belsec - Page 3

  • where is skynetblogs on the Belgian social media monitor

    First Skynetblogs in the main Belgian blog operator (but should we also count the dead blogs  or only the blogs where there is some blogging during a month ? )

    - skynetblogs : 190.073 blogs, een stijging van 1%
    - seniorennet : 16.013 blogs, een stijging van 1%
    - : 67.596 blogs, een stijging van 4%
    - Blogoloog : 21.585 actieve Vlaamse blogs en Twitter accounts, een stijging van 9%

    When you look at Alexa for traffic, then you will see that Skynetblogs is by far the most important one (but that the tendency is negative, meaning it will have to do some social marketing - integration with twitter and facebook apps or netlog because there own ID initiative may be considered a failure and why spend money and time in something that already exists elsewhere much better ?)

    You also have to take into consideration that these traffic numbers are the results of the following of a number of users that have installed the Alexa toolbar.

    113 Skynetblogs

    Google Trends laat het volgende zien

    Skynetblogs : 9K daily users : 6K daily users : 3K daily users

    Based on these numbers you can say that with far less blogs the other Belgian forums have not so much less traffic, which means that they may have fewer blogs, but they seem to be more active.

    The new monthly Belgian social media monitor (still in development because based on too few resources and not enough methodological explanation of the real importance of the numbers and trends)  

    Skynetblogs, the home where I live in should after the holidays start with an discussion with its most active members and most important members to have at least some input about where they could go from here.

  • ekz, Itenquirer, belsec the next five years

    Now that after a lobbying effort that started 5 years ago ( and that had its ups (the new Belgian Telecom Law and the hearings in parliament) and its downs (the patience one needs) we know now that the national Belgian CERT will be established.

    It looks like a page of a book that can be turned.

    This doesn't mean that there are no other things to work for, the work is far from finished, but a new structural building block has been accomplished.

    During the next month I will consider what the role will be of the different blogs on this network (some will close down once the national CERT is functional, because they were only there to give some practical information), what the role of belsec will be and what the next concrete political goals will be to accomplish in the next 5 years to strengthen the ITsecurity in Belgium.

    It is possible that I have made some ennemies the last 5 years and it is possible that some people have a long memory and have problems to go on, but in the next 5 years we will have to work together and we will have to get along. All the rest is a waste of energy because there is still so much to do. Nothing in the debate was ever personal. It was the facts and only the facts. I am not interested in persons, even if they think they are the center of the universe. I wil work with more or less anybody if that makes it easier to accomplish the goals I have set (no racists however).

    These general goals stay the same.

    First. Giving everybody in Belgium the same possibility to have a secure internetline and computer to do things he or she wants to do in all security and this based on the same principles as we use for the distribution of gas, water and electricity or traffic or normal offline commerce.

    Second. Giving everybody in Belgium the same rights to fundamental privacy and independent controls of the security of its personal information.

    Third. More openness and democracy and debate and discussions and knowledge and acess to information.

    Personally I think there are two specific goals we have to set for the next five years.

    First we need a responsable disclosure procedure so that ITsecurity researchers won't be silenced anymore like they do or have fear to do securityresearch because the Belgian cybercriminalitylaw is too vague.

    Second  we need a breach notification law in which institutions and firms are obliged to inform the privacycommission and/or the CERT of a breach of their information or networks.

    I think that when we have a CERT, a responsable disclosure procedure and a breach notification law in Belgium that all the pieces are in place to change the Omerta culture of IT in Belgium definitively. The forces against it are powerful and huge, but they can't win all the time every time.

    Look at Telenet. The last years they have lobbyed so hard to keep the politicians from implementing the article in the new Telecom Law that obliges them to install a free securitysuite with all their users. They say that their general firewalls and security-installations are enough. It is now clear that even Telenet can't keep up with the new intensity of the attacks on the internet. You can not win it alone. We will have to secure from end to end. And as you don't buy a car without security, you shouldn't get a computer without one. And as a car without brakes can't ride on the highway a PC without anitivirus shouldn't be on the internet or shouldn't be using its creditcard. And an eshop should be secure from end to end just as a normal shop in the street will have to invest in security.

