we are now in backoffice working with some services to close down a securityhole - well it is a securityhole an sich - that is so big and mindblowing that I just can't believe - and I just needed some googling and webservices to show how rotten and corrupt it was (and that is all I do, go through lots of Tor, webforums and sites and googling the belgian web, I never used local tools on the pc against any website)
it really is that simple
but when you find another big one - than the really hard part starts - and that is deciding what you should do with the information.
with this information I can go to the press and make headlines - even better than headlines have a real security panick in certain circles
but what is the net result of all that ?
in fact not much
remember that VOO lost half a million data of its members ? Or the NMBS a million ? Or online parttime and credit companies who lost information ?
what did it change ?
well, one day I will tell, but now we will be working to get it offline because there is nothing else you can do in fact
but if you are running on servers and code that is more than 8 years old (yes really) than what do you expect
some of my friends tell me that I should leak it or just let it be hacked and that that will wake up people, well we had Belgacom the worst total hacking of a total telecomnetwork during 3 years, we had the hacking of several other federal institutions and so on
and we still have no central cybersecuritycenter, the CERT has still not the necessary funding (some say that FEDICT had cut the budget) nor the manpower, still no real cybersecurity laws with teeth
remember all the trouble when we published the information about the EID some years ago. That was frontpage news. They fixed the securityhole that made it possible for any virus to intercept all the information on your EID half a year later but did it change the security of the EID dramatically ?
it also means that backoffice information is safe with us
untill it gets too much - even for us