belsec - Page 5

  • Belsec wil dat autoriteiten sneller optreden tegen nieuw soort phishing botnets (also english summary)

    For our English readers Belsec wants that our computer crime unit, the domainextension .be authority and the justice department develop a fast track procedure to block at the DNS level the new fast flux DNS botnets because it is the only way to stop them. In a fast flux DNS botnet the sites are hosted on a different hacked or infected computer or server every so many minutes. It will not be possible to bring those down in time if one is to use the normal legal procedures. Blocking the domainnames after a quick check is the only way.

    De blog Belsec van de Belgian (en international) Security Bloggers Netwerk heeft de afgelopen 2 dagen de aandacht gevestigd bij de overheid op een nieuw verschijnsel voor het Belgische .be en het Europese .eu domain, namelijk dat deze gebruikt werden in een fast flux DNS botnet dat deze domeinnamen gebruikt wordt voor phishing.
     
    Om het even simpel uit te leggen.
     
    Een botnet is een netwerk van geïnfecteerde computers (zombies ook genoemd) die van een centrale computer (control and command center genoemd) de opdracht krijgen om een bepaalde opdracht uit te voeren zonder dat de eigenaar van de computer dit merkt. Dit kan gaan van het hosten van webpagina's, het doorsturen van spam of het aanvallen van websites.
     
    Phishing is waarbij nagemaakte loginpagina's van banken en andere instellingen worden geplaatst op verschillende sites waarna naar zoveel mogelijk gebruikers van die banken een email met een link naar die valse loginpagina wordt gestuurd. Men wilt op deze manier de login van deze mensen verkrijgen en zo de rekeningen plunderen.
     
    DNS is het systeem waarbij een IP adres van een server (een aantal cijfers) wordt omgezet in de naam van een webadres of URL zoals we ze wel kennen.
     
    Het nieuwe systeem fast flux dat verleden jaar zijn opgang maakte werd gebruikt door botnets om minder kwetsbaar te zijn indien het commando centrum werd ontdekt en om ontdekking moeilijker te maken. De URL's of webadressen worden door een serie kleine DNS servers steeds naar andere IP adressen van geïnfecteerde computers of gehackte servers gestuurd.
     
    In het geval van de Belgische adressen zagen we dat deze de ene keer vb in Spanje en een andere keer in japan terechtkwamen. Volgens Arbor netwerk bestaan deze twee botnets die gebruik maken van .be en .eu uit enkele tientallen IP adressen die deze URL's gebruiken.
     
    Het viel de onderzoekers van belsec op dat in Phishtank.com dinsdag een hele serie .be en .eu adressen voorkwamen en dat per adres verschillende pagina's met verschillende logins werden aangebracht. Tevens bleken ze op dezelfde manier gecodeerd te zijn en bleken de namen op elkaar te lijken. Het bleek tevens dat de adressen de dag voordien werden aangekocht bij DNS.Be.
     
    De enige manier om deze internetadressen down te brengen is door ze te blokkeren op DNS niveau. Het is praktisch niet mogelijk om de tientallen zombies snel genoeg te localiseren en te laten desactiveren, vooral niet als het netwerk van zombies dagelijks andere zombies in andere landen zou gebruiken.
     
    DNS.Be en FCCU.Be zullen samen moeten werken met het gerecht om een fast track procedure overeen te komen om in dit geval en in andere gevallen waarvan ontegensprekelijk sprake is van een dergelijk fast flux botnet dat gebruikt wordt voor phishing preventieve actie te ondernemen. Een fast flux botnet kan snel worden vastgesteld omdat ze heel eigen kenmerken heeft.
     
    Belsec werkt voor wat betreft de Belgische onveiligheid op het internet samen met Arbor Networks dat deze specifieke vorm van botnets reeds in kaart heeft gebracht. Op hun lijst van gebruikte domeinnamen van meer dan 2000 domeinnamen staan dagelijks nieuwe. Daartussen staan nu dus ook een serie .be en .eu domeinnamen.
     