    My biggest frustration nowadays is with the lack of a good newsplatform in Belgium. THere is no good Belgian newsplatform. There are too many bullshit stories, too much speculation and too little debate. Not enough documents and not enough presentations (film). Not enough links to other resources and not enough follow-up. And so on. How can we build a base for a democratic intelligent debate without documents, debates, facts, follow up and investigation and confrontation ? Not only in IT. Some thought that IT an sich would be the basis for the change. Some thought that because IT existed it would change society and give more information and debate. It did sometimes, but most of the times it is too little for too few people and not long enough. If the people don't post the documents, take on the debate and investigate the facts and the journalists don't have the time nor the resources to do so anymore, who will ? A computer won't do it automatically.

    This is also so for the Iranians. They can twitter as long as they want, if they don't go on the street and reclaim their democratic freedoms of speech and organisation they will go down to dictatorship twittering. IT can help organize and mobilize. But it is the people and only the people who can change things.

    Like the several million visitors (together) on all my different blogs and initiatives the last 5 years were important. But when it came down to realize things, it was eye to eye with very few people around the table, deciding to go all the way all of the time. Even if it sometimes became very hard or we came under legal and professional pressure or had to find a new balance between our work, family and political battles.

    If there are some people out there that want to lend a hand or have some ideas and initiatives I could be of use to, contact me.

    anyway expect some small and big changes and announcements in the coming weeks and months.

  • already a big success (have you got your ticket yet ?)  is the first Belgian non-commercialized ITsecurity event in Belgium. It is not free but if you compare it with other ITsecurity events the prices are really democratic. But nevertheless the people who are organizing this event (some of them are securitybloggers) took a really big financial and personal risk but they believed in their project and the need to organize such an event in Belgium.

    Well they tell me that they have sold more tickets than were planned at this stage and that if everything goes as planned (if only Murphy could go on holiday) it will be a success.

    Lets hope now that the official administrations and organisations (FCCU, Belnet CERT and others) will finally decide to come and present themselves and network with all those networkers.

    Question is, do you have your tickets already ? You will hear people speak that otherwise nearly never come to Belgium. You will meet all kinds of people working in or with ITsecurity in Belgium. And maybe you will learn a few things.

    There are some interesting training sessions going on also. What is interesting is that they are not expensive and that they are during two days. In two days you can explain and learn a lot if the tutor is the right person. I personally thing those three subjects are very avantgarde for Belgian ITsecurity but they are three subjects one should have a serious look at. Having some knowledge about penetration testing to be able to do some yourself or to be able to chose the right defenses and monitors is essentials. Understanding the securityrisks of web2.0 is essential if you are responsable for webprojects or for a whole lot of people in your network and social engineering is essential is the information you are supposed to defend is very important. People are your first and last firewall. They are also your cheapest if they act as one.

    Crash course in Penetration Testing

    Web 2.0 Hacking – Attacks and Defense

    Social Engineering testing for IT Security professionals

  • A real CERT in Belgium to be established

    We can announce that in the coming months a real CERT will be established in Belgium for the whole of Belgium. It will be built upon the existing knowledge and experience from Belnet (who already operates a CERT for its own FGOV network) and upon the legal authority of BIPT. Do not send in your CV's just yet, the job offerings will be published in the coming weeks.

    First I am happy that finally after a campaign that started with since 2004, the battle around the New Belgian Telecom Law, The Belgian Inquirer and than the Belgian security bloggers (of which Belsec is part) and the hearings in the parliament the CERT will finally be established. This is important because for the moment nobody was responsable for the Belgian National IT-infrastructure.

    The practical consequence was that international malwaregroups and securityfirms couldn't give their information about insecurity on the Belgian networks or infrastructure to anyone because they were hindered by their NDA's and so. They needed a national CERT but as Belnet was only responsable for Belnet and not for the whole of Belgium it was a bit difficult. And as the FCCU was only for legal complaints, they couldn't do anything with that information either. Luckily for Belgium Arbor Networks decided to give us (and the FCCU) access to their information about fastflux botnets so that we could contact FCCU and DNS.Be to take immediate action (a week later).

