more than 170.000 in a year time for a very small blog like this one with some very specific information
and to make our birthday even better second most popular skynetblog yesterday, 5th most popular blog last week and best evolution last week (it was Humo week with the censored socalled sexpics)
so one day we will have secure software and secure networks
one day, the computeruser in china and Iran will have as much freedom as the one in America
one day, every youngster and elder will find all the information he or she needs and be able to participate in debates no matter his class, race, religion or beliefs
and one day, they will be able to do it in a secure and pleasant way
that's my dream
still a long way but as Jesse Jackson once said
never give hope, never give up hope -
bye bye for today
tomorrow everything will be more normal around here
thanks for a beautiful but sometimes hard year
the belsec crew
she has said that she will stop singing it, I don't understand: when she played the number it was not necessary that she said one word - or it that the reason :)
In rememberance one contact we lost this year, Peter C. Delbeke
This makes a total of about 4000 ebooks
that have been collected on scribd.
another must link to bookmark for updates
Het begon allemaal met http://ekz.skynetblogs.be en dit was de eerste blogposting
|mankeert nog een glazen bol|
|Dit stond op security-protocols.com en werd zaterdag gepost. |
Op dezelfde dag waren de eerste doom virussen al aan het rondgaan. Zijn commentaar hierop kan - nu - niet meer voorzienend geweest zijn ....
Linux threatens US security, SCO tells Congress
The SCO Group has confirmed that it sent a letter to all 535 members of the US Congress which claimed that Linux and open-source software is a threat to the security and economy of the US.
The letter, dated 8 January, was published on the internet this week by an open-source lobbying organisation called the Open Source and Industry Alliance (OSAIA). The letter states that the commoditising influence of open-source software such as Linux is bad for the US economy and argues that open source also skirts export controls governing commercial products.Ill have to say that I totally disagree with SCO. The SCO group are making them selves a very large target.
Posted by badpack3t on Saturday, January 24 @ 00:38:32 EST (74 reads)
(comments? | Score: 0)
|31-01-2004, 23:21:47 technology changes fast not a lot|
Op 3 april 2004 schreef hij dan ook maar een manifest om alles wat hij dagelijks tegenkwam in een breder kader te steken, net zoals je op hetzij welk ander beleidsdomein zou doen. Hieruit volgende dan dit
en als je deze tekst herleest van 3 april 2004 en je ziet dat er sindsdien niet zoveel veranderd is, dat we nog altijd over dezelfde dingen aan het denken zijn.
http://ekz.skynetblogs.be/archive-month/2004-01 en zo zijn er nog postings en postings. En zo zou je kunnen zeggen dat ekz, mailforlen al 4 jaar aan de kar aan het trekken is. En misschien als we nu werken om dit te bereiken wat we absoluut nodig hebben in België om verder op te bouwen, dan kunnen we misschien in 2009 zeggen dat het allemaal de moeite is geweest voor elk van ons die al jaren aan de kar trekt.
imagine all the software being so secure
Imagine all the networks being so secure
Imagine all the computers being so secure
what would we do ?
We didn't publish the story that a Belgian nuclear installation had her website and database totally open.
We didn't publish the story that a key identification infrastructure of a very important governmental installation was running on totally insecure software.
We didn't publish the story that some portal had her codebase totally open.
We knew it would make headlines, but we knew that those headlines wouldn't change a thing in the political process that we are going through. So we preferred to act responsable in these cases because a precise publication of the facts could only lead to such major problems that it would have been irresponsable to publish them. Especially when you take into account that it would in the best case take days or weeks and in the worst case months to fix it.
maybe someone should tell them that they are liable because they didn't secure and monitor their website as they should
Remember a phishing site only brings in money the first four hours after sending the spam and getting the server up.
belgian server of VOIP services hacked to phish ebay
http://flink.be/parcbooks/or.html this is interesting because it only sends the surfer to another phishing site at blueoceannetwork.bonlive.com
http://www.phishtank.com/phish_detail.php?phish_id=510478 a very secure small enterprise as they are so secure....
