• the windows patches this month go after zeusbot/stuxnet - defend yourself

     So if you install them, the main securityproblems Zeus/stuxnet are using to infect computers are being closed

    for networks it means that you can bring your network up to a next level. It is not just a patch you are installing, you are installing a defense against a high volume botnet (zeus) and a targeted attack botnet (stuxnet).

    this means that you will have to control the level of installments and investigate why some of your computers didn't install them.

    as you see there are no big problems with them - so you could suppose that they can be installed automatically

    another tip : it is a good policy for a network to install these patches on their main infrastructure (servers) on the same day every month (for example every second friday for example) so the  rest of the users knows that this will be the maintenance time and they can organize other things (meetings for example). Another advantage is that other work on the servers could be done at the same time so instead of two moments of interruption you can only have one.

    # Affected Contra Indications Known Exploits Microsoft rating ISC rating(*)
    clients servers
    MS10-071 Cumulative Security Update for Internet Explorer (Replaces MS10-053 )
    Internet Explorer
    KB 2360131 CVE-2010-3325 and CVE-2010-3324 have been disclosed publicly. Severity:Critical
    Exploitability: ?,3,3,3,1,?,1,3,1
    Critical Important
    MS10-072 Vulnerabilities in SafeHTML (Replaces MS10-039 )
    Internet Explorer
    KB 2412048 CVE-2010-3324 has been disclosed publicly. Severity:Important
    Exploitability: 3,3
    Less urgent Important
    MS10-073 Vulnerabilities in Windows Kernel-Mode Drivers (Replaces MS10-048 )
    Kernel Mode Drivers
    KB 981957 CVE-2010-2743 has been disclosed publicly and is currently being exploited in the Internet ecosystem. CVE-2010-2544 and CVE-2010-2749 have also been disclosed publicly. Severity:Important
    Exploitability: 3,1,1
    Important Important
    MS10-074 Vulnerability in Microsoft Foundation Classes (Replaces MS07-012 )
    Foundation Classes
    KB 2387149 No known exploits. Severity:Moderate
    Exploitability: ?
    Important Important
    MS10-075 Vulnerability Media Player Network Sharing Service
    Media Player Network Sharing Service
    KB 2281679 no known exploits. Severity:Critical
    Exploitability: 1
    Critical Important
    MS10-076 Vulnerability in the Embedded OpenType Font Engine
    OpenType Font Engine
    KB 982132 No known exploits. Severity:Critical
    Exploitability: 1
    Critical Important
    MS10-077 Vulnerability in .NET Framework Could Allow Remote Code Execution
    .NET Framework
    KB 2160841 No known exploits. Severity:Critical
    Exploitability: 1
    Critical PATCH NOW!
    MS10-078 Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (Replaces MS10-037 )
    OpenType Font (OTF)
    KB 2279986 No known exploits. Severity:Important
    Exploitability: 1,1
    Critical Important
    MS10-079 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (Replaces MS09-068 MS10-056 )

    Microsoft Word

    KB 2293194 No known exploits. Severity:Important
    Exploitability: 1,1
    Critical Important
    MS10-080 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Replaces MS10-038 MS10-057 )
    KB 2293211 No known exploits. Severity:Important
    Exploitability: 1,1,1,1,1,1
    Important Important
    MS10-081 Comctl32 Heap Overflow Vulnerability
    KB 2296011 No known exploits. Severity:Important
    Exploitability: 1
    Critical Important
    MS10-082 Vulnerability in Windows Media Player Could Allow Remote Code Execution (Replaces MS10-027 )
    Microsoft Windows
    KB 2378111 No known exploits. Severity:Important
    Exploitability: 1
    PATCH NOW! Critical
    MS10-083 Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution
    Internet Explorer
    KB 2405882 No known exploits. Severity:Important
    Exploitability: 1
    PATCH NOW! Critical
    MS10-084 Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (Replaces MS10-066 )
    Microsoft Windows
    KB 2360937 This vulnerability has been disclosed publicly. Severity:Important
    Exploitability: 1
    Critical Important
    MS10-085 Vulnerability in SChannel Could Allow Denial of Service (Replaces MS10-049 )
    Microsoft Windows, IIS
    KB 2183461 No known exploits. Severity:Important
    Exploitability: 3
    Important Important
    MS10-086 Vulnerability in Windows Shared Cluster Disks Could Allow Tampering
    Microsoft Windows KB 2294255 No known exploits. Severity:Moderate
    Exploitability: ?
    Important Important
    We will update issues on this page for about a week or so as they evolve.