    The national consequence was that there was no-one that could contact the insecure or hacked server or website to mention the problem and to try to have it downed or secured. We publish here this information about infected and hacked .be websites, but most of them don't care a bit so some of them stay that way for weeks or months to come. Maybe untill the moment they see in a Google search that they are indexed as being hacked or insecure. Contacting by  Whois the owners or operators of these sites was not only time-consuming it was also a very dangerous thing because those paranoids sometimes thought that you were responsable. They should better have been paranoid about their security. You also didn't receive any thanks. So I have other things to do than to spend my time with people like that. It is published and if they are interested they will see it.

    So now there is a CERT. We shouldn't put our hopes too high from the beginning because they will have a lot of work to do and they can't do it all from the beginning. But if I were them. I would do the theoretical and infrastructure work and the communication and things like that. But I would also set very clear goals. Every day we have to bring down at least x hacked sites, x phished sites, x botnets and so on. If you do that every day, you will have very impressive numbers after a few months and you will see that the number of infections and security problems will diminish because they will know that every day x number of their compromised sites will be brought down. I would also concentrate on the most important and massive infectors first. A botnet command and control center should not be listed on Arbor Networks for months. It should be brought down from day one it is found. A site that has been used for phishing 3 times a month should be asked to review its security because it will be hacked a fourth time.

    When we have a CERT than the battle for the responsable disclosure can begin because under the Belgian Cybercriminality law you can be charged in a very easy way just for wanting to be responsable. A whole other series of laws will also be necessary here (breach disclosure for example) and a series of debates about how to protect the mobile networks from the new attacks that will arrive. But we needed a CERT first because where would you go with your 'responsable disclosure' information without disclosing yourself ?

    I will also have to think about what I will do with all that around here now that the CERT exists. Because we have built here a security dashboard, a collection of 1000 feeds and some exclusive monitoring. If the CERT does all that (which I hope) than I can do some more other things (I hear a big yes and a long list at home :) )

    We only did this because there was no CERT.

    We should also thank representative Roel Deseyn for his unrelentless interest and lobbying for this. He is the only politician so far that really has shown a clear interest in the matters of esecurity and privacy and has continued to push for new laws and means to act upon them.

    And let us rejoy, the CERT is here to come and stay.

  • Exclusive reports about Belgian insecure malwaredistribution servers

    We also try to keep the pressure up and some people are not to happy about that. They are not happy that we are publishing all those listings with infected and infecting or hacked or insecure servers on the Belgian networks. But we only republish stuff that has been published already elsewhere but that they don't care about enough. Untill it is published off course.

    In the same tradition on the securityalerts blog ( we are now publishing listings of sites that Google deemed to be insecure on the Belgian networks and datacenters.

    It is very important that this cleaned up because Google is simple blocking sites that want to access those sites and as Google is responsable for at least half the search traffic this could mean a lot.

    Also for those that are hosting their serious site (or are serious about their reputation online and offline) you should get away from shared hosting because if one hosts gets infected on that server you can get infecte to and in the worst case, other networks will just block the IP address of the server, not necessarily of the domain. And Asn blocking for a whole service provider is not longer taboo also (because it seems so effective in putting pressure on serviceproviders to clean their stuff).

    More listings will follow (if someone has a longer listing of Belgian ASN numbers you can forward it so I can complete mine).

    If there are people who want to join the team, you can contact me. Experience is not always needed. And a few hours a week is sufficient.

  • skynetblogs was out and it is their fault

    We couldn't access our blogs for more than one day and this is the mistake of Skynetblogs. It is an architectural mistake and a securiy mishap they will have to correct next year if they still want to claim that they are the biggest Belgian bloggers- community.

    The fundamental mistake is that they had no back-up with the last working version or a fail-over or deduplication or something like that. The second mistake is that they don't seem to monitor their processes every so many minutes (look for example at ipcheck which is quite cheap and which can monitor 5 steps of a process (login, post, change something,.....) every so many minutes.

    Stop playing and fooling around. This is serious and you should start taking this as seriously as people take their blogs seriously around here. If you want to be professional, act professional and it is not because it is free that it should be broken.

