security - Page 65

  • is (part of) Belgacom still for sale after this leaked hack ?

    untill yesterday there were public political discussions about the sale of some part of the ownership of the Belgain State in Belgacom (to diminish the number of millions that would have to be cut in the budgets of several administrations and social programs)

    now with this leaked hack you should be crazy to put in on the market in the following months

    every interested party will ask for a global security analysis and the necessary investments in resources and installations to be sure that something like that doesn't happen again .....

    to be credible a research like that will take a few weeks - if you want to be sure that you are leaving nothing to chance (or supposition that it is safe.... since 2011) and than it will take at least a few months to have all the necessary tools in place and running as they should and being monitored by people who understand what they are doing and what they should be looking for and having changed processes and controls all over the place

    and that for all the critical installations of Belgacom (not only BICS)

    if you want to pay peanuts, you have to place your offer now but before the whole re-securing operation you will have monkeys running around (sorry guys but in any firm it is chaos after such a discovery) and there is no way you will know now how much the firm will need to invest to make a bunker of its most important installations (which is the reason you pay peanuts because you will need to invest an unknown sum to eliminate known and still unknown possible securityproblems (and any problem after this breach becomes a securityproblem)

    when that operation is finished in one to two years the price will be much higher because after an incident like that you should be able to expect that they are more secure than any other telecomoperator in Europe (all now rushing their securitydepartments throughout their installations, nervously checking everything they may have missed because they were in meetings and on conferences)

    the worth of Belgaoom internationally depends now also on the way it will change from a vulnerable hacked company into a Secured operation where the security department has more power than the Financial officer (because investing in security is investing in its own survival)

  • Belgacom - bics press declarations ..... is this serious ?

    We read that they have discovered the breach the 19th of july. This is a firm that is noted at the stock exchange. The communication is happening about a month later.......

    I still don't understand why. If it is because of an European Databreach regulation you should have done it earlier in a letter to all the clients that have been impacted (if you know) and nearly immediately after the breach. This is not the case. If it is because you think it will be leaked because you think that you will have to ask the justice department to start an investigation, than you haven't answered the most important questions and so now you start just a fireball of questions and doubts coming your way .... for which you are not prepared obviously (but I don't think the Belgian press will go on investigating for very long or pose the difficult questions (maybe they have changed but they didn't in the past)

    Another reason I don't understand is because this shouldn't have been necessary. You could easily say that this falls under national security and that national critical security is to be handled by the intelligence services and that this is covered by a national securityrule for as long as not all the necessary information and fall-out that could damage our national security (we are host of the greatest number of international instititutions and representations in the world) there would be no communication - but a much harder and thorough investigation (with difficult decisions to be made in the firm and by the government as fast as possible)

    And why go to the justice department for an investigation (and trial ?). Against who ? The NSA or the Chinese (if you can ever attribute the hack without any doubt). 

    If the Belgian government has no procedure in which in such situations a crisis cell composed of intelligence services and diplomats can handle the case based upon clear information than  there is big problem for the future (as these attacks will likely increase). It means that any infrastructure - whatever its importance - will have to go to the justice department without the protection like the UK official secrets act (and they use no encryption or any full protection of files in the E-justice project as far as I hear) and face the enormous possibility of a leak and the press.

    When that happens and the press starts posing questions, you are in a fucked up situation and you always lose.

    Or you say too little (as is the case) and the clients have more questions than answers - because you can't give much information because it is under investigation, because of national security, because of your international partners and so on..... and you lose as a firm one of the most important things today and that is trust

    Or you say too much and you show how transparant you are to your partners and clients and how professional you are treating this case and everybody will applaud that but..... you are giving away so much technical and other information to your attackers (and all the others who have now discovered that you could be an easy target) that you will have to invest millions into upgrades and changes so they can't use the information they have found about the previous hack

    and about the press declarations themselves

    * the continuity of service was never interrupted (this is SLA talk but of course, the spies didn't want to interrupt the communications they wanted them to be possible anytime anywhere)

    * the target of the attack was not sabotage but the collection of strategic information (huh, about the firm or about the technologies and procedures it was using for its cables or satellite communications -----

       this is interesting, maybe it was not the communications themselves they were after, maybe (as they already listen to satellite communications and tap undersea cables they just wanted passwords, blueprints and other stuff about those networks just be sure that nothing would change without them knowing (logical thinking if you are a spy - never be surprised)

    * there is no indication that there is an impact on the clients or their data (huh)

      okay you have to come clear on this.

      or - as De Standaard said - some communications between some countries were intercepted and even if they are terrorists they are clients and data has been compromised and so you have to determine and explain which data has been compromised and which 'innocent' people have also suffered

    or - it was more the strategic and technical information of the firm itself - and than you have a bigger question because - even if you say there is no economic damage - there is an enormous economic damage (because partners have to trust each other to be able to work together and would you work with a partner that has been breached during two years ?)

