.

    that is more worrying than the stuxnet

    but it is easier to blame someone else than to be hold accountable....

  • DNS .be starts controlling new domainnames before activating them

    There is a new leadership around at DNS.Be and maybe our battering on security had some effects but the new head of DNS.Be says that every day they go manually over all the new registered .be domainnames and throw out these that are malicious or need more investigation.

    According to the chief of DNS.Be they have already thrown out a whole bunch of domainnames.

    It doesn't have to be a manual operation although, but that there is at least some controls and checks is already a good step in the right directio. The advantage is that after a while you will be so accostumed to the flow of registrations that you will develop a knowledge and a gutfeeling that will become your maintool for doing this job is an ever diminishing timeframe. 

    the second step should be to set up a warning and information exchange system between dns.be and other domainextension operators so that registrations that were flagged or blocked or stopped in one domainzone are also blocked in another if it has the same characteristics.

    and after a while you will have a secret database with the historic information about the registrations of all these malicious domainnames (thousands every day).

    Even if it doesn't stop the cybercriminals we shouldn't make it too easy either

    and the next step would be that domainnames or registrars that have been flagged can't use anonymization services for the dns or whois anymore.

    The report that has shown that .be was the fifth biggest victim of fastflux domainname registrations had some effect.

  • the bullshit campaign about stuxnet and Iran (closing remarks)

    Next to Iran it is India that has been hard hit among the 60.000 industrial installations that have seen stuxnet arriving in or at their networks.

    India had hundreds of installations according to security researchers that were touched or infected by Stuxnet.

    So, should India now bomb Pakistan because it is surely a state-sponsered virus and as a state-sponsered virus it is sure to be targeting India because why would it otherwise infect 600 Indian industrial installations and not so many in other countries. By the way, the Pakistanese are in a covert-intelligence-proxywar-cyberhacking campaign with the Indian state, so it is normal that it would be them.

    see how ridiculuous the articles and arguments are about stuxnet and Iran

    first research and proof, than declarations and accusations

    otherwise you are playing with fire in a haystack

    without proof

    if you want to be a professional, than act as a professional and shut up untill you have the evidence and if you can't do that, watch TV and eat some chips

    and journalists should know that it can take some time before there is enough evidence to put a real report together and truying to get declarations of people who are doing some part of the research is not a good journalistic practice

    it makes much sensation but it doesn't advance things and it sets the credibility of all the securityresearchers on the line

    imagine that it was a bright kid who only brought several things together in a new context but who found that his proof of concept was out in the wild and out of control

    if this is the case he won't come forward because he would risk life in prison and I don't think anybody will come forward anytime

  • published full arrest Lernaut and Hauspie (1800 pages)

    The judge didn't want to read the full 1800 pages aloud - which he should have done if he would have followed those ever older and more stupid getting judicial rules and said the full arrest would be published online

    It has been published online and we have re-published it at http://ebooks.skynetblogs.be/archive/2010/09/24/arrest-lernaut-and-hauspie-dutc.html


  • the Iran-Stuxnet dangerous saleshype that could lead to warmongering

    Let us be clear.

    If one tells that a specific country is responsable for a cyberattack on critical infrastructure than one has to get really hard proof because otherwise your selfpromotion could lead to international incidents that eventually could help the dispute getting out of hand and eventually to war

    If one listens to the military strategists about cyberwar than they tell more or less that such a specific attack against such an important infrastructure (and if it is that important how come it is not isolated and protected as it should ?) could be interpreted as an act of war. This doesn't give them the right to begin sending rockets on Europe or the US but they could for example break off diplomatic relations or taking other steps that are more or less gradual.

    Telling the warmongers in Iran - and eventually the warmongers at the other side who want an preventive attack before the Irans attack - that the US and Israel have attacked Iran already with a specific worm that is targeted for Iran is saying exactly what they want to hear and conforting their position in the very difficult internal discussions that are being held at this very moment in Iran and the VS. If you have read a few books about wars and how the different decisions were taken, you shouldn't be surprised that it is a very moving situation and that any information - false or right - could tip the balance in one way or another.

    I understand that in a media-environment where securityfirms are chasing botnets and viruses to be the first to show them to the press and to have a massive number of headlines and links in the present instant permanent news environment, just to keep their name or their business in the memory of the users, clients and journalists.

