privacy - Page 4

  • what happens during a public divorce and emails

    In the popular press (and others that have some place they don't want to fill with really interesting news) we can now follow the final act in the divorce proceedings between the organizer of Miss Belgian Beauty and his wife.

    Miss Belgian Beauty is a contest made for TV in which very intelligent not extremely ambitious girls that won't use any part of their body that can advance their career are parading in bathing suits in hotels in Belgium and some other places and responding to world peace questions.

    The organizer (the cat) couldn't withstand all that milk and so had several affairs (as you can imagine). His ex-wife has now given to the press here diary about these months. It just reads as a 10cent roman or a homemade sitcom but it has some interesting facts for the securitypeople reading this.

    First his wife was able to read his emails. THe man was sending his emails to his girls in his own emailaccount to which his wife-businesspartner had some access (or found a way to have access). He probably also used his own PC or other hardware.

    The fact that he wrote these emails and that the girls themselves sent responses or invitations is mindboggling. Everything you do online will one day one way or another come back to you. Period. It did because some ex-lovers were even more angry than his wife and used those emails afterwards against him.

    The last most interesting fact is when his ex-wife writes that she has reconstructed emails that were destroyed. They probably used a cheap paperdestroyer. You should use at least a confettimachine or just burn it (not to make fire but in the fire itself).

    Strange how people always forget that most technology is not there to protect their privacy but to limit it.

  • Belgian antipedophile site is part of Dutch 'mob' initiative

    When it rains in the US and the UK, one shouldn't be astonished that the clouds would begin to gather in Belgium. Both countries have already their public or private online registers of condemned and punished pedophiles and the debate about their usefulness is also raging in those countries.

    Some believe that these people will recover and will lead a normal private life afterwards while the instigators of those sites show the statistics and stories about liberated or treated pedophiles that just start over and over again.

    But one should have it seen coming because the plans in Holland and Belgium were brewing since 2007 and on an American site (with all the necessary information). They also have an online petition since 2007 that want to punish online grooming (or seducing) children by adults (as is the case in the UK).

    But it all gets very messy. It seems if you are following a bit the discussions on the dutch websites and initiatives that the antipedosites are being attacked as being in fact pedosites that help and promote pedophiles. They even try to get each others sites down, go to court against each other and publish the most explicit personal attacks against each other.

    the online pedo/antipedo war in Holland (dutch but the list gives you an idea of the intensity with which they are trying to kill each other reputation online)

    * de vrienden van matthijs

    * http://teamleon.stopkinderhex.com

    * http://www.marthauser.eu/

    * http://www.naaoomieh.com/wordpress/?p=211

    * http://forum.fok.nl/topic/1176171/5/50

    * www.martijn.org

    So with people like that in a controversy like that, would you like them to treat and handle information like that and publish it like that. It looks more like a mob than a real investigative, lawyer reviewed and doublechecked operation.....

    In Belgium there is no public information on the site for the moment and the site is hosted in Holland but as you can read here, the owners of the dutch inititiatives are themsevels embroiled in a number of legal disputes and problems with the government and judicial investigations. The US dutch site is online but for how long.

  • the biggest problem with Google Latitude

    Google Latitude is one in which one can follow the whereabouts of your friends in Google on a map and know where exactly they are.

    they present it as a friendly service and a solution to many discussions and as such it seems as a very complicated technical solution to stupid people that can't wait or just don't want to trust or believe their partners or friends.

    a far bigger problem is that its defence is built on the premise that we are all always free people who can do all what we want and refuse what we don't want. But life isn't like that. You have marriages and relationships in which refusing such controls would pose more problems than they would solve. You have workplaces and chefs that would incorporate it - for your productivity and bestwill - in your work (and to do you a pleasure you get a new portable on top of it).

    so, no thanks

    because if it is for sending advertisements that are adapted to the surroundings you are in for the moment, than how would we know that they wouldn't use any other data Google has in its database to select the most effective one, according to them.