    so, no I don't understand the declarations in the press now nor the strategy

    and I am sure I am not the only one

  • Belgacom BICS'hack' : a question for our national intelligence services

    Maybe we have thrown away the duck which laid the golden eggs in our battle against terrorism without knowing it (rushing forward without thinking strategically and from all the different options)

    the last few years the Belgian intelligence have stopped different terrorist plots on its territory planning to bomb or attack national or international targets (one of which was Kleine Brogel where the US keeps some nuclear weapons and where protestors each time succeed in climbing over the fences (not really defences))

    even if Brussels is a likely terrorist target by excellence we have survived the last years without the stress and warlike exceptional powers that normally come with this position (maybe because all would-like terrorists are now heading to Syria for Martyrdom sic)

    our national intelligence services said they received a lot of information from the NSA without ever knowing where it exactly came from (but as the arrests were in Brussels the calls and communications have to have a connection here)

    our national intelligence services need some approval from different instances before they can start using their 'special methods' although this seems good at first sight if it is proven now that the intelligence from the NSA is stopping after the discovery of this 'hack' than you can't be sure that the national intelligence services will have under the present conditions enough intelligence to be able to stop such planning before it gets into stages which are more difficult to control (the Belgians have the good sense of not waiting untill the planning of the attack is nearly finished because you may never know for sure how many other cells or lone wolfs are out there)

    If it received those indications and first-stage warnings from the NSA based on this tap (if it was the NSA) and the tap is removed or the NSA doesn't give any information any more to show how important this information could be - than there is a big problem

    and that problem will have to be resolved very quickly because you can't leave any dark holes in your monitoring because you could miss something or lose a trail - and the question for parliament and the ministers will be the following

    now that our intelligence services will receive no or very little information about suspicious communications between Belgium and some failed states (Yemen) or fundamentalist states (Soedan) that are known to have some important terrorist activity - how will we fill this void ourselves without harming the privacy of all the other communications but knowing this will have to be faster and more global and intensive (more resources) than before

    you can't rely solely on your big brother who is spending on intelligence without counting to receive the tips so you can follow and arrest suspicious or dangerous persons on your territory (and I am here talking about terrorists, not about activists or dissidents) and than expect than you won't have to invest and to increase the powers of your intelligence services if you cut them out of the loop ?

  • Belgacom, BICS is there even more NSA stuff to come ?

    If you look at what BICS is offering, the obvious question is if there is even more to come

    Why

    we are talking about telephone communications between countries such as Yemen, Iran, Somalia and others that are of the greatest interest to the NSA

    You can't expect the people in the NSA at the time Bush declared 'WAR on terrorism' and to give them exceptional WARtime powers - secretly suspending many normal rights Americans have during peacetime - to just stand by and say, oh no, this is a Belgian firm (or the firm is a partner of a Belgian firm) we won't touch this ....

    which world do you live in ? What do you think the expression 'WAR on terrorism' means and how do you think spies and military react and act when they believe they live in WARtime even if the rest of the country isn't feeling or seeing much of it (that is why it is a covert and secret WAR)

    why is there more to come ?

    because BICS has

    * undersea cables (the NSA has different operations since the 80's in which they placed direct taps on such cables)

    * satellite connections (the NSA and their partners in Echelon listened to all the satellite connections they could intercept and this was made already clear in the European Echelon reports from 2000)

    so are you sure that these communications are safe ?

    You will never be. Nobody will ever be sure that they are safe. But at least you could check them from time to time just to be sure that the easiest and most global tapping devices wouldn't work

    but here is another question - even more important

    why did the NSA find it necessary to hack BICS (if it was hacked because journalists use that term for many different things) if they can already tap into undersea cables and intercept satellite traffic

    this is a very important question - also for Belgacom

    Because if they were hacked by the NSA (why not the Chinese or Russians ?) than why ? Investigators also say that you have to find a motive to explain and that if you have found the motive, you are already halfway in solving the crime.

  • Belgacom 'hacked by NSA' really guys, this is NOT serious

    What do you want to win by having all the headlines in all the articles that you were hacked during TWO years by probably the NSA (you can't even be sure about that ?)

    that we will have more confidence ?

    this is for an enterprise which is noted on the stock exchange the stupidiest thing I have ever seen and I really hope that when the dust has fallen dawn that some-one will do a 'lessons learnt' memo.

    If you want to communicate, communicate more clearly and be sure that the headlines are more a reflection of the situation and not something more sensational (I think your communication budget will be great enough to have some crisiscommunication managers and spinners to realise this - now it is too late)

    * Belgacom as an enterprise was NOT hacked but there seems to be a problem with a subsidiary (ah always the same problems with those partners and subsidiaries one tends to forget or have too much trust in (who sends a security red team to its subsidiaries ?)). Now the impression is there that the whole of Belgacom - and so every client is hacked while it seems that it is only the subsidiary BICS which with its partners has built an international network throughout the middle-east and Africa (two hotspots of terrorism)

    * It is even not clear if all the communications to these countries were intercepted or only some very specific ones or some categories of them (the article in De Standaard leaves this question open). This changes the risk of this 'hack' because if you have no reason to be in the blacklist of 40.000 keywords, than you wouldn't have to worry in that case, if all communications were intercepted than your communications are somewhere in a huge database in the US for some time to come.

