A secure democratic Net is a fundamental right

It was a strange sight on tv. You saw water falling from the room in the archive of the Central Courtoffice in Brussels. You saw some firemen trying to keep the roof from falling by pushing the water through some holes on the paper files beneath it.

Someone was explaining before television that all they would have a look afterwards what the damage was and how the files could be rescued. Meanwhile the water was still falling on those paper files without any plastic protection.

I am not making this up.

They didn't take the files away. Damage control. No security reflex. No reflex to protect what was to be protected. It could be that the firemen were afraid that the whole roof would come down (somewhere above it some waterpipeline was broken). But somebody could have taken 10 minutes to put it in plastic boxes and in safety.

It were the files about the investigation in the possible corruption of one of our most important judges which is making headlines nowadays (and pages and pages of comments and new developments each day).

One of the things that I remembered about the several books I have read about the Kennedy's (still what an inspirational president even if he didn't change as much as he should) is that in the months up to his assassination there was in the south a whole campaign about how dangerous and unpatriotic he was and how he had betrayed his country and so on.

What the conservatives in the US are doing now in their astonishing brutal and radical campaign against the necessary health care reforms is of the same kind. They tell every nut (and be sure there are enough 'New World Order', survivalists, white pride hooligans and other nuts around there) that it would be OK to kill or shoot this president because he is a president, in fact a Nazi, he is not one of them, he is even not an American (the birth certificate nuts) and according to some he may even be ready to declare a state of emergency (and take away your guns). In fact in the US nuts have guns and they use them. They train to use them. And no small guns to protect themselves (as they say) no, real guns you can go to war with.

It should come to no surprise that the intensity of 'assassination' chatter on the internet between those armed nuts is increasing. I think every security professional working for and with the president is going nuts now and working overtime. And each time the president wants to go out to campaign (because he will have to campaign to get this fundamental reform through now - it won't be possible later politically) than all those physical security professionals (bodyguards, secret agents and the rest of them) know that they will need to be at their best for 1000%. Because if this president gets shot than I am not sure if the 'black pride' nuts will behave and if there is as much doubt about the security precautions of the security service as there was about the victory of George Bush in 2000 than you will have more 'conspiracy industry' writers than about 9/11.

But there needs not to be a real conspiracy. There is already a conspiracy by the conservatives to create an atmosphere is which a normal and open democratic debate based on facts is impossible and in which your opponent is described as the biggest threat to anything America stands for since the second world war and Stalin. He will even kill your old mother and father.

And so some nut(s) will say one day that if all these politicians just continue to talk without doing something against such a big threat (and confirmed by those very wise and powerful influential conservatives) "than they will do it".

Nuts are like timebombs. They only start ticking if the environment in which they live becomes explosive. Or if they perceive it as such.

tic tac tic tac tic tac tic tac tic tac

And I already accuse those who create that atmosphere for anything that may happen to any elected official. And the PR masters behind this campaign should remember the film Fantasia in which Mickey takes the hat of the master and has finally so much power that he loses control. I do not think that you really know what you are doing and what the end result may be of this kind of campaign. And do not complain afterwards that you didn't foresee this or that. You started the wildfire, you are responsable for the damages, included the things you didn't want to happen (afterwards). There was Kennedy and Martin Luther King before.

They have all the same IP address and they look like homepages made with flash and some other fancy things. They all have a seperate .be domainname but the same IP adress (this is going to be fun if some are spammers and blockers are using the IP adress to filter).

When looking through zone-h.org we saw that there were nearly 500 of these pages that were hacked (linux and apache) and that when the hackers changed the homepage of the site (sic) it was cleaned but the cleaners didn't do their job very well, they didn't check if the hackers did also some other things, like adding a page.

They have added a page with nonsense to a few hundred other webpages. If they don't clean it up it will not be long before the first blocking will appear (and all sites have the same IP address)

Maybe the hackers have left a backdoor or a keylogger or a time-bomb. Who knows ? did you check ?

Have a look at zone-h or http://be-hacked.skynetblogs.be

The members of a turkish club had a meeting room next to an internal parking lot hidden from streetview in that city in Belgium. They always met there for thee and talks and passing some time together. It looked as if the days would pass without much happening and every day looked more or less like the day before. The quiet and easy life you would say.

But one day there was a new car in the parking lot. They didn't see that car before so it couldn't be from someone from the neighborhood. There was something not right with that car, it wasn't parked the way all the neighbors parked their cars there. It was strange. So this turk talked to the local cop, the one who is responsable for the community relations and being sure he knows more or less what happens in his bloc.

