A secure democratic Net is a fundamental right

sponser of the

We have chosen 10 persons who during the last year have done much for  IT security and its awareness in Belgium. If some people feel that we have forgotten them, see you next year, it isn't the intention to nominate every year the same people. It was more or less an idea to give something back to people who have invested a lot personally in the work of the security bloggers and to be able to give them something back - because it wasn't always that simple and easy and none of us are paid to do the work we are doing on the blogs or going ahead against all odds to defend the cause of more security in Belgian IT.

We thank Panda Security for the sponsering and so we may send each winner a Panda Internet Security package with a free subscription for one year.

1. Representative Roel Deseyn

We have known Roel Deseyn as somebody who has always had time and interest in the problems surrounding the security, privacy and quality of IT projects without being against IT and technology, on the contrary. And it didn't matter if he was in the opposition or on the governmental side, he always did the best he could. So we nominate him this year. If he will be nominated next year will depend on some practical things we need to see urgently put into place by this government. So far so good, but now it is time for real action.

2. Security4all

When the Belgian securitybloggers network started last year it was a meeting of minds and it wouldn't have been realised without his help and I know he is busy with some other big stuff. He is definitely one remarkable guy always curious and looking to know more, even if it has been sometimes very hard for him the last year but we have survived this. Enjoy the birthday,.....

3. Didier Stevens

Here we have another remarkable Belgian. He is someone that will take a product inside out and try to do all the things that one shouldn't with it, just to have a look if the product or code will hold or it will be stopped by the defenses. He has a blog that is being followed by securitypeople all over the world.

4. Mieke Moes

Here is a female ITsecurity blogger to be proud about and gentle with. She is also a driving force behind some helpforums for computer and ITproblems. For this alone she would have been nominated.

5. Thonnard Oliver

Here we have somebody who is working at the frontlines of the honeypot infrastructure in Europe (and will inform us more about that and the things they are discovering in the coming weeks and months (we hope)). There is nothing as important as a honeypot and we hope that many networks in Belgium will participate in his honeypot network.

6. Belsec

We nominate ourselves because we are here and we know that we also have spent all that time and effort and will do another year.

7. Netties.be

Netties.be is a free flemish online magazine about computers and had some attention for security and free security tools. About a month ago they agreed to host our weekly review and this is a partnership that we will keep on going in the following year(s) to come. It is quite an interesting flemish weekly with always some stuff that you could find elsewhere but for which you would have to spend some time.

8. David Glaude

David Glaude is the man behind the opposition against evoting in Belgium. We don't always agree with everything that he or his friends say, but there is one thing that has to be made very clear. You can't organise e-lections without being sure that every possible risk has been answered and that everything has been done to make the process as trustworthy as possible. The interuniversity study and the proposal as they were presented before the parliament do not respond to these criteria .

9. The university team that made the first critical report about EID

They were under a lot of pressure not to publish the study and some politician that didn't understand at all what he was talking about (not Roel) said such stupidities that no one read the paper itself and all the other interesting things that are in it. For the courage of publishing the study anyway, they deserve to be awarded. We hope that they will continue their research and not be silenced by subsidies and pressure. As there is no certification at all in Belgium, independent security research is the only way to be sure that there are no gaping security problems in the tools that we are supposed to use every day.

10. L - Sec

It is more or less an organisation that looks and talks like our ITpublications. They are not really independent and critical of the present state of affairs in the IT industry (who could do a whole lot more about security themselves without waiting for official legislation or initiatives instead and treating it as costs). But they were the motor behind another big initiative this year. Shortly after we were invited to speak before the parliament all the other official professional organisations for ITsecurity in Belgium and some other IT-organisations came together and wrote together an action plan for more ITsecurity on which they agreed. It is a first time that they all agreed on something and we can only hope that this is only the first step for a big coalition between the ITindustry and the professional organisations to strengthen together ITsecurity in Belgium.

That's all for this year, folks

For those that didn't get nominated, we have another year to go and great things to be done and there are always hands and minds needed. It is voluntary work, but as you see, we appreciate every effort big and small.

The whole discussion about the quality of the code in EID began with our famous video in the beginning of this year (but only made available to the public in May). There was something not right if that was so easy to do. Something would not have been thought through or tested. There were some ideas but we couldn't put our finger on it. Maybe we wished that the code was good and this was only an oversight.