    * The third question to ask in the present situation is what part of the communication was intercepted (and extracted and kept). Only the metadata or also the content ? Or the metadata of all the communications and only the content of some specific communications ? If only the metadata has been intercepted, than the risk changes again, because the content is the most important part if you would have liked to use this for global economic espionage (in case you have learnt to use stupid subject lines for important subjects like talking about dinner when you have to sign a contract or an interesting article for a contract and so on)

    (yes, you have to learn your important employees to play mindgames to give their communications some levels of protection, social engineering can also be used in an offensive way to protect your secrets)

    * the fourth question is even more important - and this is where it will hit Belgacom like a bulldozer and it could have ramifacations on the stock exchange and internally. Belgacom has bought Telindus some years ago to pretend that it was an integrated networkcompany that could also deliver security as an integral part of its network, offerings and dataservices (the onestopshop).

    well, how the hell did they hack one of its firms most important international subsidiaries since two years if they have a so-called specialist securityfirm in house selling all kinds of security-installations and offering some of the best securityspecialists on the market ? Did they only have to work for their clients and never revise their own securitypolicy (forgetting that their own defenses and securitysituation is in fact their best selling point ?)

    You can't blame any client of Belgacom securityspecialists or services wandering now if their network has been better managed and some security-officers in some highly confidential networks now running as fast as they can to other security auditors just to be sure that there was nothing overlooked that passed their defenses .... since 2011

    * and the fifth question is the real killer

    how the hell do you explain that this analysis (probably by fox-it) was only done now - and only because there are the Snowdendocuments ? You wouldn't have done it if those documents were not published ?

    this looks like the head of the Belgian Military Intelligence who says in an interview (without hesitating as if it is the most normal thing) that he discovered the backdoored malware on his network during a detailed analysis and cleanup of his own network every two years

    if you only look at what is happening on your network and to your traffic when there is somewhere an incident - and not because your server or networklogs show something or because your securitypeople have the duty to do some fundamental deepchecking every week or because you don't have humans watching what is happening on your network (and have the obligation to follow the incidents  untill they have all the answers even if they to come from others) than you are not a securityconscious company. You make try to act like one but you aren't one Yet.

    You are not paranoïd enough to be one.

    Because if you look at what was being attacked and hacked and which communications were of interest, you only have two options. Find a way to cooperate with the US intelligence services in a normal way (with oversight and procedures) eventually through an international partner - or be attacked or tapped somewhere.

  • hacked : bayer.be small defacement but that shows a lot

    source is zone-H.org  filter .be

    but it shows that bayer.be is not monitoring its site for defacements and attacks and is not overlooking its site for attacks and hacks

    now it is a small defacement, what will it be next

    first wake-up call I would say

  • Azerbaijan Energy Giant AZERENERJI lost 7 giga's of internal documents in public leak (download)

    My fellow lulz of Eternia, it has happened…HEMAN is here
    to entertain you..Today we present you a Monstrous ARCHIVE
    of Azerbaijan Energy Giant – AZERENERJI – inside Archives totaling ~7 GB
    of confidential dox, illegal schemes, accounting, contracts, offshores,research, etc, etc,.
    We are not that very much happy with Aliev’s politics therefore this release
    is just another leap in a series of releases to fight Azerbaijani mafia clans.
    https://www.cyberguerrilla.org/blog/?p=15541

    not all files are in english but for competitors and fraud and corruption researchers

    this will be a goldmine

    you need a fast downloadline

  • members of Washington Network Group ? change your password

    I give you the full members list of the "Washington Network Group", a consortium of Washington DC lobbyists. Here is some info from their about page: The Washington Network Group (WNG) is a membership organization of professionals in business, finance, technology, foreign and government affairs, established in 1995. Diversity is our strength. We are dedicated to helping WNG Members advance their business and professional objectives by facilitating networking events, educational forums, and career development opportunities. We convene our events across five Roundtables: International, Communications, Government, Technology, and Entrepreneur. The WNG places an emphasis on bridging professional communities in the Greater Washington, D.C. Region. Our membership spans the private, public, and non-profit sectors in the Greater Washington Region. WNG Members are affiliated with corporate, business, law, consulting, public relations, media, marketing communications, and financial services firms. They represent the defense, aerospace, information technology, telecommunications, and software sectors. Many members are decision-makers in trade associations, think tanks, multilateral institutions, government agencies, congressional offices, and the embassies. We include in our membership executive search and recruiting professionals. Through our events, WNG Members build professional relationships and share ideas with colleagues in comfortable settings
    http://nopaste.me/raw/8134450545229094c806f8.txt

    that it seems protected doesn't mean a thing nowadays - new software will break this