  • we passed the half a million visitors here

    yeah half a million people came here and read maybe something

    can't imagine that

    thanx anyway

    there is a lot of stuff around here, so take your time and wander around

    I hope you found something useful

    makes my effort a bit worthwhile

  • Belgacom ADSLTV and bandwith (from own sources)

    About two years ago I was writing a piece for The (gone) about the Belgacom ADSLTV and bandwith problems. It happened that you could push the TV out if at the same time you had an intensive resource on your PC (like some applications or your own server or some chat or gameservers).

    Belgacom denied and the lawyers and editors came into play and the piece was rewritten so that it was hidden somewhere deep between the lines.

    Belgacom did some upgrades and tests and announced some months later during an upgrade that they would better differentiate the video and the internetstream on the modem. THe video (and the VOIP) lines have to be totally seperated and guaranteed between their router and yours. Otherwise it is possible to diminish or influence the datastreams for the other applications that are also using the same bandwith.

    So it works fine for your regular tv but Belgacom has also film on demand over internet (quite astonishing in quality, load and functionality). It now happens according to sources (and tested myself) that you can effectively push out /interrupt the VOD (video on Demand) service if you use on your computer highly intensive stuff at the same time.The service becomes 'not available' which leads to big shouts like 'what are you doing over there, dad?' Playing a game online. But that I should do when everybody has gone to bed I suppose.

    I didn't test it with VOIP, I prefer to keep my telephone on a seperated telephone line because the telephone line could be the lifeline if all the rest fails. I may be old fashioned but putting everything on that simple adsl-line may be a bit too risky for now.

    Maybe this is also a message to Belgacom that as PC's are becoming more and more intensive in use (streaming, chatting, downloading and multi activity) and as families aren't all united around the tv anymore but are doing each their own things in other rooms with other toys at the same time, the limited bandwith that is offered now will not be capable of accepting new innovative functions and possibilities they will be dreaming about. (internet or videoconferencing on a tv for example so the tv becomes the cheapiest and easiest PC).

  • holiday editions and some changes (and nice presents)

    I am afraid that I have to repeat that this is a voluntary effort and that I don't make any money with it. It is open intelligence in the hope that we all become more intelligent....

    But I am not only an ITsecurity activist, I am also a father and a husband. So I have some other 'duties' and 'expectations' around me. I am not going to stop, but please accept that this is a holiday edition.

    Meanwhile we will be publishing on Belsectv a whole bunch of interesting online movies - the links to the ITsec videos you will find on the dashboard at

    So be patient, from time to time things will be updated from time to time.

    The musicmix blog is on hold for some time so I can concentrate on the new version of the belsectv blog.


  • New securitywarnings and updates and more 

    * zeroday for Firefox and fixes

    * patches for Microsoft to install




    More proxies on the proxy blog

    More books on the ebooks blog

    More clips on the musicmix blog

    More films on the belsectv blog

  • new Belgian phishtank watch service from Belsec

    After some work - and being convinced now that also Belgian hosters are so crazy to host .cn and other names or are infected with zombies with that name - I have started collecting a list with all the ASN adresses that could be of use or that appear in attacklists. So I have made a collective watchlist -

    If you think that others should be included just leave a comment here and I will follow it up.

    You can find it here

    the link and postings about the findings will be posted at

    It already shows for the last days a versatel client that is heavily infected and used and another few sites that were hacked for phishing the last few days.

    Meanwhile the link database at has passed the 20.000 mark

    in preparation is also a list a few thousand links to books at in the coming weeks and a place where you can leave links and so on.

    There is even at our own hiding online webmail

    If some people want to help a few hours a week or month, contact me. Enough things to do or test.

  • new open knowledge projects 1000 feeds

    About 1000 RSS feeds about several aspects off IT and off course some fun aspects are now public at

    They are those that we are using at Googlereader. And they will be updated monthly.


    more will come one bit at a time

  • governments and cybercrime : no blablabla save SORBS

    I am not interested in your conferences, websites and blablabla. I have heard that over the years over and over and over again. It doesn't change a thing and only now and than you have a sole criminal who is being arrested.

    Now you can do the right thing and save a community effort that is serving 30 billion antispam controls a DAY. I am talking about SORBS. Sorbs should be saved by an international institution or group or some governments.