The discussion continued when a professor wrote an article about the EID and had covered in it some comments about the quality of the code. We were even more convinced that there is more to it than we thought.

Than we saw a big strange discussion about standards and EID that broke out in IT-professional. The first shot was fired when the person responsable for the flemish egov projects said he expected Microsoft to do more with the EID than it has done so far. The new Microsoft CEO answered in an open letter and said more or less that Microsoft followed international standards and not necessarily the Belgian EID standards. In another article much later it became clear that Microsoft was pursuing an international route and that the Belgian EID would not be treated in any preferential way than any other product that wanted to be integrated in the windows environment. The question that wasn't answered was : why ? Nobody said so but there had to be a reason, because otherwise he wouldn't have persisted.

So we now have learned from consultants in Identitymanagement that it is according to Microsoft better to use EID with Vista and Windows2008 with the latest servicepacks rather than the other versions (xp and 2003). The reason is that Microsoft has rewritten herself some parts of the code of the EID so that it is as safe as is required nowadays by Microsoft for any product. The problem with the EID seems to be that it failed some tests of code security in a big way and rather than refusing the product (which would have made an enormous fuss) Microsoft engineers somewhere rewrote parts of the code.

So how big is the problem with the security and quality of the code of the EID ? And no we don't need the normal standards propaganda and publicity. If the code is secure it has passed all the security and qualitytests you can put code through.

Maybe it is time for someone to ask the right but hard questions. Everybody in Belgium will be walking around with that card and that card is being used and planned to be used for numerous applications.

00003305 nihoul

000013F0bis

Vernaillen

depretre

verwilghen toussaint

jean bultot pdf livre

Les Tueurs six années d

Les tueries du brabant enquête parlementaire

analyse an en eefje ivm dossier dutroux 29 08 2008

a dangerous liaison sheri de borchgrave

de morgen 04 10 2008 boek guy bouten

de morgen roze balletten 01 12 1998

regina louf white spirit février 2005 définitif

Les Dossiers X

tell us if there is more of that, the fact that these investigations are never closed, means that there is never to be any independent review of the situation and there will only be a public outcry if after 10, 15 or even more years the judiciary finally closes the investigation - mostly without result.

Also we love authentic documents, not the interpretation of others

In Flanders Fields
By: Lieutenant Colonel John McCrae, MD (1872-1918)
Canadian Army

IN FLANDERS FIELDS the poppies blow
Between the crosses row on row,
That mark our place; and in the sky
The larks, still bravely singing, fly
Scarce heard amid the guns below.

We are the Dead. Short days ago
We lived, felt dawn, saw sunset glow,
Loved and were loved, and now we lie
In Flanders fields.

Take up our quarrel with the foe:
To you from failing hands we throw
The torch; be yours to hold it high.
If ye break faith with us who die
We shall not sleep, though poppies grow
In Flanders fields.

thanks for all those who came ....

we didn't and won't forget

There is a man over in the States who is at the basis of the International Security Bloggers network feed, an ever growing feed of security bloggers. He accepted us to come into hte collected feed (and I hope he forgives our party with some music from time and time and freeware that is being thrown around like confetti) and he has really made us a cake. This is what he has to say about us - and this goes for all the other belgian security bloggers and their resources and contacts (for which I hope some accept that I had not so much time the last week for some other projects - but I will come to it, promised)

Happy Birthday to BelSec

http://www.stillsecureafteralltheseyears.com/ 

I am really really touched, but maybe in the fond of my heart I am just a simple guy with a simple wish and a true believer that if all the good people do a little effort they can move mountains. Look at Obama (for the moment). I have a dream said Martin Luther King. Never give up hope said Jesse Jackson in 1988. Change has come to America said Obama in 2008.

Let us try to make the difference in year 2 of Belsec and let us go to bit further, the pressure a bit higher, the tone a bit stronger to make it clear that it is time because we don't have that much time left If I see how the basics of our internet infrastructure have become vulnerable the last months (dns, tcp, ....)

And now enough speeching, let's party

that we have been some of us this year but what the hell .... this is our day

We have made it this far