  • SMS spam on proximus and no security around

    so someone found the GSM number of one of my family members who didn't know what to do with it

    * she didn't ask for it

    * she didn't fill in her GSM in some of the online 'phishy' games

    * it was in english

    * telling her that she won a British lottery



    where do we send it to block this spam ?

    nobody at proximus.be because there is no security and fraud department on the frontpage

    you have to find it out yourself

    this is the stupid apple filosophy - hide insecurity and don't tell anyone

    I like the microsoft filosophy -  insecurity is all around us - tell us and we will try to solve it

    but the mobile companies still think that it won't happen to them


    and even if there is no security-awareness and no security-alerts on promixus or any other mobile operator (even if mobile phones are being used for banking and paying and authentification) there is even no mention of any phonenumber you can send the SMS to. A general fraud and spamfunction on the phones for example.

    If the phone companies say that they are blocking the numbers that are being used so that there is no problem for their users than they have to use the cooperation of their users-community to receive those sms-phonemails as fast as possible to be able to block them as fast as possible (in phishing the rule is that a phisher makes his money in the first four hours so time is really money).

    and even that is reactive security which is a very old security concept in the online securityworld that has been abandoned since long as a standalone concept (except for Apple but they don't care a bit about security for now).

    what the mobile operators need to do is to

    * use "honeyphones" that will respond to those games and frauds and will be the first to receive new ones (active intelligence)

    * cooperate in realtime with other phone-operators and exchange mobile and malware information and don't make the same mistake as the webworld where each company or network has developed its own description and naming system. Keep it simple. Start with the phone number used to send it, the other phone numbers involved and than a choice among a list of definitions (spam, malware, texting subscription, stealing logons, .......)

    * filter incoming calls and text and mail-webtraffic on malicious code and those telephone numbers

    * scan the mobile webpages for malware and scripts and block them if necessary

    * give users mobile securitysoftware

    * give them a simple 'forward to our fraud or security department' option

    * have a clear frontpage announced securitywebsite with announcements, help pages and alerts and solutions


    don't complain that you didn't know (you won't if you didn't read this blog :))


  • IRC server at blueline.be used for traditional botnet hosting and attacks

    Strange but true, there are still many IRC based botnets around and they still find victims and they still make money.

    Belgacom decided a few years ago to block the main IRC ports (now ported to http) after a series of attacks

    But it is clear that not all the ISP's in Belgium have taken the same decision yet, although there is no reason to let those IRC ports open as IRC traffic can now be tunneled through port 80.

    The advantage with closing this port is that you disable access for all those 'old' IRC based botnets. Because as they have fewer possibilities because more networks are closing IRC ports they will have to concentrate on the hosts or networks that still offer this service (at their own destruction).

    The firm is a backup firm .....


    and more here

    the other servers in this network are also interesting because

    it shows that as long as trademarks like yahoo can be used by anyone in a domainname leads to confusion and malware

    phonewire and phonelogin are two subdomains that are used

    when found one vulnerable domain they install several hosts they control

    • zwnoo1.3322.org
    • cx10man.weedns.com
    • fx010413.whyI.org
    • gynoman.weedns.com
    • c010x1.co.cc
    • commgr.co.cc
    • g.0x20.biz
    • telephone.dd.blueline.be
    • phonewire.dd.blueline.be
    • phonelogin.dd.blueline.be
    • ufospace.etowns.net
    • theforums.bbsindex.com
    • phonewire.dnip.net
    • phonelogin.dnip.net
    • koopa.dnip.net
    • whitehack.eicp.net
    • yahoo.com.cn
  • SIPvicious VOIP attacks a constant plaque according to Arbor Networks

    We have been writing about the continuous attacks against VOIP installations - and the possible links to be recherched with the VOIP DDOS attacks - around the world.

    When looking a bit further at the numbers of the SIP attacks that are monitored/discovered by Arbor Networks there are a few things that become clear

    the highest number of attacks come from the US, Brazil, Portugal and Czech Republic but in the present world of virtualisation and outsourcing and cloudmania this isn't not really important because for example the problem with one hoster in Brazil is with one domain with VOIPservice that in fact belongs to someone in Eastern Europe.

    Are you monitoring your VOIP yet ?