    The matter of the fact is that stuxnet has been discovered in Belorussia in a powerfactory and that since than it has been distributed all over the world (by itself or with help). The virus has hit energy installations all over the world - who were more or less prepared (the fact that the Iranians were supposedly hard hit means they weren't prepared for a cyberattack - from a country or one of the hundreds or thousands of people who are (un)willingly launching those attacks). There is no proof that the virus can be attributed to anyone in specific as far as we know.

    The matter of the fact is that no country would launch an attack with a code that would infect its own installations. This virus has no specific controls that limits its effect to any country or language in particular. It is in fact written for Siemens who was so stupid to hardencode its passwords to its SCADA (controlsoftware for industrial processes, of which energy installations) and  says to its operators that they can't change the password because otherwise the software risks to stop working.Someone should SUE Siemens for that. Siemens should loose its security certifications for that and without security certifications you can't sell your products to the critical infrastructure or the security industry.

    this should be the discussion

    secure the scada environment - and forget about smart metering and making it internetenabled....

    and that some specialists are saying that the code is too complex for a hacker, they haven't seen the .dll attack schema's and other botnet code yet. Yes this is very complex, but just as the .dll attack code it has been written from a totally different set of mind, a totally different way of thinking and coding

    there is no virus anymore - there is a set of code that will be inserted into the program and will manipulate the program - the attackcode is in the program

    try to beat that one....

    that that seems enormously difficult for some I can understand, but it is really simple. You don't make a virus, you look at the program and how to insert code and let in live in the program itself without changing too much at the program or code so nobody sees it. Once you are in that set of mind, it is not difficult.

    it is time that the security-industry also changes its mindset because otherwise they won't be ready


  • U2 in Brussels : 250 duped false ticketholders

    U2 came to Brussels and as it was their main concert in the low European countries, the 140.000 tickets were very fast sold out.

    so people started looking on the internet to buy tickets anyway

    some had real tickets but paid an enormous premium on them (240 instead of 35 Euro's)

    others had fake tickets and couldn't get to the concert

    some of those faketickets were borderline because somewhere in the small letters of the contract of sale was said that it were not real tickets but rememberancetickets specially developed to remember the passing of the group without giving you the right to enter

    some of these websites even have names with U2tickets and so on

    only buy tickets from real ticketagencies

    and if there are none, there are none and buy the DVD

    tickets out there 'on the virtual world' are just that in most cases, 'virtual'

  • 200 Belgians so far were stolen their social networks profiles

    According to De Morgen around 200 Belgians so far were stolen their social networkprofiles this year and filed an complaint with the FCCU.

    well, they not only lost their social networkprofiles but also the passwords they have used and so also the access to all the other sites they were using the same or similar passwords for

    if you lose your password or profile for one thing, you will have to change all the passwords on any site where you have used the same passwords or profiles

    because those profiles are also used to access other accounts

  • Cert Belgium develops with other certs an open source abusehelper platform

    For the moment we have to use the phone or mail to communicate with the CERT

    and thousands of incidents were already treated by them

    meanwhile they are developing with other CERTS an open source tool that would automate and standardize this a bit because it is always important to have as much correct information as possible

    The first presentation of this tool will be at BRUCON (but if you mean something in the securityworld in Belgium, you already had your ticket didn't - I don't but that is because I have family coming over from Chile that are making 'the one trip of their lifetime')

    This is the presentation

    AbuseHelper is an open-source project initiated by CERT.FI (Finland) and CERT.EE (Estonia) with
    ClarifiedNetworks to automatically process incidents notifications.  This tool is being developped
    for CERTs and ISP's to help them in their daily job of following and treating a wide range of
    high-volume information sources.  CERT.be is part of the project for testing it for their proper
    use, contributing code to the community and promoting collaboration amongst other CERT's. It is
    interesting to note that the framework can also be used for automatically processing (standardised)
    information from a wide range of sources.

    The aim of this workshop is to explain how to deploy a basic installation and show how to extend the
    framework with new agents.  The workshop will be divided in 3 parts:

    1.a small introduction on AbuseHelper and why/to whom it could be useful;
    2.a hands-on session on the AbuseHelper installation;
    3.a hands-on on coding session for AbuseHelper.

    More on the BruCON site:


  • insecure mobile banking is coming to Belgium

    Parisbas Fortis says it will start

    soon others will follow

    to what

    a mobile they will send logins to over an unencrypted SMS channel that will be kept on the mobile ?

    smartphones with internet and no protection

    no securitydesks, procedures, awareness or whatever


    time to bring on the real stuff, here is money going to be made

    by the bad guys


    ps I have already found by accident a WAP accesspage for a bank with a script injected in

    so even that is possible

    or a combination of vishing and phishing and smishing (SMS)


    First the security than the service - you can't go on the road with a car without brakes, can't you ?

