No quality without security

toch even een update

Tue, 10 Nov 2009 18:04:39 +0100

Ik publiceer regelmatig nu iets in de Standaard (zoekterm Len Lavens)

en persoonlijke dingen hier http://denlen.skynetblogs.be

Voor het moment zijn we hard aan het werk mbt de dataretentie wetgeving met ISOC en enkele andere dingen in mijn achterhoofd

voorstellen of ideeën zijn altijd welkom :)

the definitive goodbye

Sat, 19 Sep 2009 00:00:10 +0200

Monday there will be the official announcement of the Belgian CERT something we have fought for since 2004 and got into Belgian law in 2006 and pushed as the highest priority since 2008. I won't work there, for those who have asked. I can now relax a bit and don't have to play freelance CERT without having the resources.

Friday was the first day of Brucon which is organized by a group of good guys and some girls and proves that there is a will to make things happen and to work together. I helped a bit today, but it is mainly their work and they should be proud of their work. It was a good event and there were many people. Tomorrow there is even a party. I won't be there I have family from the US coming over and before they leave to discover more or Europe, I should spend some time with them and my family.

I am already looking forward for Brucon 2010. The minister didn't come and the public annoncement of CERT (or any announcement) didn't happen. His loss. He lost the opportunity to get the historic picture of a minister being applauded by the community for realizing something they have been fighting for for years. His loss. If I angered some people by my hardhanded tactics to try to force the situation, excuse me. I bluffed and I have lost this time.

I am reading this blog now

http://webgunner.blogspot.com/

this is a definitive closing down of the belsec experiment. It has been interesting to say the least.

brucon gives extra ordinary SQL presentation

Mon, 07 Sep 2009 16:24:14 +0200

http://www.brucon.org

If you are asking yourself if those sql attacks against the Belgian banks were just an accident or some stupid attacks from kiddies or one of the smartest weapons (together with xss for example) around, you should go to this presentation

Brucon the Belgian place to be for securityminded IT people 18th-19th september

GO to brucon I am

Sun, 06 Sep 2009 22:15:11 +0200

If you are in Belgium the 18th and 19th of september you should go to Brucon.org in Brussels. It is not free but I don't think there is any ITsec happening in Belgium where so many people that are thinking about and working with ITsecurity will be together. Not the commercial stuff, not the salespeople but the real ITsec researchers, testers and 'hackers' (refusing the limits of discussion).

If you are serious about Itsecurity you should be present.

If it is not for the speakers, it is to network.

Belgium is a small country, so if you want to know who is an active ITresearcher and will make name in the future (or already has like some bloggers) you can't miss this event.

http://www.brucon.org (there are still some tickets available, but you shouldn't wait too long)

Belsec will integrate in ISOC (Belgium chapter)

Sun, 06 Sep 2009 22:10:45 +0200

Klik hier

the closing down of the belsec network - a new task lays ahead for us

Mon, 31 Aug 2009 22:53:08 +0200

The goal of my action is changing things and setting things in motion. It is not looking for ways to earn more money or to promote myself. The goal is a public service.

To change things you have to change laws and to set the necessary institutions and organisations into place and to make those that could be responsable act as if they are.

We have been doing this from this blog and this information in Belgium. Some of the Belgian security bloggers have even set up Brucon.org which is the first ITsecurity event in Belgium. I hope it helps pushing more people to do things, to do research and to have open discussions about the risks of all those new cyberpossibilities if you don't take security as a basis of your design (and not as an afterthought).

More news will follow in the coming days, but this blogaction is closing down. It has been a very interesting last 5 years (ekz, ITenquirer, belsec) but as new opportunities arrive by which we can do much more with less effort and with more authority, we are obliged to take them and use them. It would be irresponsable for us not to take that opportunity.

If it proves to be a fata morgana, we will be back again, no doubt about that.

