it is sometimes very very hard to shut up and not tell everybody

we are now in backoffice working with some services to close down a securityhole - well it is a securityhole an sich - that is so big and mindblowing that I just can't believe - and I just needed some googling and webservices to show how rotten and corrupt it was (and that is all I do, go through lots of Tor, webforums and sites and googling the belgian web, I never used local tools on the pc against any website)

it really is that simple

but when you find another big one - than the really hard part starts - and that is deciding what you should do with the information.

with this information I can go to the press and make headlines - even better than headlines have a real security panick in certain circles

but what is the net result of all that ?

in fact not much

remember that VOO lost half a million data of its members ? Or the NMBS a million ? Or online parttime and credit companies who lost information ?

what did it change ?

well, one day I will tell, but now we will be working to get it offline because there is nothing else you can do in fact

but if you are running on servers and code that is more than 8 years old (yes really) than what do you expect

some of my friends tell me that I should leak it or just let it be hacked and that that will wake up people, well we had Belgacom the worst total hacking of a total telecomnetwork during 3 years, we had the hacking of several other federal institutions and so on

and we still have no central cybersecuritycenter, the CERT has still not the necessary funding (some say that FEDICT had cut the budget) nor the manpower, still no real cybersecurity laws with teeth

remember all the trouble when we published the information about the EID some years ago. That was frontpage news. They fixed the securityhole that made it possible for any virus to intercept all the information on your EID half a year later but did it change the security of the EID dramatically ?

it also means that backoffice information is safe with us

untill it gets too much - even for us

The comments are closed.