So you are doing some business espionage and are looking for business intelligence ? SWell you will love the new egov environment.
Everything has now to be done by electronic documents that can de downloaded and saved as PDF. Those are most of the time neither encrypted neither autodestructing so once you've got them, you will just have to crack a password if there is one.
So at the end of the project there are thousands of documents with confidential business information flowing around on networks, pc's and laptops (yes, let the children play on P2P dad and don't forget to let your wireless connection open) and networks.
Targeted attacks against those networks and users of these networks are the future. Big money, smart hackers, faraway countries and attack codes and routes we are only discovering bit by bit.
So you are sitting in a discussion and you hear some security-bullshit that says you shouldn't worry about a thing, that what you are thinking is not possible, it is just FUD and you are paranoid
name program OS protocol whatever and
exploit vulnerable hack attack security scan
and the discussion can be closed
ps set Google advanced to 100, english and last 2 years
closed three discussion that way on one day
Was at a conference last.
The guy (an engineer from a very very important thing) showed us a best practice how to use different identifiers to find important secret information about businesses in a closed official database.
"You copy paste it in a text file on your laptop"
maybe we should call the textfile 'business identifiers for ----- database" so the botnet operator knows what to do with it
and it is very secure, believe me..... Trust us... blindly by preference.
If you know something about security and follow security news you are welcome if you some things to write that are interesting and don't make the Belgian news.
you will have access to a lot of different resources that are private now (1200 RSS feeds, 4000 links with a cache of the article,....) after 25 posts.
to be clair
freeware goes in freeware.skynetblogs
videos goes in vids.skynetblogs.
bookz and docs goes in books.skynetblogs
One of the essential securitylists on the internet (there are only about 10 of them) is the Open Source Information list about all kinds of security incidents made by the US Department of Home Security.
As already happened once with the emaillist from our security institution BIPT, that list got hijacked the last days and tens, sometimes hundreds of messages started flowing around to all these ITsec people all around the world. Emailmessages began blacklisting the server and blocking all messages, people started responding to 'all' to know what has happening, only increasing the noise and the volume.
Seemed that they didn't configure well their mailinglistserver and that some people found a way to spam securitypeople with messages of all kinds. It seemed they had outsourced it. Easy, but that doesn't make you less responsable. Quite funny otherwise
btw one problem is that it was possible to make a list of many of people that are subscribed to that list because the emails were flowing all over. This could make them targets for specific attacks as their emails are normally not so very public. Another reason why internal securitypeople should have independent emailaddresses. The subscribers should be more cautious now what they open in their mailbox.