  • when in Syria the virtual war is bypassed by the real war (Syrian electronic army)

    from a Syrian propaganda outlet

    "Mohammad Ahmad Qabani avait 17 ans, et étudiait l’informatique, à Idleb, dans le nord de la Syrie. Il avait mis ses connaissances et ses talents au service de la cause qu’il croyait juste : celle de la Syrie « telle qu’elle est ». Et c’est ainsi qu’il avait rejoint les rangs de l’ »Armée électronique syrienne », une équipe d’informaticiens loyalistes qui menait une guérilla, ou une contre-guérilla, électronique contre les sites et les hackers de la cyber-opposition. L’A.E.S. avait fait parler d’elle en août dernier, jusque dans la presse française, quand certains de ses membres avaient réussi à pirater un site de l’opposition, celui des « Anonymous » qui avaient eux-mêmes détourné quelques jours plus tôt le site du ministère syrien de la Défense, exploit qui avait été célébré avec effusion par les médias d’ici : en réponse, les membres de l’A.E.S. avaient notamment publié sur la page d’accueil du site des Anonymous les photos des cadavres de militaires tués par les soi-disant démocrates à Hama, un utile rappel d’un aspect très réel de l’opposition, certes moins « cool » que le côté jeunes branchés Facebook…

     

    Dieu n’oublie personne, Infosyrie non plus

     

    Le 22 octobre dernier, le jeune combattant du virtuel a été rattrapé par la guerre réelle : Mohammad Ahmad Qatani a été enlevé par cinq hommes dans le cyber-café d’Idleb qu’il fréquentait régulièrement. Le 25, son corps était retrouvé sur une route près de la petite ville de Saraqeb, non loin d’Idleb, portant les impacts de cinq balles, dont une dans la tête .....
    http://www.infosyrie.fr/actualite/mohammad-ahmad-qabani-mort-dans-les-rangs-de-l%E2%80%99armee-electronique-syrienne%E2%80%A6/

    and yes, virtual soldiers are soldiers and will be treated by the opposing party as soldiers and this doens't necessarily mean a virtual death

    another thing, so one member of the Syrian Electronic Army is 17 years, can be very bright but not the kind of Cybersoldier cyberwarfanatics are talking about

  • how targeted viruses will pass even your best virusdefences in your email

    The email arrives with a RAR attachment containing three files: one LNK file and two other binary files. Based on our analysis, the binary files are actually one file that was split into two. These files may appear to not pose any threat or risk since they are not identified as a valid file.

     

    The LNK file is not a simple shortcut file; it contains custom commands that recontrust the two separated binary files into one file and execute it (detected as BKDR_SISPROC.A). As a backdoor, BKDR_SISPROC.A communicates to its remote servers to execute malicious commands onto the infected system.

     

    More importantly, this backdoor also downloads plugins, which will then execute varous data-stealing behaviors such as screen capture and keylogging. The use of plugins instead of a file has certain advantages pertaining to evading detection. Plugins may not need to be a complete valid file in order to work (similar to BKDR_PLUGX). They are loaded in the malware’s own memory space so no new process is spawned, and are generally smaller in size than whole files.

     

    Overall, the techniques exhibited by this attack do not constitute a new threat. However, as we have predicted and confirmed this year, malicious actors are focused on refining how they distribute threats and evade detections. The splitting of a binary file into two files is a clear sign of the ongoing attempts to keep attacks under the radar.
    http://blog.trendmicro.com/trendlabs-security-intelligence/sham-g20-summit-email-carries-split-backdoor/

    it is discovered and blocked at some time but always to late for some and the data extraction is immediate

  • The blackberry external BIS network is NOT encrypted - only internal BIS Networks are safer

    the NSA spent years trying to crack BlackBerry communications, which enjoy a high degree of protection, and maintains a special "BlackBerry Working Group" specifically for this purpose. But the industry's rapid development cycles keep the specialists assigned to the group on their toes, as a GCHQ document marked "UK Secret" indicates.

    As far back as 2009, the NSA specialists noted that they could "see and read" text messages sent from BlackBerrys, and could also "collect and process BIS mails." BIS stands for BlackBerry Internet Service, which operates outside corporate networks, and which, in contrast to the data passing through internal BlackBerry services (BES), only compresses but does not encrypt data. The presentation notes that the acquisition of encrypted BES communications requires a "sustained" operation by the NSA's Tailored Access Operation department in order to "fully prosecute your target."
    http://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-921161.html

    this is big

    because Blackberry has always said that it is the safest mobile around and can't be broken (except access in India and a few other countries which helped to make it also lose huge marketshare in the US and other countries)

    untill now there were three tricks to keep your blackberry save (do not install internet, do not connect to your computer and swipe everything after three mistaken passwords)

    this was under the expectation that the traffic between the BIS networks - independent of the internet and the telephone airwaves - was safe (encrypted)

    this seems not to be the case (probably an economic decision because encryption and compression is not simple and could lead easily to corruption of data) and is in fact now the decision that is going to haunt them while they are looking for a buyer

    but who will buy the company if they don't know what is more in those slides and will come out at some time or will have to be communicated to their (big) institutional and multinational clients ?

    off course instead of throwing everything away you could set up your own internal BIS netwerk and extend across administrations or buildings and things like that - but I am not sure if such a network model already has been implemented

  • big brother Apple makes spying on Iphones easy (and they think they are safer)

    a comparison with "1984," George Orwell's classic novel about a surveillance state, revealing the NSA agency's current view of smartphones and their users. "Who knew in 1984 that this would be Big Brother …" the authors ask, in reference to a photo of Apple co-founder Steve Jobs. And commenting on photos of enthusiastic Apple customers and iPhone users, the NSA writes: "… and the zombies would be paying customers?"