    Somewhere it is normal that the university is stopping to finance this projects. It is not its main role and in hard times it has probably other obligations that are more central to its main role. It is the obligation of the government to finance such operations that have become so central in the defense of the internet and its users. And this goes for other anticybercrime initiatives that aren't commercialised and effective.

    "It comes with great sadness that I have to announce the imminent closure of SORBS. The University of Queensland have decided not to honor their agreement with myself and SORBS and terminate the hosting contract.

    I have been involved with institutions such as Griffith University trying to arrange alternative hosting for SORBS, but as of 12 noon, 22nd June 2009 no hosting has been acquired and therefore I have been forced in to this announcement. SORBS is officially "For Sale" should anyone wish to purchase it as a going concern, but failing that and failing to find alternative hosting for a 42RU rack in the Brisbane area of Queensland Australia SORBS will be shutting down permanently in 28 days, on 20th July 2009 at 12 noon.

    This announcement will be replicated on the main SORBS website at the earliest opportunity.

    For information about the possible purchase of SORBS, the source code, data, hosts etc, I maybe contacted at, telephone +61 414 861 744.

    For any hosting suggestions/provision, please be aware that the 42RU space is a requirement at the moment, and the service cannot be made into a smaller rackspace without a lot of new hardware, virtual hosting is just not possible. The SORBS service services over 30 billion DNS queries per day, and has a number of database servers with fast disk to cope with the requirements.

    Thank you for all your support over the years,

    Michelle Sullivan (Previously known as Matthew Sullivan)"

  • will help you will give you the tools, the info and the list to the proxys you will need. it has become clear that it is not easy to find good information and that it is somewhat dispersed, so from now on we will reconcentrate our privacypreserving and censorbattling tips and software and links on that blog

    The reason is that otherwise this blog would become too cluttered

    the video's from iran can be watched at

    both are still somewhat in beta, so have patience but meanwhile enjoy

  • Brucon the complete program of the first ITsec conference in Brussels

    To hear, see and talk to these people about subjects that are normally only talked about on major conferences worldwide (that will cost you a lot more money to go to) you can go to Brussels the second week of september.

    Brucon Presentation Track

    “I am walking through a city made of glass and I have a bag full of rocks” (Dispelling the myths and discussing the facts Global Cyber-Warfare)

    by Jayson E. Street

    Abstract: There is a war being raged right now. It is being fought in your living room, in your dorm room even in your board room. The weapons are your network and computers and even though it is bytes not bullets whizzing by that does not make the casualties less real. We will follow the time line of Informational Warfare and its impact today. We will go deeper past the media hype and common misconceptions to the true facts of whats happening on the Internet landscape. You will learn how the war is fought and who is fighting and who is waiting on the sidelines for the dust to settle before they attack.

    A new web attack vector: Script Fragmentation

    by Stephan Chenette

    Abstract: This presentation will introduce a new web-based attack vector which utilizes client-side scripting to fragment malicious web content.

    This involves distributing web exploits in a asynchronous manner to evade signature detection. Similar to TCP fragmentation attacks, which are still an issue in current IDS/IPS products, This attack vector involves sending any web exploit in fragments and uses the already existing components within the web browser to reassemble and execute the exploit.

    Our presentation will discuss this attack vector used to evade both gateway and client side detection. We will show several proof of concepts containing common readily available web exploits.

    All Your Packets Are Belong to Us - Attacking Backbone Technologies

    by Daniel Mende

    Abstract: The year 2008 has seen some severe attacks on infrastructure protocols (SNMP, DNS, BGP). We will continue down that road and discuss potential and real vulnerabilities in backbone technologies used in today's carrier space (e.g. MPLS, Carrier Ethernet, QinQ and the like). The talk includes a number of demos (like cracking BGP MD5 keys, redirecting MPLS traffic on a site level and some Carrier Ethernet stuff) all of which will be performed with a new tool kit made available at the con. It's about making the theoretical practical, once more!