  • Lernaut and Hauspie : the joke still goes on

    Yesterday there were some decisions in the trial of Lernaut and Hauspie. Lernaut and Hauspie were the advisors of the 'king' (theindividual investor) who had everything and they convinced him (and the media and all the politicians) that they have made the technology that would become the babel of all computing, translating any text or speech in any language to any language in speech or text. The king believed this and invested a lot of money. He was very pleased when politicians and CEO's of around the world came to have a look at the new toy (even God Bill Gates went and put in some money because you never know what will come of it). The language valley somewhere deep in Flanders would become the new Silicon Valley and thousands of investors were afraid not to become as rich as the people who invested in Google or Yahoo in the beginning and did so without asking too much questions. THe banks didn't ask too much questions either because if a simple searchengine could be worth a billion, why not such technology ? The Belgian media just followed all the announcements and great events that the firm was sending them, to be sure that they could sustain the feeding frenzy of spending the money of investors. The auditfirm KPMG did some controls but nobody really went to the bottom of it. The king was naked but the didn't know and nobody wanted to tell him and noboby wanted to know. Because what if it would become the biggest Flemish technology adventure of the 20th century and Time would call them 'People' of the year and they would be able to pull it off ? Would you like to be the person that would say that it was all crap and make-believe ?

    Well someone in a business journal for investors took the time to control all the numbers they had to publish when they took over an US firm and were also present on the US stockmarket. THe disadvantage of the US stockmarket is that you have to publish so much information that you have enough leads to start your research with. He did so and found out that a bunch of contracts were just frauds. It was even beginning to look more and more like a ponzi scheme. The left hand was buying from the right hand but the people around it were not noticing it.

    At first it was a national scandal and it was all a complot by intelligence agencies and economic competitors who wanted to own or break the new software. They thought they were still masters of the game but the game was over. There was  no 'babel', there was no 'supersoftware' and there was no world waiting to buy such a software anywhere anytime anyplace. According to tests a British computerjournal said it didn't work in England because the different regional dialects were not understood. But in the land of the king nobody paid attention. The software doesn't work as promised because if it would be so close to perfection the firm that bought it would have introducted it worldwide anywhere anyplace anytime. It has some limited capabilities but that is it.

    So now the bank goes free. KPMG the audit firm goes free (but its auditor with the firm is convicted) and the Lernaut and Hauspie (who say they are broke). The lawyers go free because of a 'legal technicality' and the thousands of investors are left with nothing but lost money and debt. The media and the politicians who gave and sustained the credibility of the firm untill the evidence was so overwhelming (and even than and some even now) were not on trial - and didn't do any soulsearching either these days.

    I always remember Lernaut and Hauspie because of this telephone conversation with a friend who invested money in it

    "Len, you know something about technology, what do you think about Lernaut and Hauspie"

    " sell, it is crap"


    "it doesn't work in England with the different dialects, so it won't work. They are selling dreams not finished products"

    next day

    "Len, talked to my banker and he said that it will blow over, that this stock has all the capabilities of becoming big again"

    "if it was my money I would sell now and have at least something left"

    banker convinced him to keep on to the stock

    meanwhile it is now clear that the same bank was selling its LSH stock as fast as possible


    and so the problem gets back to the fundamentals of business which is trust. Who can you trust if bankers are giving enormous loans without controlling the efficiency of it (in contrast to my difficulty in getting a small loan) ? Who can you trust if audit firms are being fooled as if they were firstgrade students because if a journalist can find the loophole and the scam, why doesn't a big international professional auditfirm with years of experience find it or prohibit it before it started ? And if the press isn't doing her job of independent watchdog and investigator where will you find the independent news that you can use to take intelligent decisions ? The fact that they are acquited or even not mentioned makes this even worse. If bankers and auditors can't be sued or convicted for not doing their job in an enormous case like this, what can you do in smaller cases ?

    We can only hope that now official reglementations will clarify the obligations of the auditors and the banks and should oblige them to publish also negative reports and assessments and to search information in every corner of the bank and under every desk to be sure that they have all the information that is needed to come as close to the truth as possible. The Fortis debacle learned us that since Lernaut and Hauspie nothing much has changed.

    The problem is that if there is no trust there is no trade and without trade there is no finance or economy and we come to a standstill or crash (as we nearly did two years ago)