     The document notes that there are small NSA programs, known as "scripts," that can perform surveillance on 38 different features of the iPhone 3 and 4 operating systems. They include the mapping feature, voicemail and photos, as well as the Google Earth, Facebook and Yahoo Messenger applications. The NSA analysts are especially enthusiastic about the geolocation data stored in smartphones and many of their apps, data that enables them to determine a user's whereabouts at a given time.
    http://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-921161.html

    tactic one

    "One of the US agents' tools is the use of backup files established by smartphones"  (never use the backup service or why not backup to another Iphone instead - not icloud or your computer)

    tactic two

    keep your confidential Iphone clean - no apps no internet connection no updates (use a playphone for that) Seperate your confidential Iphone data and use from your playphone.

     

  • Tor being used by unknown botnet and the consequences for TOR

    So, the botnet is massive, and not new. Before adding Tor as a method of communication, the bots used HTTP and alternative methods to communicate with their C&C channel.

    "As pointed out in the Tor weekly news, the version of Tor that is used by the new Tor clients must be 0.2.3.x, due to the fact that they do not use the new Tor handshake method. Based on the code we can confirm that the version of Tor that is used is 0.2.3.25," he shared.

    Fox-IT researchers aren't quite sure what the malware does, but they believe that it originates from a region where Russian is spoken, so they speculate that its likely motivated by direct or indirect financial related crime.

    "Feedback provided by the Smart Protection Network shows that the Mevade malware was, indeed, downloading a Tor module in the last weeks of August and early September," Trend Micro researchers added their two cents to the conversation.

    They also added that the operators of the botnet have been tracked down to Kharkov, Ukraine and Israel, but are currently known only by their online handles. They have apparently been active since 2010, and seem to be a part of a "well organized and probably well financed cybercrime gang." They say that they suspect the botnet is monetized by installing adware and toolbars onto compromised systems.
    http://www.net-security.org/secworld.php?id=15530

    first you should block or at least monitor and whitelist tor connections on your network

    secondly if you are infected, you are infected with an old version of tor and so whatever happens on your computer will be able to be intercepted

    thirdly installing a firewall and even free antvirus should stop the infection or the connection - even if you use TOR

    and last but not least, now it is clear how the ditatorships of the world can bring down TOR because it is now coming at its breaking point - just send some botnets through it who try to connect to each other every few seconds (tor is mostly a volunteer infrastructure set up by volunteers who are not ready for this kind of storm or usage)

    and for Tor, if you are serious about being a political freedom movement you have to clean up your act (throw the criminals and pedo's out) and people would be more willing to give you money to help defend your network (and why you can't keep botnets from abusing your network is another matter to think about)

  • radware says timing is extremely important for attacks - the day before 11th september

    According to Radware, there are two types of dates that hackers target: ideological and business-relevant dates. Ideological dates refer to holidays and anniversaries that have a cultural, religious or secular tie to the adversary. High-risks times for the United States include September 11th, Memorial Day, Election Day and Independence Day. Business-relevant dates involve a period of time that companies are particularly vulnerable to attacks, such as Black Friday, Cyber Monday, or even regular business hours.

    Additionally, hackers commonly use important dates and holidays to disrupt specific industries. For example, retail and credit card companies see a significant rise in cyber attacks between Thanksgiving and Christmas, whereas government websites may be targeted during Election or Independence Days.

    “Timing is an extremely influential risk-factor for cyber attacks throughout the year,” said Carl Herberger, vice president of security solutions for Radware. “Hackers capitalize on overwhelming their target’s environment on days of great importance and look to exploit vulnerabilities that cause the most detriment. Because these types of assaults show no signs of slowing, it’s crucial that businesses implement anticipatory security measures in preparation of these peak times so that networks and data centers are able to properly detect and defend against sophisticated threats.”

    http://www.net-security.org/secworld.php?id=15543

  • hoe dom kan een burgemeester soms zijn - als het waar is (hasselt)

    Als voorzitter van het politiecollege zou Claes en twee andere leden hebben gefoefeld met de aanwezigheidslijst. Ze lieten uitschijnen dat klokkenluider Vera Vrancken aanwezig was op een vergadering en akkoord ging met het nieuwe organigram, waarbij Vrancken en haar collega-klokkenluiders opzij werden geschoven. Vrancken ontdekte dat en diende een klacht in met burgerlijkepartijstelling. Bij een huiszoeking in april vorig jaar op het provinciehuis en het commissariaat werden minstens twee verschillende originelen van de notulen gevonden.