    Botnets, Ransomware, Malware, and Stuff!

    by Julia Wolf


    Building Hackerspaces Everywhere

    by Esther Schneeweisz

    Abstract: Within the last 12 months, we've seen hackerspaces spread all across the world at an incredible rate, and hackers everywhere getting involved with the movement and turning into the most excited entusiasts for shared community spaces to research and/or build things. As of today there are 102 officially known active hackerspaces and another 82 in planning or building process. The media has developed an interest in the movement, its history (reaching back dozens of years already), and its current status.

    However, the epic plan of taking over the world and bringing new mechanisms of studying, working and experience to the people doesn't stop here. The 40 minute talk will mostly focus on why to build a hackerspace, how, and what questions to ask yourself in the process. It will conclude in an extensive Q/A round.

    Cloudifornication - Indiscriminate Information Intercourse Involving Internet Infrastructure

    by Christofer Hoff

    Abstract: What was in is now out.

    This metaphor holds true not only as an accurate analysis of adoption trends of disruptive technology and innovation in the enterprise, but also parallels the amazing velocity of how our datacenters are being re-perimiterized and quite literally turned inside out thanks to Cloud computing and virtualization.

    One of the really scary things happening with the massive convergence of virtualization and cloud computing is its effect on security models and the information they are designed to protect.

    Where and how our data is created, processed, accessed, stored, backed up and destroyed in what is sure to become massively overlaid cloud-based services -- and by whom and using whose infrastructure -- yields significant concerns related to security, privacy, compliance and survivability.

    Further, the "stacked turtle" problem becomes incredibly scary as the notion of nested clouds becomes reality: cloud SaaS providers depending on Cloud IaaS providers which rely on Cloud network providers. It's a house of, well, turtles.

    This "infrastructure intercourse" where your resources and data can be located anywhere makes it very interesting to try and secure your assets when you don't own the infrastructure and in most cases can't control the level of security.

    We will show multiple cascading levels of failure associated with relying on cloud on cloud infrastructure and services including exposing flawed assumptions and untested theories as it relates to security, privacy and confidentiality in the Cloud with some unique attack vectors.

    How to prepare, coordinate and conduct a cyber attack

    by Eric Adrien Filiol


    This talk intends to present how true cyberattack could be planned and launched from a military perspective but with the technical aspects in mind. The aim is to explain why the common definition of cyber attack is totally wrong and to show what a rogue group or a rogue nation could really do. Our approach is based on Nato InfoOps techniques, military doctrines and computer attacks techniques. A number a examples will be given to illustrate the talk.


    Knowing Me Knowing You (The dangers of social networks)

    by Brian Honan

    Abstract: In late 2008 the author was challenged by an Irish security journalist to steal her identity. The author was only allowed to use information that could be found online, could not break any laws and could not use any social engineering techniques. The author will present what information was available online, whether or not he was succesful and what lessons can be learned from the experience in relation to an individual's privacy.

    Malicious Markup - I thought you were my friend - cycle 3

    by Mario Heiderich

    Abstract: The talk will cover a short exegesis of how and where browser vendors talk about security - and what can be seen from a security professionals perspective. The ratio between the growth of new browser technologies and the amount of time for developers to learn working with them could turn out to be a problem - especially when knowing that todays browsers support a vast amount of lost treasures. Amongst them various XML quirks, data islands, SVG fonts etc. which make it hard to protect rich web applications. Surprising but true: several of the most recent in-the-wild browser exploits were possible due to those legacy features like the IE6-8 code execution flaw. Reason enough to dive into a collection of weird techniques and standards exposing attack vectors and scenarios that WAF systems and filters might have some trouble with. The talk also shows some issues regarding IE8 and Opera 10 - as well as current Firefox versions. The conclusion of the talk features an overview of what we can expect during the next months, ways for developers and related parties to deal with those security risks.

    Open Source Information Gathering

    by Chris Gates

    Abstract: This talk is about using the current open source tools to generate a detailed target footprint for a blackbox penetration test. Suppose for our penetration test we are given nothing but a domain name. Client-side and Social Engineering attacks are in scope, but we're on our own to come up with all the information needed to execute those attacks (just like a real attacker would be required to do). The days of running Sam Spade or simply querying a whois server for the totality of your information gathering are dead. We need to leverage all the information freely available to us on the net to build both our network attack list as well as our client attack list. This information includes network ranges, hidden company affiliations, hostnames, dns information, public documents with their metadata and email addresses for client side attacks.