    Men mag niet de indruk geven dat het .be domeinnaam gemakkelijk te exploiteren is voor een snelle oplichtingsoperatie omdat men veronderstelt dat ons gerecht en antwoordmogelijkheid te beperkt en bureaucratisch is. In deze snel veranderende ecrime-economie is daarom ook een aangepast antwoord nodig.
     
    Belsec doet deze oproep om de verantwoordelijke beleidsmakers preventief te waarschuwen dat indien nu niet wordt getoond dat het .be domein niet zo kan misbruikt worden het risico wordt gelopen dat de internationale  ecrime-economie ons domein nog massaler zal gaan misbruiken.
     
     
    het verloop in omgekeerde volgorde (laatste gebeurtenis eerst)
     
    nieuwste betrokken domeinnamen
    Arbor networks bevestigt ons onderzoek
    We denken dat het een fast flux phishing botnet is
    We doen de eerste ontdekking van deze rare .be domeinnamen in phishtank.com

     

  • Vote for Belsec as skynet Technology blog of the year 08

    You can vote untill the 25th of january or is it the 26th and you have 5 votes in different categories. So as we are nominated - thanx for that, you can now make the difference and vote for belsec blog. As such if I understand we will become frontpage news on skynetblogs or something like that, that would be interesting to say the least...

    So as so many people in Belgium do so much effort to keep us out of the headlines, you can put us back in again.... Tijl Uylenspiegel lives here again.

    This is the link to vote

    http://blogs.skynet.be/index.html?l1=communication&l2=blogs&l3=awards&l4=category&a=detail&cat_id=17

    more propaganda material will come tomorrow

    thanx

     

     

  • South Korean Economic President of the Internet blogger arrested

    The South Korean government has decided to arrest an imposter who presented himself as an ex trader who wanted to share exclusive internal financial insights and predictions with the population and after a few right hits was more popular and had a bigger following than the official Sourh Korean economic policy communication itself. He turned out to be an unemployed who was studying economics. The other factor was that he was a staunch critic of the official South Korean economic policy and was beginning to have a real impact on media and policy.

    At one side it is wrong to present yourself under another function than you have and it is wrong to make people believe that you have access ot privileged information and professional insights, while you have none of that.

    http://news.yahoo.com/s/ap/as_skorea_blogger_arrested

    At the other side it is wrong to arrest and emprison him. if the governments would do as much to pursue the scammers and pump and dump stock schemes the financial world would be a safer place.

    The whole question of anonimity on the internet is a double edged sword. When we say who we are we will be open to pressure and the discussion will be about the persons and not the facts. While in IT there should be more discussion about the facts and not about the persons or the camps they supposedly belong to. At the other side some people refuse to take your arguments into consideration because they are published more or less without a proper identification.

    If Belgium was an open democratic country in which free discussion was possible without fear for your good name, job or career prospects, than all of this would not be necessary. The fact that we still publish in this way, proofs the contrary.

     

  • belsec and zone-h.org will be working more together

    we will be soon publishing and exclusive report here about hacking .be in 2008

    and we will do some crossblogging on zone-h

    if zone-h.com seems to be working all right

    we might even move our hacking .be articles over there and link to them from here

    belsec is slowly spreading its wings

    want to join the flight.....

  • belsec is nominated as one of the 5 best skynetblogs about technology

    thanx for the votes

    but you can still vote us to the frontpage of skynetblogs untill the 25th

    that would be something, we on the frontpage with this kind of news....

    banners and other stuff will follow soon here

    spread the word

  • Arbor networks closes access to its threat index

    We have been reporting the last couple of weeks about the threatlevel on the Belgian internet and have been using the information from Arbor Netsworks that was publicly available and have been quoting them as such.

    The advantage of this was that it was clear to anyone when there was where a problem and which attacks were increasing on a specific network. It is this kind of information that one needs ot be able to do with the limited time and resources the things that will bring the most security and preventive monitoring to the ITsecurity cell.

    We hope to be working with Arbor Networks and to be able to continue publishing this information for the community, but we also hope that they will return to the situation in which such information was available up to a certain level. It was a great help and in the present situation in which there are several threats looming at the same time, it is important to be able to use such an indicator.