It was interesting he said. He would check it and he consulted the database of stolen cars. Bingo. It was the car that was used by the prisoners who escaped prison last week. They were only looking for the girlfriend from one of them. THe others were already found.

But where could she be ? The police had another clue. The GSM of the girlfirend was being traced to a GSM tower not far from the parking lot. She was definitively here. But you can't search a few thousand people. Where could she be ? She wouldn't be with a turkish family because she wasn't turk. There were only a few Maroccan families living here. So he visited them. And found them.

A perfect example of good neighborhood relationship with the local police who knows well his neighborhood, a national database and some intelligent modern tracking methods. None of those methods alone would probably have resulted in such a quick arrest but the combination of them makes each of them more efficient. It is the puzzle and not the pieces on which one should concentrate. You are always missing pieces but maybe you have already enough to make a beautiful puzzle anyway.

Now and than there is some loser who gets caught and maybe convicted because he is stealing bandwith from his neighbors who have forgotten to secure his installations (or had to return to default because after some upgrades nothing works as it should be)

But here i am reading a really funny piece about some ITgeek who made some changes so that the bandwith was seeing everything on his screen upside down or very fuzzy. I could think of some others thing you could do to his computer (passing through your router) but some of them would be clearly illegal. Some of the security guys here will probably have the same ideas. I don't think they would do it again.

http://www.ex-parrot.com/~pete/upside-down-ternet.html

It all seems a bit too difficult for people who are not that technical. Someone should put it into a click and play tool and call it 'eat that, bandwith thief'

they didn't place it on their forums

but they didn't look after it neither

and this has been blogged about several times the last year

how do you find this

by using the searchterm those sick bastards use   ""illegal cp"   site:be " and after site you can place whatever domainextension or domainname

So for Belgian .be sites we find around 100 references of which

één - Plaats een antwoord op een bericht
... http://www.baselinejumper.com/forum//viewtopic.php?f=2&t=11682 ">free illegal cp >:-( http://www.cleanandgreenscene.com/forum//viewtopic.php?f=3&t=5621 ...
www.een.be/VRTForum5/post!reply.jspa?..

Klara - Plaats een antwoord op een bericht
... ">preteen girl masturbating bmzg http://senseless.messwithyou.com//viewtopic.php?f=2&t=22383 ">very little girls, illegal cp 632256 ...
apps.klara.be/VRTForum5/post!reply.jspa?..

but you do also find

mijndomein.nl • Toon onderwerp - lolita cp preteen
 - [ Vertaal deze pagina ]
illegal cp little lolita cyber-lolita nude lolitas lolitas kds hot little lolitas dark lolitas bbs lolita sweet pussy pics underage bbs preteen lolita pedo ...
www.ict-coordinator.be/.../viewtopic.php?f=2..

Société Vétérinaire Pour La Protection Animale - Diergeneeskundige ...
 - [ Vertaal deze pagina ]
Very Good Site little child models 02011 free naked kids 568109 blueteens :( preteen pussy porn 8-)) free illegal cp %-] hugeclit %-P boy kids naked 6748 ...
www.svpa-dvdb.be/?id1=5&from=0 - In cache

Reply to comment | Cycli
 - [ Vertaal deze pagina ]
... http://forum.seedcamp.com/users/552 ">ls nymphets kvo http://forum.engineyard.com/users/287 ">bbs russian banned illegal cp porn prelolita fucked nyjg ...
wina2.ugent.be/~karel/cycli/comment/.../3296 -

Opzoeking van een commentaar
43244, http://mail5230937.5gbfree.com/illegal-cp.html illegal cp [url=http://mail5230937.5gbfree.com/illegal-cp.html]illegal cp[/url] ...
annuaire.fiscus.fgov.be/loqw/rechlivre.php?page...

and also a skynetblog

The ITS was calculated for each percentage - The ITS was ...
... games movie bondage pictures of adultbabys little juicy cunts gorgeous crossdressers 3d mom illegal cp dragon ball z spanking stories android 18 hentay ...
alopanere.skynetblogs.be/ - In cache -

free Aurora mpeg to dvd
 - [ Vertaal deze pagina ]
... mac screensaver crack, where is product code tomtom5, Easy Cafe - serial, mp3PRO plugin f r Nero 7 crack, illegal cp lolitas porno, crack vegas 50, ...
www.scoutsbonheiden.be/.../free%20Aurora%20mpeg%20to%20dvd.html -

Zйtйtique thйвtre
 - [ Vertaal deze pagina ]
Date: 06-06-2009. Commentaire par: qjygl. Votre Commentaire: jananese loli pics jqin illegal cp sktxhv. Date: 06-06-2009. Commentaire par: fybbi ...
www.zetetiquetheatre.be/photos/.../limitstart,3/ -

ASBL Les Jeunes Entreprises
 - [ Vertaal deze pagina ]
illegal cp qtpekf great lolita bbs lokynx. Commentaire ajouté à: Mon Jun 8 00:57:10 2009 ... illegal cp pics olmelh forbidden bbs berto ...
www.lesjeunesentreprises.be/index.php?.