http://www.everyoneweb.com/Habboti/ the most amateuristic one
http://134.78-78-194.adsl-static.isp.belgacom.be/aspnet_c... (this is a major website that has been hacked over and over again for all kinds of phish sites) see also http://134.78-78-194.adsl-static.isp.belgacom.be/Citrix/M...
http://mobitronics.be/pics/IRS/Internal%20Revenue%20Servi... (since 26th of october) IRS hack The US tax By the way THIS IS a secure webshop .......
http://wezembeek-oppem.info/cache/IRS/Internal... Joomla server hacked for IRS fraud (the US tax man) as was the case with the site of this school http://sjca.be/IRS/Internal (both are cleaned now, but that will have been done after the 4 hours I suppose) and this http://control-it.be/portal/IRS_redirect.php offline like the whole site but the web never forgets
AND this is a site hosting probably malware downloads
and another one here
and some even greater organisations are hacked for phishing (a hack is a hack)
Belgian networks to look out for phishing (because they are not well secured or have non-secured servers)
the good news is that .tk is now much more quick in stopping service to phishing sites with its free domainextension. http://www.five-hotel.tk/ is an example
already 4000 books on scribd
already 17.000 public links on furl
already 1000 freewares being followed
already 1000 Rss feeds that can be followed on pages
the only online securitydashboard that will be expanded
the only site that publishes alerts for Belgium with practical advice
the only site that publishes which belgian sites are hacked
the only site that doesn't interview but just writes what it likes
the only site where there is more or less responsable disclosure and some stuff gets backchanneled
and I think I forget some stuff, but if you look around and stay around long enough, you can find something to do, read or try
we wouldn't be publishing much of the stuff without them
we can't award them like the others semi public, but this is the birthday present for them
and we made it thanks to all those people that took risks but today is a good day
a trick how to find them more easily in Belgium
how to follow the asn which are major targets for attacks
and some victims that are astonishing
publication in about 2 hours time
We are following around 900 freewares for updates (that we publish here around every 10 days) at download.com
We have downloaded the pages because it was not possible to extract them from the website. So you will find 33 html pages with 30 freewares on every page. All windows and all real freewares.
We will extend this monitoring in the coming weeks to over a 1000.
sponser of the
We have chosen 10 persons who during the last year have done much for IT security and its awareness in Belgium. If some people feel that we have forgotten them, see you next year, it isn't the intention to nominate every year the same people. It was more or less an idea to give something back to people who have invested a lot personally in the work of the security bloggers and to be able to give them something back - because it wasn't always that simple and easy and none of us are paid to do the work we are doing on the blogs or going ahead against all odds to defend the cause of more security in Belgian IT.
We thank Panda Security for the sponsering and so we may send each winner a Panda Internet Security package with a free subscription for one year.
We have known Roel Deseyn as somebody who has always had time and interest in the problems surrounding the security, privacy and quality of IT projects without being against IT and technology, on the contrary. And it didn't matter if he was in the opposition or on the governmental side, he always did the best he could. So we nominate him this year. If he will be nominated next year will depend on some practical things we need to see urgently put into place by this government. So far so good, but now it is time for real action.
When the Belgian securitybloggers network started last year it was a meeting of minds and it wouldn't have been realised without his help and I know he is busy with some other big stuff. He is definitely one remarkable guy always curious and looking to know more, even if it has been sometimes very hard for him the last year but we have survived this. Enjoy the birthday,.....
Here we have another remarkable Belgian. He is someone that will take a product inside out and try to do all the things that one shouldn't with it, just to have a look if the product or code will hold or it will be stopped by the defenses. He has a blog that is being followed by securitypeople all over the world.
4. Mieke Moes
Here is a female ITsecurity blogger to be proud about and gentle with. She is also a driving force behind some helpforums for computer and ITproblems. For this alone she would have been nominated.
Here we have somebody who is working at the frontlines of the honeypot infrastructure in Europe (and will inform us more about that and the things they are discovering in the coming weeks and months (we hope)). There is nothing as important as a honeypot and we hope that many networks in Belgium will participate in his honeypot network.