    If there are limitations about the interpretation maybe they should be noted explicitly (like for example that its installations are on the skynet network and that this is the reason that you see so much attacktraffic on that network and so few of the Telenet network for example)

  • thanx for the votes and visits

    we thank you for the votes for the nomination, voting has ended

    we also thank you for the visits, we were the number one skynetblog with the best increase in the number of visitors this week for a few days

    we are looking for other collaborators and informers and if possible a project sponser of two

    thanx, it makes a great beginning for this year, watch out for some surprises here in the coming weeks

  • vote this blog to be nominated at skynetblogs

    If you take a minute to vote for this blog (see at your left of this blog) than this blog is between the nominated blogs. It doesn't cost a penny and it is a good way to start off a year, ain't it ? You can vote

  • last day to nominate this blog for the awards

    Today is the last day you can nominate this blog for the skynetblog awards. Afterwards they will be another selection it seems, but hey if we could get nominated that would already mean something, doesn't cost you anything. Just a few minutes of your time. Thanx and don't forget to subscribe to our feed, who knows what we will be publishing next that you don't know about.....

    follow the link at the left side of the blog

    oh and info and bloggers are always welcome here....

  • More than an thousand cars burnt out in France and the problem of online journalism

    Since a few years new years eve is the year in which people burn their cars to get a new one from their insurance or get their car fixed and burnt because some kidz don't know better than to burn other people's cars (the saddest thing is that it are cars from poor people like them because the rich hide their cars on new years eve). The really poor people can get up to 4000 Euro's from a fund for the victims of terrorism, those that have some better paid work and the middle class have to repay it all by their own.

    In the Belgian newspaper De Morgen we read about 440 cars that were burnt out that night

    len10

    In the french newspapers we read the following thing about last night burnt out cars

    First the 440 cars is only for the Region of Paris (and most of them in the ghetto's (called banlieus) around it.

    and this source says this "1.147 véhicules ont été incendiés au cours de la nuit de la Saint-Sylvestre 2008-2009, contre 878 durant la même période de l'année précédente, selon un bilan définitif «des faits vérifiés», publié jeudi soir par le ministère de l'Intérieur. Soit une hausse de plus de 30,6 % par rapport à 2007" It says that there are 1147 cars burnt that night, which is an increase with 30%

    So what is the problem here with online journalism and which makes it less trustful

    1. The online newspapers around here don't go updating and changing their online stories. Once published they are just archived and let alone just alike articles in the newspapers. This is totally wrong attitude. Online articles should live and be updated and given more links, information, changes and corrections. It is only after some time online that you can close a version. It is also this changing nature of your articles that makes it interesting to keep on reading.

    2. The online editions don't control the web permanently and don't google the facts that they are publishing. So they just trust one source and don't do the double checking. So one makes mistakes. The difference between a lie and a truth is sometimes a word (like paris instead of France

    len 11

     The newspapers are sacking a great number of journalists and editors this year but they say that this won't have any influence on their quality. This is not possible. You need human eyes and hands to make quality content.

  • No more ads here, place for sponserships

    We have taken away the advertising. The reason is that it takes too much space and doesn't bring in the necessary cash. So we try to keep it clean and look for some strategic sponserships.

    The amazon bookclub is still active. So if you would like to buy some securitybooks you can do that here, it won't cost you any more. It is also a good way to look for books. We will update the collection in the coming months, but in fact you can buy any amazon book from there. You didn't buy one, but it stays a great resource because some of you did surf through the collection.

    But as we said before, we are not into this for the money. IF this would be the case you would have been reading much more commercial stuff and product placements and other stuff like that.