  • arbor networks atlas : fastflux networks fleeing China to Russia and .com and .net domain

    Arbor networks publishes for its clients and contacts since long a list of the most active domainnames that are used in fastflxu domains. I observe the list since a few years after having discovered the abuse of the .be domain by fastflux domains (that was mentioned in the report published).

    It is clear that since the Chinese government has closed the access to the .cn domain unless there was clear personal identification and responsability (and not only a virtual one) the malware and botnetmasters are obliged to migrate their new operations to other domains. This is very clear in this listing. Several months ago you would find at least a third of that list being domains in the .cn zone (and .ru).

    While the russian company responsable for the .ru domain has announced that it also will enforce new identification rules for new domains, this doesn't seem to have had much success yet - based upon the listing.

    It is also clear from the listing that just as .be as re-introduced manual and other malwarelinked controls in its new domain salesprocess other domains are probably also maintaining a strict monitoring. The number of regional domainzones that are being abused for fastflux operations is minimal based on the listings.

    The biggest problem now is for the organisations that are responsable for the international generic domains like .com and .net. It is clear that for the malware business this is their surest bet and their best investment for the moment. This is also normal as it is very easy for a networkadministrator with no business in Russia to block the .ru domain totally but impossible to do this for the .com and .net domains.

    The cleanup operation of the .com and .net and other international generic domains is enormous and will demand a lot of manpower and financial investment but at the other side wouldn't it be possible to demand a few dollars a year more for a generic domainname so that you can guarantee to the real businesses and organisations around the world that the phishers, scammers, spammers and crooks will be stopped sometimes from buying a domainname in their zone and surely from keeping it active too long.

    This could be done by integrating the different database from the different companies and calculating a 'riskfactor' to each domainname. If a certain domainname is registered by a known shell or malware connection and has a high riskfactor according to for example 10 database out of 14 than there is a reason to investigate and at least put it 'on hold.

    There is nothing virtual about it. If in the real world you set up shell companies and identities to defraud and you are found out, than these names and organisations are blocked and disbanded. Point final.

    And as there is no central authority to do that, it is up for each organisation that is responsable for its domaizone if they want to keep it safe and trustworthy or if they are just a 'scammer and spammerzone'.

    I always compare the situation on the internet with the Middle Ages. When you are behind the walls of the Castle you have a certain form of protection. Once you leave the castle you are alone out in the open and nobody can be sure what will or can happen to you. You may be lucky or not. To keep the castles (and the villages in and around it) safe the masters of the castle have to organize an army, a police force and a court.  As long as the people are safe and have a relative form of privacy and freedom and enjoyment, they will be happy. They won't be if the insecurity from the outside world installed itself behind the walls.

    Nobody will honestly complain if the organizers of a domainzone will take new necessary measures to keep the malware operators out or throw them out. For small domainzones this is just a question of survival, for the big international generic domainzones it is their civic online duty that should have been part of their contract.

  • Opel Antwerpen finally closed definitely

    I said so when it was announced

    it was clearly the intention to close it and it would be closed

    all the rest was PR, time-buying and grandstanding

    'Flanders will be saved by innovation' our politicians say

    but who is responsable for innovation policy ?  Flanders

    just as a reminder that some of the biggest innovation companies (Google, Microsoft, some pharmaceuticals) have installed their base in Wallonia recently.

    and some of our brighest minds are leaving the region looking for more understanding, support and funding

  • belgium and financial risk : the never ending negotiations about a government

    We are in negotiations about a stable government since 2007 and since than we have seen everything and every trick out of the hat of our king and his amazing cercle of intelligent advisors (otherwise we would have been deadlocked since long). THis is one chess player (the institutions).

    At the other side of the chess table is De Wever who incorporates by himself the party that is for the moment the biggest of Flanders (and demographically of Belgium). He grew as a partner of one of the traditional parties (christen-democrats) who needed at the time a few percentages to take the majority of the liberal-social democrat alliance. Leterme succeeded but to form a government in 2007 he needed a compromise with the french speaking parties. As for these democratic but 'at heart independentist' movements becoming part of the NVA of De Wever no agreement will go far enough, the partnership broke and NVA went into opposition.