  • European antipedophile sites migrating to the US

    The protection of privacy and of the criminals is in Europe sometimes better than those for the victims - even if the political discourse is otherwise.

    Because of those protections it is forbidden in most European countries to publish information on the internet about the wereabouts of convicted criminals.

    A few antipedophile activists have set up a site in the US with the pictures of and more information about convicted pehophiles that were liberated.

    http://stopkindersex.webs.com/apps/photos/

  • making a fake facebook profile about someone else is a crime in Belgium

    and I ain't joking

    source

    so you should try to make your own on facebook and if you see that it has been taken or done by someone else you should

    * contact facebook but they will ask you to

    * file an official complaint with the police after which they

    * can take it offline

    You should do the same for netlog, linkedin and some other social networks

    off course this increases the number of users, who may even not use it, but it is up for the investors and advertisers to be smart enough to look for real numbers of real users

  • monster.be is a belgian firm and as such falls under Belgian law

    So where is the privacycommission because there has been a breakin that has consequences for Belgian clients and Belgian firms on a Belgian website (.be domain) ?

    THere should be an independent investigation.

    the reasons are the following

    * monster did not inform the Belgian press (we did)

    * monster did not inform its clients (we did ours...)

    * monster did not say exactly what was stolen and what not and why they are so sure (you are never sure in the beginning of the investigation... it wouldn't be the first that starts with nothing important and ends with 'after analysis we must conclude that....')

    * monster did not say that they would re-enforce their security, even if this is the second time (once a year is enough....) They tell us in 2009 but we are not sure when it happened...

    We were swift against swift, well we have to be swift against any other case in which a Belgian site has a major breakin

  • ALERT monster.be werkgevers et employeurs in België en Belgique

    Je moet dit lezen en de posting hieronder. U zult hier redelijk wat tijd in moeten steken om de schade te kunnen beperken en vooral reageer niet op emails hierover.

    http://help.nederlands.monster.be/besafe/jobseeker/index.asp

    Pour les employeurs francophones (ceci est TRES IMPORTANT)

    http://aide.francais.monster.be/besafe/jobseeker/index.asp

    Changez tous les comptes, aussi ceux d'autres sites avec les même logins

    commence avec une revue d'impact et fait après une liste des tâches prioritaires

    CECI EST IMPORTANT DE FAIRE MAINTENANT

  • Firms that use monster.com have much work ahead of them to clean up their mess

    There are two security alerts in this event.

    The first is the breach itself of monster.com (one of the greatest jobportals on the web with a presence in Belgium). It is information from employers that is stolen, n not from people looking for a job. From Monster itself.

    "We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. Monster does not generally collect – and the accessed information does not include - sensitive data such as social security numbers or personal financial data." So when was recently and how much information was stolen and why was login information not seperated from personal information in the datastore ? And does generally not collect, what does that mean, that there is some personal information missing ?

    Is it global or is it only for US clients ?

    "We continue to devote significant resources to ensure Monster has appropriate security controls in place to protect our infrastructure"  sorry but significant is surely not enough here....

    The second is the stream of phishing mails that will arrive asking you to control or change your login for monster.com because of this breach. You should always type yourself the name of the site in you want to login to.

    If you use the same password everywhere and you are using monster, you will have to change it especially if one can find your login (emailaddress for example).

    A very good article is here

  • 2008 Belgium and private emails in the public

    2008 can be called for Belgium the year that the security of email went high up the agenda. No private or public institution can have a security policy in 2009 and not have put the legal and infrastructure planning in place to protect emails and to be able to find emails afterwards if a there is a legal question for them.

