Spliced feed for Security Bloggers Network |
| “Doing Well by Doing Right” [/dev/random] [Belgian Security Blognetwork] Posted: 13 Jun 2008 04:35 AM CDT Today, I received a mailing (partnership between ING and Steptone) to promote open career opportunities at ING. Well, I receive a lot of mailings but this one was quite special… It said: For more information about career opportunities, visit www.ingitcrew.be.. I really liked the slogan “Doing Well by Doing Right“, check out:
Problem? Don’t try to visit the website, domain name has not been registered! # whois -h whois.dns.be ingitcrew.be % .be Whois Server 4.0 % % (c) dns.be 2001-2004 (http://www.dns.be) % [stuff deleted] %- % WHOIS ingitcrew Domain: ingitcrew Status: FREE www.ingitcrew.com is the right one. Typo error? Lack of project coordination? My first idea was, of course, to immediately register the domain. If anybody has a contact @ ING or Stepstone, give them a call! | |
| A Continental nightmare [StillSecure, After All These Years] Posted: 13 Jun 2008 03:35 AM CDT The state of the airline industry is a travesty. Today United announced that they are joining American in charging a fee for even the first bag of checked luggage. Combined with the ban on liquids that makes it hard to carry on anything, you are forced to pay up. This is on top of the already jacked up prices and fuel surcharges they are already charging. They also charge if you want to fly stand by now, extra for exit seats, aisles, etc, etc. It is not one airline worse than another, they are all pretty bad. Today's travel nightmare though comes courtesy of Continental Airlines. I rarely fly Continental because in coach I find their seats are to close together and my knees get crushed. But flying home from Denver today, they were the cheapest so I booked the flight. I was scheduled to be on a 4:50 flight out of Denver into Houston. An hour layover, an 8:55 flight from Houston to Ft Lauderdale and I would get me home around midnight. Long day for sure. So I finished up my meetings and stuff early in Boulder and saw that Continental had a 2:30 flight from Denver to Houston and a 7:10 connection to Ft Lauderdale that would get me in around 10:20pm. I left StillSecure HQ around noon and was at Denver airport by about 12:45. I went to the Continental counter and asked to get on the earlier flight. Because I am a platinum medallion member of Delta, as a Sky Team member, I am an elite plus level passenger on Continental. In days gone by that would qualify me for same day ticket changes for free. Not anymore it doesn't! I don't understand what the price of fuel has to do with charging me for same day ticket changes. Anyway, they said I could fly stand by for free until June 17th, when even standby is going to cost an extra fee (again they blamed it on fuel costs). So they put me on standby and told me my luggage would go on the earlier flight. I then went to the 2:30 flights gate and waited. The ticket counter agent told me about 20 minutes before take off that they only had me as a silver medallion and due to my low status I was far down the list and would not make the flight. My luggage would though. OK, so I will hang at the airport and work a few hours. Just before the plane takes off they call my name and tell me to wait at the end of the jetway. They are checking the plane and if there is a seat I can take it. I get the last seat on the plane, a middle seat. I arrive at Houston and proceed to the gate for the 7:10 flight to Ft Lauderdale. I check in with the agent and she tells me the folks in Denver only put me on standby for the Denver Houston flight and I am not on stand by for the Ft Lauderdale flight. She can put me on and I will probably make it, but my luggage will be going on the later flight. Now mind you I can see the plane I just got off of out the window and could have gone to the jetway and told the guys unloading the luggage to grab my bag. Not wanting to wait two hours in Ft Lauderdale late at night for my luggage to arrive and not wanting to drive down the next day to pick it up I say thanks, but no thanks and decide to wait another two hours for the later flight that my luggage will be on. I board my 8:55 flight as scheduled and we take off headed for Ft Lauderdale, due to land at 12:15 or so. The plane is hot as heck and about a half hour into the flight the pilot says that we have a pressurization problem and am turning back to Houston! We turn back and upon arrival near Houston, he tells us we have too much fuel to land and will have to fly around to burn it off. We have no air conditioning, it is hot as can be and they are telling me how much they charge because of the cost of fuel that they are now flying around in circles to burn off! We land in Houston, they find another plane and we finally take off from Houston around 11:45 or so. I am writing this on the plane and am due to land about 2:30am. If I find my luggage came on the earlier flight I am going to kill someone. In the meantime, I have had enough of Continental for a while and they won't see me on their planes very soon. End of story, we landed around 2:45 and my luggage was waiting for me, having arrived on the earlier flight. The Continental employee at the baggage claim will remember Alan Shimel for a while, as I gave him a piece of my mind. | |