    http://www.demorgen.be/dm/nl/989/Binnenland/article/detail/1701663/2013/09/10/Hasselts-burgemeester-Claes-in-verdenking-gesteld-voor-schriftvervalsing.dhtml

    vergis je niet, vandaag de dag vindt je alles wel ergens terug, zelfs al heb je van een computer gewist, het zit nog altijd ergens in een backup, in een mail of er zitten sporen naar en dan kunnen ze - soms tot maanden nadien en zelfs al waren ze weggegooid - toch weer opnieuw gevonden worden

    alleen als je echt paranoid bent heb je nog wat kans om zo iets te doen

  • Ontwerp digitale economie belangrijker dan dns.be beter te controleren

    Iedere keer wint DNS.Be zoals andere grote spelers op de Belgische internetmarkt haar strijd door bepaalde parlementariërs - zonder dat die meer en andere informatie gaan zoeken of die gaan confronteren met andere informatie en dus zonder contradictorisch onderzoek - te overtuigen van hun gelijk en waarom er beter niets verandert.

    dit is tot nu toe

    wat men bij DNS.Be niet begrijpt - of niet wilt begrijpen - is dat zij een kritische publieke dienstverlening zijn voor de hele Belgische interneteconomie en dat zelfs indien het misschien niet het beste voorstel is om er een publieke dienst van te maken of om ze onder de uitdtrukkelijke controle te steken van een een publieke dienst waarbij elk detail van haar operationeel management gecontroleerd wordt, ze zich toch minder als een commercieel bedrijf zou moeten gedragen die enkel diensten levert aan haar aandeelhouders en zich meer moet openstellen voor haar echte 1.5 miljoen klanten en de 'community'

    ze kan dit op verschillende manieren doen

    * betere kwaliteits- en verificatieverplichytingen ten opzichte van haar domeinverkopers - want zelf verkoopt ze natuurlijk niets maar hierachter verstopt ze zich wel als er problemen zijn.  Dit is al te gemakkelijk en het is ook de biggest single failure gebleken bij een aantal andere doorverkopers van vb certificaten want dit is hetzelfde businessmodel

    * meer normale rechten voor eigenaren van echte domeinnamen die als domeinnamen worden gebruikt - niemand heeft het recht om mijn naam of die van hetzij welk ander natuurlijk persoon te kopen als die niet dezelfde naam heeft en dat kan bewijzen. Niemand heeft het recht om namen die beschermd zijn door patenten en trademarks en copyrights te integreren of te gebruiken in een domeinnaam zonder enige terugkoppeling naar de echte domeineigenaar (en de kosten hiervoor moeten bij de opkoper worden gelegd en NIET bij de eigenaar  van het domeinnaam). En dit is zeker het geval door domeinnamen van banken en financiële of commerciële diensten online die in grote mate worden gebruikt voor phishing of logindiefstal (in dit laatste geval zullen die max 100 of neem nog 1000 domeinnamen het verschil niet maken).

    * een sterkere aanwezigheid van vertegenwoordigers van de domeinnaamhouders en online commerciële diensten in de organen van dns.be en haar overlegstructuren (en domeinnaamhouders zijn niet dezelfde als zij die ze verkopen als kopen ze er zelf veel op om mee te speculeren). Ik denk vb aan het VBO en dergelijke.

    * een sterkere aanwezigheid van vertegenwoordigers van de kritische community om te zorgen dat er plaats is voor contradictorisch debat en dat men voor het nemen van bepaalde beslissingen wel degelijk heeft rekening gehouden met alle mogelijke gevolgen die dit voor de verschillende soorten gebruikers van de domeinextensie kan hebben.

    * een SLA met de overheid die vernieuwbaar is en die om de zoveel jaar vastlegt wat de rechten en verplichtingen zijn voor deze licentie (om virtueel geld te printen) die in feite een monopolie is

    Dit wilt niet zeggen dat DNS.Be slecht werkt, dit betekent niet dat de mensen slecht werken, het betekent alleen dat ze haar beslissingsprocessen en haar transparantie moet democratiseren wil ze niet binnen hier en een paar jaar onder de voet worden gelopen door de 1000 andere domeinextensies die zullen in voege treden. Indien ze een legitiem onderdeel wilt zijn van de kritische dienstverlening op het Belgische internet dan moet ze zorgen dat het Belgische internet IN AL HAAR FACETTEN deel uitmaakt van haar structuur.

    Een ander gevolg van het uitsluiten van DNS.Be uit deze wijzigingen is dat ze ook werd gezien om diensten zoals de CERT.BE te kunnen voorzien van een stabiele grote financiering door vb het verhogen van de prijs van een domeinnaam met vb 1 euro (dit zou 1.5 miljoen Euro in het laatje brengen) en ja over dat geld moet goed worden nagedacht (stop met het te verspillen aan halfslachtige awarenesswebsites maar zet het prioritair in op het opsporen en oplossen van problemen en incidenten)