First there is no central office which is responsable from A to Z for everything concerning the transfer of prisoners. The risk analysis of each prisoner who needs to be transferred is done by the different departments with different objectives.

Second the people who have to safeguard the security of those transfers have NO GUNS. You read it right. THe persons who have to guard sometimes very dangerous criminals (with limited risks because they have been behaving well lately) have NO arms. They also don't have the powers of the police, they are only administrative workers. If the risk of evasion is too high or there are other risks the police is asked to do the transfer.

Third the service responsable for the transfer of the prisonsers has not enough manpower, especially during holidays, after standard working hours or when they have too many transfers at the same time.

Fourth the Justice Palace in Brussels where those court sessions are being held is in fact a protected monument. It is a really impressive building (built to impress the population living around it) but it is not a building that could be used for court sessions with dangerous criminals. Even placing cameras can take months because each change has to agreed by a kind of architectural protection commission. Maybe the court sessions for dangerous criminals should be held in the prisons themselves. We are planning to build new ones anyhow.

Fifth as several politicians are all responsable for part of the problem, the blame game has begun.

The reason why the Belgian special forces didn't intervene to liberate a Belgian ship that was hijacked by Somalian Pirates and why the Belgian government choose to pay 1.8 million Euro's is explained in a leaked secret internal note from the the Belgian Crisis Cell.

In the note it is explained that the Belgian special forces didn't have enough firepower (needed 9mm but only had 5.56mm) and enough nightvision gear (4 sets instead of the 40 that were needed) or other material.

To make the whole story even more incredible is that the two undercover officers that were sent over there had their visa expired because nothing happened in between and couldn't get them prolonged. Their colleagues that were supposed to replace them there didn't get their visa in time either.

http://www.standaard.be/Artikel/Detail.aspx?artikelId=M32... (dutch)

Two things.

First publishing facts - even from a leaked memo - which show the material shortcomings of our special forces is something that is really unresponsable. Those forces will be in the first line of duty when it comes to liberate hostages or arrest dangerous criminals and terrorists.

The positive effect may be that now they will have to get the necessary material very soon because otherwise they will be fundamentally handicapped as their 'opponents' have too much information about their material shortcomings.

Secondly If you have special forces that you want to use for special operations you should give them special budgets to buy the special materials that they may need at whatever circumstances. Special forces are our first and last line of defense and they should have whatever material and manpower to do their job as they are expected to do. Doing otherwise would have a great impact on the trust in our public police forces because if the special forces can't do their job, who can. And as we have seen today the criminals of today are more daring and better equipped than before.

Today some very dangerous and brutal gangsters escaped from the Justice Palace in Brussels while they were being entered in the court room. Some masked and armed friends came to liberate them and escaped together with them. They are known for using violence in a very brutal and relentless way.

Some interesting details

* The metal detectors in the building were not on

* The investment plan 2005-2009 of 6 million Euro's to secure the building was never used.

some other questions

* where is the filtering of people who enter and leave the building ? You don't need metal fixed metal detectors for that. (answer : there are a great number of doors through which you can enter and leave the building).

* where is the general video surveillance linked to a central alarmpost that can close doors and alert the necessary people and police-forces

* where is the standby intervention team. In such an important building with so many trials and important trials you should have some - even small - standby team that can intervene if there is danger or a problem somewhere.

* some trials are better done in jail or by video. There are some interesting experiments taking place in the US and UK with that.

The count is 488 but that count is neither complete nor authorative. It is based upon the malware that Google has found with its security initiative and like all other such initiatives it is just an indication.

THe number is for the last 90 days and counts the number of infecting websites and relays for infecting websites.

Not all of them are active today but a whole series needs to be checked and maybe cleaned. You will find them in http://insecure.skynetblogs.be

The real importance is that if Google begins to blacklist that the commercial and reputational effects can be enormous, so one should follow your site or network or host.