Secondly, there is now a National CERT in preparation and it is up for that CERT with people who are paid to do their job to do their job and it is up for the parliament and the stakeholders to see to it that they are doing their job as they are supposed to do. They shouldn't be thinking for a second that they only have to do a little more than me or just use what is being used here. They have to do it by themselves. They are paid to do it, they are intelligent enough to do it, so they just should do it. And no excuses. This is not a job for volunteers who have other things like jobs and families and a private life to think about. Volunteers come and go, while a national CERT should be there to stay.

Thirdly It should be clear to everyone that I can't be Belsec and the new positions at the same time. It should be clear that this is for everyone a new beginning of a continuing battle for a secure internet in Belgium and that old disputes and thoughts are a thing of the past and that we will all have to work together in some form or another to get this going, one step at a time. So it is better to stop the Belsec thing altogether so it is clear for everyone that the Belsec period - as an activist provocateur period - is over and that the time of searching for practical solutions and propositions has started. Something we also have already proposed during the hearings in our parliament.

Those who have contacted me in the last years will receive soon an email with more information and a proposition to join me in this new opportunity to get things changing a bit faster than we are used to in cyberworld here.

I loved every minute of it and I appreciated the millions of visitors the last years.

I am sure that the other Belgian security bloggers and brucon will continue to do their thing. If there are people who want to start also a security blog in Belgium they should get into contact with brucon.org.

ps some resources will not be updated anymore and some will be deleted. The idea is also that new and more tools and resources will be available for members of the organisation.

consumers and online banking

Fri, 28 Aug 2009 18:42:54 +0200

The Belgian consumers organisation Test Aankoop says that banks should stay responsable for all problems with online banking and shouldn't expect from users to be security experts and to keep everything uptodate and to punish them if they get defrauded because their computer wasn't updated.

I agree with that. But there is no fundamental human right to have access to any online service if your computer is insecure and could pose a threat to the service you want to use (or to yourself but that would reflect on the company).

So there is a right for banks and other online service to refuse access to computers that don't have an updated antivirus, security updates or a firewall installed. And banks or other services could decided that to make it easier to secure the connection their users should use pre-installed software or special dedicated lines. They should also be able to set whatever norm they want for the login and authorisation (or whatever combination of authentification methods).

If they are to pay for any damage, they have the right to limit the risk as much as they want.

national newspapers will continue to suffer unless they interconnect

Fri, 28 Aug 2009 13:22:30 +0200

You read since years that newspapers will disappear because of the internet and that you will have to pay for all that and that newspapers are old news. You will read all kinds of standard tried-all-that-before solutions that effectively won't make a difference such as online payments, cut staff, develop stupid online versions and the likes.

What you won't read is the following

Newspapers are only worth buying if they give things you can't find online

* this can be the easy format and organisation of the news (online is a clicking chaos) that you can go through in a few minutes

* large interesting articles that you won't read online (because it is not handy and it is more difficult to fastread on a screen than on paper)

* articles that you won't find online because they are behind paid walls and because they are published because of agreements between newspapers.

Newspapers are now more online islands in a see a news. As long as they only stay islands some will disappear. For me a good quality newspaper has three things

* quality reporting, investigations and different opinions (facts, history and necessarily knowledge about the issues)

* an interesting online presence in which you will find for each item the files or reports to download, the links to the sources and other interpretations and the possibilities to follow up on the issue). The online newspapers may be twice or three times as big as the real newspaper if you would print it out.

* articles from different newspapers around the world about the subjects that are published in the newspaper (because they are imminent or will soon become so) or online because it is part of one of the subjects. If newspapers want to survive they should work together.

For example I read every week the NYT supplement of Le Monde. And so I think of hundreds of other possibilities. As there is no money it would be based upon bartering.

swine flu back and forth and back and forth

Fri, 28 Aug 2009 12:07:18 +0200

First we heard during the first months that there was really no problem in Belgium and that if you weren't travelling and weren't part of a particular risk group that you shouldn't be worried and that even if you did get an infection that it would all go over without much harm.