    Het is immers zo - en dat is de businesscase voor deze 'tax' of 'securitybijdrage' - dat door organisaties als de CERT het aantal incidenten dat een invloed kan hebben op de reputatie van het Belgische internet of de .be extensie uitstekend kan blijven en dus dat de waarde van de .be domeinen en de global reach van de dienstenleveranciers die .be gebruiken gehandhaafd kan blijven

    de mensen bij .be weten maar al te zeer hoe snel het kan gaan vooraleer een zogenaamd opgelost incident zich opeens opnieuw kan stellen omdat men van foute veiligheidsonderstellingen uitging (ja botneteigenaars kopen hun domeinnaam zelfs na 3 jaar weer op omdat ze denken dat ze er nog altijd PC's mee zullen kunnen recupereren)

    if you pay peanuts, you get monkeys - wel in de ZOO die het internet is zullen de apen met uw klanten en infrastructuur spelen alsof het speelgoed is vanaf het moment dat u even de aandacht laat gaan of omdat u niet over de noodzakelijke steeds zwaardere investeringen beschikt om te kunnen bijhouden - zeker nu dns installaties en certificaatverspreiders gericht en professioneel permanent worden aangevallen

    je kan het als een overwinning beschouwen, maar de vragen en issues die hierboven staan blijven overeind en zullen dus op een bepaald moment toch terugkomen. Misschien niet nu omdat u sterk bent - maar vanaf dat u ergens even de aandacht hebt laten verzwakken of toont dat u totaal niet bereid bent om naast uw commerciële rol ook een verantwoordelijke maatschappelijke rol te spelen

  • nieuw wetsontwerp Digitale economie is duidelijk over domeinkaping en waarom DNS.Be preventiever moet werken

    Duidelijker dan dat kan niet (nu nog preventief werken zodat men niet verplicht wordt om permanent procedures te moeten starten om dergelijke aanvallen op je online reputatie (het belangrijkste online goed) te stoppen

    Hoofdstuk 8. Het registreren van domeinnamenArt. XII.22. Het is verboden om zonder enig recht of legitiem
    belang jegens die domeinnaam, en met het doel eenderde te schaden of er een ongerechtvaardigd voordeel uit
    te halen, laten registreren door een officieel erkende instantiegemachtigd voor registratie, al dan niet via een tussenpersoon van een domeinnaam, die ofwel identiek is aan, of die zodanig overeenstemt dat hij verwarring kan scheppen met, onder meer, een merk, een geografi sche aanduiding of een benaming van oorsprong, een handelsnaam, een origineel werk, een naam van een vennootschap of van een vereniging, een geslachtsnaam
    of de naam van een geografi sche entiteit, die aan iemand anders toebehoort.


    Art. XII.23. Artikel XII.22 wordt toegepast onverminderd andere wettelijke bepalingen, meer bepaald elke wettelijke bepaling tot bescherming van merken, geografi sche aanduidingen en benamingen van oorsprong, handelsnamen, originele werken en alle andere voorwerpen van intellectuele eigendom, namen van vennootschappen en verenigingen, geslachtsnamen, namen van geografi sche entiteiten, alsook elke wettelijke bepaling inzake oneerlijke mededinging, marktpraktijken en voorlichting en bescherming van de consument. De geschillen voortvloeiend uit het recht op vrije meningsuiting

    Opmerking : dit is - je hoort het van een oudstrijder - enkel mogelijk indien men op basis van een serie kernwoorden en trademarked namen bij dns.be niet toelaat dat dergelijke namen worden geregistreerd door andere personen dan de diensten die deze bedrijven en instellingen daarvoor hebben aangewezen (en dit zonder te moeten betalen voor een monitoringservice :)

    In feite mag DNS.Be hierna blij zijn als ze niet zal worden vervolgd wegens schuldig verzuim, het niet handelen als een goed huisvader of zelfs impliciete medeplichtigheid bij vb het verkopen van vb mastercardservices.be dat dan zou worden gebruikt binnen de 4u om mensen op te lichten

  • uiterst belangrijk wetsontwerp voor Belgische digitale economie en diensten ingediend

    Een uiterst belangrijk wetsontwerp werd door het Minister van Economie Van de Lanotte ingediend bij het parlement nadat het gedurende een lange voorbereidingsperiode op een grondige manier door juristen en specialisten werd onder de loep genomen en zorgvuldig werd voorbereid. Het is ook vergezeld van een aantal juridische adviezen van de Raad van Sate.

    Dit is een uiterst belangrijk wetsontwerp omdat het digitale economie en de digitale dienstverlening momenteel voor ieder project zich moet gaan baseren op rechtspraak die een interpretatie zal geven van wat een handtekening, een ontvangst of een bewijs is en aan welke voorwaarden dat eventueel zou moeten voldoen om te kunnen electronisch aanvaard te worden en aangezien rechtspraak gebaseerd op onvolledige of onbestaande wetgeving zich steeds baseert op de specifieke kenmerken van een specifieke zaak is het altijd gevaarlijk om daar algemene regels uit te gaan destilleren en daarom kan die rechtspraak steeds worden tegengesproken of aangevuld of uitgehold door andere rechtspraak of door Europese regels. Neem daar dan nog de intenties en de bijbehorende administratieve omzendbrieven bij en de eventuele uitspraak van administratieve rechtscollege's zoals de Privacycommissie en je begrijpt dat je al een goed jaar bezig bent met het opzetten van een juridisch sluitend systeem als je je niet wilt richten op bestaan grote dienstenleveranciers zoals Ogone (betalingen) of Fedict (EID authentificatie) of Certipost (facturen en documenten).