We nominate ourselves because we are here and we know that we also have spent all that time and effort and will do another year.
Netties.be is a free flemish online magazine about computers and had some attention for security and free security tools. About a month ago they agreed to host our weekly review and this is a partnership that we will keep on going in the following year(s) to come. It is quite an interesting flemish weekly with always some stuff that you could find elsewhere but for which you would have to spend some time.
8. David Glaude
David Glaude is the man behind the opposition against evoting in Belgium. We don't always agree with everything that he or his friends say, but there is one thing that has to be made very clear. You can't organise e-lections without being sure that every possible risk has been answered and that everything has been done to make the process as trustworthy as possible. The interuniversity study and the proposal as they were presented before the parliament do not respond to these criteria .
They were under a lot of pressure not to publish the study and some politician that didn't understand at all what he was talking about (not Roel) said such stupidities that no one read the paper itself and all the other interesting things that are in it. For the courage of publishing the study anyway, they deserve to be awarded. We hope that they will continue their research and not be silenced by subsidies and pressure. As there is no certification at all in Belgium, independent security research is the only way to be sure that there are no gaping security problems in the tools that we are supposed to use every day.
10. L - Sec
It is more or less an organisation that looks and talks like our ITpublications. They are not really independent and critical of the present state of affairs in the IT industry (who could do a whole lot more about security themselves without waiting for official legislation or initiatives instead and treating it as costs). But they were the motor behind another big initiative this year. Shortly after we were invited to speak before the parliament all the other official professional organisations for ITsecurity in Belgium and some other IT-organisations came together and wrote together an action plan for more ITsecurity on which they agreed. It is a first time that they all agreed on something and we can only hope that this is only the first step for a big coalition between the ITindustry and the professional organisations to strengthen together ITsecurity in Belgium.
That's all for this year, folks
For those that didn't get nominated, we have another year to go and great things to be done and there are always hands and minds needed. It is voluntary work, but as you see, we appreciate every effort big and small.
The whole discussion about the quality of the code in EID began with our famous video in the beginning of this year (but only made available to the public in May). There was something not right if that was so easy to do. Something would not have been thought through or tested. There were some ideas but we couldn't put our finger on it. Maybe we wished that the code was good and this was only an oversight.
The discussion continued when a professor wrote an article about the EID and had covered in it some comments about the quality of the code. We were even more convinced that there is more to it than we thought.
Than we saw a big strange discussion about standards and EID that broke out in IT-professional. The first shot was fired when the person responsable for the flemish egov projects said he expected Microsoft to do more with the EID than it has done so far. The new Microsoft CEO answered in an open letter and said more or less that Microsoft followed international standards and not necessarily the Belgian EID standards. In another article much later it became clear that Microsoft was pursuing an international route and that the Belgian EID would not be treated in any preferential way than any other product that wanted to be integrated in the windows environment. The question that wasn't answered was : why ? Nobody said so but there had to be a reason, because otherwise he wouldn't have persisted.
So we now have learned from consultants in Identitymanagement that it is according to Microsoft better to use EID with Vista and Windows2008 with the latest servicepacks rather than the other versions (xp and 2003). The reason is that Microsoft has rewritten herself some parts of the code of the EID so that it is as safe as is required nowadays by Microsoft for any product. The problem with the EID seems to be that it failed some tests of code security in a big way and rather than refusing the product (which would have made an enormous fuss) Microsoft engineers somewhere rewrote parts of the code.
So how big is the problem with the security and quality of the code of the EID ? And no we don't need the normal standards propaganda and publicity. If the code is secure it has passed all the security and qualitytests you can put code through.
Maybe it is time for someone to ask the right but hard questions. Everybody in Belgium will be walking around with that card and that card is being used and planned to be used for numerous applications.
tell us if there is more of that, the fact that these investigations are never closed, means that there is never to be any independent review of the situation and there will only be a public outcry if after 10, 15 or even more years the judiciary finally closes the investigation - mostly without result.
Also we love authentic documents, not the interpretation of others