| Posted: 13 Jun 2008 03:29 AM CDT I don't know what it is, but lately everyone I am speaking to is talking SaaS, outsourcing and MSSPs. Just today I was reading Neil Roiter's column on the latest acquisition by Perimeter eSecurity. The MSSP acquisition kings have now bought Edgeos, a vulnerability scanning service. I don't really know alot about them, but it seems their vulnerability service does not utilize a distributed or local server at the customers location. I am not sure how they deal with things like firewalls and such that would result in very different results from an internal scan, but that isn't the point here. The fact is that MSSP service providers, whether it be large carriers line Verizon or ATT or dedicated security MSSPs like Perimeter or SecureWorks or smaller MSSPs like ProtectPoint here in Florida, are finding fertile ground. I will talk more at the end of the article about what kind of MSSP will likely be your MSSP in the future. | |
| EID : representative Jambon makes some mistakes [belsec] [Belgian Security Blognetwork] Posted: 13 Jun 2008 02:59 AM CDT First it is not that simple and automatic that you can steal an identity with simple the EID of your neighbor. We didn't publish that information but there is a procedure that makes it possible under certain conditions. One of these procedures has already been published but involves pictures of (or possession of) several cards and bits of information. It seems necessary for us to stop the way that online new passwords are distributed and to change it into a physical presence procedure where you will have to present yourself in your city or commune. This doesn't sound too much digital and new, but this is the standard for all safe bankcards and identitypapers. Secondly the films are not about the chip, they are about the privacywall that should have protected the information on the card against interception by non-authorized applications THere are much more important political and IT problems around EID that need to be addressed. As fast and as coordinated as possible. It is not now the time to have political, intellectual or industrial fights. We are all in this together and solving this problem won't take too much effort if everybody agrees on the normal best practices and certifications that need to be in place. We hope the government will survive the 15th of July because we need a government to do these things (among many others). These are much bigger issues than the interpretation of a word or sentence in a global agreement. | |
| Posted: 13 Jun 2008 02:08 AM CDT We are happy to announce that the omerta around the EID has broken in a big way and would ask all those that have kept silent to get their ideas and information together and to hand it over to us or to the parliament or to FEDICT whatever you are most comfortable with. It is now or never and if you miss this big chance you will be confronted with our remark if you say it later, why didn't you say that before. We would even call for a DELPHI research about our EID project that doesn't take into account who says what but that takes into account what is being said and that tries to get all the specialists on EID and security together about a big masterplan for the coming years and the axes around which the new EID should work. We also think that it is maybe time for parliament to step in and form a permament commission to follow up on technology questions. We are having one after another since january (EID, EVOTE, EHEALTH, ESECURITY, BELGACOM accounts hacked, **** online service unsecurity, .......) How do the representatives hope to have any knowledge, backup specialists and follow-up if they don't have a permanent committee with specialists and representatives that can exchange and coordinate information with collagues from all over the world who have the same speciality. By the way we are still looking for new reports, articles and things to make public or to send through at backchannels. We are also looking for people to blog here (ask an account) or to help (even if it was an hour a week) with different sideprojects or specific follow-up sections on this site. I don't care if you agree with everything written here or not. | |
| Onderzoek over EID door Leuvense professoren online [belsec] [Belgian Security Blognetwork] Posted: 13 Jun 2008 01:43 AM CDT op vraag van de onderzoekers werd dit offline genomen | |
| Links for 2008-06-12 [del.icio.us] [Anton Chuvakin Blog - "Security Warrior"] Posted: 13 Jun 2008 12:00 AM CDT | |
| Verizon Business 2008 Data Breach Investigations Report [Rational Survivability] Posted: 12 Jun 2008 09:26 PM CDT
There are some very interesting statistics presented in this report that may be very eye-opening to many (italicized comments added by me):
Very, very interesting... You can get the report free of charge here. /Hoff | |
| Ideal Tool to Solve Real Problems ... of the Near Future? [Anton Chuvakin Blog - "Security Warrior"] Posted: 12 Jun 2008 09:02 PM CDT Remember my write-up about an ideal log management tool? Somebody asked me: "That's great that you have such a clear vision of a future log management technology - but tell me first what future business problems will such 'ideal tool of the future' solve?" First, I laughed and said: "Dude, look around, will ya? :-) There are plenty of log-related problems today which we are not even close to solving. We need to solve the problems of today first, before we can get to solving the future problems..." So, what I consider to be the biggest log-related problems of today?