    18/12/08 09:40 another forensic proof in the Leterme saga 
    18/12/08 09:29 the most stupid letter Leterme ever wrote 
    18/12/08 09:12 what a difference a (black)mail makes.... (Leterme)
    18/12/08 08:51 Belgium needs an emailarchiving law 
    18/12/08 08:39 Why Obama should learn from Leterme and throw away his blackberry 
    26/11/08 15:51 wrong message about trial about dismissal for private emailuse 
    06/11/08 11:24 secure email is in text format not html 
    22/10/08 09:17 Policemen and email, can they ever trust their mail again 
    21/10/08 14:31 Google as perfect anonymous emailer and how to block it
    20/10/08 10:04 personal emails from Belgian police Human resources procedures still circulating 
    16/10/08 17:52 List hacked 9600 emailaccounts (also Belgian .be) 
    15/10/08 08:51 Belgian Miss Beauty and emailpolicy
    14/10/08 17:25 One Belgian hotmail account hacked : thousands others 
    30/09/08 23:49 hacked mailbox of Venezuelan Embassador 
    26/09/08 12:57 e-land archive : emailarchivering steeds belangrijker
    26/09/08 12:56 E-land archive Geen e-discovery bij onderzoeken Commitee P
    26/09/08 12:42 lessen uit het emailschandaal van Minister Dewael 
    25/09/08 11:06 the stupidity of putting everything on email
    24/09/08 23:50 E-discovery, belgische politie en comité P
    22/09/08 22:55 some proxy services not that anonymous (Palin hack)
    22/09/08 12:37 Updates on Wikileaks : Palin mail and Intel patents
    12/02/08 13:21 Kill your own business with an email 
  • watching the spies in the sky and hiding from them

    This is Britain’s secret system that watches spy satellites, which was unknown to public until recently. The satellite warning service knows where every surveillance satellite is, what it can see, and where it’s going. Than it tells military commanders anywhere in the world when they are in danger of being spied on. More

  • e-health got an OLD and STUPID virus and it is killing it

    Some people here and in the US are dreaming of doing everything electronic in the health infrastructure - forgetting that we are talking about medical information that would be interesting for economic spionage, blackmail and intelligent scams and phishing.

    Now they are talking on the news that several hospitals have great problems with that new (already two weeks old) virus that is spreading. They say that everything is working but that it takes more time to download medical information and so on

    let us make a few things clear

    * this is not a supervirus. This virus only works if you haven't updated your computer since october with an easy downloadable patch from Microsoft. Surely in a network like a hospital you should have organised your patching and updating centrally and control it so that it is done effectively. And there is nothing NEW

    * it means that the security of the computers in hospitals is too lax to be confident that they should treat in their present situation in a confidential and high secure computernetwork with information that is as important as our medical information

    * the great law of silence and just trust us has proven its weakness, especially after the new Belgian ehealth law needed more security and auditing and norms before going ahead with all their great plans. The system as a whole is only as secure as their weakest part. This means that maybe the computer use and culture and infrastructure in hospitals has to change and that hospitals have to understand that their computers are as important for saving lives as their operating rooms.

    I am sure some people can tell stories about security in hospitals or on the computers of the doctors that would be quite interesting..... but that is the real reality that is responsable for this situation. You only need one pc to get the rest into trouble.

  • Flanders will also make a 'mobib' card

    Brussels, London and Holland have proven that those cards are not so secure and that there is problem with a lack of privacyprotection.

    The flemish minister (socialist sic) has decided that Flanders will also make such a card and that it should be generalised before 2011.

    There are elections meanwhile so we can only hope that the new ministeri will take the necessary precautions in testing and will incorporate privacypreserving technology in its concept. Not much change, but maybe as it is an electoral year.