  • vote this securityblog on the skynetblog homepage

    if you think it should be about public service and information and going further than the normal media would go

    vote for this blog (if you don't have one, you should make a skynetblogs profile that would take you 5 minutes) you can even start blogging afterwards if you would like that  (even here if you would like to blog about infosecurity or risks)

     

    Blogs Awards 2008

  • castle cops volunteers go away

    "You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created. "

    this is another proof that government should pay for permanent personnel at those first lines defenses (even if it would be financed with contributions from ISP's or other ebusiness)

    you can't expect from volunteers to stay on working like that against such a menace without any support (or even thanks or respect for that matter)

    there is for the moment not much to replace them

    wanted for 2009 : YOUR HELP HERE (lots still to do) contact me

  • on holiday - have great holidays yourselves

    I am off to family and quality time

    this is a free nonpaid voluntary effort to get some information about security and insecurity out but I am taking time off this time

    it has been a nice time and we have done a lot this year that others could only dream about

    but we dream about a CERT, we dream about certifications and audits and coordination

    and all we see is promises

    let's hope that we will get somewhere in 2009 because after 2008 2009 will not be like any other year

    for those looking for free stuff, you have 16.000 cached articles and links, links to 900 freeware, 1500 books and lots of more links here around (on netvibes there are links to digg and so on that change permanently)

    make love, have fun, friends, family and be happy and healthy

    we will be back in a day of four - and no netties (vlaamse vertaling) nogal drukke familietijd (sorry)

  • political crisis in Belgium

    After some speculation and strategic rumors, the Belgian government is no more. This is not good news - nor for the economic crisis, nor for the financial crisis (Fortis being the most urgent). Let's hope there is enough intelligence to put together fast an emergency government with limited powers to handle specifically those two urgencies. The voters can decide after the holidays or together with the regional and European elections who should make the new federal government.

    some thoughts about the last days and hours of this government

    * it is strange that the guy in the cabinet of the prime minister who is responsable for the illegal pressure and leaks is a prosecutor himself. He of all people should have known that what he did was illegal and he of all people should have known that he shouldn't have left all these footmarks and fingerprints leading to him. It is also strange to see that neither him nor the Chef of the Cabinet of the prime minister resigned themselves, saying that the prime minister didn't know anything and that it was their own initiative.

    * it was also strange to see again that SMS messages where being sent by ministers during the crisis conferences to journalists who were reading them aloud before the television. How can you negotiate or speak freely like that ? Where is the confidence if what you are saying (even tactically) is being send to journalists (without the same context) in realtime ? I think mobile phone blockers are a product of the future and that the government should have them in their conference rooms.

    * you can try to lie but you can't hide and somewhere somehow the truth will be published

    During this Leterme I we have asked several times to take some necessary measures for the Cybersecurity in Belgium and we had several contacts that were working on that idea. But it was always not the right time, there were other things and so on. There are and will always be other things, but this thing has been talked about in Belgium for more than 6 years now and there is nearly nothing in place that looks like a national coordination center.

    They have missed a historic opportunity. The insecurity of the Belgian web has never been so clear. The IT organisations were clearly asking for it. The European Commission said that we must have one. The big IT firms in Belgium find it necessary and activists and professionals are learning to speak to each other and understand and trust each other.

    Whoever will be part of the next government, we hope he or she will be open and take some initiative even if there are about 1000 other things that ask some attention.

    Luckily we have the EURO

     

  • nieuw vlaams overzicht van belgian securitybloggers week

    http://www.netties.be/extra/belsec_081209.htm

    als u het geheel of de lijn of de verbanden niet meer tussen al die verschillende postings op al die verschillende belgische security blogs even niet meer ziet

    in 2009 zullen we dat dan synthetiseren in een maandoverzicht denk ik

    en misschien moeten we maar eens aan een jaaroverzicht 2008 werken

    http://www.netties.be/extra/overzicht.htm  de andere weekoverzichten met nuttige tips en links die u misschien gemist hebt ondertussen

  • 200.000 visitors since a year

    The feed of the Belgian security bloggers network is nearing the 400.000 views

    We thank the spooks, the security researchers, advisors, hackers, ITpeople, administrators, curious and engineers from different countries and industries for their visits during a year.

    We hope to see you often and soon

    this is only the beginning.

    we thank our families for their patience and understanding while we were active trying to get our country a little bit more secure.

  • skynetblogs is out of memory to accept your comments

    and this is not a joke 

    len16

  • riots in Greece, follow by web2.0

    All important Video

    All recent Youtube video

    Wikipedia

    Mahalo

    tweeter for griots one tweeter in Athens (quiet now)

    Flickr for griots

    and this trying to follow it all http://twemes.com/griots