    De Wever found and filled the gaping political gap between the extremist Vlaams Belang that was losing credibility after 20 years in populist opposition ( lesson Wilders learned in Holland - you can't stay in opposition for the rest of your political life, you need power and influence) and the CD&V that in the enormously fast modernizing flemish culture and habitat was losing its old christian traditional no-troublemakers appeal. In fact he synthesized a clear language with popular traditional rightwing but smoothed over with social accents proposals and because liberals and social-democrats are still - after so many years of congresses and papers and blablabla - searching for their soul he became the central figure of the campaign and won the election. The liberal rightwing populist De Decker paid the big prize for a personalised but very hard mediaconcentrated 'every power is corrupted' campaign while he was having the biggest internal problems with himself and his party.

    So he won and at the other end of the language frontier the clear winner was the socialist party who were in the government but never lost their opposition language and policies (playing to win on both ends). The president of the PS clearly wanted to become the first french-speaking prime minister and was ready to pay a big prize for that (proposing the biggest reform of the state since the first one in the 1960's) but in the end De Wever rejected the proposals after playing a game he already played before. Never say yes, never say no and stay always at the sidelines.

    It will be clear that now he will have to play the central role in a new game and you can't be sure that any of his partners in these negotiations are willing to make it easy for him. You can't burn and trash the biggest hope of your biggest opponent and find him as a cooperating friend afterward. Politics is personal and the way bulldozer De Wever is making enemies - even if he says he doesn't care - doesn't make it easy for him. Even if he gets the liberals in the game, he is still confronted with two additional problems. He will have succeeded in throwing out the greens but the french liberals have aside from their internal divisions and powerstruggle a big problem with their french nationalist FDF who may have lost most of its influence if the agreement about BHV (french speaking people in flanders may now vote for FDF in the Brussels region) would have gone through. The electoral difference between the liberal PRL and the PS in the Brussels Region could also change in favor of the PS with as a result that the PRL would nowhere be the first party (possible leading to an even bigger revolt inside the PRL). The flemish liberals OpenVLD have a new young willing president who brought down the government and even for some time the city council of the biggest city of flanders. This kind of tactic in which one pulls immediately the plug if one doesn't agree and doesn't want to negotiate anymore was unseen untill now.

    One can't foresee the stability of a government based upon the majority or the partners of the majority. Sometimes governments that are doomed to fail just continue to hold on and governments with large majorities can't get their act together.

    It will be difficult for the following reason one has to understand.

    The taxes are federal. The Belgian debt is federal. The social security is federal. As is police, army, justice and few other things. Most of the rest has been regionalized and the regional entities receive funding from the federal government based upon a number of charasteristics agreed upon some time ago. The Walloon region received more because of the unemployment and the french speaking community received more because it had more pupils.

    The proposal of NVA De Wever is not to abolish Belgium but to give the possibility to the region to level 50% of all taxes (personal and business) themselves. The rest would be distributed and used by the federal government that would also be stripped of most of the other competencies and would only be responsable for the army, social security and the debt.

    But say some politicians : how is the federal government going to pay the debt ? How is it going to pay for the soial security and the securityservices with half the money ?

    Everybody knows this can't be done and than the second phase of the plan of De Wever is to regionalise them and to have a Belgium - only in name.

    The only problem is that we are not alone. If Belgium  would have no substantial debt and attacking Belgium debt wouldn't be a nice political signal to send from the anglo-saxon investors to the European Union (with a Belgian as president) that they don't like all that reglementation coming their way, who would care ?

    So there is talk about a government of national urgency - but with NVA not in the government but supporting it from the sidelines which doesn't promise much good. Or elections but it is not clear that those will change the political fronts that have been formed as in Flanders nobody has really countered De Wever and the media is still in full honeymoon with this phenomenon and in Wallonia the PS and Di Rupo have well managed and subverted the burning out process and attacks.

    The attack on the obligations follow the following scheme.

    First there are the reports (follow Bloomberg as echo chamber)

    Than the riskpercentage on the debt go up a bit

    Than there are rumors about lowering the grade giving by one of the big 3

    Than the riskpercentage on the debt take a jump

    Meanwhile more press and reports about the crisis of confidence

    Than the rating goes down

    and than everything goes very fast and it is over and down with in a few weeks

    Once you are in this stage there is very little you can do as a small individual country on your own.

    the only thing that one can do to stop this from happening is forming a socio-economic government with the NVA in the government and to prepare a complete review of the constitution of our country that is acceptable and that has no big risks for the future generations (leaving them with an enormous debt).

