• belgian has to pay 65.000 euro for uploading pre-released Kaiser album

    there are thing with which you get attention

    but probably he didn't want the attention from the police and copyright services when he upload a pre-release album from the Kaisers

    our national Sabam saw it an went to court

    when it became clear that the man had a few hundred movies and a few hundred albums a hundred other copyright owners joined Sabam in the complaint

    the judge ruled that the man should pay around 65.000 euro but that he wasn't guilty of commercial pirating of this kind of stuff

    sometimes, you better think twice

    and never think that nobody can find you

  • stratfor is out for some weeks


    and stratfor.com itself is giving all the analysis for free for the time being - it is the kind of Economist stuff

    the analysis of the hack itself is very poor and shows that you shouldn't employ them to try to understand Anonymous or any other activist organisation (as there are some mindsets necessary to understand what it is to be an activist)

    they have rebuilt the systems more secure  (first too little, but you can't rebuild a totally hacked server, you have to throw it away and re-install it on new infrastructure, you never know what may be lurking out there somewhere that you didn't think off - so there is a risk there.....)

    another very surprising thing is this " The emails are private property. Like all private emails, they were written casually, with no expectation that anyone other than the sender and recipient would ever see them

    uhhhh, you are collecting intelligence and information through email with sources all over the world and you expect that because those emails were between persons that no government, agency or any other interest party would do nothing to get an hold on them, read them and eventually leak them ?

    where are you living as an analyst ?  Wonderland ? It is this casual attitude which has broken the company.

    Because when it went from analysis of more or less public information to recruiting resources to get more private and important information the goals, workings and importance of the information and contacts had changed and so the securitysituation had changed and so security should have been adapted before.

    so you will not only have to change the infrastructure and buy some products to secure your information from end to end but you will also have to change the total business culture and workflow (and inject enough paranoia in it)

    It is as if you are going with an old caravan to participate in a F1 car race.....

  • stratfor may be a joke, being an informer for it may be not (maybe it was a social engineering front)

    several articles are being published saying that stratfor is in fact a joke and that its marketing campaign saying that it was the private CIA was just overblown crap and that The Economist is much better and cheaper (which is true, The Economist is a must to read if you care about facts, analysis and reflection - even if you don't agree)

    but this is not the question a securityperson would care about

    first it is the best example that security and investing in security (and all the solutions exist now) is the first thing such a company should do (it will not survive if it is not secure enough). How can you say that you trade in secrets and confidential research if you don't have the business culture to keep it secret and the tools to guarantee its security over time (for starters, emails from years ago should have been archived and locked up)

    but secondly being an informer for stratfor is maybe not a joke

    if you were an informer for a joke like stratfor in these wikileaks-sensitive times, who else would you be willing to inform or enlight about something and against which price or under which circumstances

    if stratfor wanted to make real money it was as a social engineering front trying to find out who was reliable, who was made of the real stuff, who could resist even the simple temptation, who would spill the beans, who was desperate for money or attention

    thousands of people around the world and hundreds of organisations and institutions and businesses are now finding out who is a risk and who just gave them public knowledge and understood the risks

    it all depends on the kind of institutions, the level of access, the risk one is prepared to accept

    most of the times, it will not be explained this way, there will be re-organisations, security-audits, new levels of access and re-assignment of information to higher levels, new missions of tasks with not much access to the network or the office (and so on)

    in very secure or trusted institutions and organisations or services there will be no doubt because that is part of the engagement and part of the risk one took when one wanted to go to work for such an institution or service, you have breached security and trust and whatever you did, you have lost the necessary trust to function

    btw every intelligence firm now has more analysts than spooks or operatives 

    the question the new mails will have to answer is if Stratfor was also involved in (planning or preparing) black operations or why would they have to collect information about activists for big multinationals and in which case they may have breached an international, US or national law

  • Bluecoat sold recently infrastructure to censor the Syrian internet



    but there are also European firms involved

    the technology can be great for the security of internal networks but there is no way that the same technology should be used with the same purpose on the global internet against citizens because if they fall into the wrong hands or begin with acceptable goals (like the traditional pedophile argument) but after some time are used for other purposes because of mission creep (or special circumstances like a big terrorist attack) than that is dangerous technology

    one could say that the technology is not really working as it should if you see the number of videos that are coming out of Syria each day

    but it is probably used on a daily basis to find critics and citizen journalists or locate them (so the snipers and tanks know where to hit them)

    and here it is not an accident, Bluecoat and the European firms were well aware who they were selling to and what the regime would be doing with it and what the consequences would be for the victims of that spying

    a bit like IBM and hitler when it helped with Microfiches implementing his final solution (even if they are still doing everything to get that book out of any public attention)

    and no the Syrians were not bombarding their own citizens and killing daily around at least 100 people but there was no doubt that the regime would be able to do such a thing