    Rage Against The Kiosk

    by Paul James Craig


    My name is Paul Craig, and I am the self proclaimed "King of Kiosk Hacking".

    Last year at Defcon 16, I released iKAT v1.0 (The Interactive Kiosk Attack Tool). iKAT is an online tool designed to allow users to hack an internet Windows Kiosk terminal, in less than one minute.

    Thousands of Kiosks worldwide have accessed iKAT and witnessed its Kiosk hacking power.

    Kiosk vendors ran for cover after the Defcon release, fixing their software and explicitly blocking iKAT and my techniques. The year is now 2009, and I have spent my spare time playing with more Kiosks. With even more success than ever before!

    iKAT v2.0 is now ready to be released, with more oh-day, more tools and more tricks, to provide you with the ultimate Kiosk hacking experience.

    Red and Tiger Team

    by Chris Nickerson

    Abstract: The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?

    To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations fall from the raw effectiveness and lack of preparedness for this all too common attack.

    Social engineering for penetration testers

    by Sharon Conheady


    In recent years, people have become more familiar with the term "social engineering", the use of deception or impersonation to gain unauthorised access to sensitive information or facilities.

    Does this mean that there are fewer successful social engineering attacks?Unfortunately not.

    In fact, because computer security is becoming more sophisticated and more difficult to break (although this is still very possible) more people are resorting to social engineering techniques as a means of gaining access to an organisation's resources. Logical security is at a much greater risk of being compromised if physical security is weak and security awareness is low. Performing a social engineering test on an organisation gives a good indication of the effectiveness of current physical security controls and the staff's level of security awareness. But once you have decided to perform a social engineering test, where do you start? How do you actually conduct a social engineering test?

    During my talk, I will discuss the practical aspects of a social engineering attack, providing plenty of war stories from my career as a social engineer. The key to preventing social engineering attacks from being successful lies in education and awareness. This talk will give the audience an insight into the techniques used by social engineers, whether as part of an ethical social engineering test or as a malicious social engineering attack.

    SQL Injection - how far does the rabbit hole go?

    by Justin Clarke

    Abstract: SQL Injection has been around for over 10 years, and yet it is still to this day not truly understood by many security professionals and developers. With the recent mass attacks against sites across the world it has again come to the fore of vulnerabilities under the spotlight, however many consider it to only be a data access issue, or parameterized queries to be a panacea.

    This talk starts from what was demonstrated last year at Black Hat in Las Vegas, where a self propagating SQL Injection worm was demonstrated live on stage. Explore some of the deeper, darker areas of SQL Injection, hybrid attacks, and exploiting obscure database functionality.

    Transition to IPv6 on the Internet: Threats and Mitigation Techniques

    by Eric Vyncke


    While IPv6 security is relatively well known in European Universities, most enterprises and service providers had little exposure to it.

    This is becoming really worrying because Microsoft Vista, 2008 includes IPv6 and IPv6 is even the preferred communication protocol. While this is probably a good thing, the transition mechanisms (notably the tunneling) can lead to risk exposure...

    The IPv4-address exhaustion is for 2010, this means that the migration to IPv6 is happening and that it is urgent to expose the security community to IPv6 with the latest news (like secure neighbor discovery which has been designed to secure the ARP-like function with cryptographically generated addresses). The session also cover the threats linked to the dual-stack approach and the use of carrrier grade NAT.

    Trusted Cryptography

    by Vincent Rijmen

    Abstract: Until late in the last century, cryptology and cryptographers were working almost exclusively for the military and government organizations. From the 1970s onwards, first companies and later also individuals started to use cryptography to protect their sensitive data. Cryptology became an open and lively field of research. Although in the recent past many people have benefited from the increased use of cryptographic applications, currently there are growing doubts about the trust we can put in cryptology and its applications.