Than there was some fever during a few weeks in which one message after another was sent out that this was a real pandemie that could destablize our economy (or what is left of it) and public life. Thousands of people would get killed and the public health services would be overwhelmed, we were at the beginning of an public health crisis that concerned all of us.

Now they are saying that it is a normal cold and that even fewer people would get killed by the flu than in previous other flu- seasons because people are better preprared.

I don't know but the crisis communication is still in crisis because by going back and forth like that you lose in the end all of your credibility with the general public who as a result tend to decide to make up their own minds about what to do and will not listen to this ever changing tango of public messages. So if they decide to panick, they will panick and at that moment you are faced (just as during the Dioxine crisis) with the problem that you will have to re-act to the general tendencies and actions of the public and not vice versa.

The reason they give for this is also incredible. The reason for this total reversal into panick communication is to make the government and institutions aware that they have to prepare themselves urgently to take the necessary measures in case it becomes a general crisis. This is a political responsability and should have been treated as such. Communication can not and will not replace this. It are the actions that count, not the things that you say in the media. Speaking to the media will not replace the necessary actions that you should haven taken already a few months ago. Communication will not hide this inaction. The only thing they can hope is that it just flows over and that there is no crisis because to prepare for a crisis they will have to work very hard now or be ill-prepared.

UK flu pandemie : maybe many just wanted prolonged holidays

Thu, 27 Aug 2009 15:41:29 +0200

Many firms and organisation have a 'limit the risk' policy in which people who claim they have a cold or the flu are asked to stay at home for at least 3 days so the period of contamination is over when one returns to work.

So when many people started calling upton the doctors because they thought they had the flu - or a cold that looked alike - the system was very quickly overwhelmed and replaced by a call center.

You have to call and describe the symptoms - as described in detail in all the publications - and than they say you have to stay at home and take some medicine.

You than call to your work and say that you have to stay at home according to the national anti swine flu center and there is rarely a doctor free to come by and control you in the days after.

So there is one explanation why the numbers of people declaring themselves sick in the UK is so high.

While being in London you don't see people with masks, you don't see many signs or warnings. It may be different in enterprises and organisations, but the public life goes on as if nothing happens. So this popular explanation seems even more plausible.

Meanwhile it has also become clear that Tamiflu is not ready yet for population-wide protective or preventive distribution. First one of the new versions of the flu is resistant to tamiflu. Secondly because is seems now after such a wide use that there are so many complications that it would more endanger the health of a great number of otherwise healthy people than it would cure. Before a vaccin or a medicine is ready to be used on such a wide scale it has to go through so many tests that the risks to people are so limited or so well known that you could organise such a distribution.

Another argument for the people who believe that this all is a plot by the industry and or the government to make millions or to force us to take bad stuff. It is one big conspiracy if you believe them.

belgium firewall back against antipedo site

Wed, 26 Aug 2009 23:25:05 +0200

So while some time ago the Belgium firewall seem to be gone, it is back again and probably because they have decided to publish some parts of the names and the general locations where they live of some not yet convicted but under investigation pedo's (one has been arrested several times before).

http://www.stopkinderporno.com

they also have an rss feed

You will need to use our free online proxylistings (see link to site up here) to bypass that firewall.

Pro Iranian President hackers defacing 1000 + linux sites in 2 days

Wed, 19 Aug 2009 16:38:53 +0200

The group is called nobodycoder.

if you add .be in the filter you will see that a server with around 100 .be sites was also defaced

the attack is still ongoing as zone-h.com is adding new sites as they arrive

click on the pictures to enlarge

this attack is ongoing so if you have linux servers be sure you are secure and patched and on the lookout.

shared hosting disaster : 280 .be domains defaced

Wed, 19 Aug 2009 16:31:04 +0200

Stijn (ex Ubizen) still thinks that the US has no ITsecurity

Wed, 19 Aug 2009 14:36:45 +0200

source (dutch)

It is maybe because he has sold/left the business of ITsecurity (to Verizon) that he has lost touch. He is now manager at a local 'reconversion of the local economy' organisation.