  • rsa encryption is only 99.8 percent secure

    this must have been the biggest SLA research anytime

    The researchers said in an examination of 6.4 million distinct X.509 certificates and PGP keys containing RSA moduli, 71,052 (1%) occur more than once, some of them thousands of times. "Overall, over the data we collected, 1024-bit RSA provides 99.8% security at best," the paper states.

    now it still means that your security is high

    but if you are a really important security intelligence financial or critical infrastructure or military or espionage service than there is a problem

    because if you have the same key or certificate as any other service than that key can be used to impersonate you or your service - under certain conditions and the most important is that you have bought strong and expensive certificates (not just a global domain or just for the ip address or other worthless certificates like that - make believe certificates)

    and no one will see and everybody will think that they are safe - because encrypted by a certificate

    now the biggest and most valuable information in the world is

    getting the list with all the certificates that are the same

    the best thing to do is to change them all

    and for RSA - who has some issues with the research (but it is too late for that) - to start checking themselves all their certificates with software robots to be sure that by chance or bad luck no two certificates are the same or could be used as such

    yeah attacks against the certificates are going to continue and it is up for the business to get their act together - instead of complaining that rats are getting in through the holes or that researchers are discovering weaknesses they should have addressed already long time ago

    meanwhile about 12OOO networks and installations are receiving an alert that they will have to change their certificate and re-install another one, although this isn't always that simple (to make and process) and to install and eventually in an interconnected network get the different certificates to work together (especially if some are playing with openssl ....)

    but it is race against the time .....

    anyone with some very fast computers and networkconnections can do exactly the same research (eventually helped by some special program) so it means that the same mistake can't be made again (one will have to check eventually if the same key has always be made 'ad random' before releasing it). People know that it takes a few days before you receive effectively your certificate, so it would be no problem prolonging this a bit with a full check of the certificates already delivered

  • stratfor : the private CIA proxy loses everything and sends thousands running for cover

    when Anonymous activists hacked the servers of Stratfor they couldn't know that they had hit the jackpot

    it is the mother of all private intelligence companies that just as the private army industry was beginning to spread its wings into every corner and aspect of the international policial, military and economic aspects (and through a side- aspect trying to make lots of money by using it on the stockmarket - if this ain't abuse of knowledge (imagine the CIA playing on the stockmarket and making money because it knows things that are going to happen)

    and so Wikileaks has found a second life

    after the publication of the nearly one million accounts and information about its users (making it the most important breach anytime because they were nearly all contacts with access to high level networks and services)

    the whole database of 5 million emails has begun - in parts

    and it is really amazing stuff

    http://wikileaks.org/gifiles and you can download all 5 million of them at once (26 Giga of files) and if the mails already published are representative, this is the biggest security breach of all times - can you imagine the thousands of sources all over the world - of which some were paid through swiss bankaccounts - who are now having to

    * explain all this to their colleagues

    * take their bags, their family and leave immediately before the secret service of their country has downloaded and analysed all these files and found their names (yes those amateurs gave full names and functions of all their sources in these unencrypted mails)

    * people who will lose their jobs, their social influence, their reputation, their access and the trust of many - even if they were more manipulated than they seemed aware off - and even if not everybody has the necessary intelligence to look through flatter, dinners, speaking engagements and intellectual exchanges between analysts (some wiser people became very cautious when they began to understand that the firm had privileged links to the US Intelligence and military community (as they call it now))

    In some of the files released today you read really stuff and language you only read in CIA training material (or any other spook(y) organisation)

    If this is a source you suspect may have value, you have to take control od him. Control means financial, sexual or psychological control to the point where he would reveal his sourcing and be tasked. This is difficult to do when you are known to be affiliated with an intelligence organization. The decision on approach would not come from you but from your handler. This is because you're position is too close to the source and your judgment by definition suspect. Each meeting would be planned between you and your handler and each meeting would have a specific goal not built around discussing the topic of interest which would ideally be hidden but in analyzing him personally and moving toward control.
    The justification for the op would be specific classes of information and on gaining control the first step would be determining his access. If he failed the test contact would be terminated.

    the problem of analysts in the field is that they tend to want to discuss the topic, which raises the targets awareness, rather than focus on establishing the control relationship.