This is not easy, but it is one of these things to do. We have made a page with the most important ones, but it is up to you to make your own pages with yours and to monitor it.

You can now follow for a whole series of ISP's and hosts in Belgium, the number of sites that Google badware service has found and published.

They are only indications, but with most of the ISP's and the most important Belgian hosters you really have a clear view.

http://www.netvibes.com/mailforlen#Google_.be_diagnostics

another exclusive from Belsec

Joomla ducks this is the name we gave them around here when an exploit was published last year (that even took down their own community servers) and that afterwards was not patched and communicated as it should have been. This has not changed since then, even as the security situation has totally changed for Joomla. It has changed because it has become clear that Joomla (which is one of the most popular open source content management systems) has not only a whole bunch of security problems it has no security awareness and no security procedures in place.

It is easy to complain afterwards that you have been hacked when your software is totally outdated and the software you use should in fact under the present circumstances not be used for serious sites unless you have everything in place to compensate for the lack of securityservice and monitoring. And it is not because it is open that it is secure and it is not because it is free that you don't have to invest in security. There is something as total cost of ownership and your online reputation may also be taken into account from now on.

So http://www.zone-h.org/archive/defacer=aLpTurkTegin decided to hack a few thousand .nl domains using primarily linux and Joomla according to the press. He wanted to give some new exposure to Wilders (who thanx him by the way to be able to play the poor victim again).

Let us directly correct this, it is according to zone-h.org it were at most 200 websites in the and it is not at all a big vague or a recent one (it started the 22th of july and ended the 31th). So maybe someone wants to call that cyberwar for laughs ?

CMS is the content management system. The thing we use to log on for our blogs or to write our stuff. The last couple of weeks we had several problems with it.

Another possibility is that cms.skynetblogs.be is the name Google has for all of our skynetblogs. This is something to clear out. If this is the case than you have a Google indexing problem that needs to be fixed because if some blogs go bad, all blogs could suffer as the central CMS site will be blocked.

This is what Google Security Diagnostics is saying about cms.skynetblogs.

http://google.com/safebrowsing/diagnostic?site=cms.skynet...

2 domains are being used as referrals to the malware and exploits goparkscan.com/, imucon.be/

razing.info/, in5id.com/, scanonlinedirect.com/ are responsable for 22 trojans and 39 scripting attacks of which 4 succeeded.

Time to clean up ?

What I also know is that there are a lot of dead blogs that don't seem to be used anymore (I know I have some of them) but there should be a way to desactivate them (for example commenting for spammers). If the user after a long while still wants to use his blog he can re-activate it after logon. But it should make the attack surface smaller.

Meanwhile more reports are being published on http://insecure.skynetblogs.be

There is a general rule in secure that the more the layer of security is on the outside, the safer and harder it has to be and the more you will have to presume that it will be the first to be attacked and the first to crack.

So when you develop something that loads up before the OS and the security tools it has to be as secure and well thought as any other security process at the outside of your prime defenses.

THis seems not to be the case for the popular and already installed rootkit that the firm Computrace installed on millions of laptops worldwide. This software will send an signal if the laptop is registered as stolen and will destruct data on the laptop.

According to some security researchers at Blackhat who are specialists in rootkits, it is not difficult to change the website it sends a signal to nor other characteristics. The configuration information is in fact on the PC self and not very protected and there is no authentification/control process between the rootkit and the server (other malicious botnet server ?) it connects to.

How are they going to upgrade that ? It is a rootkit that is launched before the BIOS. This is a real big vulnerability for secured laptops.

source

Security is laying layers before the goal that the 'others' want to reach and compromise or copy. Each layer (isp filtering, routerfiltering, firewalls, IPS,  internal routerfiltering, hostbased security, dataprotection) has its own functionalities and defects. Building your onion of defense of depth layers is a hard thing to do in which you need to take care not to have two layers filtering the same things and to be able to monitor each layer or have a dashboard.

It is now not possible anymore to filter all the antivirus and malware and zerodays attacks from your own antivirus appliances (network based) nor on the workstations or servers. Another layer of defence will need to be added for highsecure networks (or ISP's ?) the Cloud malware filtering. This won't replace your desktop or networkfiltering because if you place the cloud malware filtering too strict you will lose too much time and files (false positives). But it will need to filter out the oldest, typical and send others to the check box for the security people of the network or client.

There seems no other way because even the oldest viruses seem active somewhere on the net because the workposts aren't updated, patched and secured enough. Maybe ISP's will need to install such cloudware securityservices or develop for business secure pipe services.