  • new blog in beta added belsectv

    So you have already books, freeware, thoughts about security, thousands of links, hacked sites, insecure sites and an online security watchcenter

    the reason is that we are spreading the things around specifics so that less has to go on the belsecblog as well

    just a reminder, belsec is not only about ITsecurity it is about risk, security, IT and the world we live in that has an influence on all of these things. Isolating security to bits and bytes is maybe interesting but it isn't a basis for a permanent global change.

    Change we can believe in :) (see it grow in the coming weeks)

    ITsecurity blogs and podcasts will be added, although I don't believe that video is the best way to represent presentations. When I can read the stuff I can go through it at a really fast pace. When I have to watch it, I have to wait for every word and I still will have to take notes. Videopresentations are for that reason counterproductive.

    You will find news channels, documentaries and films mostly and links to videopresentations.


  • some nice collections to go through

    1700 Free Ebooks to download

    The ebookcollection (of which some are published at at has passed the 1000 books about IT, security and hacking and most you can download, except if they are blocked because of copyright complaints. So when you become member of don't forget to become member of that group (and add your own books and links about IT ;)).

    Another group has some less books about war, economics, finance, politics and other stuff. has about 700 documents and books.

    There is still a backlog of 9000 links to add but as it is a manuel proces with scribd, you will have to have some patience. I can't publish lists of links to books because when I did I had immediately copyright compliants.

    1000 Free musicclips to watch

    at we have reached the 1000 number with so many music clips in three languages (english, french and some dutch) in different kinds of music. So if you have enough sometime and are looking for some good music.

    Due to personal circumstances, my personal life is growing into a huge mess, I don't promise much. But every day I'll do a bit, just to keep it (and me) going.

    and sometimes I sing 'somewhere over the rainbow"


  • bing works better than Google for securityresearch

    If you are doing securityresearch like with the be-hacked weblog of hacked Belgian websites, you will notice that the new Bing searchengine from Microsoft gives a lot of information that Google doesn't and that you have to use both now if you want to have a more complete listing or understanding.

    Things that Google didn't found, Bing did.

  • help this anti RFI honeypot with a simple code on your site

    As part of the work at our lab we started to work on methods to learn more about remote file inclusion (RFI) attacks. The Internet Storm Center has developed a web-based honeypot which is available in a beta version. This honeypot can be used to collect information about different kinds of attacks, but requires the participant to install and maintain a honeypot on his own. For example, it is possible to deploy this honeypot on a OpenWrt router.
    Since we are aiming only at RFI attacks, an easier approach is to redirect incoming malicious request to a central honeypot which then aggregates the information. Jan already blogged about this idea, this posting is meant to spread the word.

    You can help us by using the following .htaccess file on your web server:

    Options +FollowSymlinks
    RewriteEngine on
    RewriteCond %{QUERY_STRING} (.+=http://.+)
    RewriteRule ^(.+)$$1?%1 [R,NC]

    The script checks if the incoming request looks like an RFI attack (RewriteCond) and then redirects this request to one of our honeypots (RewriteRule). Please let us know if you have any questions or ideas.

  • 400.000 visitors, thanx

    600 ebooks

    600 freeware

    20.000 links

    800 RSS feeds

    and a lot more to discover (and 800 videos to have some fun)


    So it is great to see 400.000 visitors who took the time and the effort to pass by, some time or every time and so now and than remind me that

    * there is no such other medium in Belgium - even if some want to silence us

    * there is no such other forum for others (send your info or ask for an account)

    * there is no such other voice for privacy and freedom and public discussion here


    The greatest thing is to inspire people to also start doing things. Like linking different rss feeds into one Belgian feed and like setting up a congress in Belgium or putting people around the table to discuss how we could ameliorate Belgian ITsecurity.

    The greatest frustration is that for some things it doesn't matter much what we do or say. hacked sites stay hacked and unsecure configurations stay that way. You can't blame them there is no law or insurance company that will make them pay the price for their negligence. This is Belgium. Not the US.

    but than there are 400.000 visitors and you say, waah, I have never seen so many people together.

    So I hope in the coming weeks to be announcing some new stuff.

    Although I am limited by the continuing technical difficulties of this blogsystem and the problems with other online tools. So I will have to migrate some stuff over the coming weeks to safer ground.

    thanx to all and hope to hear soon something from you - something interesting maybe