He says that the Europeans are very good at securing their business because they always want to secure it while the Americans are very bad at securing their business because they only want to insure it. Securing their business - in his opinion - is only an option if it costs less than the insurance.

Secondly he still thinks that in the US it is only the market that decides if networks or data get secured and that there are no laws and reglementations over there.

You know, we as Europeans are so smart and confident and intelligent that those things don't happen to us. It is only those stupid Americans that get hacked - is a bit the tone of the non-researched article in a national newspaper around here.

I didn't know if I had to laugh or to cry with these opinions but

* Europe has no IDtheft or breach notification or a bunch of other privacy and ITsecurity laws that the US or a great number of US states already have. It is not perfect but at least it is something and it is better than nothing.

* Europe has no global and private/public partnership and vision about the security of its netwerks and assets. The US has a whole bunch of programs englobing the whole industrial-economic spectrum and government. These programs are all setting up contact networks, processes and guidelines. That those aren't perfect and aren't always used as it should be is normal, but at least they exist.

* There is no Europe just as there is no US. Many of the mentioned American laws are State laws and not federal but the advantage is that you don't have to wait untill the most resistant state finally accepts to secure its networks and assets to begin securing your own. The situation in Europe is much different than presented. The security of the use of creditcards hasn't the same safety precautions throughout Europe. In some countries you don't need a pincode to use some creditcards.

* And if we are so secure than why do we have a site be-hacked in which online shops pop up from now to than ? It is not because the media doesn't talk about it that the ITinfrastructure in Belgium (and Europe) isn't attacked and hacked. But as there is no obligation to tell and as the press doesn't want to give it much attention and no parliament or governmental institution has the right to ask questions, we still think that we live in a safe fata morgana in the middle of a desert. And as long as we think we live in a fata morgana and we think we have water and green and shadow we don't have to think about the desert.

We are in a desert.

Here in Europe.

In the US they are planting trees and building pipelines and fortresses.

We are still discussing if we have to do something and what.

If you believe the article by Stijn, not much.

the domains .in and .at used in fast flux botnets

Wed, 19 Aug 2009 09:59:38 +0200

There is also the .ru and the .cn domainextension but I don't think that they will be blocked by the domainextension managers anyway soon. And the same goes for the .net, .com and .org domainnames. If they change their mind they could maybe contact Arbor networks.

Why

Because when in the beginning of this year the .be domainname was used/tested by the operators of the fastflux botnets (in which the IP address and the location changes every tiime but only the domainname stays the same so it makes no sense in trying to get the server down) it was by a drastic but effective coordinated action by the FCCU, the magistrate and the DNS responsable for the .be domainname that those names were quickly blocked at the root level. The reason is that or the domains were registrered by fraudulent addresses or they were used for fraudulent illegal activities and based upon our commercial and cybercrime laws those domains could be blocked immediately. Also the conditions of use by DNS.Be gave dns.be the possibility to do such a thing if they were instructed by the justice department.

The .at and .in domainextension managers should look into it and demand themselves if they will let the problem continue and grow (and arrive at the same blacklist as .ru and .cn if you don't need them extensively) or if they will act and preserve the trust in their domainextension.

Start with getting into contact with arbor networks.

Check the listings often.

Have a process for handling such cases quickly (standard form for the magistrate from the police/cyberpolice with the standard proof from the web and the registration) and block it at your root dns of the domainextension. They will continue to try now and than, but if you follow up they will just go on untill they find another domainextension that doesn't have such processes.

Oh yes and if you find 10 domains that are registrered by the same person you should block them all, even if they were not all used because if 5 were used for phishing than the other five will not be used for personal means.

It is effective because aside one or two new trials we haven't seen any .be domains in the list of fastflux domains in 2009 after the first re-action.