04/15/2014

#heartbleed panic about the leak at the Belgian Comité R

That Belgian comité R of the Belgian parliament is not only responsable for the oversight of the military and civil intelligence services but they also handle complaints against these services and they can launch investigations or make the services stop certain investigations

saturday a securityresearchers who apparently was scanning the belgian internet with the released phyton code found that their mailserver was still vulnerable. He contacted the services who patched the system on synday and who patched the system and than started on monday to investigate the possible securityproblems and actions

so first a few things

* as the scripts that is used downloads also information as part of the test (surely on some servers) I didn't use that script because I am not legally appointed to do such tests and to have such information on my computer so it is something that may be dangerous

* as the CERT was responsable for informing all the different networks and operators I presumed that highly secretive organisations like comite I were to be included last week

* as the press was full with all kinds of alerts and warnings about the bug and how to patch it you could suppose that it was already done by the networkadministrator - if you work for such an institution you should have the mindset to keep it always secure, not

now the hardest part

there is concrete information that the bug was used actively since november 2013 - this leaves ample time to do all the reconnaissance you want

there is concrete confirmation that you can get all the necessary information including the encryption keys which means that everything has to be changed

it is not because the other servers aren't impacted by the bug that there is no connection between the two servers and it is possible that one may have used this backoffice link to penetrate the other servers with the confidential information

they say that all the emails can be affected and they have taken the mailserver offline but do you know what that means, it means that all the passwords can be affected and if someone uses no double authentification than all these passwords everywhere are impacted and should be changed

if the intelligence services want to name the commission now a real security risk and refuse to give them information on their servers instead of obliging them to come to their offices to check the information they have asked for, than if you see everything that has happened in this crisis as sufficient proof of lax security - and there is more coming ......

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.