Now, when you read the above think "end user", not "log management vendor" challenges (I plan to post about these later). My idea of an ideal tool will seek to solve these and others. Along the same line, this picture from 4th SANS Log Management Survey shows how people perceive the logging challenges:
as well as my logging challenges poll (analysis here):
Now, let's think of logging problems of the near future, say in 2 years. But you'd have to wait for the next post for this :-) | |
| Wake Up Call: It's Time To Protect [ImperViews] Posted: 12 Jun 2008 06:09 PM CDT The Verizon Business survey that was published yesterday offers many insights. It think that this is an important (and certainly not surprising) In a finding that may be surprising to some, most data breaches investigated were caused by external sources. Breaches attributed to insiders, though fewer in number, were much larger than those caused by outsiders when they did occur. As a reminder of risks inherent to the extended enterprise, business partners were behind well over a third of breaches, a number that rose five-fold over the time period of the study.There are two eye opening charts in this reports, that highlight the importance of active security systems and the need to close (security) gaps as fast as possible. The first compares between the time it takes to penetrate a system and the time that it takes to discover and mitigate .  (click on image see a larger size) In comparison to the other categories, the length of time between the attacker's initial entry into the corporate network and the compromise of information is relatively short. During this phase, intruders typically explore the network and systems until finding their desired plunder. To an attacker unfamiliar with the territory, this can be a time-intensive activity. Surprisingly, our findings reveal this was accomplished within minutes or hours in just under half of cases investigated.So it takes a VERY short time to penetrate the application or breach the data, while it takes a lot of time to discover. The next chart shows how organizations discovered the breach. As you can see, most organizations surveyed by Verizon did not use monitoring tools  (click on image see a larger size) I see a clear connection between the first and second data point. Should organizations use activity monitoring solution, they will be able to detect breaches faster...this is logical and make sense. But I would like to make the case for preferring security and attack blocking over pure activity monitoring. This survey should be used as a wake up call to many organizations that should look into their monitoring and real time security systems. As the bad guys (internal or external) are attacking within minutes or hours, security professional can not longer assume that they'll be able to protect and defense without the use of real time security solutions capable to protect the entire application stack. | |
| Some insights into Data Breaches [Security4all] [Belgian Security Blognetwork] Posted: 12 Jun 2008 06:00 PM CDT Taosecurity posted a review of an online 2008 Data Breach Investigations Report. Some interesting quotes from his article are: Three quarters of all breaches are not discovered by the victimAttacks... | |
| EU wants to regulate blogs [Security4all] [Belgian Security Blognetwork] Posted: 12 Jun 2008 05:37 PM CDT The internet has always been a place to express freedom of speech. Social media has been a revolution helping us share information, communicate and connect to other people. Blogging is an important... | |