  • Oversight of our comments with the Belgian Internetfilter project

    This is an oversight of the articles about the internetfilter project in Belgium

     
    an introduction to the problems with this project
     
    this would be difficult to filter
    and there is childporn
    how to report it to ecops without giving your name
    and it is better that ecops work together worldwide
    so they can bring down childporn sites more quickly
     
    filter services can be attacked
    they can slow the internet speed down by 86%
    and include manga's
    and honeypots from the police
    and systems using wikipedia
    and are they not based on hype instead of numbers
    but before that Belgian laws need to be changed
     
    this filter is already being studied in Holland
    and in Danmark (that has three Belgian sites in it as childporn sites)
    and in Finland were even the critic was blocked as a childporn collector
     
    and other countries are feeling pressure from the European Commission
    that has its own project
     
     
    By the way we don't protect or accept child porn, we want them to be hunted down and brought to justice wherever and whatever they are. But for this you have to use the best and most efficient means, not the one that brings in the most press and the least results.

    We would think that it would be more useful to
    * have a fast-track take down agreement for .be sites and content on Belgian servers between the ISP's and ASP's, FCCU and the justice department and eventually DNS.BE. In it the conditions and procedure and proof (screenshots ex) would be formulated and time and contacts needed to bring a site down in a few hours time.

    * that the FCCU is better connected to other international police forces (p.ex CETS) and has more manpower immediately (not necessarily policemen and eventually volunteers)

    * that at least the 2 big ISP's from Belgian install the possibility for its users and connected networks (ex schools) to use the OPENDNS filter system instead of their main DNS system without filters

    These things don't need laws that take too much time. They need official practical agreements between institutions and some semi-commercial investments from ISP's.

    We think it would be too easy to circumvent those filters, too difficult to keep the listing secret and useful and too expensive to follow-up on the system.
     
  • If you haven't paid your parking fees before the 29th of december, maybe you shouldn't

    The parking installations have in some cities (like Ostend) been privatised. It is a private firm (Da Vinci) that manages the parking spaces in Ostend and that has its own personnel that controls if people are paying or not. They do that in a very active way and so the number of infractions is higher than before. Some people just pay but others refuse and go to court. The vaudeville of courtcases has now gone into a climax.

    A higher court has decided that the firm had no rights using the identity information for the cars to send out the demands for payment. They said they had received this information from the city council, but according to the court this is still in contradiction with the Belgian privacy law. The government had decided to adapt the law, but that change was only published the 29th of december.

    So if you have parking tickets from before that date from a city where the parking management has been privatised and the controls are done by that firm and you haven't paid them, I am not sure you should. You could argue that you would prefer to await a decision to know if that parking ticket is still legally valid or not. Why should you pay a summation to pay for a parking ticket that is illegal ? One can't be obliged to do something illegal, isn't it ? :)

    the new year presents are falling out of the skies today  .... :)

  • belgian swingers sex club streams live on the internet without knowledge of clients

    It was a small article. THe clients of a swingers/exchange club discovered to their astonishment that the owner of the club had also a website on which he streamed live their performances and acts without any protection of their identities for all to see who wanted to pay for it.

    After being contacted he will inform his clients about that and he will distribute masks. Meanwhile there is a whole lot of swinging going on .....

    Meanwhile the website has a bit hidden the faces of some of its clients or has it ?

    the cams are now gone. Would someone dare to file a complaint ?

  • Microsoft CETS systems helps antichildporn fighters worldwide

    "CETS, a software solution built using open industry standards, assists law-enforcement officials in their work to stop the exploitation of children on the Internet by enabling effective collaboration and providing a set of advanced software tools and technologies for use by investigators. Officially launched today, CETS was developed jointly by Microsoft Canada, the Royal Canadian Mounted Police (RCMP) and the Toronto Police Service.

    “Our vision is to support more effective child-exploitation policing by enabling collaboration and information sharing across police services,” says David Hemler, president of Microsoft Canada. “The tracking system will serve as a repository of information and will also be used as an investigative tool.”

    Using CETS, police agencies can manage and analyze huge volumes of information in powerful new ways, such as cross-referencing obscure data relationships and using social-network analysis to identify communities of offenders.