    So from a professional point of view this target knows your affiliation, understands your interests and you have not established any control which is defined as a high confidence in his obedience

    and than if you read another mail, you read that someone went to a Turkish conference and during that conference established a lot of 'useful' contacts high in the military or in business circles

    so this is not an organisation that is analyzing all the incoming information or trying to organise the discussion and input about information and analysis but this is a spyfirm infiltrating with the soft and corrupt approach in all kinds of institutions and business and trying to get as much as possible valuable information out of its 'handled' contacts and reselling it to their customers and/or use for their investments

    but here is all out

    all their contacts, all their strategies and thoughts, the way they handle people and the real way they think about people

    the careers and securitypositions and access of tens of thousands of people is at risk here

    they have shown themselves to be not secretive enough to give them access to any confidential information

    let it be a lesson to all others with access to confidential information or knowledge

    every analyst calling you may be really a spook or spy

    it is all in a name, but sometimes it is just newspeak

    you expect that a company that is working in the intelligence and securitybusiness and handles hundreds of secrets on a dialy basis was doing enough to keep them secured

    shows you the importance of encryption, archiving and double authentification

  • where is the cop in the software project of the Belgian local police

    after years of development and many millions of Euro in the drain the Belgian federal police has decided to stop the development of a new software and will go back to the more than 10 year old software that was being used before (and is still being used by the Belgian local police forces)

    so where is the cop in this software project

    who followed up or didn't

    it only shows again that making software 'on demand' is just crazy and that the best thing to do to go forward is to use as much as possible standardized installations and adapt the workflow to use it as much as possible

    THis goes together with the problems with the Informatisation of the Justice Department (also tens of millions of Euro going down the drain)

    it is not that the technology is not there, it is that they are making too many big projects that will take so much time that they finally will go nowhere and that you promise to do anything for anybody so that in the end everybody is asking anything so that in the end nothing gets done (first)

    Keep it simple or be stupid

  • ooops, misled a database on the intranet

    The biggest City of Flanders, Antwerp will have a big electoral showdown fight coming october 2012 and the nerves have already reached the sky/limit and we are still months away (and 24hours can be years in politics)

    now it seems that there was a database accessable to all the people working in cityhall on the internet that shouldn't have been there

    it was a database with all the administrative and judicial convictions because of local reglementations and rules

    the local administrator said that he had to deplace the file and didn't see that it was accessable to all

    no harm done

    but it shows that important information should be isolated in every way (hardware and access) so that it is always totally clear immediately that if it goes out of the cage, it will have no protection

    even for an administrator in a hurry

    it also shows the importance of double authentification for important information (where ever the information is place, you can only access it if you have the right usb stick or card or whatever you are using)

  • FBI will shut down the internet on march 8th ? not really, read the information

    Sometimes titles are funny because they want to attract the attention but they are giving a totally wrong picture

    there has been a lot to do about a computervirus (dnschanger) that is still infecting or has still infected about 5 million computers worldwide (just a small percentage of all computers and off all infected computers).

    As you can read it, it means that this virus is changing the IP address of your dns server your computer is going to on the internet (or intranet) to find the server where the domainname (and ip address) of the webservice is hosted. This is a bit like a telephonebook. With your smartphone you don't remember telephone numbers, but names and the phone will use the number it has for that name. THis is the same with a dns server but with names of websites.

    Now imagine that some virus changes the phone numbers you use most often to be redirected though and expensive international rerouter and makes you pay some cents for every connection. Well this is what dnschanger does.

    Now imagine that the police (in this case the FBI which is more and more playing the role of international cybercop) confiscates this telephone rerouter and tries to inform all the telephone users that use it that their phones have been infected, which is what they have been doing for the last months.

    The problem is only that the US judge has given the FBI untill the 7th of march the right to manage that server. The 8th of march all infected computers will lose their ability to connect to any internetservice because they won't have a  dns server that works (as if all telephone numbers in your phone don't work because the rerouter service stopped working and your phone has forgotten all real telephone numbers).

    I am not sure that this period will not be extended because there are still hundreds or thousands of US governmental computers in these listings (which says a lot about computersecurity over there).

    Secondly the internet will not break down because even when some central dns servers that are used by tens of millions of people broke down some years ago, the rest kept working.

    Just three tips

    * time to install a free antivirus like avast (if you don't have professional information or do many financial transactions and are careful this is quite enough)

    * time to change your dns to opendns.org which will also protect your computers against known malwaresites (see this as a firewall before your firewall) and if your country does any censoring based upon dns-traffic it may be possible to bypass that

    * if you are responsable for an internal network you should have organised your internal dns traffic to be under control of your own dns server and your external internettraffic to be solely controlled by your own chosen dns servers (all other traffic will show infections and malconfigurations). If you would have done this, you would already have cleaned your network since november 2011.

    and if you don't have internet the 8th of march

    than it is time to spend some real time with your computer instead of using it only to surf the internet. You also go with your car to the garage, don't you ? well, your computer needs a fix.