| Posted: 12 Jun 2008 05:20 PM CDT And now you will think that it was the defender of a great cause, that there was secret state or industrial information that was published ? No, but the judge found the facts so important that he sentenced her to 3 months in prison and 5 years if she does something else wrong and 550 Euro's to pay. So what was the huge crime she did to get such a harsh sentence ? Distribute illegal films, publish child porn, sell poker ? There were two women who were neighbors and the best of friends. But after a while they had a huge dispute about a car that one sold to another and they hated each as much as they loved each other before. So the angry neighbor started placing anonymous harsh comments on the personal blog of her neighbor who found out who was writing them. Angry as she was at her neighbor she published on her blog that her neighbor had an abortion and was a child killer. The anonymous commenting neighbor was too shocked to respond something and just went to court.... and won. Just one practical thing. If comments become personal or stupid, just turn them off. Who needs them and who reads them ? | |
| E-Health will have its debate in Belgium [belsec] [Belgian Security Blognetwork] Posted: 12 Jun 2008 05:10 PM CDT E-health is the big project of Mr Robben and his vision of how e-health should be organised in Belgium. So he made his plans, prepared the reports and budgets and wrote the necessary laws and as our government didn't think that people should have any doubts about so much wisdom they just put it into the biggest law that is voted each year (programlaw) that encompasses hundreds of pages and treats about anything that must pass without parliamentary debat. But the doctors didn't agree with this vision. Not the technological vision, that is still another matter and I doubt we will much hear about that. They don't agree about the concept of the idea in which they lose the monopoly to decide which medicine the patients will be using. They threw the term 'big brother' in their press map and so everyone jumped on it and the minister was obliged to give it its proper law and debate. The term Big brother is about the new relationship between the Administration of Social Security and the doctors. It is not yet used for the relationship and information from the patients versus the states. Now we can only hope there will be room and time for a debate about the security and privacy of those very important medical information about us and not only a corporatist power fight. The administration probably knows that this is a problematic point because they burried the earlier plans to put that medical information on our EID. Imagine that EID has some securityproblems..... Imagine that :) | |
| Posted: 12 Jun 2008 04:58 PM CDT As you have read before there is a lot to do in Belgium about the arrests of the ex-CCC terrorists that were on conditional freedom. They have returned to prison. There was also some discussion about the fact that the prosecutor mentioned that they were using encryption and diskwiping technology in the list of his accusations. As security people we do that every day. Now the prosecutor has decided to go to Switzerland. There lives a community of mostly German and Italian extremists that fled Germany and Italy during the terrorist and antiterrorist campaigns in the 70's and 80's. One of the best known is Andrea Stauffacher which has a long history of activism and is now seen as one of the organizers of other extremist movements in Switzerland at nearly 50 years old.  the Rosa Luxemburg of Switzerland But she has a good understanding of her times as she gives courses to leftwing extremists about defending against surveillance and encryption. Not only to members of the CCC but also to other groups. She is also suspected of being call the brain behind the "black block", the very diverse group of rioters that turn up at some demonstrations and made name with the riots during the antiglobalist manifestations. | |
| How much your compromised information trades for… [Vincent Arnold] Posted: 12 Jun 2008 04:23 PM CDT On page 18 of the April, 2008 Symantec Global Internet Security Threat Report, there is a chart that lists how much stolen information trades for on the underground market. I think it would be safe to say that $15 for my identity is pretty insulting. It would take a lot more than 15 bucks to get it back. Gives you an idea of how many identities must already be compromised for the value to be so low.