    Op termijn zou deze onzekerheid over wat een digitale handtekening is en wanneer men onder welke omstandigheden de EID kan gebruiken en hoe men dit moet gebruiken in België een concurrenteel nadeel omdat dit in andere landen reeds min of meer volledig uitgewerkt is waardoor het voor transnationale en internationale electronische dienstenleveranciers minder interessant is om zich in België te vestigen of een Belgische (sub)divisie op te richten (wat niet meer nodig is onder de Europese wetgeving).

    Het scheppen van een duidelijk en volledig juridisch kader, gekoppeld aan enkele grote Belgische dienstenleveranciers zoals dns.be, globalsign (certificaten), Ogone (betalingen), Bpost (distributie) en grote worldclass datacentra zetten België dan ook weer duidelijk op de kaart als centrale Hub voor electronische dienstenleveranciers.

    Ik heb het nog niet gelezen, maar alle bedenkingen en opmerkingen zijn natuurlijk welkom alhier - anoniem of onder een pseudoniem of onder je eigen naam (direct gepost of met mij als proxy :))

    Het is op het vlak van digitale economie het belangrijkste initiatief van de afgelopen 10 jaar (al ben ik akkoord dat een grondige herziening van de privacywetgeving en de computercriminaliteitswetgeving ook belangrijk is)

    U moet het ook lezen als u een hostingservice aanbiedt, in feite moet u het hoe dan ook lezen als u hetzij welke electronische dienst of dienst aan electronische dienstenleveranciers aanbiedt wat in heel wat artikels staan algemene definities, verplichtingen en verantwoordelijkheden die ook op u zouden kunnen van toepassing zijn (of op die manier worden toegepast door de rechtbanken die op deze manier tot nu toe door het maken van vergelijkingen de procedures van de digitale economie opbouwden naar analogie met de gewone economie.

    "Wetsontwerp houdende invoeging van het Boek XII, "Recht van de elektronische
    economie", in het Wetboek van economisch recht, en houdende invoeging van
    de definities eigen aan boek XII en van de rechtshandhavingsbepalingen eigen
    aan boek XII, in de boeken I en XV van het Wetboek van economisch recht.
    001 Datum : 05/09/2013 WETSONTWERP"
    <http://www.lachambre.be/FLWB/pdf/53/2963/53K2963001.pdf>

  • #icss2013 CISCO internal network daily attacked with zero day virusses

    Cisco internal network had sent someone of the internal CIRST team

    they treat every day petrabytes of information coming in and going out and have an enormous and diverse network to attend to

    the presentation has some very cool and interesting pages

    but as during the whole congress the most interesting things were being said

    he said that they daily discover zeroday viruses on their network and that luckily they work together with all the different security and antivirusvendors to inform them

    if somebody says that - from a firm like CISCO - than I would be worried (they make routers, don't they)

    even if they use behavioural and intelligence analysis to discover those viruses how long does it take them to be discovered and when do they miss some

    I really hope their information is really categorized in riskgroups and that they have seperated networks

    and if they have them, why should I or You and how would we discover them if we could

  • #icss2013 the awareness circus came back like a monster of Lochness

    awareness came back and forth during this congress and nobody even had the guts to turn this argument upside down because even if it is necessary it will in itself change nothing and saying that this is the beginning and that everything should start with awareness is only demanding to wait for godot (looking up the filmtitle in Google "waiting for godot" and if you really want to know the meaning of the film try watch it untill the end to fully understand the meaning of the title)

    people didn't start riding much slower because they were aware that there were too many deaths and that they were taking a big risk, everybody was driving fast so what

    they started driving slower and drinking less because there were controls and they were effectively being fined again and again and again. Did everybody always stop drinking while driving and start driving more careful ? No but the vast majority did and this is the first big effect.

    people started smoking less because it became more expensive and because they had lesser opportunities to smoke (prohibition on place and age) and even if there are ways to get around it they weren't that attractive and so people took the easy way, they stopped smoking..... even if all the awareness helped it was making it more difficult and making the price higher that made the first big impact

    off course you have to communicate when you implement things and you have to explain why you install those security rules and how people can see if an email or other transaction that slipped through the defenses is still dangerous and what they should do but you have to do FIRST the implementation of the security and THAN make people aware of the reasons and the advantages of why you did it. If you want to wait the moment that they will be aware, you will be hacked and infected a thousand times

    so I don't think that awareness is security or has anything to do with security, security is making sure that you are secure and that you will be protected just as brakes in a car do and just as a driver has to know why they are there and how they work the user should be aware how to use them and why they are there, it is communication and education but it can't be a goal in itself

    if half the money that is spend on public awareness campaigns would have been spent in effectively protecting people they would have been much better protected than they would ever have been aware off