  • is the high level of attacks against VOIP and telephone systems linked to telephone DDOS

    The telephone companies are not only entering the internet age - they will also open their networks to all the insecurities and hacking that has become epidemic on the internet but the problem is that the companies and their (business users) have become to trust the telephone system as something trustful - not something dangerous or something to be doubtful about. Vishing is one example, but the hacking and attacking of phone systems (VOIP and normal telephone systems) is something that is maybe linked to launching telephone DDOS.

    As I have mentioned earlier - according to some security officials off the record hacked telephone installations (digital or not) are sometimes found to be interlinked to each other forwarding calls to each other.

    This is a normal concept in a DDOS scenario. You would need different telephone numbers and centrals to phone a certain number just to be sure that you couldn't be blocked easily by just blocking one telephone number calling in (even if with VOIP software you could program as many telephone numbers as you would like they would still have a some general identical number ranges).

    And Yes, the SIP attacks and the incalling and scanning of normal telephone centrals is just continuing and maybe this is one of the reasons why 

    "Beyrouti, Babbo and Vitello worked with hackers who breached brokerage accounts at E-Trade and TD Ameritrade. The hackers then executed fraudulent sales of securities and transferred the proceeds from the sale to the mules’ accounts. The receiving accounts were set up in the names of shell companies and linked to the hacked accounts.

    Meanwhile, the victims’ phones received a barrage of calls to prevent the brokerage firms from contacting them to confirm the legitimacy of the transactions. When the victims answered their phone, they would hear silence or a recorded message. About $1.2 million was transferred to shell accounts opened by the suspects, who then transferred the money to other accounts in Asia or withdraw the money from ATMs in the New York area.

    Last May, authorities in Florida revealed a number of cases they were investigating involving similar telephony denial-of-service attacks. In one case, a Florida dentist had $400,000 taken from his Ameritrade retirement account while the thieves flooded his home, work and mobile numbers with repeated calls."

    Maybe it is time to down the SIP and phonesystem attackers. The telephone companies would have to work with the internetproviders to go after them. It is better to kill a developing fraudesystem in the beginning than to have to start cleaning up a total chaos as some are trying with the internet nowadays.

  • US open source internetvoting by mail experiment stopped after hacking

    Washington DC had a problem. Between the primaries and the general elections there was not enough time to follow the strict paper procedures to inform the and handle the voters overseas (for example Military). Voters overseas have always been the locomotive for the evoting train and some seem very open to the idea. By the way we shop online and do our taxes online, so why not vote online.

    Because there is no worse election than a rigged election or when there are doubts about the results of the election. And I don't say that paper elections are without mistakes but in Holland they are going to concentrate on a scanning technology for the paper ballots so that it is easier to count and less mistakes could be made. The paper elections have some mistakes but except in small local elections were every vote counts (and recounts are part of the process) these don't have a real influence on the number of elected representatives. The problem with electronic elections is that a manipulation of the system and the tendency is possible. You could manipulate in theory an electronic voting process with only a few machines and complices. 

    But the advocates of this industry say that they will use different checks and controls throughout the process so that the electronic process itself will be safer. The problem with that is - as the Dutch concluded after years of research - that when you do that as it should be - the total cost will be enormous and even than that it won't be futureproof - as hacking and attacktechnology advances faster than defensive technologies.

    So a test in Washington DC with a mailbased evoting system was suspended after whitehat hackers penetrated the system and showed that it could be manipulated. One should also take into account that with the number of Americans serving or living overseas and that the presidential elections in the US were very narrow (or according to some even stolen) victories a possibility of rigging a few thousand votes from overseas could make a state or district (and an election) fall into the hands of the other party.

    The hackers just changed the website, but according to change the evoting website they had access to everything and could change anything (for example the operations behind the voting buttons).

    The system was open source (the myth of secure open source) and was tested internally but not by independent institutions - as is the case with the voting booths (even if those sometimes also pose big problems).

    The 300.000 $ are down the drain because some stupid security mistake could be manipulated by a student.

    The dutch rest their case again - invest in technology to treat the paper ballots so the humans make less mistakes.

    And to hell with the news that wants election results right after the closing of the voting stations.

    It is not because we have a result that we have a government :)  from Belgium

  • Google malware alerts now available for administrators and ITsecurity people

    Safe Browsing Alerts for Network Administrators allows autonomous system (AS) administrators to register to receive Google Safe Browsing notifications. The goal is to provide network administrators with information of malicious content that is being hosted on their networks.