| |
| Posted: 12 Jun 2008 03:52 PM CDT
Podcasts/Webcasts:
I am confirmed to speak at the following upcoming events:
/Hoff | |
| Notes from the IBM Global Innovation Outlook: Security and Society [Rational Survivability] Posted: 12 Jun 2008 02:18 PM CDT
The mission of the GIO is as follows:
The focus on security and society seeks to address the following:
The mixture of skill sets, backgrounds, passions and agendas of those in attendance was intriguing and impressive. Some of the folks we had in attendance were:
The 24 of us with the help of a moderator spent the day discussing, ideating and debating various elements of security and society as we clawed our way through pressing issues and events both current and some focused on the future state. What was interesting to me -- but not necessarily surprising -- was that the discussions almost invariably found their way back to the issue of privacy, almost to the exclusion of anything else. I don't mean to suggest that privacy is not important -- far from it -- but I found that it became a blackhole into which much of the potential for innovation became gravitationally lured. Security is, and likely always will be, at odds in a delicate (or not so) struggle with the need for privacy and it should certainly not take a back seat. However, given what we experienced, where privacy became the "yeah, but" that almost stunted discussions of innovation from starting, one might play devil's advocate (and I did) and ask how we balance the issues at hand. It was interesting to poke and prod to hear people's reactions. Given the workup of many of the attendees it's not hard to see why things trended in this direction, but I don't think we ever really got into the mode of discussing the solutions in lieu of being focused on the problems. I certainly was responsible for some of that as Dan Briody, the event's official blogger, highlighted a phrase I used to apologize in advance for some of the more dour aspects of what I wanted to ground us all with when I said "I know this conversation is supposed to be about rainbows and unicorns, but the Internet is horribly, horribly broken." My goal was to ensure we talked about the future whilst also being mindful of the past and present -- I didn't expect we'd get stuck there, however. I was hopeful that we could get past the way things were/are in the morning and move to the way things could be in the afternoon, but it didn't really materialize. There was a shining moment, as Dan wrote in the blog, that I found as the most interesting portion of the discussion, and it came from Andrew Mack. Rather than paraphrase, I'm going to quote from Dan who summed it up perfectly:
I really wished we were able to spend more time exploring deeper these social issues in balance with the privacy and technology elements that dominated the discussion and actually unload the baggage to start thinking about novel ways of dealing with things 5 or 10 years out. My feedback would be to split the sessions into two-day events. Day one could be spent framing the problem sets and exploring the past and present. This allows everyone to clearly define the problem space. Day two would then focus on clearing the slate and mindmapping the opportunities for innovation and change to solve the challenges defined in day one. In all, it was a great venue and I met some fantastic people and had great conversation. I plan to continue to stay connected and work towards proposing and crafting solutions to some of the problems we discussed. I hope I made a difference in a good way. /Hoff | |
| Don’t Start Flame Wars Via Blogs! [/dev/random] [Belgian Security Blognetwork] Posted: 12 Jun 2008 01:50 PM CDT | |
| Department of Justice on breach notice [Emergent Chaos] Posted: 12 Jun 2008 12:23 PM CDT  There's an important new report out from the Department of Justice, "Data Breaches: What the Underground World of “Carding” Reveals." It's an analysis of several cases and the trends in carding and the markets which exist. I want to focus in on one area, which is recommendations around breach notification: Several bills now before Congress include a national notification standard. In addition to merely requiring notice of a security breach to law enforcement,200 it is also helpful if such laws require victim companies to notify law enforcement prior to mandatory customer notification. This provides law enforcement with the opportunity to delay customer notification if there is an ongoing criminal investigation and such notification would impede the investigation. Finally, it is also helpful if such laws do not include thresholds for reporting to law enforcement even if certain thresholds – such as the number of customers affected or the likelihood of customer harm -- are contained within customer notification requirements. Such thresholds are often premised on the large expense of notifications for the victim entity, the fear of desensitizing customers to breaches, and causing undue alarm in circumstances where customers are unlikely to suffer harm. These reasons have little applicability in the law enforcement setting, however, where notification (to law enforcement) is inexpensive, does not result in reporting fatigue, and allows for criminal investigations even where particular customers were not apparently harmed. ("Data Breaches: What the Underground World of “Carding” Reveals," Kimberly Kiefer Peretti U.S. Department of Justice, Forthcoming in Volume 25 of the Santa Clara Computer and High Technology Journal, page 28.)I think such reports should go not only to law enforcement, but to consumer protection agencies. Of course, this sets aside the question of "are these arguments meaningful," and potentially costs us an ally in the fight for more and better data, but I'm willing to take small steps forward. Regardless, it's great to see that the Department of Justice is looking at this as something more than a flash in the pan. They see it as an opportunity to learn. | |