    As of June 2007, the Child Exploitation Tracking System has been deployed in seven countries and is being used by over 400 investigators worldwide. With it, law enforcement agencies can break down borders through collaboration and information sharing.

    If you would like to receive more information about CETS, please contact us.

    source (microsoft.com pages in fact)

    Comment : this seems like a much better tool to invest in and that can have immediate results, especially if every police force in Europe would be using it.

  • TOR based DDOS attacks against databases

    THis is a posting about the english Internet Watch Foundation that was to be attacked after their wikimedia disaster. This has not happened, but it shows that one can use TOR to launch an DDOS on a site or a database (see the script under it). This means that you ought to be looking also for incoming TOR traffic.

    What is also amazing is that a server like that they have so many services open of which some can effectively be used to DDOS it down.

    Discovered open port 25/tcp on 82.109.189.34
    >Discovered open port 21/tcp on 82.109.189.34
    >Discovered open port 80/tcp on 82.109.189.34
    >Discovered open port 22/tcp on 82.109.189.34
    >Discovered open port 443/tcp on 82.109.189.34
    >Discovered open port 53/tcp on 82.109.189.34
    >Discovered open port 3306/tcp on 82.109.189.34
    >Discovered open port 8080/tcp on 82.109.189.34
    >Discovered open port 8009/tcp on 82.109.189.34
    >...
    >The Internet Watch Foundation
    >East View
    >5 Coles Lane
    >Oakington
    >Cambridge
    >CB24 3BA
    >Tel: +44 (0) 1223 237 700
    >Fax: +44 (0) 1223 235 921
    >For general enquiries email information@iwf.org.uk
    >For media enquiries email media@iwf.org.uk
    >To report problems email webmaster@iwf.org.uk
    >...
    >Since the IWF website uses such a shitty captcha system, it is easy to flood their website with thousands of fake reports.
    >Here is a PHP script which floods their site with reports:
    http://parasolus.nfshost.com/iwf_flood.phps
    >If you want the script to use TOR, you have to...
    >// curl_setopt($t, CURLOPT_PROXY, '127.0.0.1:8118'); uncomment to use Tor

    http://hkfjbmo2rdjun56b.tor2web.org/i/res/9.html

    You could change the domainnames in the script by other insertions and attack whatever database with rubbish or spam.

  • you can use ecops.be (the belgian internet cops) privately

    When you go to http://www.ecops.be  you will see this

    now031

    If you fill in only the registration number and leave the rest blanco you can just continue and make your complaint or the things that you have found

    In the end it will look like that

    now032

    It should be mentioned somewhere that you can fill in information without leaving all that information behind. Some people won't do that. You can also work behind a proxy or things like that.

  • we have found childporn on TOR

    We HAVE FOUND CHILDPORN ON THESE HIDDEN TOR SERVICES

    With the name of the server alone it is clear that the TOR community does no internal policing at all and that childporn users are actively using this service with clearly totally underage children.

    The name of the site that does it is so clear that it is surprising that the TOR community does not react because this has absolutely nothing to do with the protection of freedom and privacy. The TOR community is in fact having a crucial question facing it. Does it want to become the place of freedom or does it want to become the stinking part of the web ?

    We don't publish the name of the site and will do what a citizen has to do.

  • Porn or adult exchanges on TOR (try to filter that)

    Every day there are new hidden services in TOR. The newest is a program that lets you surf these TOR services from a service like this http://anegvjpd77xuxo45.tor2web.org/pe/ but there seem to be much more like this. The problem is that they can change the location at will or even make them change often.

    Off course you can block TOR readers in a network but it would be difficult with this new tool http://www.tor2web.org to block any access surely for a country.

    It is true that the TOR protocol is a bit broken and that there are ways to find the real IP adresses in certain circumstances, but it is harder than with real IP adresses.

    You must also accept that it is much slower with this webbased service.

    How they are going to filter this is a big question. Close off Tor ? All these intelligence services that use that (with the risks) will have a problem than....