    So go to your google account - your administrator functions and test this

    it is surely worth the small effort - if not for your own image, than for that of your clients who have more or less put their trust in you (and a lousy programmer)

  • European terrorism alert : are targets changing again

    While trying desperately to have another impact-attack on US soil and while trying to regroup its priorities on the Arabian-African continent after its losses in Iraq and the military pressure in Afghanistan, Al Quaida has found  another 'zone without statecontrol' to rebuild without a concerted military-intelligence response to fight it while it is still in its first stage of development, the Sahel. It is an enormous desert without  clear borders and where there is no permanent police or military surveillance with mountains to hide behind and nomads to travel with. It is also known to be a zone where smuggling, kidnapping and tribal warfare or powersharing is more important than anything else.

    When you talk about the Sahel, you talk about France and when you talk about France you talk about Europe.

    It means that while we were more or less off the Al Quaida radar, we are again part of it.

    Belgium has no new increased risk for attacks is being said but don't be fooled, we have too many international civil and military targets to be no target.  We are a natural target, like it or not. This is no fear-mongering. This is just a fact. Which means that for any important building or service in Brussels or near such an internationally important service (or transport) physical security and ID checks and good evacuation procedures (and real testing of them) are an essential part of your securityplanning. Like Business Continuity and Disaster Recovery.

    You can't say that Belgium as a whole has a limited risk because that is nonsense. You can say that the risk is higher around international and important buildings and transport centers but that the risk is minimal in 90% of the rest of our country.

    Another thing to notice is that the plans were not against military or politically important building but against landscape buildings, buildings that are important because they are remembered as such by millions of people. The Atomium is one building like that. The Palais de Justice in Brussels is one like that. The European Commission building. Or Manneke Pis :)

    What is the chance ? The chances are historically minimal, but don't be fooled. If you aren't prepared (at least on paper) your losses when we get hit will be enormous compared to your preparations now.

    Don't get yourself lost in big enormous comprehensive plans that take years and thousands of Euro's to accomplish. Keep it simple and be sure that have other advantages from it. Security controls and monitoring of the flow of people in and around your building also limits espionage and sabotage or criminal activity. Backups and different data locations keep the network and services running when some hardware failures occur. Procedures of authority when people are not 'available' are also useful when somebody important has an accident or is unavailable for some time. No discussions, just follow the procedures.

    Just think of the following : what do i need to keep my business or service running and how long can I afford certain parts of my business or service to be unavailable. Terrorism, bad weather, strikes, sickness.... whatever the reason, just use the one that your management will accept, even if it is just the fad or hype of the day.

  • AC Law email loss : 5 essential questions that arise

    First they downloaded and distributed the whole database and backup and didn't filter only those emails that were relevant to their cause. This means that personal and other emails (about other cases) are also compromised. This could have an influence on clients, trials and the confidential relationship between clients and their lawyers.

    Secondly there are very few personal emails in the mailboxes. This can be used by organisations to show the advantages of strictly seperating personal and official mails in different mailboxes.

    Thirdly not all mailboxes are full. Which means that some persons kept their mails on their PC or iphone or whatever. In a more legal environment ( sic ) this would become a big problem. They say that the emails are not official and so on, but many things are organised and decided or confirmed by email and I suppose that there was no official letter confirming all the emails.

    Fourth there is a legal disclaimer that says that if the email is not intended to be read by you that you should destroy it. Legally the firm can now go after each publisher or distributor of the emails. Even if those disclaimers mean nothing, they could be the argument that gives legal departments at blogging and filehosting firms to destroy the files with or the postings-blogs about these emails. It would also be hard to use these emails during trials and hearings as legally they don't exist - unless they are handed over during a legal discovery process.

    Fifth - and not last - the quantity of information that is in fact compromised is enormous and the work that will have to be done to limit privacy and securityproblems that could arise from them - especially against targeted attacks will ask very detailed planning and follow up during an extended time.

    Finally I think their business model and their agency is down the sink with this. How can you trust your legal business with a firm that is not capable of even ensuring your security after a stupid DDOS attack. This means that legal businesses (lawyers, researchers and that kind of legal mercenaries) will have to invest heavily in highly secured encrypted email- and filesystems and make encryption and datadestruction of information after loss of a laptop of smartphone an obligation. Also they will have to show - once again - at all their employees that they have to follow strictly the procedures because otherwise the firm could be hit fatally after a security incident.