| Interesting Information Security Bits for June 12th, 2008 [Infosec Ramblings] Posted: 12 Jun 2008 10:35 AM CDT Howdy folks. We are going to try something a little new today. As you have all probably realized, these posts have all been built from blogger sources to date. I am going to start expanding them to include things I see in the news and from other sources that have infosec applications. As we go forward, I am interested in knowing if you would prefer to have two separate posts or if you like the combined format. As always, leave a comment with your opinion or email me kriggins _at_ infosecramblings.com. On with the show. From the Blogosphere. Richard Bejtlich has a good summary of the Verizon Business 2008 Data Breach Investigations Report which you should go ahead and read. From the newsosphere. Via SearchSecurity, The PCI council is launching an assessor quality assurance program. Kinda have to wonder why it has taken this long for something like this to happen. The Register brings us an interesting article about fraudsters gaming the address verification system in use in the UK for charges. From Comcast.net congressmen are saying that China is hacking their computers. Of course China is denying it. Have a great day and remember, let me know which format you prefer, combined or separate. Kevin Technorati Tags: linkedin, privacy, data leakage, data breach, verizon, rsa, pci, assessors, china, congress         | |
| Information Security in three steps [Kees Leune] Posted: 12 Jun 2008 09:22 AM CDT Shrdlu writes an interesting post on how to explain to non-security people what it means to be secure. Three basic rules:
This is an excellent summary. Information security is about ensuring trust in data and data processing. Trust is sometimes defined as "performing as previously expected", and in order to be able to keep or attain a certain level of "living up to expectation", control is absolutely required. Rule 2 is a little harder; if security requires checking security, we might have a circular reference that needs to be bootstrapped. Rule 3 is another good one; if trust is indeed "performing as expected", people need to know what they can expect (and cannot expect), but they also need to know what is expected of them. I would probably rewrite these basic rules to
| |
| Posted: 12 Jun 2008 09:09 AM CDT One of the nice things about having started the SBN was that I have gotten to meet (mostly virtually) many security bloggers from around the world. Some of the most prolific contributors to the content of the SBN has been the members of the Belgian Security Bloggers Network. I received word today from one of the authors of one of the blogs, belsec, that they are under assault by the EU government. It seems in their wisdom, the European Parliament has decided that in the interests of "media pluralism", all blog owners should declare their ownership, affiliations and status of weblog authors. The explanatory notes of the proposed regulation says this:
As the belsec author points out, disclosure of their identities would effectively silence their voices. There is no first amendment freedom of speech or freedom of press constitutional right in Europe. Of course if forced to do so, the Belgian authors could take up blogs based here in the US and escape the disclosure laws of the EU, but why should they have too. The EU is a democratic, progressive entity. Forcing these bloggers to make their "status and identity" public should not be mandatory here. Blogs are todays pamphlets. Basic freedom of expression, speech and press have been protected for hundreds of years. Forcing these bloggers to identify themselves is a violation of their rights. What would Thomas Paine and others like him think of this restriction? If you feel that this is an unfair and unjust restriction on bloggers rights, blog about it. It is our right and to do so and we should use the medium to do so. If you are a EU citizen write to your representative and demand that this proposed regulation does not go into effect! Do not take your right to blog lightly. If you don't stand up for it, it can be taken away from you. "The world is my country, all mankind are my brethren, and to do good is my religion." - Thomas Paine  This posting includes an audio/video/photo media file: Download Now | |
| E-mail Disclosure? [/dev/random] [Belgian Security Blognetwork] Posted: 12 Jun 2008 08:22 AM CDT
One more time, a new round started today in Belgium between Flemish and Walloons… (I don’t want to start a new political debate here: I’m living in the “French” side of Belgium and working in the “Dutch” side without problems. I try to speak in Dutch and my colleagues understand me. What else?) According to a French media, the city of Overijse encouraged people via a local publication to report any advertisement written in French or any other language (Overijse is a Dutch speaking city). I’ll not comment this news but it seems that the reports can be posted online via a gmail.com e-mail address and this one was disclosed by several journalists. Is it a good idea? If you check several readers comments below the article, they encouraged to flood the mailbox, subscribe the mailbox to a lot of distribution lists etc… Not very constructive! | |
| PCI Compliance: Top Layer Networks Security Strategist Interview [Infosecurity.US] Posted: 12 Jun 2008 07:54 AM CDT Head over to TechnewsWorld for a succinct interview with Ken Pappas, VP of Marketing and a Security Strategist at TopLayer Networks. Good advice, but light on technical details, the interview provides a broad overview of Payment Card Industry compliance , intrusion detection, and network security at the executive level. The company was a [...] | |
| France Will Filter Child Pornography [/dev/random] [Belgian Security Blognetwork] Posted: 12 Jun 2008 06:51 AM CDT
It’s almost done. To fight child pornography on the Internet, the French government has a project of law (article in French) to filter all websites giving access to child pornography. The list will be distributed to all French ISP’s and they will have to block access to those websites (on a technical point of view). How? Proxies? DNS blacklisting? Null routing? Who cares. Of course, regulation must occur on the Internet. Prosecution is mandatory. There is absolutely no debate here but, after reading the article, I’ve some reflections about the way the French government would like to implement the filter: 1. First point is very basic but what about the price? A new technical solution has a cost. Will the extra cost affect the end-user invoice? 2. One more time, the Internet is pointed as “the Hell”. It’s just a new media, a way of distributing data. Child pornography exists (hélas) since ever. 3. It’s quite easy to bypass such filters: Users will use open proxies or encapsulate traffic into other protocols. Child pornography professionals will move their websites in a quicker way or find new ways to deliver the data. Result: it will be far more difficult to track them. 4. If they forget HTTP and use other protocols, will they also by blacklisted? No more P2P? What about Usenet? IRC? 5. French authorities will build and maintain the blacklist. The filter will restrict child pornography but in the (near) future? If on a technical point of view, everything will be ready at the ISP side, how to avoid derives to stronger censorship? (political, ethical, …) 6. A blacklist of websites will not protect our children! Risks will remain the same during a chat session or by walking down the street! The most important is to protect our child against those criminals! Talk to them, explain them the risks, communication is a must! My 0.02€. | |
| Posted: 12 Jun 2008 02:58 AM CDT You could read the following on the net just a few hours ago: Multiple congressional computers have been hacked by people working from inside China, lawmakers said Wednesday, suggesting the Chinese were seeking lists of dissidents. You can find more at http://news.yahoo.com/s/ap/20080611/ap_on_go_co/china_hacking This attack is much more realistic as a targeted attack and has much more evidence if you compare this to what our government a month ago was saying. I blogged about it the 2nd of May at: http://www.anti-malware.info/weblog/archive/2008_05_01_wavci_archive.html I'm nearly 100% sure that the Belgian version was not orchestrated and that everything was just a coincidence of a lot of spammed malware to some of the governmental computers. I'm still not happy what some of the members from our government told the public at that moment. | |
| Firefox 3 Release Date Announced [Infosecurity.US] Posted: 12 Jun 2008 02:15 AM CDT The Mozilla Foundation has announced the release date of the highly anticipated 3rd Version of the Open Source browser, Firefox, scheduled for worldwide availability on June 17, 2008. Analysis of the new version of the browser is very positive regarding security capabilities. Also, one of our favorite podcasts, SecurityBites details many of the new features. | |
| Apple Security Update: QuickTime 7.5 Released [Infosecurity.US] Posted: 12 Jun 2008 02:08 AM CDT Apple (NASDAQ:AAPL) has announced the release of QuickTIme 7.6 to address multiple security issues, listed below (with MITRE CVE designators). This release is a multiple platform update, for MAC OSX, and Microsoft Windows. Due to space limitations, the description for individual CVEs have been omitted. The descriptions are available on MITRE CVE. [1] CVE-ID: CVE-2008-1581 Available for: Windows [...] | |
| Passwords Are … [/dev/random] [Belgian Security Blognetwork] Posted: 12 Jun 2008 01:20 AM CDT |
| You are subscribed to email updates from Black Hat Security Bloggers Network To stop receiving these emails, you may unsubscribe now. | Email Delivery powered by FeedBurner |
Inbox too full?  Subscribe to the feed version of Black Hat Security Bloggers Network in a feed reader. | |
| If you prefer to unsubscribe via postal mail, write to: Black Hat Security Bloggers Network, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610 | |
No comments:
Post a Comment